- Cyber Threats:
Context - For professionals working in the GST Department.
- Phishing via Emails
- Malicious Macros (word and excel)
- Client Site Request Forgery / Server Side Request Forgery
- Remote Code Execution
- Local File Inclusion / Remote File Inclusion
- Unauthorized Physical Access of the Machine
- Cyber Threats
- NA
- Phishing & Identification
I dont understand what you mean by Identification. (Identification of what?)
- Types of Phishing:
- Phishing
- Wishing
- Pharming
- Whaling
- Phishing can not only be using to steal credentials, but can also be used to perform certain tasks under the context of the victim's identity.
- Generation of a link & attaching a some malicious javascript combined with some witty tricks to hide the actual impact of clicking on said link is all that it takes to perform a good cyber attack.
- Data Leak & Way Forwards
Don't understand what "way forwards" is.
- Data leaks can occus under many pretexts.
- Remote File Inclusion Vulnerabilities occur when the remote directories in a web server, can be seen on the web page, even though they are not supposed to be seen. This causes leaking of information like SSH keys (id_rsa, id_ed25519, id_ecdsa, etc.)
- If SQL servers can be queried through injection vulnerabilities on the website, this can cause a data leak too. Specifically, if a Microsoft SQL Server is hosted, and if an SQL injection is present, something known as an
xp_cmdshellcan be popped. This will allow the attacker to issue commands remotely.