SECURITY AFFAIRS Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g....
Year: 2021
0 - CT 0 - CT - CISO Strategics - CISO Strategics CISO CISO2CISO Video Series featured_ciso2ciso_video Global Jon Good Security Advisor Training & Security Leadership
CISO2CISO VIDEO SERIES – JON GOOD – ¿ What Are the Best Cyber Security Certifications For 2021?
As a Cyber Security professional, you should be planning your certification goals every year so that you can keep progressing your career. With so many different...
theregister – Revealed: How to steal money from victims’ contactless Apple Pay wallets
Boffins devise tricks to dupe stolen or nearby iPhones into paying out when in transit mode and using Visa The Register Apple’s digital wallet Apple Pay...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad Cyber Attacks Ecuador Global
securityaffairs – Ecuador’s Banco Pichincha has yet to recover after recent cyberattack
Security Affairs The customers of Banco Pichincha, the largest bank in Ecuador, are still experiencing service disruptions after a massive cyberattack hit the financial organization early...
0 - CT 0 - CT - SOC - CSIRT Operations - Data Leak & Breach Incidents Notepad Cyber Attacks Cyber Security Data Breaches Global
threatpost – Twitch Leak Included Emails, Password: Researcher
THREATPOST A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails, employees’ emails, and more....
theregister – Google to auto-enroll 150m users, 2m YouTubers with two-factor authentication
The Register Google is going to automatically enroll 150 million users and two million YouTube creators into using two-factor authentication for their accounts by the end...
0 - CT 0 - CT - SOC - CSIRT Operations - Data Leak & Breach Incidents Notepad Cyber Attacks Cyber Security Data Breaches Global
securityaffairs – Twitch security breach had minimal impact, the company states
security affairs Twitch provided an update for the recent security breach, the company confirmed that it only had a limited impact on a small number of...
nakedsecurity – How to steal money via Apple Pay using the “Express Transit” feature
naked security by SOPHOS A not-yet-published paper from researchers in the UK has been making media headlines because of its dramatic claims about Apple Pay. Apple-centric...
threatpost – Office 365 Spy Campaign Targets US Military Defense
THREATPOST An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others. A new threat actor,...
nakedsecurity – Serious Security: Let’s Encrypt gets ready to go it alone (in a good way!)
NAKED SECURITY You’ve probably heard of Let’s Encrypt, an organisation that makes it easy and cheap (in fact, free) to get HTTPS certificates for your web servers....
0 - CT 0 - CT - SOC - CSIRT Operations - Red - Blue & Purple Teams Operations 0 – CT – Cybersecurity Events & Conferences – Black Hat – US Cyber Attacks Cyber Security Global
darkreading – 10 Hot Red Team Tools Set to Hit Black Hat Europe
The slate of Arsenal presentations at Black Hat Europe is set to feature lots of low-cost and free goodies for offensive security pros. DARKReading USBsamurai Presenter:...
threatpost – Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
THREATPOST The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. Researchers have discovered a zero-day exploit for Microsoft Windows...
0 - CT 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad 0 - CT - SOC - CSIRT Operations - Data Leak & Breach Incidents Notepad Cyber Security Data Breaches Global
cisomag – Cyber Incident and Data Breach Management Workflow
Technology can help you orchestrate a strong and defensible data breach response process CISOMAG These days, it’s not a matter of if, but when an organization experiences some kind...
thehackernews – Experts Warn of Unprotected Prometheus Endpoints Exposing Sensitive Information
The Hacjer News A large-scale unauthenticated scraping of publicly available and non-secured endpoints from older versions of Prometheus event monitoring and alerting solution could be leveraged...
cisomag – Web Application Risks You Are Likely to Face
CISOMAG Web application risks can increase the chances of cyberattacks if ignored. Learn of the common web app risks to improve your organization’s web app security...
0 - CT 0 - CT - Cybersecurity Architecture - Zero Trust Security Cyber Attacks Cyber Security Global
nakedsecurity – Cybersecurity awareness month: Fight the phish!
NAKED SECURITY It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight the Phish! Unfortunately, anti-phishing advice often seems to...
0 - CT 0 - CT - CISO Strategics - Supply Chain & Supply Chain Attacks Cyber Attacks Cyber Security Global
threatpost – Mandating a Zero-Trust Approach for Software Supply Chains
THREATPOST Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains. In...
securityaffairs – Prometheus endpoint unprotected installs could expose sensitive data
Security Affairs Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances...
0 - CT 0 - CT - CISO Strategics - Cybersecurity Trends & Insights 0 - CT - SOC - CSIRT Operations - DFIR - Forensics & Incident Response Cyber Attacks Cyber Security Global Security Surveys
cisomag – Market Trends Report: Cloud Forensics in Today’s World
CISOMAG The EC-Council Cyber Research report inferred that there are many challenges associated with multi-tenancy, unknown data location, and hybrid cloud deployment plague cloud forensics as...
thehackernews – CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems
The Hacker News The U.S. Cybersecurity Infrastructure and Security Agency (CISA) on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS),...
0 - CT 0 - CT - Cybersecurity Tools - ANTI DDOS 0 - CT - Cybersecurity Vendors - Microsoft 0 - CT - SOC - CSIRT Operations - Cyber Incidents & Attacks Notepad 0 - CT - SOC - CSIRT Operations - DDOS Attacks Cyber Attacks Cyber Security Global
theregister – Microsoft says Azure fended off what might just be the world’s biggest-ever DDoS attack
Much of the 2.4Tbit/sec came from across Asia and targeted a single Euro-customer The Register Microsoft claims its Azure cloud has fended off the largest DDOS...
thehackernews – Windows 10, Linux, iOS, Chrome and Many Others at Hacked Tianfu Cup 2021
Windows 10, iOS 15, Google Chrome, Apple Safari, Microsoft Exchange Server, and Ubuntu 20 were successfully broken into using original, never-before-seen exploits at the Tianfu Cup...
theregister – Ad-blocking browser extension actually adds ads, say Imperva researchers
Oi, Google: how did this get past your review process? And Imperva: why does your web page offer to install software? Security vendor Imperva’s research labs...
0 - CT 0 – CT – Cybersecurity Architecture – Crypto Security cryptocurrency Cyber Attacks Cyber Security Global
cisomag – OpenSea NFT Marketplace Bug Allows Hackers to Steal Crypto Wallets
Critical security vulnerabilities on OpenSea’s platform allows hackers to hijack user accounts and steal entire crypto wallets by sending malicious NFTs. Over the past few weeks,...
nakedsecurity – LANtenna hack spies on your data from across the room! (Sort of)
If you’re a Naked Security Podcast listener (and if you aren’t, please give it a try and subscribe if you like it!), you may remember a humorous remark about ‘sideband’ attacks and...
theregister – WhatsApp’s got your back(ups) with encryption for stored messages
Global messaging giant extends security and privacy to Google Drive and Apple iCloud Facebook’s WhatsApp on Thursday began a global rollout of end-to-end (E2E) encryption for...
0 - CT 0 - CT - CISO Strategics - CISO Strategics AMANHANDIKAR.COM CISO CISO2CISO FILES FOR DOWNLOAD CISO2CISO ToolBox Series CYBER MIND MAPS featured_ciso2ciso_toolbox Global
CISO2CISO NOTEPAD SERIES – PCI DSS V3 MIND MAP FOR CISOs
PCI DSS v3 AMANHANDIKAR.COM URLs PCI DSS Standard https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf PCI Council https://www.pcisecuritystandards.org/ PCI Compliance Guide http://www.pcicomplianceguide.org/ Focus on PCI http://www.focusonpci.com/ Practical Threat Analysis http://www.ptatechnologies.com PCI DSS...
0 - CT 0 - CT - CISO Strategics - CISO Strategics CISO CISO Education CISO2CISO ToolBox Series CYBER MIND MAPS
CISO2CISO NOTEPAD SERIES – PENTESTING MIND MAP FOR CISOs
PENETRATION TESTING MIND MAP by amanhardikar.com Following table gives the URLs of all the vulnerable web applications, operating system installations, old software and war games [hacking]...
0 - CT 0 - CT - CISO Strategics - Cybersecurity Frameworks 0 - CT - SOC - CSIRT Operations - Malware & Ransomware Attack CISO Country CSRC Cyber Info Providers Partners Cyber Security Global Ransom Ransomware
csrc – Cybersecurity Framework Profile for Ransomware Risk Management
Announcement This revised draft addresses the public comments provided for the preliminary draft released in June 2021. Ransomware is a type of malware that encrypts an...