Why is Important Employee Monitoring System software

EMS, an employee monitoring software is a means of employee monitoring, and allows company administrators to monitor and supervise all their employee computers from a central location. It is normally deployed over a business network and allows for easy centralized log viewing via one central networked PC.

Employee Monitoring System

                                                        Employee Monitoring System

Employee surveillance in the workplace is an obvious proactive step for a company to take to protect its intellectual property. Failing to protect proprietary digital assets from corporate espionage has caused the demise of many strong companies. Additionally, lost revenue from low employee productivity can quickly reduce profit margins and business sustainability. Cyber Security Infotech Private Limited is one of India’s first companies to develop Employee Monitoring System software aiming to secure the intellectual property of your organisation.

Protecting your privacy in the workplace is not a challenging task. Intellectual property is a valuable business asset. Examples of intellectual property include the programming code that makes a computer application work, guarded trade secrets and marketing strategies.

Clearly, there are many reasons a company chooses to implement an EMS (Employee Monitoring System).

Employee Monitoring System can record all aspects of computer use including:

  1. Events timeline logging: Logs all events employees performed and view them in an organized listing.
  1. Website activity: Logs all websites visited by the popular browsers.
  2. Application usage: Monitors and logs all applications run on the computer.
  3. Documents opened: Records documents and files opened and viewed.
  4. Screenshot monitoring: EMS can take employee’s monitor Screenshots, often periodically at random intervals.
  1. File access: Get to know files deleted or downloaded on EMS installed computer.
  2. Print monitoring: Records print jobs from EMS users in company network.
  3. Monitor Data: You can monitor your data in the employee system so it can be saved from outside world.

Advantages of using CSI’s EMS

  • Works on Stealth mode
  • Lets organisations monitor and increase employee’s productivity
  • Reduce financial risks
  • identifies problem areas, offenders, frequency and seriousness
  • Management can assess, in real time, the level of inefficiency within their organizations
  • Employers can refocus their energy on growing their business and driving employee productivity
  • Review e-mails that contain selected words to avoid allegations of harassment at workplace

You Can Contact Regarding this Software

Contact Person – Ankit 

Contact Number- +91 9990302472

Mail id – sales@csinfotech.org
Web – www.csinfotech.org

DoubleDirect” MitM Attack Causes Risk to iOS, Android and OS X Users

ios-7-vs-androidA security firm has discovered a particular type of Man-in-the-Middle (MitM) attack targeting Android, iOS, smartphones and OS X users around the world.

Zimperium from San Francisco Thursday blog post revealed that just like other MitM attacks, this DoubleDirect can permit the cyber criminal to intercept important data, such as login credentials, email ID’s, personal data, banking information or deliver malware to the targeted vulnerable devices through redirecting the a victim’s traffic to the attacker-operated devices.

However, with a twist, this DoubleDirect will use ICMP redirecting packets to change the routing path of the victim host that causes traffic to flow through a random network path from the particular IP according to the blog.

“Once redirected, the attacker can compromise the mobile device by chaining the attack with an additional Client Slide vulnerability (e.g.:browser vulnerability), and in turn, provide attack access to the corporate network,” Zimperim added.

The attack is working on the newest version of iOS that includes 8.1.1 version; Android devices, which the firm tested that includes Lollipop and Nexus 5; Yosemite on OS X; the blog said. From the blog post, the firm has educated the users on how they can manually disable the ICMP Redirect from their Macs to minimize the issue.

Patrick Muray, the vice president of Zimperium products have said to the SC csinfotech.org last Friday interview that similar security measures can’t be easily applied to iOS and Android devices because users will need permissions to disable the acceptance of the ICMP redirecting packets.

According to Murray, “The other way to handle this is for the entire website properties to handle full HTTPS, by doing this; it would be hard for you to do anything with the attack.”

From the blog, Zimperium recognized 31 countries that include USA, UK and Canada from where the attacks are happening. At the time of campaign, traffic coming from Google, Hotmail, Live,com, Facebook, Twitter and Naver (Korean Website) were detected as redirected by the attack using “DoubleDirect” technique.

Zimperium firm noted from its blog that this new attacking technique is the “full derivative of a known ICMP Redirect attack”, which had been revealed many years back. The company provides a comprehensive “Proof-of-Concept” PoC for DoubleDirect Attack, which users could download from the web.

The blog post said, “Zimperium is releasing this information at this time to increase awareness as some operating system vendors have yet to implement protection at this point from ICMP Redirect Attacks as there is attacks in-the-wild.”

Chris Messer, the vice president of Coretelligent technology, which is an IT and cloud services firm said in an arranged email commentary that “DoubleDirect has the potential to be an extremely serious attack technique  more especially an increasing numbers of people conduct sensitive transactions from their smartphones and tablets.”

The attackers are very desperate to gather credit card information and “personally identifiable information” or PII that various banks, shopping, transportation or other well-known applications and stores. Chris Messer wrote to the advertising firms to use strong “mobile device management program” to monitor threats like this.

Web Servers Hijacked Using CryptoPHP – Backdoored CMS Plugin & Themes

cryptNumerous security researchers exposed many thousands of backdoored plug ins as well as the themes for the well-liked content management systems (CMS) that may be utilized by attackers to cooperate with web servers in a big scale.

The security firm Fox-IT that is based in Netherlands has printed a whitepaper that reveals a novel Backdoor called “CryptoPHP”. Security researchers were able to discover spiteful plug ins and ideas for Joomla, WordPress and Drupal. On the other hand, there’s a little relief for users of Drupal since only themes have been discovered to be contaminated from CryptoPHP backdoor.

Miscreants utilize a simple trick of social engineering just to abuse site administrators. They frequently attract website administrator in downloading pirated edition of saleable CMS plug ins as well as themes free of charge. After downloading, the hateful theme or plug ins incorporated set up the administrator’s server.

Fox-IT stated it its study regarding the attack that “By publishing pirated themes and pug ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social-engineering site administrators into installing the included backdoor on their server.”

Once the backdoor has been installed in web server, it could be controlled by any cyber unlawful people using diverse options like command and control server (C&C) communications, email as well as manual control.

The following are the other potentials of CryptoPHP backdoor:

  • Incorporation into well-liked content management system such as Joomla, Drupal and WordPress.
  • Public key encryption intended for communication amid the cooperative server and the command and control (C2) server.
  • Physical control of the backdoor beneath the C2 communications.
  • Backup system installed against C2 domains take downs through email communications.
  • A wide communications in terms of IP’s and C2 domains.
  • Distant updating of the listing of C2 servers.
  • Capability to update itself.

Once installed on a web server, the backdoor can be controlled by cyber criminal using various options such as command and control server (C&C) communication, email communication and manual control as well.

Miscreants are utilizing Crypto PHP backdoor on websites that are compromised and web servers for unlawful Search Engine Optimization (SEO), which is known also as Black Hat SEO, as stated by researchers in their report. This is due to the fact that compromised websites connection to the websites of attackers appears on top in the results of search engines.

Black Hat SEO is a technique used on maximizing the search engine results without human interaction within the pages, which also violates the guidelines of the search engines. This technique includes doorway pages, keyword stuffing, adding unrelated keywords, invisible text, and page swapping.

The securitycompany has discovered 16 variants of CryptoPHP Backdoor on thousands of backdoored plugins and themes as of 12th November 2014. First version of the backdoor was appeared on the 25th of September 2013. The exact number of websites affected by the backdoor is undetermined, but the company estimate that at least a few thousand websites or possibly more are compromised.

Sony Pictures computer system down after reported hack

rouSony Pictures Entertainment said its computer system was down for a second day on Tuesday, following media reports of a major hacking attack aimed at the film and television studio.

Before Sony Pictures’ computers went dark on Monday, the screens displayed an image of a red skeleton with the phrase “Hacked By #GOP,” according to the Los Angeles Times.

The hackers warned the unit of Sony Corp that they had obtained “secrets” that they would leak on the Web, the newspaper reported.

“We’ve already warned you, and this is just a beginning. We continue till our request be met,” said a message that popped up on the computer screens, according to the L.A. Times.

Sony Pictures spokeswoman Jean Guerin said the company’s network was down as it dealt with “a system disruption” and that technicians were “working diligently” to resolve the issue. She did not give any details of the reported cyber attack.

Emails sent to Sony Pictures on Tuesday were kicked back with an explanation that its “email system is currently experiencing a disruption.”

The Los Angeles Times said Sony Pictures employees had to resort to using pencil and paper to get their work done on Monday. It was unclear if the problem would affect the company’s plans for upcoming holiday films, such as “Annie,” or regular television programs including “Wheel of Fortune” and “Jeopardy!”

Sony Corp has been a target of hackers in the past. In 2011, its video game online network suffered a major attack resulting in the theft of data belonging to 77 million users, one of the breaches to date.

Codified law needed to deal with cyber crime: Justice Misra

New Delhi: Supreme Court judge Justice Dipak Misra on Thursday called for a codified law as well as imparting proper training to law enforcement officers to deal with the issue of cyber crime and match the level of intelligence of the criminals who commit such offenses.

Expressing concern over the growing instances of cyber crime, Justice Misra said, “There is a need to come up with a code, a mechanism to deal with cyber crime. Through a computer a man can create an artificial system which can have much more knowledge than what human mind can contain. Knowledge is powerful and knowledge can be dangerous.”

“We need to train the officers and make them efficient and competent in these laws with a different kind of branch as everyone cannot do it.”

Speaking at the International Conference on Cyberlaw, Cyber crime and Cyber Security at the India International Centre, the judge also spelled out the difficulties likely to arise in dealing with the issue.

“Litigations are cropping up with regard to domain disputes, Intellectual Property Rights, email contracts, defamation, etc. And the High Courts in our country are dealing with them but there are difficulties like how does one safeguard their right to privacy?

“There can be jurisdictional issues i.E. Which court has jurisdiction in the matter and that has to be fixed. Third problem is finding the identity of the offenders which is very difficult to trace,” he said.

Suggesting ways to handle the Internet crimes, Justice Misra said that “people who engage in cyber crime have the potential and knowledge to advise us how to control these crimes” adding that their level of intelligence needs to be matched to crack the cases and catch the criminals.

P K Malhotra, Law Secretary, Ministry of Law and Justice, who was also present at the conference, said, “It is significant that countries address and strengthen their cyber-legal regimes which would also promote growth of e-commerce”.

Pavan Duggal, advocate and organizer of the conference, said the conference was a step forward to discuss the cyber crime related policies and highlighted the need for all the stakeholders in the digital and mobile ecosystem to work together and address the complicated legal nuances.

First online murder may happen by end of year: Experts

280122-online-700The European Union’s law enforcement agency Europol has cautioned that governments are ill-prepared to combat the looming threat of “online murder” as cyber criminals exploit internet technology to target victims.

In an alarming assessment of the physical danger posed by online crime, Europol said it expected a rise in “injury and possible deaths” caused by computer attacks on critical safety equipment.

The Europol threat assessment published last week cited a report by US security firm IID which predicted that the first murder via ‘hacked internet-connected device’ would happen by the end of 2014, ‘The Independent’ reported.

The opportunities for tampering with devices come amid predictions that tens of billions of devices will be connected to the internet within the next couple of decades, according to experts.

The Europol report suggests crooks could also use the web to carry out new forms of extortion and blackmail, such as locking people out of their homes or cars before payment of a ransom.

“The IoE [Internet of Everything] represents a whole new attack vector that we believe criminals will already be looking for ways to exploit,” according to the Europol threat assessment.

“The IoE is inevitable. We must expect a rapidly growing number of devices to be rendered ‘smart’ and thence to become interconnected. Unfortunately, we feel that it is equally inevitable that many of these devices will leave vulnerabilities via which access to networks can be gained by criminals,” the report said.

“There’s already this huge quasi-underground market where you can buy and sell vulnerabilities that have been discovered,” said Rod Rasmussen, the president of IID.

Rasmussen said that while the first reported murder was yet to happen, “death by internet” was already a reality from online extortion and blackmail that has led to suicide.

He said if his firm’s prediction of an online murder did not come to pass in 2014, it would likely happen within the next few years.

Strategy to prevent cyber crime on anvil: Rajnath Singh


Hyderabad: Union Home Minister Rajnath Singh  Friday said a strategy to prevent cyber crime will be evolved soon.Voicing concern over rising cyber crime, he said he has asked the home ministry to prepare an effective strategy.

He was speaking at the passing out parade of 66 Regular Recruits of the Indian Police Service at Sardar Vallabhbhai Patel National Police Academy here Friday.

The home minister said 2013-14 statistics show cyber crime is increasing at the rate of 50 percent per year with Maharashtra, Uttar Pradesh and Andhra Pradesh being among the most affected states.

Academy director Aruna Bahuguna said the core mission of the academy is to provide training for the police officers of tomorrow: one who can not only handle regular law enforcement but also more ambiguous gender, marginalised and communal situations in a sensitive manner.

The 143 officer trainees who completed 46-week training, include 28 women.

The 2013 batch include 15 foreign officer trainees – five from Nepal, six from Bhutan and four from Maldivies.

NSA chief warns Chinese cyber attacks could shut US infrastructure

Washington: China and “probably one or two” other countries have the ability to invade and possibly shut down computer systems of US power utilities, aviation networks and financial companies, Admiral Mike Rogers, the director of the US National Security Agency, said on Thursday.

Testifying to the House of Representatives Intelligence Committee on cyber threats, Rogers said digital attackers have been able to penetrate such systems and perform “reconnaissance” missions to determine how the networks are put together.

“What concerns us is that access, that capability, can be used by nation-states, groups or individuals to take down that capability,” he said.

Rogers said China was one of the countries with that capability, but that there were others.

“There`s probably one or two others,” he said, declining to elaborate in a public setting.

Chinese Foreign Ministry spokesman Hong Lei said the Chinese government “forbids” cyber hacking and that it is often a victim of such attacks that originate from the United States.

“The Chinese government resolutely cracks down on these activities. This reality is irrefutable,” Hong told reporters at a regular press briefing on Friday.

Rogers testified two days after a bill to overhaul the NSA`s bulk collection of telephone records failed in the Senate. Privacy advocates will probably now have to start over to pass a law to reform US surveillance rules.

He said at the hearing that telephone companies are still providing those records to the NSA, but under stricter rules than when the program was exposed in 2013 by former contractor Edward Snowden.

Rogers said the agency, anticipating passage of a new law, would wait before moving forward with technological changes. He said the agency, and telephone companies, would rather wait and see what might be included in any new law.