CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass
Showing posts with label Malware. Show all posts
Showing posts with label Malware. Show all posts

Saturday, October 26, 2024

Understanding Adware: How to Identify and Prevent It

 Adware

Adware is malware that displays advertisements on a computer or device without the user's knowledge or consent. Adware can also collect information about a user's browsing habits and online behavior to target them with customized ads.

Adware can be installed unknowingly when a user is trying to install legitimate applications with which adware is bundled. It can also be downloaded through mobile apps or by downloading freeware like toolbars, HD wallpapers, or widgets.

Some signs of adware include:

  • Advertisements appearing in places they shouldn't be
  • The web browser's homepage changing without permission
  • Web pages not displaying properly
  • Website links redirecting to different sites
  • The web browser slowing down
  • New toolbars, extensions, or plugins appearing in the browser

To prevent adware, you can use antivirus software or regularly update your device. Antivirus software can detect malware before it infects the rest of your device.

Posted by at No comments:
Labels: , , , , , ,

Sunday, October 13, 2024

WAF (Web Application Firewall)

 Web Application Firewall

A web application firewall (WAF) is a security tool that monitors and filters data packets to and from web applications to protect them from threats. WAFs are a critical defense for online businesses that need to protect sensitive data, such as retailers, banks, healthcare, and social media.

Here's how a WAF works:

  • Analyzes HTTP requests: A WAF examines the headers, query strings, and body of HTTP requests.
  • Identifies threats: A WAF searches for malicious requests, suspicious patterns, and known threats.
  • Blocks requests: When a threat is detected, a WAF blocks the request and alerts security teams.

WAFs can protect against a variety of threats, including:

  • Malware
  • Malicious bots
  • Zero-day exploits
  • Cross-site scripting (XSS)
  • SQL injection
  • Cross-site request forgery
  • Distributed denial of service (DDoS) attacks
  • Buffer Overflow

WAFs can be deployed in various ways, including network-based, host-based, or cloud-based. They are usually part of a suite of tools that work together to create a comprehensive defense against various attack vectors.

Posted by at No comments:
Labels: , , , , , , , ,

Thursday, October 10, 2024

Threat Vector

 Threat Vector

A threat vector is a method or path that cybercriminals use to gain access to a network, device, or system. The term is often used interchangeably with "attack vector."

Here are some examples of threat vectors:

  • Phishing emails
  • Malicious websites
  • SQL injection
  • Social engineering
  • Cross-site scripting
  • Denial of service
  • Brute force attacks
  • Malware
  • Exploiting vulnerabilities

Understanding threat vectors is essential for developing effective cybersecurity strategies. Organizations can recognize and track an adversary's attack vectors to better defend against targeted attacks.

Posted by at No comments:
Labels: , , , ,

Sunday, August 12, 2018

MALWARE TYPES - Part 1

Virus: This is malicious code that attaches to a host program/application. After a user initiates an action such as launching the application. Some viruses deliver the payload immediately, others wait for the virus to replicate.

 Symptoms vary, the virus may open a backdoor for an attacker, delete files, install a zombie and join the system to a botnet, or cause the system to reboot intermittently.

 Polymorphic Virus: This type of virus has the ability to change its binary pattern as it replicates or when it is executed. The code is encrypted and uses different encryption after each infection. The ability to change code makes it difficult for an antivirus program to detect this malware.

 Armored Virus: This type of malware is able to fool antivirus programs as to its true location, making the antivirus believe it is located in one area while being located in a completely different area. Armored viruses use obfuscated code making it difficult to reverse engineer.

 Trojans: Trojans are disguised as something useful, such as a screensaver, or legitimate software. Trojans are added to keygens so that a user activates pirated software. Here are some of the things that occur as a result of a trojan:
  • Backdoor: gives an attacker remote control
  • Email: Be used to harvest emails from the system
  • Usernames & Passwords: Steal this info for bank accounts
  • Download: Can be used to update itself or download other malware
One of the platforms for Trojans to be delivered is through email attachments. The best way to protect against this: to prevent executables from running, open the email in plain text, not HTML

CompTIA SYO-501 Security+ covers all of these in the objectives

Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)