Sep 19 2024

Cloud Risk Management – Tips & Best Practices for 2024

Category: Cloud computingdisc7 @ 9:14 am

The SentinelOne post on cloud risk management covers key strategies to address risks in cloud environments. It outlines identifying and assessing risks, implementing security controls, and adopting best practices such as continuous monitoring and automation. The article emphasizes understanding the shared responsibility model between cloud providers and users and recommends prioritizing incident response planning. It also discusses compliance requirements, vendor risk management, and the importance of security frameworks like NIST to ensure robust cloud security.

Cloud Risk Management Essentials

  • Neglecting it can lead to data breaches, fines, and reputational damage.
  • Understand the shared responsibility model between your obligations and your cloud providers.
  • Encrypt data, use strong access controls, and regularly patch vulnerabilities.
  • Keep up with the latest security trends and best practices.
  • Ensure sensitive data is handled securely throughout its lifecycle.

For more details, visit the original post.

Mastering Enterprise’s Digital Information Security, and Cloud Security: The Essential Guide to Cybersecurity Risk Management

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Cloud Risk Management


Sep 18 2024

Azure Storage Explorer: The Tool Hackers Use to Steal Your Data – Here’s How!

Category: Cloud computing,Data Breachdisc7 @ 12:43 pm

The article highlights how ransomware groups like BianLian and Rhysida are exploiting Microsoft Azure Storage Explorer for data exfiltration. Originally designed for managing Azure storage, this tool is now being repurposed by hackers to transfer stolen data to cloud storage. Attackers use Azure’s capabilities, such as AzCopy, to move large amounts of sensitive information. Security teams are advised to monitor logs for unusual activity, particularly around file transfers and Azure Blob storage connections, to detect and prevent such breaches.

For more details, visit Security Newspaper.

Azure Storage Background

To understand the implications of using Azure Storage Explorer for data exfiltration, it is essential to grasp the basics of Azure Blob Storage. It consists of three key resources:

  1. Storage Account: The overarching entity that provides a namespace for your data.
  2. Container: A logical grouping within the storage account that holds your blobs.
  3. Blob: The actual data object stored within a container.

This structure is similar to storage systems used by other public cloud providers, like Amazon S3 and Google Cloud Storage.

AzCopy Logging and Analysis – The Key to Detecting Data Theft

Azure Storage Explorer uses AzCopy, a command-line tool, to handle data transfers. It generates detailed logs during these transfers, offering a crucial avenue for incident responders to identify data exfiltration attempts.

By default, Azure Storage Explorer and AzCopy use the “INFO” logging level, which captures key events such as file uploads, downloads, and copies. The log entries can include:

  • UPLOADSUCCESSFUL and UPLOADFAILED: Indicate the outcome of file upload operations.
  • DOWNLOADSUCCESSFUL and DOWNLOADFAILED: Reveal details of files brought into the network from Azure.
  • COPYSUCCESSFUL and COPYFAILED: Show copying activities across different storage accounts.

The logs are stored in the .azcopy directory within the user’s profile, offering a valuable resource for forensic analysis.

Logging Settings and Investigation Challenges

Azure Storage Explorer provides a “Logout on Exit” setting, which is disabled by default. This default setting retains any valid Azure Storage sessions when the application is reopened, potentially allowing threat actors to continue their activities even after initial investigations.

At the end of the AzCopy log file, investigators can find a summary of job activities, providing an overview of the entire data transfer operation. This final summary can be instrumental in understanding the scope of data exfiltration carried out by the attackers.

Indicators of Compromise (IOCs)

Detecting the use of Azure Storage Explorer by threat actors involves recognizing certain Indicators of Compromise (IOCs) on the system. The following paths and files may suggest the presence of data exfiltration activities:

  • File Paths:
    • %USERPROFILE%\AppData\Local\Programs\Microsoft Azure Storage Explorer
    • C:\Program Files\Microsoft Azure Storage Explorer
  • Executables:
    • StorageExplorer.exe
    • azcopy_windows_amd64.exe
  • AzCopy Log File Location:
    • %USERPROFILE%\.azcopy
  • Network Indicator:
    • .blob.core.windows.net
Azure Storage Explorer – The Tool for Data Theft

Data Engineering on Azure

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Azure data, Azure Hacking, Azure Storage Explorer


Sep 17 2024

4 Benefits of ISO 27001 Certification

Category: ISO 27kdisc7 @ 12:46 pm

The post discusses whether ISO 27001 certification is worth it, highlighting its benefits like improved reputation, enhanced security, and competitive advantage. ISO 27001 offers a comprehensive framework for managing information security risks, focusing on people, processes, and technology. Certification, though not mandatory, provides independent validation of an organization’s commitment to security, which can also reduce penalties in case of data breaches. It positions organizations to stand out, especially in regulated industries like finance and healthcare.

  1. Gain a competitive advantage
  2. Provide assurance to partners and regulators
  3. Qualify for bigger contracts
  4. Gain additional peace of mind about your security

You can read more here.

ISO 27001 Compliance and Certification

ISO 27001 Risk Assessment & Gap assessment

Download ISO27000 family of information security standards today!

Previous posts on ISO 27k | ISO 27k Chat bot

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: iso 27001


Sep 16 2024

Why Cybersecurity Should Be A Boardroom Priority In Today’s Digital Economy

Category: cyber securitydisc7 @ 2:35 pm

The article emphasizes the growing importance of cybersecurity as a boardroom priority in today’s digital economy. With cyber risks increasing, cybersecurity is no longer just a technical issue; it is a critical concern that board members must address to safeguard business operations, reputations, and financial health.

Key points include:

  1. Cyber Threats Are Escalating: The frequency and severity of attacks like phishing and ransomware are rising, with the average cost of a data breach hitting $4.88 million. This creates both immediate and long-term impacts, such as financial loss, regulatory fines, and reputational damage.
  2. Board Engagement Is Crucial: Board members must actively engage in shaping cybersecurity strategies, understanding key threats, allocating resources, and fostering a security culture throughout the organization.
  3. Proactive Measures for Resilience: Boards should implement comprehensive cybersecurity frameworks (ISO, NIST e.g.,) prioritize employee training, and ensure robust incident response plans. Regular security assessments and simulations can help mitigate risks.

In summary, cybersecurity must be integrated into business strategy, with board members leading the charge to protect the organization’s future and maintain stakeholder trust. Cybersecurity is now a strategic imperative, essential for long-term resilience and sustainable growth.

Read more here

The Cyber Savvy Boardroom: Essentials Explained 

Chief Everything Officer: 15 Years Inside The Boardroom

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Boardroom Priority, cybersecurity


Sep 14 2024

How to make Infrastructure as Code secure by default

The article explains how to enhance the security of Infrastructure as Code (IaC) by default. It emphasizes integrating security policies into CI/CD pipelines, automating IaC scanning, and using the application as the source of truth for infrastructure needs. It highlights the risks of manual code handling, such as human error and outdated templates, and discusses the challenges of automated remediation. The solution lies in abstracting IaC using tools that generate infrastructure based on application needs, ensuring secure, compliant infrastructure.

Read more here.

Making Infrastructure as Code (IaC) secure is crucial for maintaining the security of cloud environments and preventing vulnerabilities from being introduced during deployment. Here are some best practices to ensure the security of IaC:

1. Use Secure IaC Tools

  • Trusted Providers: Use reputable IaC tools like Terraform, AWS CloudFormation, or Ansible that have strong security features.
  • Keep Tools Updated: Ensure that your IaC tools and associated libraries are always updated to the latest version to avoid known vulnerabilities.

2. Secure Code Repositories

  • Access Control: Limit access to IaC repositories to authorized personnel only, using principles of least privilege.
  • Use Git Best Practices: Use branch protection rules, mandatory code reviews, and signed commits to ensure that changes to IaC are audited and authorized.
  • Secrets Management: Never hardcode sensitive information (like API keys or passwords) in your IaC files. Use secret management solutions like AWS Secrets Manager, HashiCorp Vault, or environment variables.

3. Enforce Security in Code

  • Static Code Analysis (SAST): Use tools like Checkov, TFLint, or Terraform Sentinel to analyze your IaC for misconfigurations, like open security groups or publicly accessible S3 buckets.
  • Linting and Formatting: Enforce code quality using linters (e.g., tflint for Terraform) that check for potential security misconfigurations early in the development process.

4. Follow Least Privilege for Cloud Resources

  • Role-based Access Control (RBAC): Configure your cloud resources with the minimum permissions needed. Avoid overly permissive IAM roles or policies, such as using wildcard * permissions.
  • Security Groups: Ensure that security groups and firewall rules are configured to limit network access to only what is required.

5. Monitor and Audit IaC Changes

  • Version Control: Use version control systems like Git to track changes to your IaC. This helps maintain audit trails and facilitates rollbacks if needed.
  • Automated Testing: Implement continuous integration (CI) pipelines to automatically test and validate IaC changes before deployment. Include security tests in your pipeline.

6. Secure IaC Execution Environment

  • Control Deployment Access: Limit access to the environment where the IaC code will be executed (e.g., Jenkins, CI/CD pipelines) to authorized personnel.
  • Use Signed IaC Templates: Ensure that your IaC templates or modules are signed to verify their integrity.

7. Encrypt Data

  • Data at Rest and In Transit: Ensure that all sensitive data, such as configuration files, is encrypted using cloud-native encryption solutions (e.g., AWS KMS, Azure Key Vault).
  • Use SSL/TLS: Use SSL/TLS certificates to secure communication between services and prevent man-in-the-middle (MITM) attacks.

8. Regularly Scan for Vulnerabilities

  • Security Scanning: Regularly scan your IaC code for known vulnerabilities and misconfigurations using security scanning tools like Trivy or Snyk IaC.
  • Penetration Testing: Conduct regular penetration testing to identify weaknesses in your IaC configuration that might be exploited by attackers.

9. Leverage Policy as Code

  • Automate Compliance: Use policy-as-code frameworks like Open Policy Agent (OPA) to define and enforce security policies across your IaC deployments automatically.

10. Train and Educate Teams

  • Security Awareness: Ensure that your teams are trained in secure coding practices and are aware of cloud security principles.
  • IaC-Specific Training: Provide training specific to the security risks of IaC, including common misconfigurations and how to avoid them.

By integrating security into your IaC practices from the beginning, you can prevent security vulnerabilities from being introduced during the deployment process and ensure that your cloud infrastructure remains secure.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Secure By Design, Secure Code, Secure Infrastructure


Sep 11 2024

What we’ve been told about MSP cybersecurity services may be misleading

Category: CISO,vCISOdisc7 @ 10:13 am

Everything we’ve been told about MSP cyber services is wrong.

Currently, the cyber security approach for MSP clients includes steps like End User Security Awareness, Patching, EDR, Access Control, Vulnerability Management, and SIEM implementation—essentially throwing various tools at the problem.

However, what if we’ve had it backwards? Shouldn’t we start by asking why each control is necessary and if it matches the client’s risk profile? Clients are seeking change and are tired of outdated methods.

Instead of merely adding services, we should start with vision, foresight, and leadership, embodying the principles of a vCISO. It’s about building a foundation of strategic brilliance, not just following the continuum but redefining it. Rethink Cybersecurity—Start with Vision, Start with vCISO.

In what situations would a vCISO or CISOaaS service be appropriate?

Expertise in Virtual CISO (vCISO) Services

Why Choose vCISO Services?

MSP, or Managed Service Provider, plays a crucial role in safeguarding businesses from cyber threats by managing information asset risks and delivering Information Security Management services, acting as a vCISO at both tactical and strategic levels.

Helping maintain compliance: MSPs can help organizations maintain compliance to various standards and regulations. 

MSPs can help reduce the burden on internal IT/InfoSec teams. 

Enhancing cyber resilience: MSPs can help enhance overall maturity of InfoSec program. 

To Learn More about CISO responsibilities and accountabilities…

Previous posts about vCISO job titles

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: vCISO


Sep 10 2024

33 open-source cybersecurity solutions you didn’t know you needed

Category: OSINT,Security Toolsdisc7 @ 2:54 pm

The article lists 33 open-source cybersecurity tools designed to improve security for various platforms, including Linux, Windows, and macOS. These tools cover a wide range of security needs, from identity management and encryption to vulnerability scanning, threat intelligence, and forensic analysis. Examples include Authentik for identity management, Grype for vulnerability scanning, and MISP for threat intelligence sharing. These solutions offer flexibility and transparency, enabling organizations to customize their security infrastructure.

Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals.

In this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats.

For more, visit Help Net Security

OSINT Techniques: Resources for Uncovering Online Information

Operator Handbook: Red Team + OSINT + Blue Team Reference

AI and OSINT: The Future of Cyber Investigation

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: open-source cybersecurity


Sep 09 2024

AI cybersecurity needs to be as multi-layered as the system it’s protecting

The article emphasizes that AI cybersecurity must be multi-layered, like the systems it protects. Cybercriminals increasingly exploit large language models (LLMs) with attacks such as data poisoning, jailbreaks, and model extraction. To counter these threats, organizations must implement security strategies during the design, development, deployment, and operational phases of AI systems. Effective measures include data sanitization, cryptographic checks, adversarial input detection, and continuous testing. A holistic approach is needed to protect against growing AI-related cyber risks.

For more details, visit the full article here

Benefits and Concerns of AI in Data Security and Privacy

Predictive analytics provides substantial benefits in cybersecurity by helping organizations forecast and mitigate threats before they arise. Using statistical analysis, machine learning, and behavioral insights, it highlights potential risks and vulnerabilities. Despite hurdles such as data quality, model complexity, and the dynamic nature of threats, adopting best practices and tools enhances its efficacy in threat detection and response. As cyber risks evolve, predictive analytics will be essential for proactive risk management and the protection of organizational data assets.

AI raises concerns about data privacy and security. Ensuring that AI tools comply with privacy regulations and protect sensitive information.

AI systems must adhere to privacy laws and regulations, such as GDPR, CPRA to protect individuals’ information. Compliance ensures ethical data handling practices.

Implementing robust security measures to protect data (data governance) from unauthorized access and breaches is critical. Data protection practices safeguard sensitive information and maintain trust.

1. Predictive Analytics in Cybersecurity

Predictive analytics offers substantial benefits by helping organizations anticipate and prevent cyber threats before they occur. It leverages statistical models, machine learning, and behavioral analysis to identify potential risks. These insights enable proactive measures, such as threat mitigation and vulnerability management, ensuring an organization’s defenses are always one step ahead.

2. AI and Data Privacy

AI systems raise concerns regarding data privacy and security, especially as they process sensitive information. Ensuring compliance with privacy regulations like GDPR and CPRA is crucial. Organizations must prioritize safeguarding personal data while using AI tools to maintain trust and avoid legal ramifications.

3. Security and Data Governance

Robust security measures are essential to protect data from breaches and unauthorized access. Implementing effective data governance ensures that sensitive information is managed, stored, and processed securely, thus maintaining organizational integrity and preventing potential data-related crises.

Adversarial AI Attacks, Mitigations, and Defense Strategies: A cybersecurity professional’s guide to AI attacks, threat modeling, and securing AI with MLSecOps

Data Governance: The Definitive Guide: People, Processes, and Tools to Operationalize Data Trustworthiness

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: AI attacks, AI security, Data Governance


Sep 07 2024

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Category: Cyber Spy,Spywaredisc7 @ 11:16 am

Recent research shows that Predator spyware, once believed to be inactive due to U.S. sanctions, has resurfaced with improved evasion tactics. Despite efforts to curtail its usage, Predator is still being used in countries like the Democratic Republic of the Congo (DRC) and Angola, where it targets high-profile individuals. Its updated infrastructure makes it more difficult to track victims, underscoring the need for strong cybersecurity defenses. Risk mitigation strategies include regular software updates, enabling lockdown modes, and deploying mobile device management systems. As spyware becomes more sophisticated, international collaboration is crucial to regulating and limiting its spread.

Predator spyware, once linked to Intellexa, has resurfaced after a period of reduced activity, despite sanctions and exposure. The reactivated spyware infrastructure poses renewed threats to privacy and security, as operators have adopted new techniques to obscure their activities, making it harder to track and attribute attacks. With capabilities like remote device infiltration and data exfiltration, governments can secretly monitor citizens and gather sensitive information. Predator’s operators have strengthened their infrastructure by adding another layer of anonymization to their multi-tiered delivery system, making it more difficult to trace the origin and usage of the spyware. Though the attack methods, including “one-click” and “zero-click” exploits, remain similar, the increased complexity of the infrastructure heightens the threat to high-profile individuals such as politicians, executives, journalists, and activists. The expensive licensing of Predator indicates its use is reserved for strategic targets, raising concerns in the European Union, where investigations have uncovered its misuse against opposition figures and journalists in countries like Greece and Poland. To counter the threat of Predator spyware, individuals and organizations should prioritize security measures like regular software updates, device reboots, and lockdown modes. Mobile device management (MDM) systems and security awareness training are also essential in protecting against social engineering and advanced spyware attacks. As the demand for surveillance tools grows, the spyware market continues to expand, with new companies developing increasingly sophisticated tools. While there are ongoing discussions around stricter regulations, particularly following investigations by Insikt Group, the threat of spyware will persist until meaningful international action is taken.

For more detailed insights, check the full article here.

Introduction to Spy Apps: Unlocking the Secrets of Digital Surveillance

In an era where digital connectivity has become ubiquitous, the line between privacy and surveillance has blurred. Nowhere is this more evident than in the proliferation of spy apps – discreet, powerful tools that grant unprecedented access to the lives of unsuspecting individuals. From tracking location and monitoring communications to covertly capturing audio and video, these applications represent a double-edged sword in the realm of technology.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Predator Spyware


Sep 06 2024

How cyber criminals are compromising AI software supply chains

Category: AI,Cybercrime,DevSecOpsdisc7 @ 9:55 am

The rise of artificial intelligence (AI) has introduced new risks in software supply chains, particularly through open-source repositories like Hugging Face and GitHub. Cybercriminals, such as the NullBulge group, have begun targeting these repositories to poison data sets used for AI model training. These poisoned data sets can introduce misinformation or malicious code into AI systems, causing widespread disruption in AI-driven software and forcing companies to retrain models from scratch.

With AI systems relying heavily on vast open-source data sets, attackers have found it easier to infiltrate AI development pipelines. Compromised data sets can result in severe disruptions across AI supply chains, especially for businesses refining open-source models with proprietary data. As AI adoption grows, the challenge of maintaining data integrity, compliance, and security in open-source components becomes crucial for safeguarding AI advancements.

Open-source data sets are vital to AI development, as only large enterprises can afford to train models from scratch. However, these data sets, like LAION 5B, pose risks due to their size, making it difficult to ensure data quality and compliance. Cybercriminals exploit this by poisoning data sets, introducing malicious information that can compromise AI models. This ripple effect forces costly retraining efforts. The popularity of generative AI has further attracted attackers, heightening the risks across the entire AI supply chain.

The article emphasizes the importance of integrating security into all stages of AI development and usage, given the rise of AI-targeted cybercrime. Businesses must ensure traceability and explainability for AI outputs, keeping humans involved in the process. AI shouldn’t be seen solely as a cost-cutting tool, but rather as a technology that needs robust security measures. AI-powered security solutions can help analysts manage threats more effectively but should complement, not replace, human expertise.

For more detailed insights, check the full article here.

Blockchain, IoT, and AI Technologies for Supply Chain Management (Innovations in Intelligent Internet of Everything (IoE))

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: AI software supply chains


Sep 06 2024

The true cost of cybercrime for your business

Category: Cyber crime,Cybercrimedisc7 @ 9:37 am

The article discusses the increasing financial impact of cybercrime on businesses, with attacks like ransomware and DDoS causing significant losses. Average costs for DDoS attacks have risen to $6,000 per minute, while ransomware payouts have skyrocketed, with a record-breaking $75 million ransom paid in 2024. Third-party vendor breaches and industry-specific vulnerabilities are also contributing to escalating costs.

Companies are facing growing pressure to address these threats, yet many are struggling with cybersecurity talent shortages and burnout. Despite paying ransoms, recovery costs continue to rise, and cyber insurance often doesn’t cover all expenses. Investing in preventive measures and continuous monitoring is critical to mitigate risks.

For more detailed insights, check the full article here.

The Transformation of Crime in the Information Age

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: cost of cybercrime



Sep 03 2024

AI Risk Management

Category: AI,Risk Assessmentdisc7 @ 8:56 am

The IBM blog on AI risk management discusses how organizations can identify, mitigate, and address potential risks associated with AI technologies. AI risk management is a subset of AI governance, focusing specifically on preventing and addressing threats to AI systems. The blog outlines various types of risks—such as data, model, operational, and ethical/legal risks—and emphasizes the importance of frameworks like the NIST AI Risk Management Framework to ensure ethical, secure, and reliable AI deployment. Effective AI risk management enhances security, decision-making, regulatory compliance, and trust in AI systems.

AI risk management can help close this gap and empower organizations to harness AI systems’ full potential without compromising AI ethics or security.

Understanding the risks associated with AI systems

Like other types of security risk, AI risk can be understood as a measure of how likely a potential AI-related threat is to affect an organization and how much damage that threat would do.

While each AI model and use case is different, the risks of AI generally fall into four buckets:

  • Data risks
  • Model risks
  • Operational risks
  • Ethical and legal risks

The NIST AI Risk Management Framework (AI RMF) 

In January 2023, the National Institute of Standards and Technology (NIST) published the AI Risk Management Framework (AI RMF) to provide a structured approach to managing AI risks. The NIST AI RMF has since become a benchmark for AI risk management.

The AI RMF’s primary goal is to help organizations design, develop, deploy and use AI systems in a way that effectively manages risks and promotes trustworthy, responsible AI practices.

Developed in collaboration with the public and private sectors, the AI RMF is entirely voluntary and applicable across any company, industry or geography.

The framework is divided into two parts. Part 1 offers an overview of the risks and characteristics of trustworthy AI systems. Part 2, the AI RMF Core, outlines four functions to help organizations address AI system risks:

  • Govern: Creating an organizational culture of AI risk management
  • Map: Framing AI risks in specific business contexts
  • Measure: Analyzing and assessing AI risks
  • Manage: Addressing mapped and measured risks

For more details, visit the full article here.

Predictive analytics for cyber risks

Predictive analytics offers significant benefits in cybersecurity by allowing organizations to foresee and mitigate potential threats before they occur. Using methods such as statistical analysis, machine learning, and behavioral analysis, predictive analytics can identify future risks and vulnerabilities. While challenges like data quality, model complexity, and evolving threats exist, employing best practices and suitable tools can improve its effectiveness in detecting cyber threats and managing risks. As cyber threats evolve, predictive analytics will be vital in proactively managing risks and protecting organizational information assets.

Trust Me: ISO 42001 AI Management System is the first book about the most important global AI management system standard: ISO 42001. The ISO 42001 standard is groundbreaking. It will have more impact than ISO 9001 as autonomous AI decision making becomes more prevalent.

Why Is AI Important?

AI autonomous decision making is all around us. It is in places we take for granted such as Siri or Alexa. AI is transforming how we live and work. It becomes critical we understand and trust this prevalent technology:

“Artificial intelligence systems have become increasingly prevalent in everyday life and enterprise settings, and they’re now often being used to support human decision making. These systems have grown increasingly complex and efficient, and AI holds the promise of uncovering valuable insights across a wide range of applications. But broad adoption of AI systems will require humans to trust their output.” (Trustworthy AI, IBM website, 2024)


Trust Me – ISO 42001 AI Management System

Enhance your AI (artificial intelligence) initiatives with ISO 42001 and empower your organization to innovate while upholding governance standards.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: AI Governance, AI Risk Management, artificial intelligence, security risk management


Sep 02 2024

Types of AI

Category: AIdisc7 @ 2:20 pm

1. Based on Capability

  • Narrow AI (Weak AI): AI systems that are designed and trained for a specific task, such as facial recognition, language translation, or playing chess. These systems operate under a limited set of constraints and do not possess general intelligence. Examples include Siri, Alexa, and IBM’s Watson.
  • General AI (Strong AI): A theoretical form of AI that would have the ability to learn, understand, and apply intelligence across a wide range of tasks, much like a human being. General AI does not yet exist and remains a goal for future development.
  • Superintelligent AI: A hypothetical AI that surpasses human intelligence across all aspects, including creativity, decision-making, and emotional intelligence. This type is purely speculative at this point and often discussed in the context of ethical considerations and long-term AI safety.

2. Based on Functionality

  • Reactive Machines: The most basic type of AI that can only react to current situations without any memory or understanding of the past. An example is IBM’s Deep Blue, which played chess without learning from previous games.
  • Limited Memory: AI systems that can use past experiences or data to make decisions, albeit temporarily. Most modern AI applications, like self-driving cars, fall into this category as they use historical data to make real-time decisions.
  • Theory of Mind: This type of AI is in the conceptual stage and aims to understand human emotions, beliefs, and thoughts, and interact socially. Theory of Mind AI is not yet realized but is an area of active research.
  • Self-Aware AI: The most advanced form of AI, which would have its own consciousness, self-awareness, and emotions. This type does not currently exist and is largely a subject of science fiction and philosophical debate.

3. Based on Learning Techniques

AI comes in many forms. And while the general process of automated technology carrying out a series of tasks remains consistent, how and why this happens will vary. Here are some examples of different types of AI which you might come across.

Deep Learning

An evolution of machine learning, this more thorough approach sees AI programmed in such a way that they’re able to identify images, sounds, and text without the need for human input. While with machine learning you may have to physically describe an image to AI, with deep learning they will be able to process and understand it themselves. 

Natural Language Processing (NLP)

If you’ve ever spoken to Siri, Alexa, or any other virtual assistant, you will have interacted with NLP. This technology is able to comprehend, manipulate, and generate human language in a way that allows it to have its very own “voice”. NLP can understand questions you give it, then respond accordingly. It can also be used in text form, such as a chatbot on a website. 

Computer vision

This futuristic form of tech allows computers to interpret and analyze the human world through the classification of images and objects. In doing so, it allows an AI to see the world through the eyes of a living person. This kind of technology is most commonly associated with driverless cars, where the vehicle needs to be able to process the world around it as a normal driver would. 

Machine Learning

This AI approach sees a series of data and algorithms run to formulate a picture of how a human would approach a situation or task. Over time, the program is able to adapt and even learn more about the human thinking process, which helps it to improve its overall accuracy. 

Generative AI

A popular online fad in 2023, generative AI is the name given to technology which is able to create images, text, or other media independently. A user simply needs to input what they want created, with the AI able to draw on their input training to produce something that has similar characteristics. 

Speech recognition

One of the oldest forms of AI, this tech is able to understand and interpret what you’re saying out loud, then convert it into text or audio format. This kind of technology is often confused with voice recognition – which instead of transcribing what you’re saying, will instead only be able to recognise the voice of the user. 

Robotic Process Automation (RPA)

RPA technology is a software which makes it easier to build, deploy, and manage robots that emulate human interactions. The robotic helpers are able to carry out a number of tasks virtually, at speeds which humans would be incapable of replicating. 

AI comes in many forms. And while the general process of automated technology carrying out a series of tasks remains consistent, how and why this happens will vary. Here are some examples of different types of AI which you might come across.

Tomorrow’s Artificial Intelligence: A Futurist’s Guide to Understanding and Harnessing AI Technology That Is Shaping Our World (Embracing Artificial Intelligence)

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Types of AI


Sep 02 2024

Build a secure future with DISC InfoSec

Category: Information Securitydisc7 @ 10:23 am

Your Trusted Partner in Information Security

DISC LLC, situated at Sonoma county, CA, is dedicated to offering premier information security services. As a consultant specializing in information security, we pride ourselves in helping businesses across the United States build resilient security programs.

Our Expertise

vCISO Services

When are vCISO services most appropriate? Our expert virtual Chief Information Security Officer (vCISO) services are designed to build a robust security program that effectively detects and mitigates risks. Reach out to us today to develop a security program tailored to today’s challenges.

ISO 27001 and ISMS Implementation

We specialize in implementing ISO 27001 standards and establishing Information Security Management Systems (ISMS) that ensure your organization’s compliance with the highest industry standards. Achieve certification and maintain a strong competitive edge in security compliance.

DISC InfoSec offers insights on ISO 27k through its posts

Comprehensive Security Risk Assessments

Our detailed security risk assessment services identify potential threats and vulnerabilities in your systems. By understanding these risks, we develop strategic measures to counteract them, safeguarding your business from data breaches and other security incidents.

Ensuring Security Compliance – GRC Consulting

In the Information Security and Compliance industry, organizations are increasingly seeking services that help them manage the growing complexity of cyber threats and regulatory requirements.

Maintaining security compliance is crucial in today’s digital landscape. DISC LLC helps organizations navigate complex regulatory requirements, ensuring they meet all necessary standards to protect their data and operations.

Overview: As regulations and standards like GDPR, HIPAA, CCPA, and ISO 27001 become stricter, organizations seek expert advice to ensure compliance and reduce risk.

Key DISC GRC Services:

  • Risk assessments and mitigation strategies.
  • Compliance audits and certification readiness (e.g., ISO27k, NIST 800-171, SOC 2).
  • Policy development and regulatory advisory.

Cloud Security

With the rapid adoption of cloud services, securing cloud environments (e.g., AWS, Azure, Google Cloud) is critical. Cloud security solutions focus on protecting data, identities, and workloads in cloud infrastructure.

DISC provide Cloud security assessments and architecture reviews.

How to manage information in the cloud: Best practice frameworks

Data Privacy and Protection

With regulations like GDPR and CCPA, and with advent of an AI organizations need to implement measures that protect sensitive data, data governance and ensure that personal information is handled according to legal standards.

Protecting sensitive data and complying with privacy regulations is essential. AI systems must be designed to handle data securely and adhere to relevant legal and ethical standards

Types of AI

Understanding the risks associated with AI systems: AI Risk Management

Why Choose DISC LLC?

  • Expertise: Our team consists of experienced professionals with extensive knowledge in infosec and compliance.
  • Customized Solutions: We provide tailored security solutions that align with your unique business needs.
  • Proactive Approach: Our proactive approach ensures timely detection and mitigation of security risks.

Contact DISC LLC today at info@deurainfosec.com or call us at +17079985164 to learn more about how our services can fortify your organization’s security posture.
Build a secure future with DISC LLC.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: DISC InfoSec Services


Aug 30 2024

How to manage information in the cloud: Best practice frameworks

Category: Cloud computingdisc7 @ 10:13 am

It’s predicted that more than $1 trillion in IT spending will be directly or indirectly affected by the shift to cloud during the next five years. This is no surprise as the cloud is one of the main digital technologies developing in today’s fast-moving world. It’s encouraging that CEOs recognize that it’s crucial for them to champion the use of digital technologies to keep up with today’s evolving business environment.

However, there are still concerns about using cloud services and determining the best approach for adoption. It’s important to acknowledge that adapting to emerging technologies can be challenging, particularly with the constantly expanding range of products and services. As a business improvement partner, DISC collaborates with clients to identify key drivers and develop best practice standards that enhance resilience.

What Influences Organizations to Store Information on the Cloud?

Organizations should align their business strategy and objectives to determine the most suitable approach to cloud computing. This could involve opting for public cloud services, a private cloud, or a hybrid cloud solution, depending on their resources and priorities.

Security concerns remain the leading barrier to cloud adoption, especially with public cloud solutions. In fact, 91% of organizations are very or moderately worried about the security of public cloud environments. These concerns are not limited to IT departments; 61% of IT professionals believe that cloud data security is also a significant concern for executives.

Despite these challenges, many organizations are influenced by the benefits of managing information on the cloud. These benefits include:

  • Agility: you can respond more quickly and adapt to business changes
  • Scalable: cloud platforms are less restrictive on storage, size, number of users
  • Cost savings: no physical infrastructure costs or charges for extra storage, exceeding quotas etc
  • Enhanced security: standards and certification can show robust security controls are in place
  • Adaptability: you can easily adjust cloud services to make sure they best suit your business needs
  • Continuity: organizations are using cloud services as a backup internal solution

Standards to help you Manage Information on the Cloud

Standards that focus on putting appropriate frameworks and controls in place to manage cloud security.

ISO/IEC 27001 international standard for an Information security management system (ISMS). It is the foundation of all our cloud security solutions. It describes the requirements for a best practice system to manage information security including understanding the context of an organization, the responsibilities of top management, resource requirements, how to approach risk, and how to monitor and improve the system.

It also provides a generic set of controls required to manage information and ensures you assess your information risks and control them appropriately. It’s relevant to all types of organizations regardless of whether they are involved with cloud services or not, to help with managing information security against recognized best practices.

ISO/IEC 27017 is an international code of practice for cloud security controls. It outlines cloud-specific controls to manage security, building on the generic controls described in ISO/IEC 27002. It’s applicable to both Cloud Service Providers (CSPs) and organizations procuring cloud services.

It provides support by outlining roles and responsibilities for both parties, ensuring all cloud security concerns are addressed and clearly owned. Having ISO/IEC 27017 controls in place is especially important when you procure cloud services that form part of a service you sell to clients.

ISO/IEC 27018 is an international code of practice for Personally Identifiable Information (PII) on public clouds. It builds on the general controls described in ISO/IEC 27002 and is appropriate for any organization that processes PII. This is particularly important considering the changing privacy landscape and focus on protecting sensitive personal data.

All businesses need to continually evolve their cybersecurity management in order to effectively manage the cyber risks associated with cloud use. Request to learn more.

Adopt these standards today to ensure your organization effectively manages data in the cloud.

How to build a world class ISMS:

ISO 27001 serves as the foundation for ISO 27017, ISO 27018, and ISO 27701.

After conducting the risk assessment, it’s essential to compare the controls identified as necessary with those listed in Annex A to ensure no important controls were overlooked in managing the risks. This serves as a quality check for the risk assessment, not as a justification for using or not using any controls from Annex A. This process should be done for each risk identified in the assessment to see if there are opportunities to enhance it.

Any controls that you discover were unintentionally “omitted” from the risk assessment can come from any source (NIST, HIPAA, PCI, or CIS Critical Security Controls) and are not restricted to those in Annex A.

One should consider CIS Controls to strengthen one of the above frameworks when building your ISMS. CIS Controls is updated frequently than frameworks and are highly effective against the top five attack types found in industry threat data, effectively defending against 86% of the ATT&CK (sub)techniques in the MITRE ATT&CK framework.

Statement of Applicability (SoA) is typically developed after conducting a risk assessment in ISO 27001. The risk assessment identifies the information security risks that the organization faces and determines the appropriate controls needed to mitigate those risks.

In ISO 27001, the Statement of Applicability (SoA) is a key document that outlines which information security controls from Annex A ( or from (NIST, HIPAA, PCI, or CIS Critical Security Controls)) are applicable to an organization’s Information Security Management System (ISMS). The SoA provides a summary of the controls selected to address identified risks, justifies why each control is included or excluded, and details how each applicable control is implemented. It serves as a reference to demonstrate compliance with ISO 27001 requirements and helps in maintaining transparency and accountability in the ISMS.

The SoA is essential for internal stakeholders and external auditors to understand the rationale behind the organization’s approach to managing information security risks.

Cloud shared responsibilities:

Most companies appear to be operating in the hybrid or public cloud space, often without fully realizing it, and need to gain a better understanding of this environment.

Cloud shared responsibilities refer to the division of security and compliance responsibilities between a cloud service provider (CSP) and the customer. This model outlines who is responsible for specific aspects of cloud security, depending on the type of cloud service being used: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS).

The division of responsibilities varies based on the cloud service model:

  • IaaS: The CSP manages the basic infrastructure, but the customer is responsible for everything else, including operating systems, applications, and data.
  • PaaS: The CSP manages the infrastructure and platform, while the customer focuses on application development, data management, and user access.
  • SaaS: The CSP handles most security aspects, including applications and infrastructure, while the customer is primarily responsible for data security and user access management.

Understanding the shared responsibility model is crucial for ensuring that both the CSP and the customer are aware of their respective roles in maintaining cloud security, compliance and last but not the least managing risks in the cloud environment.

In summary, The shift to cloud computing is expected to influence over $1 trillion in IT spending over the next five years as companies increasingly adopt digital technologies to stay competitive. Despite the benefits of cloud computing—such as agility, scalability, cost savings, and enhanced security—many organizations face challenges, particularly around security concerns, which are a major barrier to cloud adoption. To navigate these challenges, businesses need to align their cloud strategies with their objectives, choosing between public, private, or hybrid cloud solutions. Additionally, implementing standards like ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018 can help manage cloud security and compliance effectively by providing frameworks for managing information security risks and ensuring data protection. Understanding the shared responsibility model is also crucial for cloud security, as it defines the distinct roles of cloud service providers and customers in maintaining a secure cloud environment.

Latest Cloud Security titles

Previous posts on Cloud Computing

ISO27701 – Privacy information management system

Check out these previous ISO27k posts

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: cloud computing benefits, Cloud computing frameworks, cloud computing security, cloud security, cloud security risks, Cloud shared responsibilities, isms, ISO27k, SoA


Aug 29 2024

Why Choose vCISO Services?

Category: vCISOdisc7 @ 11:03 am

Welcome to DISC LLC – Your Trusted Computer Security Service Provider

At DISC LLC, we specialize in providing top-notch computer security services to businesses across the United States. Our team of expert consultants is here to help you build a robust security program that effectively detects and mitigates risks. For those looking for comprehensive security solutions, our vCISO services are perfectly tailored to meet today’s challenges.

Why Choose Our vCISO Services?

Our expert virtual Chief Information Security Officers (vCISOs) bring a wealth of experience and knowledge to your organization. We understand the crucial role of information security and offer strategic guidance to establish a solid security foundation. Our services are most appropriate when:

  • Your business requires an experienced security leader but cannot afford a full-time CISO.
  • You need to establish or improve your Information Security Management System (ISMS).
  • Your organization is undergoing a security risk assessment and needs expertise to navigate the process smoothly.

Our Core Services

At DISC LLC, we focus on the most critical aspects of information security.

  • ISO 27001 Compliance: Achieve and maintain compliance with this international standard for information security management.
  • Development and implementation of a robust ISMS: We help you build a comprehensive management system to safeguard your information assets.
  • Comprehensive security risk assessments: Identify, evaluate, and mitigate risks that could potentially impact your organization.

Contact Us

Ready to develop a security program that meets today’s challenges? Reach out to us today.

https://www.deurainfosec.com/

Email: info@deurainfosec.com

Phone: +1 707-998-5164

Sonoma County, CA 94954, USA

Operating Areas: United States, Canada

To Learn More about CISO responsibilities and accountabilities…

Previous posts about vCISO job titles

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: vCISO, vCISO as a service, vCISO services


Aug 27 2024

LiteSpeed Cache Plugin Vulnerability Risked 5+ Million WordPress Websites

Category: Information Security,Web Securitydisc7 @ 11:15 am

WordPress admins using the Litespeed Cache plugin must update their sites with the latest plugin release to address a critical vulnerability. Exploiting the flaw allows an unauthenticated attacker to take control of target websites.

LiteSpeed Cache Plugin Vulnerability Could Allow Site Takeover

The security researcher John Blackbourn from PatchStack discovered a critical privilege escalation vulnerability in the LiteSpeed Cache plugin. LiteSpeed Cache for WordPress offers an exclusive server-level cache and numerous site optimization features. The plugin boasts over 5 million active installations, indicating its popularity among WordPress users. Nonetheless, it also shows how any vulnerability in the plugin potentially threatens millions of websites. Specifically, the vulnerability existed in the plugin’s crawler feature that exhibits a user simulation functionality to perform crawler requests as authenticated users. However, due to a weak security hash in this feature, the plugin allowed an unauthenticated adversary to spoof an authenticated user and gain elevated site privileges. The worst exploitation scenarios even allowed the installation of malicious plugins and a complete site takeover. This vulnerability, identified as CVE-2024-28000, received a critical severity rating and a CVSS score of 9.8. It affected all plugin releases until 6.3.0.1. Detailed technical analysis of the vulnerability is available in the recent post from PatchStack.

Vulnerability Patched With Latest Plugin Release

Upon noticing the vulnerability, Blackbourn responsibly disclosed the flaw via Patchstack to the plugin developers. In response, the developers patched the vulnerability with the LiteSpeed Cache plugin version 6.4. The researcher also received a $14,400 bounty under the Patchstack Zero Day program for this bug report. Since the patch has arrived, all WordPress admins must update their sites with the latest plugin release to avoid potential threats. Ideally, users should update to the LiteSpeed Cache plugin version 6.4.1, which appears as the latest release on the plugin’s official page.


Attribution link: https://latesthackingnews.com/2024/08/26/litespeed-cache-plugin-vulnerability-risked-5-million-wordpress-websites/

Essential WordPress Security Plugins

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Plugin Vulnerability, WordPress, Wordpress security


Aug 24 2024

Expertise in Virtual CISO (vCISO) Services

Category: Information Security,vCISOdisc7 @ 10:51 am

Deura Information Security Consulting

DISC InfoSec

Expertise in Virtual CISO (vCISO) Services

Deura Information Security Consulting offers comprehensive vCISO services designed to build robust security programs that effectively detect and mitigate risks. Our seasoned consultants will work with you to develop a security strategy tailored to meet today’s challenges.

Achieve Compliance with ISO 27001

Securing your information assets and achieving compliance is crucial. Our experts specialize in assisting businesses with ISO 27001 implementation. Benefit from our extensive experience in information security management systems (ISMS) to ensure your organization meets the stringent requirements of ISO 27001.

Services Offered

  • vCISO Services: Enhance your organization’s security posture with our virtual Chief Information Security Officer services.
  • ISO 27001 Implementation: Guidance on compliance and certification processes to achieve ISO 27001.
  • Security Risk Assessment:
  • Information Security Management Systems (ISMS):
  • Security Compliance Management:

Why Choose Us

At Deura Information Security Consulting, our focus is on creating and implementing security programs that address your specific needs. Contact us at info@deurainfosec.com or call +1 707-998-5164 to schedule a consultation.

Our extensive industry knowledge ensures that your security infrastructure is built to detect and mitigate risks effectively. Choose Deura Information Security Consulting for expert vCISO services and ISO 27001 compliance support.

In what situations would a vCISO or CISOaaS service be appropriate?

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: vCISO, vCISO services, Virtual CISO


Aug 23 2024

Chrome Zero-day Vulnerability Actively Exploited in the Wild

Category: Web Security,Zero daydisc7 @ 12:41 pm
https://gbhackers.com/chrome-zero-day-vulnerability-2/

Google has announced the release of Chrome 128 to the stable channel for Windows, Mac, and Linux.

This update, Chrome 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac addresses a critical zero-day vulnerability actively exploited in the wild.

The update includes 38 security fixes, with particular attention to those contributed by external researchers.

Details of the Zero-Day Vulnerability

The Chrome team has been working diligently to address a zero-day vulnerability that has been actively exploited.

The vulnerability, CVE-2024-7971, involves type confusion in V8, Chrome’s open-source JavaScript engine.

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) reported this flaw on August 19, 2024.

While the specific details of the exploit remain restricted to protect users, the fix’s urgency underscores the vulnerability’s potential severity.

The Chrome team has emphasized that access to bug details and links will remain restricted until most users have updated their browsers.

This precaution ensures that users are protected before the vulnerability details are public, preventing further exploitation.

In addition to the zero-day vulnerability, the Chrome 128 update includes a wide range of security fixes.

Below is a table summarizing the key vulnerabilities addressed in this update:

BountyCVE IDSeverityDescriptionReported On
$36,000CVE-2024-7964HighUse after free in Passwords2024-08-08
$11,000CVE-2024-7965HighInappropriate implementation in V82024-07-30
$10,000CVE-2024-7966HighInappropriate Implementation in Permissions2024-07-25
$7,000CVE-2024-7967HighHeap buffer overflow in Fonts2024-07-27
$1,000CVE-2024-7968HighUse after free in Autofill2024-06-25
TBDCVE-2024-7969HighType Confusion in V82024-07-09
TBDCVE-2024-7971HighType confusion in V82024-08-19
$11,000CVE-2024-7972MediumInappropriate implementation in V82024-06-10
$7,000CVE-2024-7973MediumHeap buffer overflow in PDFium2024-06-06
$3,000CVE-2024-7974MediumInsufficient data validation in V8 API2024-05-07
$3,000CVE-2024-7975MediumInsufficient data validation in the Installer2024-06-16
$2,000CVE-2024-7976MediumInappropriate implementation in FedCM2024-05-10
$1,000CVE-2024-7977MediumInsufficient Policy Enforcement in Data Transfer2024-02-11
$1,000CVE-2024-7978MediumInsufficient data validation in the Installer2022-07-21
TBDCVE-2024-7979MediumInsufficient data validation in the Installer2024-07-29
TBDCVE-2024-7980MediumInappropriate Implementation in Views2024-07-30
$1,000CVE-2024-7981LowInappropriate Implementation in WebApp Installs2023-07-14
$500CVE-2024-8033LowInappropriate implementation in WebApp Installs2024-06-30
$500CVE-2024-8034LowInappropriate implementation in Custom Tabs2024-07-18
TBDCVE-2024-8035LowInappropriate implementation in Extensions2022-04-26

The Chrome team is committed to ensuring user safety and has expressed gratitude to the security researchers who contributed to these fixes.

Users are strongly encouraged to update their browsers to the latest version to protect against these vulnerabilities.

Google also plans to release more information about new features and major efforts in upcoming blog posts for Chrome and Chromium.

As cyber threats evolve, timely updates and collaboration with the security community remain crucial in safeguarding users worldwide.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Zero Day: Expose Software Vulnerabilities And Eliminate Bugs

Tags: Chrome zero-day


Next Page »