What is Smishing

Smishing is a very dangerous variant of the typical Phishing attacks that reach us by e-mail. Although the form of attack changes regarding Phishing, the objective is the same. The aim is to deceive the victim in an attempt to steal his or her login credentials, bank accounts and even debit or credit cards. This is done by making the victim believe that they are on an official and legitimate website. Our security and privacy is at risk from this type of attack. We could certainly leave our passwords exposed, including any bank accounts we may have, so we must be meticulous with this type of attack.

Smishing uses SMS messages that we receive on our cell phones with a link. This SMS message “appears” to be from our bank. However, cybercriminals change the origin of these SMSes so that the victim trusts that he has received an SMS from BOFA, Wells Fargo, Citi or any other bank.

How it’s work?

You will receive this SMS whether you are a customer of this particular bank. In other words, if we have an account with Wells Fargo, we can perfectly receive an SMS pretending to be from Citi. When we receive an SMS from a bank where we do not have an account, we usually delete it. However, if it just so happens that you do have that bank, then you could trust the SMS you receive. Consequently, clicking on the link can lead to fraud.

Nowadays, this type of attack is aimed at stealing bank accounts or credit cards. Therefore, we must pay close attention to the SMS we receive from our bank. It is certainly critical not to click on any link in the SMS to avoid this phishing attack on the bank. What we want is to avoid that we are the victims of identity theft. Next we will see how smishing behaves.

How to detect this attack and avoid it

This phishing attack aims to steal our credentials. However, it can be easily and quickly detected. On the other hand, this depends on what kind of SMS we receive and how the hook message is constructed to make users fall for the scam.

The first thing to look at is the spelling of the SMS. In fact, this type of attack is usually carried out by cybercriminals who are in other countries and do not know the spelling of English. We should also look at the way they address us. This is easy to check by comparing it with legitimate SMS from our bank. In the end, the result is typically different.

The second thing to look at is whether they encourage you to click on the link. That is, they are looking for the user’s fear and inform us that something is wrong or that there has been an excessive charge in the bank account, and invite us to review it. It is possible that if we click on it, they may ask us for personal information. This information will later be used against us maliciously. Another aspect you should check is whether there is a hurry for you to click on the link yourself, i.e., it is something very urgent that cannot wait. This way we can easily detect if an SMS is smishing.

Please use common sense

We should also check if the SMS has a link to the bank’s website. In fact, you should never access your bank through a link you have received by SMS. To avoid problems, access directly through the app on your cell phone or from the official website that you have saved in your computer’s bookmarks. This way, you will be able to access your bank account safely and without fear. If you click on the link, you may be taken to a website that is specifically designed to deceive you. That is, it is the same as the official one but will be used to steal your login and password. Consequently, you should never enter your credentials on such a website.

A few years ago, illegitimate scam websites used the HTTP protocol for their scams. This protocol does not offer any kind of point-to-point encryption, so it was the first aspect you should check to see whether it was a legitimate website or not.

Consequently, if the user does not see the padlock, then he/she is already suspicious. Nowadays, scam websites also work with HTTPS. However, this means that the communications are encrypted with the scam website, it does not mean that the website is secure and legitimate. Therefore, although this website uses HTTPS, it could very well be a fake of the legitimate website.

What should we do

What you should do if you receive an illegitimate SMS is to delete it as soon as you receive it. In addition, you should never click on the link or link that we have in the SMS. This way, you will not be a victim of this type of attack. Finally, we must use common sense. In fact, the bank will never ask us for data that they already have, such as our username and password, nor the data of the debit or credit card. If you receive an SMS that urges you to hurry, you should know that your bank will never contact you by SMS for important matters, but will call you directly.

What to do if we have already been victimized

What you should know is that if you have not clicked on the link you are not in danger, you simply need to delete the SMS and not click on it unintentionally. It is significant that you delete this SMS as soon as possible to avoid entering the link accidentally.

If you have clicked on the link, there are some SMSes that take you to a fraudulent bank website and invite you to fill in your username and password. If you have not filled in anything on this website, simply exit this fraudulent website and delete the SMS you have received. In case you have filled on the website with personal data, you should do the following:

• Review what data we have provided and what they can do with it.
• If you have entered your bank username and password, log in as soon as possible through the app or via the web and change the password. You can also call your bank manager directly to inform him/her of the issue. In consequence, he/she can be alert in case you have suffered an intrusion in your account.
• If you have entered your credit or debit card, block it as soon as possible. Even if no charge has occurred yet.

What to do if you download a malicious app from a link

In case you click on the link, you should never install an application because it could be a banking Trojan to steal all our bank accounts. So, what you should do is delete the downloaded application or program. In the same way, you have to delete the downloaded application or program, exit the fraudulent website and also delete the SMS message you have received. If you have installed the fraudulent application, you should quickly do the following:

• Delete the app as soon as possible.
• Download an antivirus for your smartphone. Start scanning as soon as possible to remove any malware that may have been installed.
• Change the passwords of all the accounts you manage with your smartphone, including those of your bank.

However, the best thing to do is to restore it to factory defaults to make 100% sure that no trace of the malware remains. In this way we have seen what smishing is and how we can protect ourselves. Bye

The post What is smishing and how to avoid these dangerous attacks? appeared first on Linux Windows and android Tutorials.

According to its website, WPScan is a free, for non-commercial use, black box WordPress vulnerability scanner. It is written for security professionals and blog maintainers to test the security of their sites. Normally, WPScan comes pre-installed on operating systems specifically geared towards security audits.

Of course, this tool is Open Source so we can examine its source code to learn more. In addition, it is possible to access more information about it on its Github site. The requirements are Ruby, Git, Curl, and RubyGems.

So let’s install WPScan on Ubuntu 20.04/ 18.04.

Update the System

The first step is to update the system. So open a terminal and run the following command.

:~$ sudo apt update && sudo apt upgrade -y

Once the system has finished installing the security patches, you will have a more stable and robust system.

Install some required packages

The next step to install WPScan on Ubuntu 20.04 / 18.04, is to get some packages that are necessary for the installation. Some of them are libraries and others are applications as such.

:~$ sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev

So, you can now install WPScan.

Install WPScan on Ubuntu 20.04 / 18.04

Now you start the installation process. For this, you will use RubyGems.

:~$ sudo gem install wpscan

So, that’s it.

Basic usage of WPScan

Using WPScan is quite simple. To make a scan on a website, the following command is enough:

:~$ wpscan --url [url]

It is also possible to add some extra options through text files. These are the files:

• ~/.wpscan/cli_options.json
• ~/.wpscan/cli_options.yml

And to know in depth the use of the command, it is advisable to read its help from the terminal:

:~$ wpscan --help

So, enjoy it.

Conclusion

WPScan is an important tool in the security of websites built with WordPress. Its basic use is within everyone’s reach, but the information it shows is very complete. So it’s something you should always keep in mind.

Please share this post with your friends and join our Telegram Channel.

The post How to install WPScan on Ubuntu 20.04/ 18.04? appeared first on Linux Windows and android Tutorials.

The failure affects the handling of certificates and encrypted messaging.

The security flaw is a phishing vulnerability that affects Windows CryptoAPI (Crypt32.dll) Under these circumstances, Elliptic Curve Cryptography (ECC) certificates are eventually validated. This would allow an attacker to forge digital signatures, making the malware look like a legitimate application. In other words, a false code signing certificate is created to sign a malicious executable. This way it appears that the file comes from a legitimate and trusted source. Consequently, it would be difficult for the user to know that the file is malicious since the digital signature would seem to come from a reliable provider.

As a consequence of this vulnerability, the attacker could perform man-in-the-middle attacks. And in this way decode confidential information about user connections within almost any application on Windows 10 and Server 2016. Consequently, authentication on Windows desktops and servers is under threat. Similarly, sensitive data entered into Internet Explorer and Edge could be affected. On the other hand, Microsoft claims that it has no reports that the bug has been exploited. However, it is still a major security flaw.

How to solve the failure.

As mentioned, Microsoft has already detected the bug and released the respective patches. This way the operating system can detect and block malware that tries to exploit the vulnerability. One of the first entities to receive the patch was the United States Army. Similarly, other high-level customers and other potential targets. However, Microsoft has made available to the public the update CVE-2020-0601. It can be downloaded from this link. We have finally seen how this security flaw affects Windows 10 and Windows Server 2016. As always, it is advisable to take precautions to protect the operating system. Please keep Windows up to date, surf wisely and always use a good antivirus. That’s all for now before I go I invite you to see our post about Ruby on Windows 10.

The post A serious security flaw affects Windows 10 and Windows Server 2016. appeared first on Linux Windows and android Tutorials.

What is a kernel? The Kernel is a program, in short. It’s the root of all the operating systems all over the world. No matter what operating system you’re using, there’s always a kernel working from the root level to make everything function as it was meant to be. It’s the most fundamental part of any OS.

Why is kernel important? The kernel is the bunch of codes that interact with the hardware. Kernel functions at a basic level, maintaining resources like RAM and CPU, communicating with hardware. The hardware of a computer only knows how to manage bits of 1 and 0. To combine all the parts together, the kernel takes the job. The kernel performs system checks and identifies hardware components like processor, memory, and GPU. All the other peripherals are also checked. Since the computer’s startup, the kernel starts running and before the final shutdown, it keeps working in the background.

Now, what’s kernel hacking? There are lots of kernels available for different systems. Windows and Linux are the 2 most popular OS, having the unique kernel for both. By far, Linux kernel is the most popular as this kernel is open-source and anyone can get access to it. The process of modifying Linux kernel and evaluating the impact of the changes is known as kernel hacking.

Who’s a kernel hacker? A developer who maintains the Linux kernel code is called a “kernel hacker”. Linux kernel is open-source and so, a large community of the maintainers have grown up who maintains and develops the kernel to better quality. They’re the kernel hackers.

One thing to remember that most of the kernel hackers aren’t “all-rounders”. They specialize in one specific thing of the kernel. After mastering that, they branch out on other parts. There are very few true master kernel hackers who understand the entire kernel. In fact, Linux kernel isn’t something small to master within weeks/months. It took decades for the masters to understand the whole Linux kernel. However, you can call yourself a kernel hacker within the next couple years with great focus and patience.

Interested in being a kernel hacker? Here’s what you need to know.

• Programming: Linux kernel is mostly written in C, the rest of Assembly. Both are very easy to learn, simple and powerful for kernel programming for sure. If you’re a person having the problem with pointer arithmetic and relative concepts, learn hard.
• Compiling: Make sure that you understand how to compile and run the Kernel. It’s crucial for testing out your modifications and understanding of the code.
• Guides: Linux kernel is very well documented. After downloading the Linux kernel source, you’ll have a directory named “documentation”.
  There are many awesome books for starting being a kernel developer. Here’s some of them
  • The C Programming Language
  • Introduction to Algorithms
  • Linux Kernel Development (3^rd Edition)
  • kernelnewbies
• Patience: It’s a true testimony of patience. It’ll take years to master Linux kernel. Before you start, make sure that you can stick with it as long as it takes.

After you’ve picked up the understanding of Linux kernel, you can start sharpening your skills by solving problems from the open bugs. Some of them can’t be fixed without owning the particular hardware. However, most of the bugs can be solved by just code inspection. There are always new bugs filled all the time and fixing them is a really great way for mastering Linux kernel.

For a kernel hacker, there are not many jobs available related to kernel. The available ones are pretty rewarding. However, kernel hacking could be your testimony for getting a really lucrative job in a company. Interested? Get started right away!

The post What is kernel hacking? appeared first on Linux Windows and android Tutorials.