Security-Web Vulnerabilities-Browser Attacks
Download as PPTX, PDF1 like910 views
This document discusses browser attacks and provides recommendations for protecting against them. It notes that browser exploits can occur when there are weaknesses in the browser or low security settings that allow cyber criminals to install malware. Examples given include ActiveX scripts installing without permission and tricking users into downloading hijackers. The document recommends users never disable their firewall, accept unknown files, or disable browser security settings. It also advises consulting the IT department for any system issues or uninstallation of toolbars and plugins.
Security-Web Vulnerabilities-Browser Attacks
- 3. JULY MONTH FOCUS ON THE THREAT: BROWSER ATTACKS A New Security Series program for Evoke: Laws-of-Vulnerabilities
- 5. • Adware • Internet fraud • Malware • Phishing • Spam • Spyware • --------AND
- 6. Don’t get shocked. As long as you do not LISTEN to IT Security recommendations, you are also part of it
- 7. Where do browser exploits come from? • When there is a weakness in your browser or if browser security is set low, vulnerabilities can be exploited by cyber crooks. • For example, ActiveX scripts could install by themselves which can be used to change policies and change a program to make its removal difficult.
- 8. • Users can be tricked into downloading and installing a hijack themselves. • Some browser exploits come in the form of an error report that appears to be from the user's own PC. • Malicious websites can give instructions to install a particular plug-in to view the site correctly and others make the user believe they are getting a browser enhancement or a system update.
- 9. Bogus Alert
- 10. Bogus Alert
- 11. Bogus Alert
- 12. Bogus Alert
- 13. Bogus Alert
- 14. Bogus Alert
- 15. “Browser Pop-Ups!” – Pop-up ads is classified as a malignant adware program which silently get sneaked and produces numerous malevolent activities to make it corrupt as well as unusable. – It will block your IP address and utilize all your system resources to make your system unusable.
- 16. Bundled Software along with Browsers is a potential threat
- 17. That was “ Magneto” • So do not install Browsers as part of bundled downloads. • Example: – When you install Adobe Reader they offer Chrome Download. – And When you are installing Chrome, they offer “Magneto” installation. – These CHAINED Bundles are highly Dangerous
- 18. BE AWARE BE AD-AWARE KNOW YOUR BROWSER
- 19. DO YOU WANT TO BECOME A VICTIM?
- 21. TOGETHER LET US BUILD A GREAT DEFENSE AGAINST THESE BROWSER ATTACKS
- 22. Never DISABLE the firewall which helps you to protect your computer from incoming attacks as well as programs that try to transmit data from your computer
- 23. Never accept files from someone you don't know
- 24. Use caution when downloading files
- 25. Scan downloaded software before executing
- 26. Disable ActiveX, Java and JavaScript objects if possible
- 27. Block pop-up windows, some of which may be malicious and hide attacks. This may block malicious software from being downloaded to your computer.
- 28. Consult website reputation scorecard for more information on unknown sites
- 29. Here is how? • Type this URL in your Browser • http://scanurl.net/
- 31. You should see all GREENS
- 32. UNINSTALL ANY BROWSER PLUGIN & TOOLBAR Mega Suggestion
- 33. Take this Oath • I will consult IT for any support, even so small • I will right away UNINSTALL all tool bars • I will Google and find out how to SECURE my Browsers • This week end is dedicated to my SYSTEM CLEANUP
- 35. How IT is building Resilience in next few days for us? • Hardening OS – We are deploying the following through group Policy – Advancements in security architecture, such as inclusion of Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) as a standard item in the operating system and improved memory allocation algorithms.
- 36. How IT is building Resilience in next few days for us? • Inclusion of anti-malware in the operating system. • CSC systems already have this • ALL Evoke to have it soon
- 37. We are actively working on • Drive-By Downloads: – Drive-by downloads are typically deployed by hackers who have taken advantage of Web vulnerabilities such as SQL injection that can be exploited to "allow attackers to change the content of a website,”
- 38. We are actively working on • Clickjacking: – The purpose of this attack is to open the target website in an invisible frame and get the user to click somewhere in the frame when they don't even know they're clicking in that website • "The pop-up itself is not harmful, but if you click the button, you open the gate to infect your machine,"
- 39. We are actively working on • Plug-In- And Script-Enabled Attacks: – Not only do attackers look for vulnerabilities within the browser itself, they also frequently ferret out bugs in browser plug-ins and scripting programming to help them carry out drive-by downloads and clickjacking attacks. • In particular, companies should be wary of Java. • It's one of the most susceptible languages to attack, and Java is a favorite among criminals to begin Web attacks that can get them deep within an enterprise network. • Unless there's a pressing need for a business application that requires Java, IT should uninstall the plug-in altogether.
- 40. SAVE YOURSELF SAVE OUR ORGANIZATION
- 41. Have Gr8 Browsing days ahead
- 42. Credits• My Financier – Ramesh Madala • Themes – Linkin Park – Armin Van Burren – Trivikram (అత్తా రింటికి దారేది fame) • Tools – Itubesoft – Youtubedownloader – Xilisoft video cutter • ThreatPost.com • slate.com • Wired.com
- 43. Gladiator Stays Here Radiator Stays Here Take a Wise Choice I Listen to IT I Don’t Listen
- 44. THANK YOU ALL