Securing Online Banking - Threats to Online Banking Best practices for online Banking Users

Securing Online Banking

Description

Most industries have deployed internet technologies as an essential part of their business operations. The banking industry is one of the industries that has adopted internet technologies for their business operations and in their plans, policies and strategies to be more accessible, convenient, competitive and economical as an industry . The aim of these strategies was to provide online banking customers the facilities to access and manage their bank accounts easily and globally.

Online banking, also known as internet banking, e-banking or virtual banking, is an electronic payment system that enables customers of a bank or other financial institution to conduct a range of financial transactions through the financial institution's website. The online banking system will typically connect to or be part of the core banking system operated by a bank and is in contrast to branch banking which was the traditional way customers accessed banking services.

Safeguarding Smart phones against Cyber attacks

Safeguarding Smart phones against Cyber attacks

Description : 

Smart phones that are available these days in the market are powerful enough to perform many of the operations of a PC. But, unlike conventional computer security, which has firewalls and anti-virus measures regularly updated, smart phone security has failed to keep up with the pace and hence become a catalyst for launching cyber attacks on the go.

Securing Mobile Banking - Threats to Mobile Banking - Best Practices for Users to remain safe

Securing Mobile Banking

Description : 

The increasing usage of Smartphones has enabled individuals to use various applications including mobile banking applications. More and more individuals have started using mobile applications for banking as compared to the traditional desktop/Web-based banking applications.

Mobile banking refers to the use of a Smartphone or other cellular device to perform online banking tasks while away from your home computer for various uses such as monitoring account balances, viewing mini statement, account statement, transferring funds between accounts, bill payment etc.

Mobile and Cloud Data Security : All important points to be noted

Mobile and Cloud Data Security

Description

The fast pace of modern life, accelerated business processes and decision making, have all created the need for fast and reliable access to data and information.  Mobile devices, which have become ubiquitous, offer easy connections to the world of information. Now we have data moving across a multiplicity of devices, including tablets, smart phones and even wearable devices as people use their smart watches to notify them of company phone calls, SMSs and so forth.

This means much more data flowing from devices to servers, servers to devices, sensors to devices and devices to devices. A good deal of that data will be business-generated information and that needs to be kept confidential or have restricted access. Mobile devices generally connect over wireless networks rather than wired Ethernet, which presents additional security vulnerability and exposure. Mobile applications are highly connected to web services and this broadens the possible vectors for data exfiltration. And above all this, there's cloud.

Online Payments through Unified Payment Interface : UPI Based on IMPS Platform

Online Payments through 

Unified Payment Interface (UPI)

Description : 

Unified Payment Interface (UPI) is an initiative by National Payments Corporation of India (NPCI), set up with the support of the Reserve Bank of India with a vision of migrating towards a "less-cash" and more digital society.

UPI is a system that enables peer to peer online payments for users holding different bank accounts, to send and receive money or to pay directly to merchants from their Smartphone without the need to enter bank account information or net banking UserID / Password.

UPI has built on the Immediate Payment Service (IMPS) platform.

Mobile ransomware - How to stay protected from getting - Prevention of Ransomeware Infections

Mobile Ransomware

Description

Ransomware has been in the news repeatedly over the past few years. Mobile ransomware is a form of malware that locks your computer or mobile device, encrypts your files and holding them ransom until you pay a fee to the cybercriminals who hold them hostage. People are tricked into accidentally downloading the malware through social networking schemes, assuming that they are downloading innocent content or critical services. Simplocker, Svpeng, Pletor, Stampado, Fusob, CryptoWall and TeslaCrypt are some examples of mobile ransomeware.

Once downloaded, ransomware displays a screen-wide message that demands money from you to release the device. After the payment is processed, often via Bitcoin, the ransomware will send you an unlock code or decrypt the data. Mobile devices are now more integrated into our day-to-day lives than our PCs, a ransomware attack can have a tremendous impact on us.

USSD based mobile banking : National Payment Cooperation of India Security Measures

USSD based mobile banking

Description : National Unified USSD (Unstructured Supplementary Service Data) Platform is a mobile banking service provided by NPCI (National Payment Cooperation of India) which works on the USSD technology. Customers can avail this mobile banking from their mobile phone, irrespective of the telecom service provider, mobile handset capability or the need for a mobile internet plan.

USSD (Unstructured Supplementary Service Data) is a session based transmission protocol used by GSM cellular telephones to communicate with the Telecom Service Providers (TSP). USSD messages however create a real-time connection which remains open, allowing a two-way exchange of data.

Securing Wireless Hotspots : Security Best Practices for Service Providers

Securing Wireless Hotspots

Description : Wi-Fi is now becoming a necessary requirement in a variety of areas like airports hotels , coffee shops, libraries, and restaurants. With the increasing use of smartphones and the deployment of 4G ( long-term evolution-LTE) mobile networks, people are preferring publicly accessible wireless networks over other network accesses. Concerns about the security of public WiFi hotspots and other Wi-Fi accesses are increasing since it threatens the confidentiality and integrity of user data. As attacks specifically targeted at stealing user data increase, sophisticated attacks are becoming common in today’s news. In this document the best practices for securing public hotspot implementations are given along with suggested network architectures.

Securing USB Devices : The various threats associated with the use of the USB flash drives

The various threats associated with 

the use of the USB flash drives

Securing USB Devices

Description :

Universal Serial Bus (USB) is an industry standard that defines the protocols used in a bus for connection, communication, and power supply between computers and electronic devices. USB was designed to standardize the connection of computer peripherals (including keyboards, pointing devices, digital cameras, printers, portable media players, disk drives and network adapters) to personal computers, both to communicate and to supply electric power.

Distributed Denial of Service (DDoS) Attacks from non-traditional Sources

Distributed Denial of Service (DDoS) Attacks from non-traditional Sources

Description

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, like banks,eCommerce websites, Internet Service Providers (ISPs) etc., and present a major challenge to people who publish and access important information.

Attackers launch DDoS attacks from wide variety of internet connected sources like compromised web servers, botnets (malwares),vulnerable misconfigured UDP based services (Open DNS resolvers, NTP, SSDP, SNMP, Chargen ). Attackers changes their tactics & chosen attack vectors time to time .

Securing SIM cards : Attacks on SIM cards and their countermeasures

Securing SIM cards : Attacks on SIM cards and their countermeasures

Description :

Subscriber Identity Module or Subscriber Identification Module (SIM) is an integrated circuit that is designed to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers during mobile communication.

"SIM cards" are transferable between different mobile devices. A SIM card contains its unique serial number, international mobile subscriber identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and two passwords: a personal identification number (PIN) for ordinary use, and a personal unblocking code (PUK) for PIN unlocking.

Aadhaar Enabled Payment System - Best Practice and Security Concern

Description :

Aadhaar Enabled Payment System (AEPS) is a payment model which allows financial transactions at PoS (Micro ATMs) via banks using the Aadhaar authentication. This payment system empowers the marginalized and excluded segments to conduct financial transactions (Credit, Debit, Remittances, Balance Enquiry, etc) through microATMs deployed by Banks in their villages. To make transactions via AEPS, customers and merchants need to link their Aadhaar card with their bank accounts.

Multiple vulnerabilities in Joomla - exploited by remote attacker

Software Affected Joomla CMS 

versions 1.6.0 through 3.6.4

Severity Rating: HIGH

Software Affected

•       Joomla CMS versions 1.6.0 through 3.6.4

Overview

Multiple vulnerabilities have been reported in Joomla, which could be

exploited by remote attacker to obtain sensitive information and execute

arbitrary code on the targeted system.

Multiple Vulnerabilities in Open SSH - CERT Advisory

Multiple Vulnerabilities in Open SSH

http://www.cert-in.org.in/

Severity Rating: HIGH

Software Affected

•       OpenSSH prior to 7.4

Overview

Multiple vulnerabilities have been reported in OpenSSH which could be

exploited by an attacker to execute arbitrary code, access sensitive

information, gain elevated privileges or bypass security restrictions.