Pritha's Blog (361)

(Free Tool Inside) Critical “SMBleed”, Vulnerability : Are You Affected

This blog was originally contributed by Apoorv Saxena, technical team, FireCompass over here…



Continue

Added by pritha on June 30, 2020 at 4:55pm — No Comments

CISO Report: Monthly Breach Report June 2020

This is a cross post from original source at FireCompass …

Continue

Added by pritha on June 26, 2020 at 12:00pm — No Comments

CISO Webinar : Learn how to create and manage your enterprise third party risk management program

Third party vendors and suppliers often have access to your network and your organisation's confidential information. The best way to prevent a data breach is to have robust program to assess how your third parties are managing their risk and protecting your data. Organisations must have a clear understanding of the risks inherent in their business relationships with third parties. How should you approach managing third party risk?

Wayne Tufek (Frequent speaker at…

Continue

Added by pritha on June 23, 2020 at 1:09pm — No Comments

Maze Ransomware Attacks Cognizant

A large enterprise cognizant has released a notification regarding the maze ransomware attack. The team is working on various aspects to contain the incident. However, this puts us in a shocking position to understand how vulnerable major companies are. There have been various previous reports on this notorious malware…

Maze Ransomware Hits Cognizant

Continue

Added by pritha on May 12, 2020 at 12:22pm — No Comments

SACON 2020 - Evolution Of AI : Past, Present, Future (Dr. Monojit Choudhury)

Topic : Evolution Of AI : Past, Present, Future (Dr. Monojit Choudhury)
Brief - This session is about AI and how AI revolutionized almost every aspect of human lives - from healthcare to agriculture, and from fashion to political campaigns. There is a…
Continue

Added by pritha on March 27, 2020 at 7:04pm — No Comments

(Free PPTs) Top Talks @ SACON - 2020 !

Get free access to the presentations by Gregory Pickett Nandan NilekaniAndrea MarcelliJames StangerJim HietalaShivangi NadkarniMonojit ChoudhurySrinivas Poosarla & more. SACON is one of the largest Security Architecture Conferences in APAC region. With over 600+ participants, this was the 7th edition of SACON and here are a few highlights we wanted to share with you. It…

Continue

Added by pritha on March 3, 2020 at 4:30pm — No Comments

Cyber Security for kids - Repository

[PPT] CYBER Safety Training For Young Students:…

Continue

Added by pritha on January 15, 2020 at 4:00pm — No Comments

2019 Biggest Breaches: 2019 The “Worst Year On Record” For Breaches

According to research from Risk Based Security, the total number of breaches was up 33% over last year. That’s a whopping 5,183 data breaches for a total of 7.9 billion exposed records and in November, the research firm called 2019 the “worst year on record” for breaches…

Not having real time view of your dynamic attack surface and the risks it…

Continue

Added by pritha on January 7, 2020 at 2:00pm — No Comments

700K Amex Customer Data Exposed: What You Need To Know

A recently disclosed data leak impacts around 700,000 AmEx India customers, exposing Personally Identifiable Information (PII) like Names, Emails & Telephone numbers. This leak highlights the perils of Shadow IT, and why organizations should look into building a continuous digital risk monitoring program. Here’s a brief on what you need to know:

What Was Exposed?

An unprotected MongoDB instance, containing nearly 3 Million…

Continue

Added by pritha on December 19, 2019 at 12:00pm — No Comments

Top 6 Vendors in Next-generation Firewall market at RSAC 2017

RSA conference is one of the leading security conference worldwide.  It creates tremendous opportunity for firewall vendors, users and practitioners to innovate, educate and discuss around the current security landscape.



A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with application specific granular controls to help them detect application specific attacks. They help detect attacks through…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

Gartner Predicts 30% Of Breaches Due To Shadow IT by 2020

This article delves into the risk Shadow IT poses. In a recent report Gartner predicted 30% of breaches due to Shadow IT, this further brings the focus to this topic. Let’s take a look at the report and a few mitigation strategies

1.What Gartner Predicted About Shadow IT

Gartner’s Top Security Predictions in 2016 predicted ‘By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

(Round Table) Shadow IT Risks And Controls : Managing The Unknown Unknowns In Deep & Dark Web

round table ciso

We were happy to participate in a community round table organized by CISO Platform

Key Discussion Points : 

  • What is Shadow IT?
  • What are the types of Shadow IT?
  • Practical demo using open source tools
  • Controls to manage shadow IT risk

Reason Of Risk…

Continue

Added by pritha on December 19, 2019 at 11:00am — No Comments

Credential Stuffing: 8.7 Identity-Record Data Are On Surface, Deep & Dark Web

Credential stuffing is a method that hackers use to infiltrate a company’s system by automated injection of breached username & password pairs. Attackers use credentials to bypass anti-spam and firewall devices and access users accounts. Once they were inside the company network, they can send phishing emails or compromise company systems/data. Note that attackers just need to gain access to only a few accounts, or just one admin account to compromise the system. According…

Continue

Added by pritha on December 18, 2019 at 2:00pm — No Comments

Analysing/Dissecting Uber Subdomain Takeover Attack

Subdomain Takeover is a type of vulnerability which appears when a DNS entry (subdomain) of an organization points to an External Service (ex. Heroku, Github, Bitbucket, Desk, Squarespace, Shopify, etc) but the service is no longer utilized or has been migrated/deleted. In this blog, we will be dissecting Uber Subdomain takeover vulnerability which was further escalated to authentication bypass of all ube subdomains.

For example,…

Continue

Added by pritha on December 18, 2019 at 12:30pm — No Comments

3 Ways to Manage Enterprise Shadow IT

Gartner predicted that shadow IT is 30 to 40 percent of IT spending in large enterprises, and Everest Group predicted that it can be 50 percent or more of IT Spending. This indicates that a lot of IT spendings are being bypassed to IT department. How to manage enterprise Shadow IT has become a big concern for a lot of organisations.

Because of rapid growth in SaaS and cloud products/services used by enterprises, shadow IT now can operate securely at scale.…

Continue

Added by pritha on December 18, 2019 at 12:30pm — No Comments

Top 4 Best Practices To Manage Shadow IT

Here is a small list of the major policies and best practices to manage Shadow IT

Policies To Have

1.Have A Shadow IT Policy

Create a policy document that takes care of the major areas of Shadow IT Management. This will make sure all company assets and services get registered on a single repository from and all major data sharing gets accounted for including an organization’s…

Continue

Added by pritha on December 18, 2019 at 12:30pm — No Comments

Gartner’s Top 3 Articles On Shadow IT

Continue

Added by pritha on December 18, 2019 at 12:00pm — No Comments

Risks of Shadow IT in Financial Services Firms

Organizations across all Financial Services firms are dealing with the effects of shadow IT, whether they realize it or not. Shadow IT is technology that is adopted and deployed by business units without the knowledge or consent of corporate IT teams.

The motivations behind the adoption of shadow IT are typically well-intentioned. For financial services firms, the risks of shadow IT are amplified due to the value of the data their organizations possess, and the strict…

Continue

Added by pritha on December 18, 2019 at 12:00pm — No Comments

As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, co…

As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.

An Enterprise Digital Footprint, is an inventory of all the digital assets over internet…

Continue

Added by pritha on December 18, 2019 at 11:04am — No Comments

4 Ways To Manage Enterprise Digital Footprint

As the name suggest “Digital Footprint”, it’s the unique traces of your digital presence. As per wikipedia, “ Digital Footprint refers to one’s unique set of traceable digital activities, actions, contributions and communications that are manifested on the Internet or on digital devices.” Here in this blog we will emphasise on how to manage enterprise digital footprint.

An Enterprise Digital Footprint, is an inventory of all the digital assets over internet…

Continue

Added by pritha on December 18, 2019 at 11:00am — No Comments

Monthly Archives

2020

2019

2018

2017

2016

2015

2014

2013

2012

1999

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service