Author Archives: J.S Tomar

Good Read: What Twitter Attack Says on Human Nature, Social Engineering

Abstract

While investigations are ongoing, Twitter reported it was the victim of a “coordinated social engineering attack.” The company confirmed that threat actors targeted and successfully manipulated a small group of employees and used their credentials to gain unauthorized access to an administrative tool that is “only available to internal support teams.”

According to Chako social engineering attacks like this one are “so effective because they use psychological manipulation to convince a person to take an action or divulge sensitive information that they shouldn’t. In fact, cyber attackers are the ultimate psychologists.”

Using these psychological tricks, the attackers were able to hijack Twitter accounts then post messages to dupe social media users into donating Bitcoin payments to fraudulent causes.

Read More:

https://www.cyberark.com/resources/blog/what-twitter-attack-says-on-human-nature-social-engineering

Garmin services and production go down after ransomware attack

Abstract

Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems.

The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, and even some production lines in Asia.

In messages shared on its website and Twitter, Garmin said the same outage also impacted its call centers, leaving the company in the situation of being unable to answer calls, emails, and online chats sent by users.

The incident didn’t go unnoticed and has caused lots of headaches for the company’s customers, most of which rely on the Garmin Connect service to sync data about runs and bike rides to Garmin’s servers, all of which went down on Thursday.

Read more in

https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/

WebSecurity: Web Shells Detection and Prevention

What is a Web Shell?

Web shells are web-based applications that provide a threat actor with the ability to interact with a system – anything from file access and upload to the ability to execute arbitrary code on the exploited server. They’re written in a variety of languages, including PHP, ASP, Java and JavaScript, although the most common is PHP (since the majority of systems support PHP). Once they’re in your system, the threat actor can use them to steal data or credentials, gain access to more important servers in the network, or as a conduit to upload more dangerous and extensive malware.

Read more in

https://blog.rapid7.com/2016/12/14/webshells-101/

Must Read: 7 Ways Hackers Steal Your Passwords

Abstract

One way or another, passwords are always in the news. They’re either being stolen in data breaches, or mocked for being too simple; derided as pointless, or lamented for being technologically backward. No matter what opinion any of us have on passwords, though, one thing is indisputable: we’re going to be using them today, tomorrow and for the forseeable future.

we take a look at how hackers steal our passwords and what we can do to stop them.

  • 1. Credential Stuffing
  • 2. Phishing
  • 3. Password Spraying
  • 5. Brute Force
  • 6. Local Discovery
  • 7. Extortion

Read more in

https://www.sentinelone.com/blog/7-ways-hackers-steal-your-passwords/

Good Read: How Amazon fake reviews are created by fake users?

Abstract

In exchange for positive Amazon reviews, the mysterious Facebook accounts who recruited me promised me free stuff. They delivered.

——-

The black market for Amazon reviews makes some sense if you consider how valuable positive reviews can be to sellers on the platform. With more than 2.5 million sellers on the platform, getting seen by customers who might make a purchase is no easy feat. As one friend who has been selling on Amazon Marketplace since 2016 explained to me, on Amazon, “the more reviews you have on an item, the more likely for the item to come up in an algorithmic search. The more customers like the item, with reviews, the more Amazon likes it.”

Read more in

https://onezero.medium.com/my-bizarre-stint-as-an-amazon-reviewer-for-hire-260bd6f7a8fa