All Blog Posts (1,176)

Collaboration Makes Smart Cities More Secure

I am excited to join the development team for the U.S. National Institute of Standards and Technology (NIST) Smart Cities and Communities Framework (SCCF) with a focus on cybersecurity…

Continue

Added by Matthew Rosenquist on January 22, 2020 at 12:00pm — No Comments

2020 Report on State of Breach Protection by Cynet

Cynet today announced the State of Breach Protection 2020 Report. The report reveals significant concerns that security decision-makers need to look into immediately while designing their Breach Protection Plans for 2020. Cybersecurity is one of the major concerns stated in this report. It reveals that a large number of organizations are seriously charting out their advanced protection projects in 2020 on a priority basis. Most of those enterprises are trying to find out proactive protection…

Continue

Added by jaideep khanduja on January 21, 2020 at 9:02am — No Comments

Cyber Security for kids - Repository

[PPT] CYBER Safety Training For Young Students:…

Continue

Added by pritha on January 15, 2020 at 4:00pm — No Comments

What Google Is To Most Internet Users, Shodan Is To Hackers

This blog was first published in https://www.firecompass.com/blog/shodan-dorks-to-find-exposed-it/

What Google is to most internet users, Shodan (http://www.shodan.io) is to hackers. It is a search engine for hackers to look for open or vulnerable digital assets. Shodan scans the entire internet and stores the open ports along with services running on…

Continue

Added by Allan Gray on January 14, 2020 at 2:22pm — No Comments

What Google Is To Most Internet Users, Shodan Is To Hackers

What Google is to most internet users, Shodan (http://www.shodan.io) is to hackers. It is a search engine for hackers to look for open or vulnerable digital assets. Shodan scans the entire internet and stores the open ports along with services running on all accessible ip addresses. It also provides a lot of information about such exposed ip addresses, devices and ports. Such devices can be computers, laptops, webcams, traffic signals, and various IOT…

Continue

Added by Allan Gray on January 14, 2020 at 2:00pm — No Comments

Zero Trust Model Presentation

Zero trust model presentation

  1. 1. #RSAC SESSION ID: Zero Trust Security Gowdhaman…
Continue

Added by Gowdhaman Jothilingam on January 7, 2020 at 3:30pm — No Comments

2019 Biggest Breaches: 2019 The “Worst Year On Record” For Breaches

According to research from Risk Based Security, the total number of breaches was up 33% over last year. That’s a whopping 5,183 data breaches for a total of 7.9 billion exposed records and in November, the research firm called 2019 the “worst year on record” for breaches…

Not having real time view of your dynamic attack surface and the risks it…

Continue

Added by pritha on January 7, 2020 at 2:00pm — No Comments

Digital Retaliation of Iran - Predicting the Next Evolution of Cyberwar

The United States and allies' national cyber response may soon be tested with the latest escalating conflict in the middle east. The U.S. conducted an airstrike that killed a revered Iranian general while in Iraq. This was in retaliation to a number of attacks against U.S. personnel and most recently the U.S. embassy in Iraq that was purported to be…

Continue

Added by Matthew Rosenquist on January 5, 2020 at 11:00am — No Comments

Banks are Developing Digital Currencies and Opening Themselves to Cyber Risk

Cybersecurity will be hard pressed to take on the new challenges of bank managed digital currencies.

Banks are developing their own digital currencies.  The introduction of Central Bank Digital Currencies (CBDC) is the beginning of an interesting trend that will change the cybersecurity dynamic for banking as it opens up an entirely new threat…

Continue

Added by Matthew Rosenquist on December 31, 2019 at 1:00pm — No Comments

NATIONAL CYBER SECURITY STRATEGY 2020 (NCSS 2020)

Call for Comments

1. Need for NCSS 2020 India was one of the first few countries to propound a futuristic …
Continue

Added by CISO Platform on December 30, 2019 at 12:00pm — No Comments

The 7 Most Dangerous Digital Technology Trends

As our world embraces a digital transformation, innovative technologies bring greater opportunities, cost efficiencies, abilities to scale globally, and entirely new service capabilities to enrich the lives of people globally.  But there is a catch.  For every opportunity, there is a risk.  The more dependent and entrenched we become with technology…

Continue

Added by Matthew Rosenquist on December 27, 2019 at 4:58am — No Comments

Becoming a Cloud Security Architect - my personal experience

A couple of weeks ago I was asked by my colleague to give him some clues and tips on how to become a Cloud Security Architect, as that's the venture he wants to follow and he knows I've been in architect-alike roles for a while.

Knowing how much fulfillment one can get from a good career and work-life, I've had decided to sit down and write down some tips right-away. I did share it with him, but then I've had looked at it myself and I've come to realize that instead of a few tips, I…

Continue

Added by Dawid Bałut on December 23, 2019 at 8:06pm — No Comments

Data Lifetime Problems and Propagation

Data Lifetime is a system problem

Any piece of software we build has a possibility of being vulnerable to either a known flaw or a zero day vulnerability. Using such malicious parties will continue to gain access to the machine. Although it’s highly impossible to become immune to such attacks, we could build systems putting our best effort to minimize the impact of such critical compromises.…

Continue

Added by Prasanna V Balaji on December 23, 2019 at 12:30pm — No Comments

Is Penetration Testing on your 2020 To-Do List?

If you’re thinking that the industry you’re operating in is safe from cybersecurity threats then you might have to think again. In this article, we’ll specifically discuss the implications of breaches on healthcare businesses and why is annual penetration testing important for them.

The healthcare sector is no different when it comes to paying the price for poor security systems. Information security experts warn…

Continue

Added by Ray Parker on December 19, 2019 at 12:18pm — No Comments

700K Amex Customer Data Exposed: What You Need To Know

A recently disclosed data leak impacts around 700,000 AmEx India customers, exposing Personally Identifiable Information (PII) like Names, Emails & Telephone numbers. This leak highlights the perils of Shadow IT, and why organizations should look into building a continuous digital risk monitoring program. Here’s a brief on what you need to know:

What Was Exposed?

An unprotected MongoDB instance, containing nearly 3 Million…

Continue

Added by pritha on December 19, 2019 at 12:00pm — No Comments

Top 6 Vendors in Next-generation Firewall market at RSAC 2017

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for firewall vendors, users and practitioners to innovate, educate and discuss around the current security landscape.



A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with application specific granular controls to help them detect application specific attacks. They help detect attacks through…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

Gartner Predicts 30% Of Breaches Due To Shadow IT by 2020

This article delves into the risk Shadow IT poses. In a recent report Gartner predicted 30% of breaches due to Shadow IT, this further brings the focus to this topic. Let’s take a look at the report and a few mitigation strategies

1.What Gartner Predicted About Shadow IT

Gartner’s Top Security Predictions in 2016 predicted ‘By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

(Round Table) Shadow IT Risks And Controls : Managing The Unknown Unknowns In Deep & Dark Web

round table ciso

We were happy to participate in a community round table organized by CISO Platform

Key Discussion Points : 

  • What is Shadow IT?
  • What are the types of Shadow IT?
  • Practical demo using open source tools
  • Controls to manage shadow IT risk

Reason Of Risk…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

Credential Stuffing: 8.7 Identity-Record Data Are On Surface, Deep & Dark Web

Credential stuffing is a method that hackers use to infiltrate a company’s system by automated injection of breached username & password pairs. Attackers use credentials to bypass anti-spam and firewall devices and access users accounts. Once they were inside the company network, they can send phishing emails or compromise company systems/data. Note that attackers just need to gain access to only a few accounts, or just one admin account to compromise the system. According…

Continue

Added by pritha on December 18, 2019 at 2:00pm — No Comments

Analysing/Dissecting Uber Subdomain Takeover Attack

Subdomain Takeover is a type of vulnerability which appears when a DNS entry (subdomain) of an organization points to an External Service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized or has been migrated/deleted. In this blog, we will be dissecting Uber Subdomain takeover vulnerability which was further escalated to authentication bypass of all ube subdomains.

For example,…

Continue

Added by pritha on December 18, 2019 at 12:30pm — No Comments

Monthly Archives

2020

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service