Uganda-martyrs

Uganda Martyrs’ death as a subject to the violation of Human rights.

by Civic Space

 As we take the break to remember and mourn for the Uganda martyrs who died due to the violation of their religious rights, we wanted to take a moment today to think of those who are still struggling for their religious rights as workers, and to speak about some of the exploitation that is sadly still prevalent across the world. 

Improving rights around the world is central to our mission of preventing violation of human rights in the working environment. We work with major corporations and organizations to help them understand where there might be risk of religious rights violation in their work places and to identify the tell-tale signs of other various forms of human rights violation . We run campaigns around the globe which seek to raise awareness of different forms of human rights violation, and to help those who may be victims of this violation know their rights and seek support where necessary.  

Ultimately, we seek to encourage people to #SpotTheSigns of violation, speak openly about its realities and report suspicious activity when they see it.  

hacker-attack

Top Ways Businesses get Hacked

by Digital Security

Bait and Switch Attack

Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.

Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site

Key Logger

A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information

Denial of Service (DoS\DDoS) Attacks

A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.

To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests

ClickJacking Attacks

This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.

Fake W.A.P.

A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.

To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’

Cookie Theft


The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate. Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.

Viruses and Trojans

Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.

Seek for a Security Check

As you can see, it is all too easy to have your business systems inadvertently compromised, you can seek for a security check to secure to protect your business. It is tailored to the needs of each business.   click here

delayed-phishing

What you need to know about Delayed Phishing/ Post-Delivery Weaponized URL

by Digital SecuritySecurity

Truth is, most of us have ever been a victim of phishing before and with the abundant resources online and trainings that we have so far had, we have become sort of immune to phishing.

Click here to as well look at our blog post about phishing and what you need to know

Our immunity against phishing has so far been boosted by e-mail service providers, mail gateways and even browsers that we use which has all embedded in their systems anti-phishing filters and malicious address scanners.

With all these above, cybercriminals are constantly inventing new, and refining old, circumvention methods. One such method is delayed phishing.

Delayed phishing is an attempt to lure a victim to a malicious or fake site using a technique known as Post-Delivery Weaponized URL.

“As the name suggests, the technique essentially replaces online content with a malicious version after the delivery of an e-mail linking to it. In other words, the potential victim receives an e-mail with a link that points either nowhere or to a legitimate resource that may already be compromised but that at that point has no malicious content. As a result, the message sails through any filters. The protection algorithms find the URL in the text, scan the linked site, see nothing dangerous there, and allow the message through.”

Effecting the malicious link

Attackers operate on the assumption that their victim is a normal worker who sleeps at night. Therefore, delayed phishing messages are sent after midnight (in the victim’s time zone), and become malicious a few hours later, closer to dawn.

If cybercriminals find a specific person to attack, they can study their victim’s daily routine and activate the malicious link depending on when that person checks mail.

Technology behind Delayed Phishing

For delayed phishing to be effective, hackers use at least one of these 2 common methods:

  1. Simple link: In this case, the hackers are the ones who are controlling the target site in that at the time of delivery, the site is safe so it can go through the several security levels it is scanned before it is delivered to your mailbox. At the time of delivery, the link leads to either a meaningless stub or (more commonly) a page with an error 404 message and the malicious version of the site is activated after delivery.
  2. Short-link switcheroo: Several sites offer link shortening services to the world, with this you can get alternative links that are easy to remember and short instead of long and boring links. However, some of this services allow you to alternate the link behind these short links. So the cybercriminals take advantage of this in that, by the time they are sending the email, the short link it pointing to a legitimate site and is swapped to the malicious site after delivery.

Although there is a third technology that is not so common which includes a randomized and short link where there is a probabilistic redirection. That is, the link has a 50% chance of leading to google.com and a 50% chance of opening a phishing site. The possibility of landing on a legitimate site apparently can confuse crawlers (programs for automatic information collection).

Spotting & fighting Delayed Phishing

Ideally, there is need to prevent the phishing link from getting to the user, so rescanning the inbox would seem to be the best strategy.

In some cases, that is doable: for example, if your organization uses a Microsoft Exchange mail server. Kaspersky Security for Microsoft Exchange Server is also included in our Kaspersky Security for Mail Servers and Kaspersky Total Security for Business solutions.