Amid the global pandemic here comes a new series of tweets from the OS giants Microsoft, where they have warned with a “massive email campaign; that’s pushing of a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection.”
STRRAT whic is a java based remote access tool which steals browser credentials, logs keystrokes and takes remote control of infected systems—all typical behaviors of RATs, MSI researchers described in documentation posted on GitHub about the malware.
This is a malware that has a unique feature i.e. “its a ransomware encryption/decryption module” that changes file names in a way that would suggest encryption is the next step.
How does it cause a damage?
Attackers used compromised email accounts to send several different emails. Some of the messages use the subject line “Outgoing Payments.”
STRRAT has first emerged in the threat landscape in June 2020, observing the Windows malware (version 1.2) in phishing emails containing malicious Jar (or Java Archive) attachments.
As we go around the globe we see that we all are facing this pandemic situation even now when we are near to the mid of 2021 but we still are facing this crises caused by COVID19 . We at DocTooLss believe that all our readers and followers are staying at home & following the COVID SMS rule i.e.
SMS Rule
Social Distancing
Masking
Sanitizing
So now coming to our topic of Robotic technology , I guess we would be aware about Star Trek movies , The Robocop series or during our childhood we must have seen technology based cartoons such as “The Jetson’s” which use to get aired on “Cartoon Network” or the stone age cartoon “The Flintstones” which was just a opposite of “The Jetson’s”.
Now in 2021 we have come across with many robotic technology based machines and could even purchase from our very own e-commerce website Amazon.com
There are robotic based vacuum cleaners, the automatic drones, Alexa, Siri the voice assistance are some of the examples in AI and Machine Leaning technology .
What are Robots?
Robots are the intersection of science, engineering and technology that produces machines.
Types of Robots
Pre-Programmed Robots
Humanoid Robots
Autonomous Robots
Teleoperated Robots
Augmenting Robots
Uses of Robots
Manufacturing
Logistics
Home
Travel
Healthcare
Differences between Cobots & Robots
Cobots are designed to work alongside human employees, whereas industrial robots work on their own. A cobot can assist human employees. Whereas, industrial robots are used to automate the manufacturing process independently without any intervention from humans.
As in we have entered the New year 2021 although the pandemic time is still going on but there is a relief that the vaccine is out and its dosage has been started. So we hope we all get the vaccine and we start engaging in our day to day normal life activities as it was before the COVID19 days.
It seems that Mark Zuckerberg’s security norms still needs some more modifications as its recently acquired WhatsApp the king in messenger platform has been in news due to some data leakage reasons yet again.
In the recent notification issued by WhatsApp where they have mentioned the recent update on their application which has taken the world with a storm, as it show cast the vulnerabilities it lacks.
So here at DocTooLss we compare our three Messengers which are in news and compare with eachother:
WHATSAPP
WHATSAPP
WhatsApp has kept end-to-end encryption. Plus, E2E on WhatsApp is available on every single mode of communication that the app enables such as messages, video calls, voice calls, photos, and anything else you share is E2E encrypted on WhatsApp.
What does E2E means?
E2E meaning that you and the recipient are the only people who can read the messages you send to them. WhatsApp can’t decrypt the contents of your messages, calls, photos, etc, thus ensuring your security and privacy.
“WhatsApp uses the E2E protocol developed by Open Whisper Systems, which is the name behind Signal messenger. That’s a good thing, because the Signal protocol is open source, widely peer-reviewed, and is generally considered one of the best protocols for implementing end-to-end encryption in messaging platforms.”
What is the issue with WhatsApp?
Although WhatsApp uses E2E encryption but the company does not encrypt backups (cloud and local). Also, it does not encrypt the metadata which is used to carry communication between two endpoints. This is one of the major criticisms of WhatsApp’s security model. While metadata does not allow anyone to read your messages but it lets authorities to know whom and when you messaged someone, and what was the duration for it.
What is Metadata?
Metadata is “data that provides information about other data” such as author, date created, date modified, file size, video logs , call logs , and chat history etc.
TELEGRAM
TELEGRAM
Incase of Telegram which does offer some protections to its users but however, there are some multiple pain points in the way Telegram encrypts your messages and other information.
Such as Telegram supports E2E encryption, but it’s not enabled by default and enabling it is not a cake walk as the only way to use E2E encryption on Telegram is by its secret chats feature.
The regular chats happening on Telegram are not E2E encrypted but messages sent in a secret chats are E2E encrypted. This means that the messages are encrypted on your device and but they are decrypted on Telegram’s server.
Note: So all the powers remains with Telegram that has the encryption keys on the server-side and can, in theory, access your normal chats.
SIGNAL
SIGNAL
Signal uses the open-source Signal Protocol to implement end-to-end encryption. And just like WhatsApp, the E2E encryption covers all forms of communication on Signal.
Why to choose Signal over WhatsApp and Telegram?
Signal has an edge over the both as WhatsApp which encrypts all the messages and calls (and that’s enough for most users), but Signal goes one step further and encrypts the metadata too.
There are some incredible amazing privacy features with Signal that is going to make your messaging experience even more private and secure. Such as one can lock Signal with a passcode or biometrics. There is 2FA (Two-factor Authentication) and an option to block screenshots within the app and the recent screen.
IMPORTANT: Not even that recently Signal has added a new feature to blur faces automatically before sending images. which is one of the USPs for Signal Messenger application.
Wait we are not done, Signal by default encrypts all the local files with a 4-digit passphrase. And if you want to create an encrypted local backup then you can do that as well. The app now also supports encrypted group calls .
So if you have read our complete blog, you are able to understand that how Signal is cut above WhatsApp and Telegram.
Although WhatsApp is loaded with lot many features and to us messaging means WhatsApp and its a part of our lifeline today even from Generation Z to Baby Boomers all are on WhatsApp. So it will take lot of time to move out of WhatsApp to Signal and till that time WhatsApp would have rectified its issues and load up with many more goodies so lets hope for the best and leave the rest .
As we know that there are many services which are offered by AWS , lets pick few and try to understand their usage and utility it has for us:
AWS EC 2 (Virtual Servers on Cloud)
EC2 stands for Elastic Compute Cloud
It is one of the most famous offerings by AWS
It is a IaaS platform
It is basically renting of VMs
Storing data on Virtual Drives (EBS , ELB) and Distributing load across machines
Scaling of service using an auto-scaling group (ASG)
There are wide variety of Amazon EC2 Instance types comprise varying combinations of CPU, memory, storage, and networking capacity that gives you the flexibility to choose the appropriate mix of resources for your applications.
Each instance type includes one or more instance sizes, allow you to scale your resources either up or down and in or out to the requirements of your target workload.
EC2 Image Builder is a fully managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.
The guided steps by EC2 Image Builder:
Provide starting artifacts
Add and remove software
Customize settings and scripts
Run selected tests
Distribute images to AWS Regions
Features of EC2 Image Builder
Increase productivity and reduce operations for building compliant and up-to-date images
In the world today where we are breathing through masks, due to the pandemic times, where mostly all are working from home. Businesses need to be automated. In a real business scenario where we would have some technical glitches or a bearing failure whereby the service technician would file a complaint, either by creating or raising a ticket physically over a tablet or laptop, but with IoT it will sensorise the oil well with more fine crane monitoring the data and analytics and read a conclusion as there will be a bearing failure in future. The automation will create a fixed ticket automatically, detecting through IoT and remediate it through choreographically.
As per Gartner by 2024, 50 % of the enterprise’s applications in production will be IoT- enabled. Many applications will be connected to IoT as companies have connected IoT to their backhand systems.
The benefits of IoT and the widespread of IoT:
IoT enables your business applications to improve how you perform your business.
By 2023, 35% of midsize to large enterprises will leverage a hybrid cloud-to-edge computing deployment model for at least one IoT project.
By 2023, 25% of on-site industrial assets will be connected by closed-loop systems using IoT technologies.
We have nearly reached the end of this pandemic year 2020, where mostly we have spent our time at home as still when we write this blog many would be working from home and some who have joined their work task force are trying to adjust the new normal.
This year where not even the IT officials but the students or kids are attending their classes from home. Since everyone is working from home there has been an increase in bandwidth and data utilization around the globe.
The organization which has a business continuity plan ready had a smooth transformation to work from the environment without any hindrances it was proved that CS having a foresight had an efficient way for the organization. A new area of cyber is cyber innovation, risk is mitigated risk is all about taking a risk. Cyber innovation is an area to look at.
Continuous adaptive risk and trust assessment based on agility.
Secure DevOps
Replace the one-time security gate
Put the continuous security pro-actively
Build the architecture with security, not with silos
The average knowledge about cyber-attack prevention is deficient. Yes, cybercriminals are getting better all the time. But if we become proactive in our approach instead of reactive, they can be pushed back continually and hopefully sit mostly on the drawing board!
There is some positive aspect of COVID 19, that it has helped companies to identify that employees to work from their living room, whereas lots of expenditure has been spent on companies infrastructure. Even our environment which has been polluted has been saved by not using the vehicles on a daily basis.
So, things to keep in mind during this pandemic is to secure your computer systems and wear a mask to protect yourself and others around you.
OWSAP – Open Web Application Security Project is a non-profit organization that dedicates web application security.
What is the OWASP Top 10?
It lists out the top 10 vulnerabilities and shows their risks, impacts, and countermeasures. It is updated every 3 – 4 years with the latest vulnerabilities.
Although in 2020 the world has been taken by a storm due to the pandemic COVID19. The people around the world whether the employees or students all were working from home. So since the home networks are not that secure compared to the official network so the chances of breach increases. Here we highlight the top 10 vulnerabilities as per OWASP.
A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do.
Broken Authentication
It is an umbrella term where several vulnerabilities where attackers exploit to impersonate legitimate users online.
Sensitive Data Exposure
It consists of compromising data that should have been protected.
XML External Entities (XXE)
This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
Broken Access control
The vulnerabilities that exist when a user can, in fact, access some resource or perform some action that they are not supposed to be able to access.
Security misconfigurations
It occurs when a web application component is susceptible to attack due to a misconfiguration or insecure configuration option.
Cross-Site Scripting (XSS)
It is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.
Insecure Deserialization
A vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS)attack, or even execute arbitrary code upon it being deserialized.
Using Components with known vulnerabilities
Vulnerabilities that were discovered in open source components and published in the NVD, security advisories or issue trackers.
Insufficient logging and monitoring
Insufficient logging, detection, monitoring and active response occurs at any time: * Auditable events, such as logins, failed logins, and high-value transactions are not logged.
Server virtualization allows multiple servers to be installed on one or more existing servers. This saves floor space and money since you don’t have to purchase new servers or expand the square footage of your server room which may increase your overall expenses.
This is a process where applications get virtualized and are delivered from a sever to the end user’s device, such as laptops, smartphones, and tablets. So instead of logging into their computers at work, users will be able to gain access to the application virtually from anywhere, provided that an Internet connection should be available.
Network Virtualization
Network virtualization is a method of combining available resources in a network by splitting up the available bandwidth into channels, each of which is independent from the others, and each of which can be assigned (or reassigned) to a particular server or device in real time. Each channel is independently secured.
Desktop Virtualization
Desktop virtualization removes the need for a CPU at each computer station. Each user will still have a monitor and mouse, but will have their desktop CPU virtually stored on a local server.
Storage Virtualization
Storage virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device. This concept is basically used in Storage Area Network (SAN) environment.
Hypervisor
A Hypervisor or Virtual Machine Monitor(VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called guest machine.
DocTooLss 