A Proposed Methodology to Prevent a Ransomware Attack

- RANSOMWARE as malware, increasing threat, three techniques-prevent, detect and mitigate, backup, software updates, educating users, network protection, software optimization, antivirus solution, don’t pay ransom, RDP (remote desktop protocol), disabling macros, principle of least privilege, software restriction policies(SRP), Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), administrative rights, network segmentation.

Security and Privacy of QR Code Applications: A Comprehensive Study, General Guidelines and Solutions

The widespread use of smartphones is boosting the market take-up of dedicated applications and among them, barcode scanning applications. Several barcodes scanners are available but show security and privacy weaknesses. In this paper, we provide a comprehensive security and privacy analysis of 100 barcode scanner applications. According to our analysis, there are some apps that provide security services including checking URLs and adopting cryptographic solutions, and other apps that guarantee user privacy by supporting least privilege permission lists. However, there are also apps that deceive the users by providing security and privacy protections that are weaker than what is claimed. We analyzed 100 barcode scanner applications and we categorized them based on the real security features they provide, or on their popularity. From the analysis, we extracted a set of recommendations that developers should follow in order to build usable, secure and privacy-friendly barcode scanning applications. Based on them, we also implemented BarSec Droid, a proof of concept Android application for barcode scanning. We then conducted a user experience test on our app and we compared it with DroidLa, the most popular/secure QR code reader app. The results show that our app has nice features, such as ease of use, provides security trust, is effective and efficient.

A RISC-V Processor Designed For Security

A microprocessor is as secure as its weakest module. Depending on the application, the weakest module may be present in the hardware, micro-architecture, or a vulnerability in the software. For instance in a web-server, the biggest threats occur due to software vulnerabilities and due to information leakage in shared micro-architecture components. On the other hand, in an end-point IoT device, invasive and non-invasive hardware attacks such as Differential Power Analysis (DPA), are arguably the biggest threats. In this paper we highlight some aspects of the development of a secure processor called Shakti-S. The processor is configurable and can cater to vulnerabilities in multiple layers. To protect against memory vulnerabilities that are common in applications, hardware enabled memory protection schemes are implemented. Fine-grained compartment capabilities permit the secure least-privilege software design methodology. In the micro-architecture, shared modules like cache memories are protected by moving target randomization mechanisms which can prevent most variants of cache timing attacks. In the hard-ware, critical information is masked to break correlation with the device’s power consumption, thus hardening the processor against strong side-channel attacks like the Differential Power Analysis.