June 2020 Blog Posts (65)

(Free Tool Inside) Critical “SMBleed”, Vulnerability : Are You Affected

This blog was originally contributed by Apoorv Saxena, technical team, FireCompass over here…



Continue

Added by pritha on June 30, 2020 at 4:55pm — No Comments

Time To Take A Break

Good Morning!

Just a quick note to let everyone know I will be taking a short break and will return on September 1, 2020, with more content.

Stay safe out there!

Added by Logan Daley on June 29, 2020 at 4:04am — No Comments

Profiling White-Hat Vulnerability Researchers

Bugcrowd has released some interesting survey data that provides insights into the white-hat vulnerability researcher community.

Of note, most researchers were male (94%) and make less than $25k per year finding vulnerabilities. A vast majority were motivated by contributing to the well-being of others (93%), while only 19% focused on financial…

Continue

Added by Matthew Rosenquist on June 26, 2020 at 10:33pm — No Comments

CISO Report: Monthly Breach Report June 2020

This is a cross post from original source at FireCompass …

Continue

Added by pritha on June 26, 2020 at 12:00pm — No Comments

Killer Drones to be Available on the Global Arms Markets

Turkey may be the first customer for the Kargu series of weaponized suicide drones specifically developed for military use.  These semi-autonomous devices have been in development since 2017 and will eventually be upgraded to operate collectively as an autonomous swarm to conduct mass synchronized attacks. …

Continue

Added by Matthew Rosenquist on June 25, 2020 at 2:07am — No Comments

The Fortifying Fifteen: DR/BCP

Part 13 of 15: Business Continuity and Disaster Recovery Plans

What Is It? Disaster Recovery and Business Continuity Planning (DR/BCP) is another one on this list I think should be rated a lot higher than it is because of what it represents and how crucial it can be when it all goes…

Continue

Added by Logan Daley on June 24, 2020 at 9:34am — No Comments

The Fortifying Fifteen: System Recovery

Part 14 of 15: System Recovery Capabilities

What Is It? Often viewed as a purely technical capability, being able to recover your systems to operational capacity is imperative. Your systems are the heart and soul of your enterprise and central to your mission and ability to deliver…

Continue

Added by Logan Daley on June 24, 2020 at 9:33am — No Comments

The Fortifying Fifteen: Personnel Management

Part 15 of 15: Personnel Management

What Is It? It seems like a long time ago when I began writing this series of fifteen articles, yet here we are at the final one of the Fortifying Fifteen. Thirty-two down, including these, the Essential Eight and the Necessary Nine, and just five…

Continue

Added by Logan Daley on June 24, 2020 at 9:30am — No Comments

Data Privacy and Biometrics

[Posted on Behalf of Steve King,  Director, Cybersecurity Advisory Services at Information Security Media Group (ISMG) ]

Biometrics, while an element of data security, is a unique attribute that should be treated in an extraordinary fashion.



Passwords and MFA data are useful to attackers, but facial, retina and fingerprint scans open a whole new world of threat.



DNA is also coming soon.



It is…

Continue

Added by CISO Platform on June 23, 2020 at 2:19pm — No Comments

CISO Webinar : Learn how to create and manage your enterprise third party risk management program

Third party vendors and suppliers often have access to your network and your organisation's confidential information. The best way to prevent a data breach is to have robust program to assess how your third parties are managing their risk and protecting your data. Organisations must have a clear understanding of the risks inherent in their business relationships with third parties. How should you approach managing third party risk?

Wayne Tufek (Frequent speaker at…

Continue

Added by pritha on June 23, 2020 at 1:09pm — No Comments

The Necessary Nine: Incident Response

Continuous Incident Detection and Response

What Is It? Far too much attention and resources are focused on the “Before” of a Cyber Security incident, but precious little on the “During” and “After”. Being able to detect WHEN (not if) something has happened (or more critically IS happening) and…

Continue

Added by Logan Daley on June 23, 2020 at 6:55am — No Comments

The Necessary Nine: Authentication Credentials

Protect Authentication Credentials

What Is It? The keys to the kingdom are your passwords (or passphrases as the ASD refer to them in their documentation) and must be protected. Your first line of defence in logging on to systems is arguably the most important and their compromise can have…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Network Segmentation

Network Segmentation

What Is It? Think of network segmentation as dividing up your network and resources either physically or logically to mitigate an attacker’s capability to freely propagate from systems to system and from network to network. By putting controls in place, you can effectively…

Continue

Added by Logan Daley on June 23, 2020 at 6:54am — No Comments

The Necessary Nine: Local Admins

Disabling Local Administrator Accounts

What Is It? When an operating system is installed on a computer, whether a server, tablet, laptop, or desktop, it is installed with local administrator privileges. The installer sets a strong administrator password (we hope!) and maintains control of that…

Continue

Added by Logan Daley on June 23, 2020 at 6:53am — No Comments

The Necessary Nine: Generic Exploit Mitigation

Operating System Generic Exploit Mitigation

What Is It? Operating systems, as I outlined in a previous article, are critical to the daily operations of your systems and facilitate your applications the business relies on daily. While patching your operating systems is part of the Essential Eight,…

Continue

Added by Logan Daley on June 23, 2020 at 6:52am — No Comments

The Necessary Nine: Proxying

Deny Corporate Computers Direct Internet Connectivity

What Is It? Proxying can be taken many ways but at the core of it is a system that intercepts and handles requests on behalf of a client connecting to a service. They most commonly reside between the private network and…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Web Filtering

Web Content Filtering

What Is It? Ah, the Internet. Remember the good old days when procrastinating involved some sort of physical activity aside from staring blankly at a screen and clicking a mouse button? Remember when we had to go find a book and look something up that…

Continue

Added by Logan Daley on June 23, 2020 at 6:51am — No Comments

The Necessary Nine: Email Filtering

Email Content Filtering

What Is It? Email could arguably be one of the most valuable tools of any organisation and likely the one that has been relied on the longest, but is probably one of the most overlooked and abused systems today. Ask anyone about email and what they like about it…

Continue

Added by Logan Daley on June 23, 2020 at 6:50am — No Comments

The Necessary Nine: Sandboxing

What Is It? The ASD strategy refers to this as “Automated dynamic analysis of email and web content run in a sandbox” but I prefer to simply call it sandboxing. At one time, to test an application you basically had to gamble on running in and we used a variety of means to do so including stand-alone…

Continue

Added by Logan Daley on June 23, 2020 at 6:49am — No Comments

The Essential Eight: Daily Backups

Part 8 of 8: Daily Backups of Important Data

What Is It?  Backing up your data has been a long-standing strategy in safeguarding your information when things go sideways.  Servers crash, laptops get lost, files get deleted accidentally, and mistakes are made. Mistakes, accidental or…

Continue

Added by Logan Daley on June 22, 2020 at 5:09am — No Comments

Monthly Archives

2020

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service