A man-in-the-middle attack takes place amongst 3 entities which include two legitimate entities and a third-party eavesdropping on them. The attacker in a MITM will have the possibility to not only eavesdrop but also gain sensitive information such as user credentials, personal information, bank details and even install malicious software. In this article, we will go through the common types of man-in-the-middle attacks and how to protect yourself from them. How does a MITM attack work? Phishing attacks Imagine you get an email which requires you to log into your bank and the email...
Like in SQL injection, XPath injection attacks occur when a website constructs an XPath query for XML data from user-supplied information. Thus, the issues that occur when using XML to store data are quite similar to those faces with SQL. XPath injection is a type of attack where malicious user input can be used to grant unauthorized access or reveal sensitive information such as XML document structure and content. This style of attack is carried out by making the user’s input be used in the construction of the query string. Unlike SQL attacks which depend on the SQL dialect used by...
Most Common Cyber Security Threats and How to Mitigate Them
- by Susith Nonis
- in Security
- View 8377
Most common Cyber-Attacks? A cyber attack is an action which targets computer systems, infrastructures or networks with the motive of stealing, modifying or destroying data without the user’s consent. In this article, I will take you through the common types of attacks that happen online. Phishing This happens by sending false emails to users with the intent of getting sensitive information. This is a combination of social engineering and technical trickery where the attackers pretend to be someone or something legitimate and get your details. These emails come with links which...
Cross-site Scripting Explanation and Prevention Guidelines
There are numerous ways that a site’s security can be compromised. One possible method of attack is an injection attack (i.e. the attacker provides untrusted input to a program). The two most common types of injection attacks are: SQL injection (SQLi) and Cross-site Scripting (XSS) attacks. Today we will discuss the latter and how to protect your site from XSS vulnerabilities. Cross-site Scripting is a type of computer security vulnerability which allows attackers to inject client-side scripts into web-pages viewed by other users. The attack is carried out when the victim actually...
Cyber-attacks are executed in a nearly uncountable amount of ways. One such style of attack is an injection attack (i.e. when an attacker supplies an untrusted input to a program which is the executed). There are many types of injections attacks, however, the most common ones are SQL injection (SQLi) and Cross-site Scripting (XSS). Today we will delve a little deeper on what exactly is a SQLi attack, how it is carried out and how to defend yourself against it. What is SQLi? SQL injection (SQLi) is a type of injection attack that allows the execution of malicious SQL statements. This style...
What is BlueKeep and how to protect yourself from it
In the modern age of technology, new security threats arrive daily, but most don’t see the day of light in the public discussion. Every now and then, however, an exceptionally devastating threat makes the news, usually when it is already too late. Such was the WannaCry ransomware outbreak in 2017 which affected hospitals, universities and telecommunication providers in more than 150 countries, causing over $300 million in estimated damages. Now, a new threat has popped up, named BlueKeep or CVE-2019-0708. It is a software vulnerability affecting older versions of Microsoft Windows...
Despite the global efforts in cybersecurity, the internet is still a very dangerous place, filled with malware and spyware. Having a quality antivirus is crucial to the safety of your data and even hardware. This article will explain how you enable virus protection for your emails on your server running Plesk. Here's what you need to do: Go to the Mail tab. Click on the email address you wish to configure the antivirus on. Click on the Antivirus tab and select the checkbox: "Switch on antivirus protection for this email address". Choose the desired mail...
What is a Proxy Server? What happens when you browse the web? You type an address on your browser and within few seconds (even less) you get the page you wanted. Without your knowledge, you might have used a proxy server to access the internet. A proxy server is an intermediary server which separates you from the website you want to access. When using a proxy server, the internet traffic initiated from you will flow through the proxy server to the destination. The destination website will send the results back to you through the proxy server (this doesn’t happen all the time). If...
Why Do Domains Get Blacklisted and How To Delist Them
What is a Blacklist? Depending on the source, the amount of daily spam emails being sent is anywhere between 80 to 95% of all emails sent on the internet that day. With such large numbers, most experts agree that manually sorting through your inbox to get rid of spam has become highly inefficient. As such, public blacklists of mail servers and IP addresses have been created to prevent repeat offenders from relaying spam. A blacklist is a list of blocked domains, email addresses or IP addresses. When a website gets on one of these lists, users can no longer access the site directly and...
End of Life: Windows Server 2008 & 2008 R2 and SQL Server 2008 & 2008 R2
Microsoft Windows Server 2008 and 2008 R2 were both great technological breakthroughs in the hosting fields, introducing new features which are essential for any modern system, such as a shift from 32-bit to 64-bit computing, advanced analytics and budding server virtualization technologies. Unfortunately, all good things must come to an end, including Microsoft’s support for these industry-forming server operating systems. As many know, misfortune never comes alone, so along with their Windows Server 2008 versions, Microsoft is also discontinuing support for SQL Server 2008 and 2008...