Our society has changed so much now. A simple device (phone) has taken control of you & you have no control over it. Even husband & wife are sitting in each corner of the bed & checking Watsapp every min. Hoping, something will come up & may change his/her life.
In a week, We have 168 hrs but you or me do not have 5 mins to talk to parents, brother, friends or old colleagues. Even if you try they do not have time to speak to you. A kid wants to play with father but father is busy in facebook. Strange time and we all are sick in many ways.
If you ask anybody they say no time yaar then blame kids, work, unhealthy parents or partner. But, never check his/her total screen time in a week. As per research, On average a person can maintain maximum 200 contacts but now you can’t even maintain 10 people contacts because of phone.
My humble request to all readers is that Talk to the people who is next to you. Say hello to others in metro or workplace rather than chatting someone online on Facebook.
OFFLINE LIFE IS AS GOOD AS ONLINE. GIVE IT A CHANCE.
Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:
Microsoft Outlook Web Access (OWA) and other corporate web-based email services
Cloud-based sync and sharing services (e.g., DropBox, Box)
Online shopping (Apple ID, Amazon, etc) and loyalty program logins
The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.
Credential phishing is one of most successful social engineering technique to target larger organizations.
The following facts, statistics, and trends will help you realize how imminent the ransom threat is to your business and personal life.
Some hackers even corrupt and delete a company’s files while they await the ransom payment, just to show that they’re serious. Regardless of the cyber criminal’s ultimate actions, the actual cost of ransomware goes beyond just the payout.
Let’s consider a scenario in which you as security analyst needs to investigate if a particular endpoint (laptop, desktop or server) has downloaded a malware flash player. Let’s assume you have endpoint protection in your organization and you have received an alert regarding downloaded malware in ‘X’ Machine.
In most of the cases, you would get enough details in endpoint protection software itself however if you are interested in knowing malware behaviour or what is this new malware does then you would following steps:
Download fake malware flash player from virus total and also download authentic flash player from adobe site. You can find malware from virus total as well but that is premium service.
Open two command prompts side by side and type command like below image. In below snapshot, I have shown how to find metadata info about any dmg file.
You can check the same code sign information on fake dmg file and compare it. You will get to know a lot of details.
Another method malware vs real Mac OS App
Another good method is to check contents of app. Basically, you have to compare folder & files within each Mac OS application In order to do that follow below steps:
Open malware & authentic app by double click and in Mac OS finder windows. Once it is open it like below image..
Right click on app and use “Show Package Contents”. Do it same for authentic app too and compare the folder structure.
This is a bit of forensics about how to extract metadata & details about malware. I hope this helps.