DISC InfoSec blog

Stuxnet Malware Analysis By Amr Thabet

• Stuxnet videos library
• History of Stuxnet – Previous articles | DISC InfoSec blog
• What is Stuxnet, who created it and how does it work? | CSO Online
• GitHub – micrictor/stuxnet: Open-source decompile of Stuxnet/myRTUs
• Stuxnet Source Code Released Online – Download Now

 Subscribe in a reader

Every Linux Networking Tool – By Julia Evans

 Subscribe in a reader

Malware Analysis

• Malware Analysis: An Introduction – SANS.org

 
Introduction to Malware Analysis | SANS Lenny Zeltser

 
Five Awesome Tools to perform Behavioural Analysis of Malware

• Earlier posts on Malware | DISC InfoSec blog

 Subscribe in a reader

What CISO does for a living by Louis Botha

It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies

Download of What CISO does for a living (pdf)

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?

• • Recommended titles for CISO
  • CISO’s Library
  • CISOs and the Quest for Cybersecurity Metrics Fit for Business

CISO should have answers to these questions before meeting with the senior management.

• What are the top risks
• Do we have inventory of critical InfoSec assets
• What leading InfoSec standards and regulations apply to us
• Are we conducting InfoSec risk assessment
• Do we have risk treatment register
• Are we testing controls, including DR/BCP plans
• How do we measure compliance with security controls
• Do we have data breach response plan
• How often we conduct InfoSec awareness
• Do we need or have enough cyber insurance
• Is security budget appropriate to current threats
•  Do we have visibility to critical network/systems
• Are vendor risks part of our risk register

 Subscribe in a reader

A password alone will not protect sensitive information from hackers–two-factor authentication is also necessary. Here’s what security pros and users need to know about two-factor authentication.

Source: Two-factor authentication: A cheat sheet

 Subscribe in a reader

Law enforcement officials in the US have been routinely mining Google’s location history data for criminal investigations.

Source: Google’s location history data shared routinely with police

 Subscribe in a reader

Hackers and Microsoft seem to disagree on key details of the hack.

Source: Hackers could read non-corporate Outlook.com, Hotmail for six months

 Subscribe in a reader

A zero-day exploit found in Internet Explorer means hackers could steal files from Windows users. What’s particularly interesting about this security flaw is that you don’t even need to…

Source: Internet Explorer flaw leaves Windows users vulnerable to hackers — even those who don’t use the browser

Insider Threat Report – Out of sight should never be out of mind

Anatomy of a spear phishing attack

You may be wondering what it takes to send this type of attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send an attack, and then we’ll look at steps to mitigate this threat. For the (simplified) attack steps we am freely borrowing from a great blog post by Brandon McCann, a well-known pentester.

• Spear Phishing | KnowBe4

• Beyond the Nigerian Prince: A How-To Guide to Modernizing Phishing Defenses | Webinar

In a research paper titled Dragonblood, published by security researchers Mathy Vanhoef and Eyal Ronen, it has been revealed that WPA3’s secure handshake called Simultaneous Authentication of Equals (SAE), commonly known as Dragonfly, is affected by password partitioning attacks.

Source: ‘Dragonblood’ Flaw In WPA3 Lets Hackers Easily Grab Your Wi-Fi Passwords

Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

Multiple Vulnerabilities in WPA3 Protocol

Public Wi-Fi is rife with security risks, and cybersecurity professionals aren’t taking any chances, according to a Lastline report.

Source: Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi

• The risks of public Wi-Fi

Cybaze-Yoroi ZLab team spotted an interesting infection chain leveraging several techniques able to defeat traditional security defences and spread LimeRAT.

Source: LimeRAT spreads in the wild

SANS offers 27 free #cybersecurity policy templates to help your organization develop and implement #infosec policies.

Free information security policy templates courtesy of the SANS Institute, Michele D. Guel, and other information security leaders.

Source: SANS Information Security Policy Templates

With the April 15th filing deadline around the corner, cybercriminals are counting on a rushed response to questions to infect potential victims.

Source: How to protect your business from tax fraud

Metasploit Cheat Sheet by TerrorByte

Linux quick reference card

Password Security Infographic by NCSC

To make sure a deleted file can’t be recovered, you’ll need to use a third-party shredding tool. Here’s a look at three such free programs: Eraser, File Shredder, and Freeraser.

Source: How to completely and securely delete files in Windows