Archives

COMMENT PROTEGER VOTRE MOT DE PASSE SUR LES RESEAUX SOCIAUX

La protection des mots de passes est devenue tres difficile pour les utilisateurs sur les reseaux sociaux.

Chaque jour des milliers d’utilisateurs perdent leur mot de passe. La plupart des utlisateurs n’arrivent plus a recouvrir leur compte. Ils recreent juste un autre compte.  Mais cela est une mauvaise pratique car dans le compte precedent si vous aviez des informations confidentielles, cela pourrait vous compromettre. La meilleure solution serait de recouvrir votre compte.  Pour lutter contre cela, il faudra prendre des precautions. La meilleure solution sera d’y prendre soin. Cest pourquoi osintafrica.net a ete cree pour vous aider a mieux proteger vos informations telle que votre mot de passe.

Juste un exemple , sur les reseaux sociaux comme Facebook, Instagram,Youtube,Twitter, Tiktok la plupart  des utilisateurs  sont pas informes sur les bonnes pratiques pour mieux proteger leur mot de passe. Cela amene les utilisateurs souvent de commettre des erreurs sans se rendre compte.

A cet effet, citons quelques exemples de mauvaises pratiques des utilisateurs sur les reseaux sociaux.

Mauvaises pratiques:

  • Utilisation de mot de passe tres facile a retenir
  • Sauvegarde de mot de passe dans le telephone ou sur papier (en plus de mettre sur le papier, ils le mettent dans l’armoire 😊). Comme on le dit en Anglais security through obscurite.
  • 2FA nest pas active sur le compte
  • Le meme mot de passe ne change jamais (le mot de passe nest pas un monument il faut le changer 😊)
  • Le meme mot de passe est utilise sur d’autres comptes ( exemple meme mot de passe utilise sur Facebook, Instagram, Youtube etc…).
  • Beaucoup d'utilisateurs cliquent sur les liens malvaillants sans se rendre compte du danger (les liens malvaillants vous guident souvent sur un lien similaire au siteweb sur le quel vous vous connecte pour voler votre mot de passe).
  • Envoyer son code de reinitialisation de mot de passe sans se rendre compte du danger.
  • Utilisation de mot de passe similaire au mot de passe precedent (one-upped password) - Si le premier mot de passe etait : password , le second sera: password1 (  Ce qui est une mauvaise pratique car les hackers arrivent a facillement trouver se genre de mot de passe.)
  • Sans faire attention, beaucoup d’utilisateurs tapent leur mot de passe dans les lieux publics sans couvrir lecran .
  • Pas d’application pour gerer les mots de passes.
  • Les utilisateurs une foins cree un compte ne garde plus la boite mail creee se qui rend le recouvrement du mot de passe impossible. 

Nous pouvons en citer plusieurs encore, mais limitons nous la ( le temps cest de l’argent).

Pour remedier a ces mauvaises pratiques il ya des bonnes pratiques.

S’il vous plait, souffler avant de lire 😊.

Bonnes pratiques :

  • Utiliser un mot de passe plus complexe (au moins 8 chiffres avec des majuscules, minuscules et des chiffres et d’autre characters ci possible).
  • Ne jamais mettre le mot de passe dans le telephone ( a plus forte raison dans votre armoire 😊).
  • Activer le 2FA.
  • Changer le mot de passe au moins une fois dans l’annee (  cest mieux de le changer apres chaque 6 mois).
  • Ne pas cliquer sur un lien qui vient souvent des inconnus ou bien des personnes avec les quelles vous communiquees rarement , cest mieuix de verifier toujours le lien sur une platform comme VirusTotal - Home.
  • Ne jamais envoyer le code de reinitialization  de mot de passe a un autre utilisateur  (encore jamais du tout)
  • Contacter le service clientele (par exemple Facebook a un service clientele pour des cas de perte de mot de passe a contacter).
  • Utiliser la boite mail qui avait ete creee pour creer le compte (Facebook, Instagram, Youtube etc...)
  • Ne jamais utiliser un mot de passe similaire au precedent (one-upped password)  
  • Toujours cacher le mot de passe avant de le taper  (surtout regardez les cameras aussi a cote).
  • Utiliser une application pour mieux gerer vos mots de passe:
  • Exemples:
  • Keepass KeePass Password Safe
  • Lastpass #1 Password Manager & Vault App with Single-Sign On & MFA Solutions | LastPass

Comme vous le constate, les bonnes pratiques sont l’inverse des mauvaises pratiques. Donc essayer de changer ces mauvaises pratiques pour mieux proteger votre compte.

How to use Have I Been Pwned?

Haveibeenpwned is an open-source tool used mostly by cyber security people (no worries you also can use it). The tool is very powerful and useful. Most of organizations today working in the field of cyber security used it.

The tool is used to notify different organizations about data breached, assess password before using it.

Description of the tool:

 

Have I Been Pwned

HOME

Once you type the domain name of the website, you will be redirected to the “Home page” of the website

 

 

Type your email address or phone number to verify if your password or sensitive information such as phone number, credit card, email addresses, physical addresses, social security number and others were leaked in a data breached.

 

We can see the email address entered was not found in the database which means that there was no data breached where the email address entered was found.

Below in the “Home page”, you can find some information related to previous data breached.

 

Click on one of the links, you will find the information about the data breached in April 2021, the marketplace named OGusers suffered from a data breached and the compromised data details.

NOTIFY ME

If you want to be notified about any data breached where your email address was found, click on the menu “Notify me”, enter your email address, if you are not a robot, please select “I’m not a robot” and click on the button “Notify me of pwnage”

 

You will receive the message if your email was found in any breached in the past and also will be notified about future breached.                             

DOMAIN SEARCH

If you want to find all the emails addresses with a specific domain in a data breached, you can use this option.

You will have to verify if you are the domain’s owner to be able to use this setting.

WHO’S BEEN PWNED

This menu contains information about breached websites and companies available in the “Havebeenpwned” database.

 

PASSWORDS

This menu can be used to assess a password before using it. Put a password that you want to use and click “pwned”.

You see the message “Oh no - pwned” which means that the password entered was breached 264 149 times. Please do not use the password entered 😊.

API

The API can be used to retrieve data breached information for example many organizations used this option to be notified about the data breached in their company email address.

DONATE

As you can see, the owner of the website who is Troy Hunt worked a lot to provide this amazing tool to the worldwide.  Any donation will be used for building, running and keeping the website. This option is also very important 😊.

Citrix and Citrix ADC released patches for Citrix Gateway

 

 Three Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC.

The vulnerabilities are the following:

  • CVE-2022-27510 Unauthorized access to Gateway user capabilities
  • CVE-2022-27513 Remote desktop takeover via phishing
  • CVE-2022-27516 User login brute force protection functionality bypass

Be aware that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue.

The affected versions are the following:

  • Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
  • Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
  • Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
  • Citrix ADC 12.1-FIPS before 12.1-55.289
  • Citrix ADC 12.1-NDcPP before 12.1-55.289

The released applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services do not need to take any action.

Recommendation:

Install the relevant updated versions of Citrix ADC or Citrix Gateway.

NB: Only Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions.

Why should we update our browsers?

 

While you are reading this post, I know that your browser is not updated. This is because you are not aware of the impact that it might cause to your system or organization.

In October 2022, Google fixed 7 Chrome zero-day vulnerabilities exploited by threat actors.

CVE-2022-3723 

CVE-2022-1096

CVE-2022-0609

CVE-2022-2856

CVE-2022-1364

CVE-2022-2294

CVE-2022-3075

Google Chrome recommended to update the web browsers to block exploitation attempts.

In October 2022, Microsoft has released several fixes for the Microsoft Edge Stable versions.

Details:

Microsoft has released the latest Microsoft Edge Stable Channel (Version 107.0.1418.26). This update contains the fix for CVE-2022-3723, reported by the Chromium team as having an exploit in the wild.

Microsoft has also updated Microsoft Edge Extended Stable Channel (Version 106.0.1370.61), which contains the fix to CVE-2022-3723.

Microsoft has released the latest Microsoft Edge Stable Channel (Version 107.0.1418.24), which incorporates the latest Security Updates of the Chromium project.

Microsoft has released the latest Microsoft Edge Stable Channel (Version 106.0.1370.34), which incorporates the latest Security Updates of the Chromium project.

Microsoft has recommended to update to the newest version.

In March 2022, Firefox fixed 2 vulnerabilities (CVE-2022-26485 and CVE-2022-26486) under attack.

Firefox recommended to upgrade to Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Focus 97.3.0 to block exploitation attempts

As we might see, the web browsers could have several vulnerabilities and also could be exploited by the threat actors to steal users’ data or data from different entities such as corporation, government and so on.

In order to avoid that, there are some recommendations to follow.

Recommendation:

Monitor your browser if there is any update information.

You could also subscribe to the security blog or webpage of the organization owning the browser so you can get information about different update issues.

Update your browser always when the update is available.

OpenSSL has patched two high severity vulnerabilities

OpenSSL has released two high severity vulnerabilities within the open source OpenSSL library.

The both vulnerabilities CVE-2022-3602 and CVE-2022-3786 require a malicious X.509 certificate that has been signed by a valid certificate authority.

The first vulnerability CVE-2022-3602 - could cause a denial of service by allowing the bytes containing the character “.” (decimal 46) to be entered on the stack.

The second one CVE-2022-3786 - could cause a denial of service by allowing the attacker to craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the “.” character (decimal 46) on the stack.

Affected version: OpenSSL versions 3.0.0 to 3.0.6.

Mitigation: OpenSSL 3.0 users should upgrade to OpenSSL 3.0.7.

How to protect your data?

 

The confidential data are any types of data if leaked could cause several damages to any company such as data lost, loss of reputation or a person.

Data are categorized in the following ways:

PII (Personal identifiable Information) – Consist of data such as Username and password, date of birthday, social security number, credit card number and others.

PHI (Personal Health Information) – Consist of data such as data related to human health (medical record).

Sensitive or confidential Information – Consist of data related managed by private institution, public institution, military institution or army or data that belong to a person such as personal data that could be used to blackmail someone (Pictures, message, voice call, video and others).

Financial Data - Consist of data managed by financial institution such as Banks, any institution storing financial information (Organization, Insurance companies and others)

The data are protected by regulations or standards based on the countries where the data reside such as the African Union’s Convention on Cyber Security and Personal Data Protection, GDRP, The Gramm-Leach-Bliley, HIPAA, PCI DSS and others.

 

Below, you can get some tips about how to protect your data:

Don't share confidential data sensitive data via public file transfer and storage.

Don’t put data such as password, key, source code on public GitHub or other code repositories.

Use 2FA.

Use encryption while sharing confidential data

Don't put any confidential data over social media

Don't upload file on virus total or others similar sources unless you are sure that it does not contain any confidential data

Use the hash to check the file reputation on VT

Monitor confidential data leaked on dark web or data leaked issue from source such as Havebeepwned

Monitor your key word on different social media

Perform a vulnerability assessment and patching

Perform a threat hunting to detect any threat that can be exploited

 

Les hackers sont entrain de voler le mot de passe des utilisateurs lors du process du 28 Septembre 2009 en Guinee

Le monde braque sur le process du 28 Septembre 2009 en Guinee, les hackers le sont aussi.

Notre equipe a pu detecter des utilisateurs malvaillants sur des chaines Youtube   des televisions Guineenes  telles que  Djoma TV, Espace FM, FIM FM qui sont devenues des vecteurs dattaques pour les hackers.

Des liens ou domains malvaillants sont distribues sur ces chaines pour attirer lattention des utilisateurs en vue d’y cliquer .

Exemple 1

Sur la chaine Youtube de Djoma Media, des liens malvaillants partages aux utlisateurs pour voler leur mot de passe.

Sur la photo au dessus, le domain GIRLS18[.]XZY (NE PAS CLIQUER SUR LE LIEN) apres examination par notre equipe de  Cyber Threat Intelligence.

Les resultast suivants ont ete obtenus:

Le domain  a ete cree il ya 8 jours heberge sur GO DADDY.

Apres soumission du domain, VirusTotal na pas detecte le domain comme malvaillant.

Le meme domain sur URLSCAN.IO nous redirige vers un notre domain que nous pouvons apercevoir sur l’image .

Apres une analyse faite sur ce domain, nous avions obtenu plus d’information sur les techniques utilisees par les attaqueurs .

Nous pouvons voir maintenant que ce domain a ete classifie par des anti-virus comme Fortinet, Sophos et dautres  comme Phishing .

URLSCAN montre le meme resultat.

Le domain a ete classifie comme malvaillant.

 

Exemple 2 

Le second exemple  vient de la chaine Youtube de la chaine TV Espace FM.

Comme vous le voyez,  le lien  mavaillant girls69[.]xyz  (ne pas cliquer sur le lien) a ete partage (Jespere que les utilisateurs nont pas clique 😊).

 

Les meme techniques et meme indicators ont ete trouves.

Le domain a ete cree il ya 6 jours.

Virustotal  resultat  RAS

Notre grand ami URLSCAN nous revele que le domain est redirige vers le meme domain que le cas precedant.

Le Meme domain produit le meme resultat.

Nous voyons que les meme bandits causent les meme effets 😊.

A ce effet nous pouvons conclure que les auteurs ont pour objectif de voler les information personels des utilisateurs et sy possible aussi installer un fichier malvaillant pour dautres objectifs.

Soyez virgillants mes chers auditeurs.

 

Recommendations:

Ne jamais cliquer sur un lien que vous ne connaissez pas.

Verifiez le lien sur Virustotal comme on vous a montre dans nos exemples.

Utilisez 2FA sur vos comptes Youtube, Facebook, Instagram et autres.

Ne jamais utilizer les meme mots de passes sur different comptes.

Ne jamais partager vos information personnelles le mot de passe, email addresse, date de naissance publiquement.

 

How to find different domains mimicking your brand?

Nowadays, the threat actors are using different technics to steal users PII (personal identifiable information).

One of the easiest ways of doing that is to create a fake web page that looks like a well-known webpage such as Facebook, Twitter, YouTube, Instagram, LinkedIn, Netflix and others services (Banks, gaming platforms etc.)

Let’s give some example:

URLscan URL and website scanner - urlscan.io

Is a well-known URL and website scanner used by most of security professional

The examples below, will teach us about how to find the website mimicking our brands.

1 – Netflix brand mimicking by threat actors to steal users credentials

The first to do is to connect to type the domain “netflix.com”  - www.netflix.com - urlscan.io

Next, go to “HTPPtransaction”, click on the “image” button

Now, you need to expand the image view and  click on “Show image”

Once clicked, you will see the image

As we can see the image now, if you want to find other webpages with the same image, follow the next steps.

Click right on the “Hash” Of the image and “choose open on the new tab “

You will get the following page

Scroll down the page, you will find some domains different from the one we submitted which is the legitimate one

Open in the new tab the domain that are different from the legitimate one (Netflix.com)

Now as you can see, we found some domains malicious domains mimicking Netflix.com.

You can use the same technic for your brand or organization.

Recommendation

Check the URL or the domain before connecting to a domain

Use 2FA for your login

Use different password for different account

Use a platform like Virus Total to check the domain if you are not sure before connection