Security-Web Vulnerabilities-Browser Attacks

Your computer vulnerabilities

ONLINE THREATS

JULY MONTH FOCUS ON THE THREAT: BROWSER ATTACKS

A New Security Series program for Evoke: Laws-of-Vulnerabilities

BROWSER EXPLOITS

Browser Exploit Family

• Adware• Internet fraud• Malware• Phishing• Spam • Spyware• --------AND

YOU

Don’t get shocked.As long as you do not LISTEN to

IT Security recommendations, you are also part of it

Where do browser exploits come from?

• When there is a weakness in your browser or if browser security is set low, vulnerabilities can be exploited by cyber crooks.

• For example, ActiveX scripts could install by themselves which can be used to change policies and change a program to make its removal difficult.

• Users can be tricked into downloading and installing a hijack themselves.

• Some browser exploits come in the form of an error report that appears to be from the user's own PC.

• Malicious websites can give instructions to install a particular plug-in to view the site correctly and others make the user believe they are getting a browser enhancement or a system update.

Bogus Alert

Bogus Alert

Bogus Alert

Bogus Alert

Bogus Alert

Bogus Alert

“Browser Pop-Ups!” – Pop-up ads is classified as a malignant adware

program which silently get sneaked and produces numerous malevolent activities to make it corrupt as well as unusable.

– It will block your IP address and utilize all your system resources to make your system unusable.

Bundled Software along with Browsers is a potential threat

That was “ Magneto”

• So do not install Browsers as part of bundled downloads.

• Example: – When you install Adobe Reader they offer Chrome

Download.– And When you are installing Chrome, they offer

“Magneto” installation.– These CHAINED Bundles are highly Dangerous

BE AWAREBE AD-AWAREKNOW YOUR BROWSER

DO YOU WANT TO BECOME A VICTIM?

TOGETHER LET US BUILD A GREAT DEFENSE AGAINST THESE BROWSER ATTACKS

Never DISABLE the firewall which helps you to protect your

computer from incoming attacks as well as programs that try to

transmit data from your computer

Never accept files from someone you don't know

Use caution when downloading files

Scan downloaded software before executing

Disable ActiveX, Java and JavaScript objects if possible

Block pop-up windows, some of which may be malicious and hide attacks. This may block malicious software from being downloaded

to your computer.

Consult website reputation scorecard for more information on

unknown sites

Here is how?

• Type this URL in your Browser

• http://scanurl.net/

Type the URL/Address

You should see all GREENS

UNINSTALL ANY BROWSER PLUGIN & TOOLBAR

Mega Suggestion

Take this Oath

• I will consult IT for any support, even so small• I will right away UNINSTALL all tool bars• I will Google and find out how to SECURE my

Browsers• This week end is dedicated to my SYSTEM

CLEANUP

Recent Browser Attacks

How IT is building Resilience in next few days for us?

• Hardening OS – We are deploying the following through group Policy– Advancements in security architecture, such as

inclusion of Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) as a standard item in the operating system and improved memory allocation algorithms.

How IT is building Resilience in next few days for us?

• Inclusion of anti-malware in the operating system.

• CSC systems already have this• ALL Evoke to have it soon

We are actively working on

• Drive-By Downloads:– Drive-by downloads are typically deployed by

hackers who have taken advantage of Web vulnerabilities such as SQL injection that can be exploited to "allow attackers to change the content of a website,”

We are actively working on

• Clickjacking:– The purpose of this attack is to open the target

website in an invisible frame and get the user to click somewhere in the frame when they don't even know they're clicking in that website

• "The pop-up itself is not harmful, but if you click the button, you open the gate to infect your machine,"

We are actively working on• Plug-In- And Script-Enabled Attacks:

– Not only do attackers look for vulnerabilities within the browser itself, they also frequently ferret out bugs in browser plug-ins and scripting programming to help them carry out drive-by downloads and clickjacking attacks.

• In particular, companies should be wary of Java.

• It's one of the most susceptible languages to attack, and Java is a favorite among criminals to begin Web attacks that can get them deep within an enterprise network.

• Unless there's a pressing need for a business application that requires Java, IT should uninstall the plug-in altogether.

SAVE YOURSELF

SAVE OUR ORGANIZATION

Have Gr8 Browsing days ahead

Credits• My Financier– Ramesh Madala

• Themes– Linkin Park– Armin Van Burren– Trivikram ( అత్తా� రిం�టికి దారేది fame)

• Tools– Itubesoft– Youtubedownloader– Xilisoft video cutter

• ThreatPost.com• slate.com• Wired.com• Qualys.com• Fireeye.com• Extremetech.com• Symantec.com• Myot.com (My Web of Trust)• Sans.org• Krebsonsecurity.com• Beefproject.com (Browser Exploitation Framework

Project)• Mozilla Development Team Blog• Chrome Beta Team Blog• Microsoft IE Bulletin Blog• Evoke IT Team

Gladiator Stays Here

Radiator Stays Here

Take a

Wise Choice

I Listen to IT I Don’t Listen

THANK YOU ALL