Cyber Defense eMagazine October Edition for 2021

More documents

Recommendations

Info

Note: Note that the IP address associated with the iPhone has no relationship with the proxy server, but it is obvious that they will have to be on the same network so that traffic can be captured. As soon as we finish configuring the iPhone to use BURP as our proxy server, we can already see some packages, this is because several applications are running in the background, usually software’s updates, email’s updates, among others. Cyber Defense eMagazine – October 2021 Edition 46 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Below we have an example of intercepted packet with POST method in connection with office365 for email update, note that DeviceType is already identified as an iPhone. For demonstration we used a real healthcare application, more precisely from a healthcare company, and for ethical reasons, I obviously kept the data hidden. We can analyze that when we open the application on our smartphone, API requests to the server are already executed to exchange information and with this we have already seen the packages as shown in the image below: Despite being an application that requires a high level of information secrecy, data is transferred in plain text, so that’s means without any encryption involved. As we can see in the image below, we are not yet talking about access credentials, but in any case, they are sensitive data, such as the beneficiary number (insurance ID) and telephone number. Cyber Defense eMagazine – October 2021 Edition 47 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: The Top 6 Cyber Attacks Of 2021 So
Page 3 and 4: Protecting SMBs from Current Cybers
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - October 2
Page 35 and 36: #2 Florida’s water system A hacke
Page 37 and 38: Raise Cyber Security Awareness: Whe
Page 39 and 40: Source Code Protection Market Do we
Page 41 and 42: of script administration, no backup
Page 43 and 44: to steal “the keys to the kingdom
Page 45: Part 1 - Using a Proxy Server - BUR
Page 49 and 50: Having the device UUID and being co
Page 51 and 52: In the second part, we demonstrate
Page 53 and 54: Currently, we are bound to use tech
Page 55 and 56: You can be a hacker too! Remember,
Page 57 and 58: The Brutal Reality of Brute Force A
Page 59 and 60: Multi-factor authentication is one
Page 61 and 62: Why outdated software poses cyberse
Page 63 and 64: About the Author Roman Davydov is a
Page 65 and 66: What data security risks do communi
Page 67 and 68: Is the Edge Really Secure? By Cheta
Page 69 and 70: Or, let’s spend some time discuss
Page 71 and 72: accessible. Different agencies have
Page 73 and 74: Making Sure the Lights Don’t Go O
Page 75 and 76: Gösgen’s IT Security Officer, Fr
Page 77 and 78: MFA works a few different ways, but
Page 79 and 80: Get Ahead of the Game: Packet Captu
Page 81 and 82: investigations and the ability to t
Page 83 and 84: Thousands of Fortinet VPN Account C
Page 85 and 86: and operating costs. FIDO2 is the s
Page 87 and 88: As ports have been steadily ramping
Page 89 and 90: About the Author Working at the int
Page 91 and 92: Today’s Threat Landscape The 2021
Page 93 and 94: Thwarting Today’s Phishing Attack
Page 95 and 96: Security is Everyone’s Job Employ
Page 97 and 98:
CapitalOne data breach occurred as
Page 99 and 100:
About eSentire eSentire Inc., is th
Page 101 and 102:
Complying with regulations Security
Page 103:
Cyber Defense eMagazine - October 2
Page 106 and 107:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Free Monthly Cyber Defense eMagazin
Page 117 and 118:
show all

Cyber Defense eMagazine October Edition for 2021

Create successful ePaper yourself

Delete template?

Save as template?