SEO Texas, Web Development, Website Designing, SEM, Internet Marketing Killeen, Central Texas
SEO, Networking, Electronic Medical Records, E - Discovery, Litigation Support, IT Consultancy
Centextech
NAVIGATION - SEARCH

Understanding Cyber Threat Hunting

Despite deploying security precautions to protect their networks from cyberattacks, numerous firms have experienced network breaches. Nowadays, threat actors use complex and sophisticated tactics to infiltrate a network, the impact of which may not be mitigated by traditional methods. The proactive procedure of checking the network for any hostile activity is referred to as cyber threat hunting.

Cyber threat hunting and cyber threat intelligence

Continuously monitoring the network for suspicious activity and gaps in the organization's ecosystem is required for cyber threat hunting. By analyzing previous data from a variety of sources, cyber threat hunting techniques keep a watch for potential new risks. Threat hunting techniques can discover, identify, and fix security flaws, vulnerabilities, and malicious behavior that normal security measures frequently fail to detect.

How to start hunting threats inside the Cyber or IT infrastructure?

Proactive preparation is the key to success in cyber security operations. It is critical to establish a solid foundation before beginning to develop the cyber threat hunting program.

A business is advised to take the following actions

  • Plan a cyber-threat hunting program - To begin cyber threat hunting, map the security process to any existing security model, such as the MITRE ATT&CK architecture. It is also recommended that the security posture be assessed to see how vulnerable the organization is to hazards and attacks.
  • Maturing the threat hunting program - After determining the level of cyber maturity, the next step is to decide whether the cyber threat hunting process should be carried out internally, externally, or a combination of both.
  • Identifying and addressing gaps in tool and technology implementation -  Analyze the current tools and determine what is required for successful threat hunting and the effectiveness of preventative technology.
  • Identifying and addressing security personnel training gaps - Threat detection necessitates the skills of an expert. If the organization lacks experienced internal specialists, it is recommended to use a third-party source.
  • Adoption of a cyber-threat hunting strategy - Any firm must have a solid cyber threat hunting strategy which can help in mitigating the impact of cyberattacks on its infrastructure.

What kind of professionals can perform active cyber threat hunting?

Cyber threat hunting calls for knowledge of all the systems and data in use at the firm. This has to be combined with exquisite expertize in threat intelligence analysis, reverse engineering and malware analysis. Threat hunters must also be excellent communicators who can present their results and contribute to the business case for sustained threat hunting resources. It is preferable to put together a team of curious, analytical issue resolvers who have these talents and are motivated to further improve them. The willingness to keep learning is another essential quality of effective cyber threat hunters. Cyber threats are continuously changing, thus threat hunters must be dedicated to keeping their knowledge current by following researchers, participating in online groups, and attending industry forums, which enables them to learn about new strategies.

Advanced next-generation technology and human professionals work in unison to create an effective threat hunting process. To find any potential risks and harmful activity, the threat hunters need investigation tools and other inputs. These tools make it possible for threat hunters to find and examine the risks. For example, XDR (Extended Detection and Response) collects all the signals from the IT ecosystem and EDR (Endpoint Detection and Response) delivers inputs from the endpoint solution. These tools aid in the earlier identification of any possible threats.

Cyber threat hunters should be aware of the automated procedures, alarms, and behavior analyses that have already been run on the data to avoid duplicating work. Threat hunting may go down a lot of rabbit holes, therefore it demands agility. However, there should be a structured framework in place to direct the hunt and allow for any necessary withdrawal from the rabbit holes.

Contact Centex Technologies for more information on cyber threat hunting. You can contact Centex Technologies at Killeen (254) 213 - 4740, Dallas (972) 375 - 9654, Atlanta (404) 994 - 5074, and Austin (512) 956 – 5454.

 

10 Ways To Secure Business Communications In 2022

A growing number of companies are implementing rules that assure greater compliance with government requirements and safe storage of critical company data. Loss of business data may not only result in penalties but also cause loss of reputation, customer trust, & finances.

Following are the most common methods used by businesses to protect corporate communications from cyberattacks:

  • PII (Personally Identifiable Information) data usage and security: A company's corporate data usage policy should explicitly define what constitutes acceptable use of the data. The PII data policies must evidently state whether corporate and/or personal use is permitted, and if yes, then what will be the scope of it. If employees are granted personal use, steps should be taken to outline what types of correspondence will be considered unacceptable or offensive.
  • Installing DLP (Data Loss Prevention) tools to prevent unauthorized transmission of company secrets: Up to 90% of a company's intellectual capital now exists in digital form. It has been estimated that the loss of critical business information via cybersecurity incidents to more than USD 24 Billion per year. It's vital that every employee understands the critical seriousness of transmitting company data. Hence, a deploying DLP solution is beneficial to not just detecting but also preventing the loss of critical and sensitive data via business communications.
  • Complying with business-specific standards and government regulations: The HIPAA (Health Insurance Portability and Accountability Act) and the Gramm-Leach-Bliley Act regulate data privacy. The acts detail specific measures that regulated companies must take to adequately protect customer data. The Securities and Exchange Commission requires organizations to comply with certain privacy and auditing standards, security controls, and mechanisms.
  • Monitoring employees’ behaviors and usage of internet and corporate devices: The company is eventually responsible for any employee’s misuse of corporate devices, assets, and data. Hence it is required to responsibly monitor, review and inspect its employees' communications. The allowed use and acceptable behavior should be articulated in a company’s communications policy, and each employee should be required to sign an agreement for the same.
  • Creating a Cybersecurity program and install security tools to strengthen the security posture: Integrations with applications that can scan messages and attachments are essential. Installation of SOC (Security Operations Center) along with the requisite software solutions is of utmost importance to strengthen the security posture of the organization.
  • Categorizing different types of information and their scope of usage: Filters should be established to look for potentially offensive or defamatory business correspondence. All outbound data transmission should be scanned for project names and other keywords that might indicate that confidential content may be about to leave the organization. Alerts that are flagged by the content filtering tools should be blocked outright or stripped off their attachments.
  • Implementing PoLP (Principle of Least Privilege): Within the company, a completely secure-communications strategy should establish graduated degrees of privilege for users. IT administrators should leverage this categorization to apply contextual logic to groups of content. For example, different types of sensitive corporate content should demand different levels of clearance to be approved for data and information distribution.
  • Deploying an appropriate encryption scheme to protect corporate email data: To safeguard every digital material that is approved for transmission beyond a specific sensitivity threshold, strict criteria should be implemented. Unless linked via a VPN, personnel data related to HR, blueprints, contract agreements, business strategies, and other sensitive information should not be transmitted between individuals in remote locations.
  • Implementing using VPNs (Virtual Private Networks) to facilitate remote working: VPN Policies can be used to establish trusted communication channels between distributed sets of users that eliminate the threat of eavesdropping. Based on the identity of the sender and recipient, policy rules can be created to secure all communications between particular individuals or specific groups of users.
  • Privacy and Security of data-in-transit and data-at-rest: Data policy rules can be set to secure the data stored in servers at the backend as well as the data getting transmitted and exchanged between senders and recipients. Encrypting all communications between certain persons of importance (for example, the CEO and CFO) or groups of users (remote finance departments, legal division and outside law firm, executive management, and R&D, etc.) is of utmost importance.

Securing corporate communications should start with the company's formation. Physical controls must be in place before new gadgets & infrastructure may be incubated. To safeguard company communications, qualified security staff must be employed and trained. 

Centex Technologies provides advanced cybersecurity solutions to businesses. To know more about securing business communications, contact Centex Technologies at Killeen (254) 213 - 4740, Dallas (972) 375 - 9654, Atlanta (404) 994 - 5074, and Austin (512) 956 – 5454.

 

Information Security Policy

Since, the evolution of security risks and vulnerabilities is constantly ongoing, compliance requirements have too become increasingly complicated. Many businesses fail to develop a comprehensive security approach to address their concerns. This is why, in terms of cybersecurity, every firm must pay close attention to their information security policies and security posture assessments. 

So, what is an InfoSec (Information Security) policy? 

An information security policy assures that all InfoTech (Information Technology) users within an organization's domain follow the InfoSec principles and advisories. InfoSec policies are created by organizations to protect the data contained in their network systems.

Every organization will need to adopt an information security policy to ensure their staff follows the essential security protocols. InfoSec policy aims to keep data disclosed to authorized recipients on a “need-to-know” basis only. An ideal example of using an InfoSec policy is a data storage facility that holds database records on behalf of a financial institution.

All businesses have confidential information that must not be shared with anyone who isn't authorized. As a result, in order to protect all of their vital data, enterprises must learn about strengthening their information security posture.

An organization's information security policy will only be effective if it is updated on a regular basis to reflect any changes that occur inside the organization. Such, malicious changes or modifications could include: 

  1. Emergence of new cyber-attacks and hackers
  2. Evolution of existing cyber-attacks and hackers
  3. Investigations and analysis of existing cyber incidents
  4. Resolutions and remediation done after prior data breaches
  5. Other modifications that have an impact on the vulnerabilities in security posture

It's critical to improve the data security in any network infrastructure by making it enforceable and resilient to malicious cyber incidents breaches. An effective information security strategy should address urgent issues that occur from any department inside the company. In addition, information security rules should always represent a company's risk appetite, risk impact and security management attitude. This policy lays down the groundwork for establishing a control system that safeguards the company from both external and internal dangers.

4 noteworthy characteristics of any information security policy

The most significant factors to consider when developing an information security policy are: - 

#1. The purpose of the information security policy

Information security policies are created for a variety of reasons. The protection of company’s sensitive data and network systems is one of the most important factors. Organizations must adopt a comprehensive strategy to maintain the security of the data and information stored in their systems. Data security, network security, infrastructure security, endpdoint security, perimeter security and likewise are a part of cyber security strategy. To retain the company’s credibility, reputation in the market as well as respect consumers’ rights, every organization must develop an information security policy. This policy also includes how to respond to queries and complaints regarding non-compliance of the regulatory standards. 

#2. End-goals for adopting the information security policy

The business and its leadership should agree on clear objectives as a group and not as individuals. The first goal the executives should establish is the Confidentiality, Integrity and Availability of data and systems nicknamed as CIA Triad. Although employees should have access to data when necessary, essential data assets should only be accessible to a few top-tier personnel in the firm. Integrity refers to the fact that data should be complete and accurate. Executives can extend the CIA triad by also including Authentication, Authorization and Non-repudiation making it CIA-AAN. 

#3. Data categorization according to sensitivity in the information security policy

Employees with lesser clearance levels should not be able to access sensitive data A strong RBAC (Role Based Access Contol) must be enforced within the information security policy. Data organization will aid in the identification and protection of key data, as well as the avoidance of unnecessary security measures for irrelevant data.

#4. The demographic target of the information security policy

The target audience for an information security policy is determined first and foremost. In the policy's scope, leadership executives can describe what employees' responsibilities are based on their hierarchy and job descriptions.

For more information about Information Security policies and methods to mitigate cyber-attacks, contact Centex Technologies at Killeen (254) 213-4740, Dallas (972) 375-9654, Atlanta (404) 994-5074, and Austin (512) 956-5454

 

 

What Are Deepfakes And Why Are They Dangerous?

Deepfake is a type of artificial intelligence created by combining the phrases deep learning and fake that facilitates in developing videos that have been fabricated via using deep learning techniques. It is a subset of AI that refers to algorithms that can learn and make intelligent judgments without human intervention. A deep-learning system can create convincing impersonations by examining images and videos of a target person from various perspectives and then copying their behavior and voice patterns. Once a prototype fake has been created, GANs (Generative Adversarial Networks) are used to make it more credible. The GANs method aims to find faults in the system and make adjustments to fix them.

How can you stay away from deepfake videos?

  1. Deepfake videos are much simpler to spot than deepfake photographs. And you may accomplish so with the assistance of two factors. When a deepfake video of a person is created, for example, there is little difference between the person and the backdrop. However, you may spot a false video if the attention is solely on the face in the video and the surrounding is purposefully obscured.
  2. Deepfake can be easily avoided by restricting personal images on social media and avoiding close-up photos of your face as much as possible.
  3. Advanced artificial intelligence algorithms are under development which can swiftly identify deepfake videos thereby preventing people from falling prey to fake news and fake films.

When and where did deepfake start?

Deep Fake was a user on Reddit in 2017 who began employing face modification technology for pornography. It was from here that the term Deepfake was coined, and videos like this were known as Deepfake Videos. 

Deepfake as a boon to technology

MyHeritage, a software program, has been in the headlines for transforming any image into a 10-second movie. With this app, you may also breathe new life into old images using this program. With the use of this program, images of prominent personalities from past were transformed into movies. And these films show that if Artificial Intelligence is applied correctly, this approach may be beneficial to humans.

Deepfake as a threat to humanity

A.  Deepfakes were used to subvert democracy in the United States 

Facebook decided to prohibit the use of deep fakes after fake videos of politicians began spreading on social media. They allowed a few loopholes, such as the ability to keep sarcastic films and photos, but distinguishing between satire and agenda-driven content is difficult.

B.  Deepfakes began to be exploited by internet predators 

People began leveraging the ability to substitute anyone's face in an image or video to make pornographic content without their consent. As the deep fake technology allows them to do so by replacing face and expressions; all cybercriminals need is a profile photograph on social media to produce fake material to produce fake videos.

C.  Deepfake to tarnishing reputation of individuals 

A Pennsylvania mom, for example, was prosecuted for harassing cheerleaders at her daughter's school by employing deep fakes. The mother used manipulated recordings to carry out a cyberbullying campaign against girls she viewed as competitors to her daughter.

Deepfakes still continues pushing the digital media envelope where researchers suggest using NFTs (Non-Fungible Tokens) is the most effective strategy to combat deep fake. But NFTs, on the other hand, are still far away from being the standard on blockchains like Ethereum.

To know more about various cyber threats and methods to prevent them, contact Centex Technologies at (972) 375-9654.

BEC: Business Email Compromise Attacks Are On The Rise

The BEC (Business Email Compromise) attack is a scam that usually targets corporates that conduct wire transfers to overseas suppliers. They target official email accounts of executives and high-level employees working in administration or finance departments. Such email addresses, involved with conducting wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks. Corporations lose hundreds of thousands of their revenue every year via these fraudulent transfers.

Attackers in the BEC, also known as the Man-in-the-Email scam, rely on social engineering tactics. They trick the employees and executives working in non-tech roles. They usually impersonate employees from the board of directors/management, or executives who are authorized to do wire transfers. Additionally, fraudsters also research and closely monitor their potential target victims, their organizational movements, and likewise.

Security Professionals in any organization usually encounter these 5 types of BEC scams:

  1. Fraud invoice: Firms with overseas suppliers are targeted wherein attackers impersonate suppliers requesting fund transfers for payments to account(s) owned by fraudsters.
  2. Executive fraud: Attackers impersonating executives send the email(s) to finance, administration, or procurement department employees requesting them to transfer money to account(s) that the hackers’ control.
  3. Account compromise: Executive(s) or employees’ email account(s) are hacked to request invoice payments to vendors or clients listed in their email contacts.
  4. Attorney impersonation: Attackers impersonate any person from the legal team or from any legal firm in charge of important and urgent matters regarding your organization.
  5. PII theft: PII (Personally Identifiable Information) of employees and tax-related statements in possession of the HR department are harvested to carry out future targeted attacks on potential individual victims.

GreatHorn, a cloud email security provider, released a BEC landscape report in 2021 that is based on information provided by 270 IT and cybersecurity professionals. 30% of them confirmed receiving 50% of malicious links in emails while a similar number of participants from the BFSI sector revealed being a victim of spear-phishing attacks. 35% of organizations disclosed that BEC attacks account for 50%+ of their incidents while a similar percentage of firms encounter spear-phishing emails on a weekly basis. Half of the professionals have dealt with a security incident in the past 12 months where every 1 out of 4 companies received at least 76% of the malware they detected via email. Usually, these email(s) do not contain any malicious links or attachments, hence they easily evade traditional as well as advanced security solutions deployed. BEC attacks are becoming more expensive than ransomware and are usually unbeatable.

 How would you protect yourself from getting tricked by these cyber fraudsters? 

  1. Check the source of email including the domain name from where it has been sent.
  2. Be alert to see anything suspicious regarding payment requests over emails.
  3. Protect email systems with advanced software capable of tracking spam and filtering out emails.
  4. Don’t make presumptions over the email, always confirm the wire transfer requests with the sender over a phone call or a video call.
  5. When in doubt, contact cybersecurity teams in your organizations as you encounter such emails in your inbox.
  6. By training the employee staff, executives, partners, clients, and customers in end-user security awareness. This can help detect and prevent being a victim of BEC attacks.

For cybersecurity and IT solutions for business, contact Centex Technologies at (972) 375 - 9654

Types Of Cyber Attacks

Cyber-attacks have become sophisticated and are now capable of causing long-term effects on organizations. Thus, businesses need to prepare comprehensive cybersecurity policies. The first step to drafting a cybersecurity policy is to be aware of the threats.

Here are the types of cyber-attacks that an organization is most likely to face:

  • Brute Force Attack: Under this type of attack, the attackers adopt a trial and error approach to guess the password to a system or user account. They try every possible combination of passwords or passphrases until the account is unlocked. Brute force attacks are expedited by using software or tools that can push many possible passwords in a short time. Some of the tools used by cybercriminals include Aircrack-ng, Crack, Hashcat, Hydra, etc.
    Safety Tips:
  • Use complex passwords and change them regularly
  • Set a limit on number of login attempts
  • Enable captchas
  • Employ multi-factor authentication
  • Credential Stuffing: Credential stuffing cyber-attack is based on the assumption that users tend to keep the same password across multiple accounts. Attackers use a database of compromised credentials (password breach database available on the dark web containing stolen credentials from data breaches) to gain unauthorized access to an account. The attackers use bots for automating and scaling up the attack. The hacked accounts can be used for financial theft, fraudulent transactions, misuse of stored data, etc.

Safety Tips:

  • Employ multi-step login process throughout the organization
  • Blacklist suspicious IP addresses
  • Use techniques such as device fingerprinting
  • Phishing & Spear Phishing: Phishing is one of the most common cyber-attack types. Attackers frame an email that looks legitimate with a seemingly trusted source to trick targets into providing personal details. The emails generally include matters that would require a user to act in a hurry; for example, the email may mention that the user needs to verify his details within a few minutes to avoid being charged a penalty or account suspension by his financial institution. The attackers use technical knowledge in conjunction with social engineering to design a successful phishing attack. Spear phishing is a more targeted attack where the attackers research the target to prepare a more personalized message or email.

Safety Tips:

  • Be wary of emails from unknown sources
  • Before clicking on a link, hover over it to see the destination
  • Pay close attention to email headers
  • Malware Attacks: Malware is a broad term representing attacks where malicious software is downloaded on the target device to steal, encrypt, or delete sensitive data for business or financial benefits. Majorly known forms of malware include adware, bots, ransomware, and Trojans.

Safety Tips:

  • Use a dedicated tool for adware removal
  • Install firewall and keep the system up-to-date
  • Perform frequent backup
  • Avoid downloads from unknown sources

Centex Technologies is committed to helping clients understand cyber-attacks and formulate an effective strategy to stay protected. For more information, call Centex Technologies at (972) 375 - 9654.

Recent Cyber Attacks

Recent times have been quite eventful for cybersecurity specialists. The world witnessed a number of cyber-attacks; thereby creating a need for adoption of advanced cybersecurity solutions.

Here is a brief description about some significant breaches that happened recently:

  • SolarWinds: In this attack, hackers were able to successfully compromise the infrastructure of a company named SolarWinds. The company produces a network and application monitoring platform known as Orion. After compromising the company’s infrastructure, the attackers used their access to distribute compromised version of the software to the users including 425 of Fortune 500 companies, top ten telecommunication companies of US, top five US accounting firms, hundreds of colleges worldwide, etc. Malware infected version of Orion was used to successfully breach a cyber-security company known as FireEye. Another malware known as Supernova also used the compromised Orion version as the delivery method to infect its victims.
  • Software AG: Software AG is the second largest software vendor in Germany and seventh largest in Europe. It was hit by Clop ransomware attack in October 2020. The attackers demanded $23 million as ransom.
  • Sopra Steria: It is a European IT firm that provides an array of IT services, including consulting, systems integration, and software development. In October 2020, the company was attacked by a new version of Ryuk ransomware.
  • Telegram: A group of hackers that had access to the system used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

Formulating new cyber security strategies and updating existing protocols is necessary for staying protected against cyber-attacks. A great way to do so is to observe the cyber-attacks and understand the new techniques being used. Recent cyber-attacks have shown that ransomware and social engineering attacks are gaining momentum. In terms of defensive actions, SolarWinds attack has indicated that third party risk management needs to be prioritized. Protecting remote endpoints and workers has emerged as next priority. Automated response systems should be used to improve the response time for preventing lateral infections through the network.

Centex Technologies provides cybersecurity solutions to businesses. For more information, call Centex Technologies at (972) 375 - 9654.

Basics Of Cyber Security Strategy

In a practical environment, a cyber security strategy is actually an amalgamation of multiple strategies. Cyber security professionals employ different strategies in coordination with each other in order to ensure a multidimensional protection against cyber threats.

Here is a brief guide to cyber security strategies:

Creating A Secure Cyber Ecosystem: The cyber ecosystem involves a wide range of entities including devices, individuals, management, private organizations, etc. which interact with each other. This strategy emphasizes on having a robust cyber ecosystem that would permit its devices to interact in a secure manner. A strong cyber ecosystem has three symbiotic structures – automation, interoperability, and authentication.

Creating An Assurance Framework: The basic objective of this strategy is to design an outline in compliance with global security standards. The framework that is designed is in compliance with industry wide standards, guidelines, and practices. These parameters help businesses to manage cyber security related risks.

Encouraging Industry Standards: Standards help in defining the outline of how an organization approaches the information security related issues. Implementation of cyber security standards enhance the efficiency of security processes, enable systems incorporations, provide a medium to test new applications, organize the approach to arrange new technologies in the cyber framework, etc.

Creating Mechanisms For IT Security: Different IT security mechanisms differ in their internal application features and attributes of security they provide. Following are the common IT security mechanisms:

  • Link Oriented Measures
  • End-To-End Measures
  • Association-Oriented Measures
  • Data Encryption

Protecting Critical Information: Critical information such as user data, login credentials, financial data, business trade secrets, etc. is the backbone of any organization. Safeguarding critical information against growing cyber threats needs a structured approach. This strategy can be implemented via following steps:

  • Defining critical information
  • Categorizing the available information
  • Prioritizing information categories
  • Securing the most critical information
  • Testing the framework
  • Securing the second category and repeating the cycle

Security As A Service: SaaS providers offer a cyber security solution with different attributes to meet diverse cyber security needs of organizations. This strategy can be implemented based on 5 C’s:

  • Change – Organizations face changing pressures from different sources such as competitive threats, new regulations, internal threats, cyber threats, etc. SaaS model enable organizations to respond to these changes quickly.
  • Compliance – SaaS solutions are designed keeping in mind the governances, regulations, etc.
  • Cost – SaaS provides an alternative cyber security solution allowing the in-house IT teams to focus on core business.
  • Continuity – Multi-tenant SaaS services are hosted in highly reliable data centers with built-in redundancy.
  • Coverage – SaaS solutions offer clear benefits with geographically dispersed sites allowing easy management of remote users.

For more information on basics of cyber security strategy, call Centex Technologies at (972) 375 - 9654. 

History Sniffing Cyber Attacks

History Sniffing is an umbrella term that defines different techniques used to monitor the web browser history for diverse purposes including the launch of a cyber attack. Although it is an old trick, the technique is still being used for victimizing internet users. In the recent times, studies have shown a rise in the types and numbers of history sniffing cyber attacks for the sheer ease of launching such attacks.

How Is History Sniffing Cyber Attack Launched?

  • The cyber attackers create fake online advertisement and preload attacker code in this ordinary looking advertizement.
  • The code is embedded with a list of target websites (the websites that hackers want to know if the user has visited).
  • When user clicks on the advertizement, the code starts running and checks the browsing history for target websites.
  • If the user has visited any of the target websites, the program will indicate a match to the hacker.
  • The hackers then redirect the victim to corresponding fake version of the website to cause further damage.

How Are History Sniffing Attacks Used?

The data collected by history sniffing attacks is used as a foundation for other types of cyber attacks by hackers.

  • Phishing: Hackers use history sniffing techniques to find out the financial organization websites visited by the victim. This data is then used to launch customized phishing attacks which automatically match every victim to a fake page of actual financial organization. The victims are tricked into filling their financial details which can be used by hackers to steal money from users’ accounts.
  • Stalking: History sniffing can be used to stalk internet users by keeping an eye on their browsing behavior. Hackers may keep a track of social media pages or locations saved in the browser history. Stalking may cause some serious problems for the victim such as kidnapping, physical damage, assault, etc.
  • Identity Theft: It is common for internet users to save their login details or choose the option to ‘keep Logged In’ on their browser. Hackers can use history sniffing coupled with other malicious code to check the social media profiles logged in on the browser and access these profiles to pose as the user. They can further use these accounts to send unauthorized messages, post fake news, etc.

For more information on history sniffing cyber attacks, call Centex Technologies at (972) 375 - 9654.