JOSS InfoSec

28/12/2024

🎉 নতুন বছরের অফার! কিন্তু সাবধান!

আপনারা যারা "100GB ফ্রি ইন্টারনেট" অফারের নামে এই লিঙ্কে ক্লিক করতে যাচ্ছেন। দয়া করে সতর্ক থাকুন! এটি একটি **ম্যালিশিয়াস (ক্ষতিকর)** লিঙ্ক।

❌ লিঙ্কে ক্লিক করলে আপনার মোবাইল বা ডিভাইসে ভাইরাস ছড়াতে পারে।
❌ ব্যক্তিগত তথ্য চুরি হতে পারে।
❌ আপনার সোশ্যাল মিডিয়া বা ব্যাংক অ্যাকাউন্ট হ্যাক হতে পারে।

➡️ **সতর্কতা:**
- সন্দেহজনক লিঙ্কে ক্লিক করবেন না।
- অফিশিয়াল সাইট ছাড়া অন্য কোথাও তথ্য দেবেন না।
- নিরাপদে থাকতে এন্টি-ভাইরাস ব্যবহার করুন।

সবার সাথে শেয়ার করুন এবং নিরাপদে থাকুন!
Happy New Year 🎉

14/10/2024

🚨 Security Alert for Glinty - Video Chat & Online APK Users! 🚨

Recently, I analyzed potential security risks associated with the Glinty - Video Chat & Online APK. Our findings highlight two critical issues that could compromise user privacy and device security:

1️⃣ Remote WebView Debugging Enabled:
When Remote WebView Debugging is enabled, it provides a gateway for attackers to remotely access and manipulate WebView content within the app. Here’s why it’s risky:

🧑‍💻 Remote Code Ex*****on: Attackers can inject and execute malicious JavaScript code, manipulating app behavior and stealing sensitive information.
📊 Data Leakage: Debugging access allows inspection of network traffic, cookies, and local storage, posing a severe risk to user data privacy.
🔄 App Manipulation: Attackers can alter the DOM, spoof server responses, and mislead users, resulting in potential phishing attacks or data theft.
2️⃣ Permission Misuse: DISABLE_KEYGUARD:
The app requests permission to disable the lock screen (android.permission.DISABLE_KEYGUARD), which poses serious security concerns:

🔓 Bypassing Lock Screen Security: This permission could allow the app to bypass device lock mechanisms, providing unauthorized access to the device and compromising sensitive data.
👁️ Phishing Potential: Attackers could present fake login screens to collect credentials or perform unauthorized actions, further endangering user accounts.
🛡️ Recommendations:
Developers of Glinty should disable Remote WebView Debugging in production builds and review permissions to minimize risks.
Users should be cautious and monitor permissions granted to apps. Always ensure that apps come from trusted sources.
Let’s work together to build a safer cyberspace! 🌐

12/10/2024

09/08/2024

Welcome to Bangladesh, Dr. Muhammad Yunus

We extend our warmest welcome to you, Dr. Muhammad Yunus, and express our deepest gratitude on behalf of JossInfosec. Your presence and contributions inspire and uplift our nation; we are truly honoured to have you here.

03/08/2024

At Joss Infosec, we stand in solidarity with the courageous students of Bangladesh who are fighting for justice and democratic reforms. The Quota Reform Movement has highlighted the critical need for transparency, fairness, and respect for human rights.

Despite facing severe repression, these students have demonstrated incredible resilience and determination. We condemn the violent actions taken against peaceful protesters and call for immediate accountability and justice.

We support the youth of Bangladesh in their quest for a fair and just society. Your bravery inspires us all.

03/08/2024

🚨 **The Critical Importance of Pe*******on Testing** 🚨

Recently, I gained access to a website’s admin credentials through an SQL injection. This experience highlighted just how vital it is to conduct regular and thorough Pe*******on Testing (PT) for website security.

🛡️ **Pe*******on Testing (PT):** This is a proactive approach to security where ethical hackers simulate attacks to find vulnerabilities before malicious actors do. By exploiting these weaknesses, PT helps organizations understand their security posture and how they can enhance their defenses.

**Why Pe*******on Testing?**
1. **Real-World Attack Simulation:** Pe*******on Testing mimics the techniques used by cybercriminals, providing a realistic assessment of your security vulnerabilities.
2. **Identify and Mitigate Risks:** It reveals both known and unknown vulnerabilities, allowing you to address them before they can be exploited by attackers.
3. **Protect Sensitive Data:** By securing your systems, you protect your users' data and maintain their trust.
4. **Regulatory Compliance:** Many industries have strict security standards. Regular PT ensures compliance, helping avoid legal and financial penalties.
5. **Boosts Reputation:** A secure website showcases a responsible organization that values user privacy and data security.
6. **Continuous Improvement:** PT is not a one-time effort. Regular testing helps adapt to new threats and continuously improve security measures.

🔒 In today’s digital age, pe*******on testing is not just an option—it’s a necessity. It’s an investment in the trust and safety of your users and the overall health of your organization. Don’t wait for a breach to happen—be proactive and stay secure!

Stay vigilant and keep your digital assets protected! 💪

*******onTesting

02/08/2024

503 Error
We stand with students to construct it.

18/07/2024

যাদি তুমি ভয় পাউ
তবে তুমি শেষ
যদি তুমি রুখে দারাউ
তবেই তুমি বাংলাদেশ

30/04/2024

🔒 Happy Labour Day from JOSS InfoSec! 🔒

Today, we honor the hard work and dedication of our cybersecurity professionals who work tirelessly to protect businesses, organizations, and individuals from digital threats. 💻 Your vigilance, expertise, and commitment are the backbone of our cyber defense efforts, safeguarding data, privacy, and trust in an increasingly digital world.

As we celebrate Labour Day, we recognize the importance of your role in keeping our digital infrastructure secure. Your dedication to staying ahead of evolving cyber threats ensures that our clients can operate safely and confidently in the digital landscape.

Thank you to our cybersecurity team for your unwavering commitment to excellence and your relentless pursuit of cybersecurity excellence. Your efforts make a difference every day, and we are grateful for your hard work.

Wishing you all a well-deserved day of relaxation and appreciation! 🛡️✨