NSA releases guidance on securing IPsec Virtual Private Networks

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.

Source: NSA releases guidance on securing IPsec Virtual Private Networks



Networking – IPSec Theory




Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Alleged cyber attacks caused explosions at facilities in Iran

The root cause of a series of explosions at important Iranian facilities may be cyberattacks allegedly launched by Israel.

Source: Alleged cyber attacks caused explosions at facilities in Iran

Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A Cyberattack

Stuxnet 0.5: The Missing Link

How Israel Rules The World Of Cyber Security | VICE on HBO

Israel said to be behind cyber attack on Iranian port

Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

This is how EKANS ransomware is targeting industrial control systems

New samples of the ransomware reveal the techniques used to attack critical ICS systems.

Source: This is how EKANS ransomware is targeting industrial control systems | ZDNet

More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

40% of security pros say half of cyberattacks bypass their WAF – Help Net Security

There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their WAF.

Source: 40% of security pros say half of cyberattacks bypass their WAF – Help Net Security



Sorry About your WAF – Modern WAF Bypass Techniques








Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

A hacker gang is wiping Lenovo NAS devices and asking for ransoms

Ransom notes signed by ‘Cl0ud SecuritY’ hacker group are being found on old LenovoEMC NAS devices.

Source: A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet



Dealing with a Ransomware Attack: A full guide




A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks




Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

SMBs are responsible for nearly 44% of US economic activity, but given the current climate, it can be difficult for them to find available and/or affordable resources.

Source: Tall Order for Small Businesses: 3 Tips to Find Tailored Security Solutions

FIC2020: The top cybersecurity trends to watch for

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Apple strong-arms entire CA industry into one-year certificate lifespans

Apple, Google, and Mozilla reduce the lifespan for HTTPS certificates to 398 days, against the wishes of Certificate Authorities. A decision that Apple unilaterally took in February 2020 has reverberated across the browser landscape and has effectively strong-armed the Certificate Authority industry into bitterly accepting a new default lifespan of 398 days for TLS certificates.

Following Apple’s initial announcement, Mozilla and Google have stated similar intentions to implement the same rule in their browsers.

Starting with September 1, 2020, browsers and devices from Apple, Google, and Mozilla will show errors for new TLS certificates that have a lifespan greater than 398 days.

Source: Apple strong-arms entire CA industry into one-year certificate lifespans | ZDNet

How does HTTPS work? What’s a CA? What’s a self-signed Certificate?






Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Leave a Comment

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them.

Source: Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Cyber ‘hygiene’ could resolve 90% of cyber attacks | FT Business Notebook

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Police arrested 32 people while investigating underground economy forum

German Police have arrested 32 individuals and detained 11 after a series of raids targeting users of an illegal underground economy forum.

Source: Police arrested 32 people while investigating underground economy forum

Exploring the Dark Web



Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Maersk, me & notPetya – gvnshtn

Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the events of the well-publicised notPetya malware attack in 2017.

Source: Maersk, me & notPetya – gvnshtn

Petya/NotPetya Ransomware Spreading via LAN

Global Ransomware Attack | Petya/NotPetya

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Republicans push bill requiring tech companies to help access encrypted data

The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.

Source: Republicans push bill requiring tech companies to help access encrypted data

Leave a Comment

A daily average of 80,000 printers exposed online via IPP

Experts found tens of thousands of printers that are exposed online that are leaking device names, organization names, WiFi SSIDs, and other info.

Source: A daily average of 80,000 printers exposed online via IPP

Exploiting Network Printers

How To Hack A Printer And See All Documents Printed

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

Aerospace and military companies in the crosshairs of CyberSpies | CyberWar

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

Source: Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

This blogpost above will shed light on how the attacks unfolded. The full research can be found in this white paper, Operation In(ter)ception: Targeted attacks against European aerospace and military companies.



Confessions of a cyber spy hunter | Eric Winsborrow | TEDxVancouver




Spyeye : Script To Generate Win32 .exe File To Take Screenshots

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

Leave a Comment

Digital Downfall: Technology, Cyberattacks and the End of the American Republic

Digital Downfall: Technology, Cyberattacks and the End of the American Republic…

Source: Digital Downfall: Technology, Cyberattacks and the End of the American Republic:

Is America on the brink of civil war?

Could foreign cyber plots turn Americans against one another and cause a disastrous domestic conflict?

What would happen if the lights went out and the technology we rely upon to run American life is no longer available?

The present dangers are real. The US is more vulnerable to destructive foreign interference today than it has been in over a century. As Russia and China realize they can’t win shooting wars against the US, they have devised new and cunning ways to destabilize American politics and cripple the US economy. Cyber meddling in elections, disinformation campaigns, abuse of social media to widen racial and political divides, and the theft of military data are just some of the malicious acts threatening the Republic. Digital Downfall examines the potential effects of such attacks, with a look at:

  • The vulnerability of the US to cyber attack
  • American technological weaknesses that could be exploited by our enemies
  • How the US military could be affected by cyberwar
  • The possibility that the American Republic we know could be destroyed
  • America’s relationship with racism
  • What the future may hold

And more…The dangers posed by external sources can only be real when the internal politics of the United States is in a fragile state. The past four years bear testimony to this political decline as does every passing day of the Trump presidency.The perfect storm of external interference, a rampant and deadly pandemic, and a culture of racism that will no longer be tolerated is upon us.Who knows where it will lead to, or what will be left at the end.

Digital security – threats, risks and how to protect yourself

How to protect your online privacy in 2020 | Tutorial


Take an awareness quiz to test your basic cybersecurity knowledge

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Leave a Comment

FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

An information technology specialist at the Federal Emergency Management Agency (FEMA) was arrested this week on suspicion of hacking into the human resource databases of University of Pittsburgh Medical Center (UPMC) in 2014, stealing personal data on more than 65,000 UPMC employees, and selling the data on the dark web.

Source: FEMA IT Specialist Charged in ID Theft, Tax Refund Fraud Conspiracy

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email



Leave a Comment

Facebook sues developer over alleged data scraping abuse

The lawsuit alleges that a data scraper took login credentials from about 5,500 people and then harvested phone numbers of their friends.

Source: Facebook sues developer over alleged data scraping abuse



What Is Web/Data Scrapping ? How To Scrap Large Data From A Website




Would like to know more on InfoSec Awareness…

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email


Leave a Comment

AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ZDNet

The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.

Source: AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ZDNet



Was the US hit by a massive ‘DDoS attack’?


What is DDOS? Is America Under a Foreign Cyber Attack?!



Would like to know more on InfoSec Awareness…

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email



Leave a Comment

CyberSecurity Awareness Quiz

Take an InfoSec awareness quiz to test your basic cybersecurity knowledge







Would like to know more on InfoSec Awareness…

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Leave a Comment

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

The publication of ‘Vault 7’ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.

Source: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found.

Wikileaks Vault 7: What’s in the CIA Hacking Toolbox?

CIA Hacking Tools Released in Wikileaks Vault 7 – Threat Wire

Download a Security Risk Assessment steps paper!

Download a vCISO template

Take an awareness quiz to test your basic cybersecurity knowledge

Subscribe to DISC InfoSec blog by Email

Leave a Comment

Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

3somes, Gay Daddy Bear, and Herpes Dating are among the nine services that leaked the data of hundreds of thousands of users. Researchers find a developer running multiple dating services left 845GB of explicit photos, chats, and more exposed in AWS buckets

Source: Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More

Download a Security Risk Assessment steps paper!

Download a vCISO template

Take an awareness quiz to test your basic cybersecurity knowledge

Subscribe to DISC InfoSec blog by Email

Best Practices for Amazon S3 Security with S3 Access Management Tools and S3 Block Public Access

AWS S3 Bucket Security 👮- Restrict Privileges🔒to User using IAM Policy | Grant User Access

Leave a Comment