ESET security researchers have discovered a new version of the ComRAT backdoor controlled using the Gmail web interface and used by the state-backed Russian hacker group Turla for harvesting and stealing in attacks against governmental institutions.

Source: Russian cyberspies use Gmail to control updated ComRAT malware



US, UK, and Holland fighting back against Russia’s cyber attacks


Russia cyber attacks: “a new stage in an espionage war, going beyond traditional espionage”







Download a CyberAware cheat sheet

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger.

Source: Hacker extorts online shops, sells databases if ransom not paid

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the amount of stolen data is much larger.

The attacker is hacking into insecure servers that are reachable over the public web, copies the databases, and leaves a note asking for a ransom in return of the stolen data.

Money made

Victims have 10 days to pay BTC 0.06 ($525 at current price) a wallet provided in the ransom note, else the hacker makes the database public or uses it as they please.

Hacked! What to do with an extortion email


Bitcoin Email Blackmail Ransom Scam





Download a CyberAware cheat sheet

FREE Open Source Tools – via SANS Institute

Free open source tools

Download a pdf

Open source intelligence (OSINT)

Cybersecurity Tools | Popular Tools for Cybersecurity Threats

Download a CyberAware cheat sheet

What a crazy world we live in – employees working from home, “dirty” personal devices being used to access corporate data, furloughed employees still maintaining corporate IT assets and access – all while the quantity and variety of cyberattacks and fraud is drastically increasing. Corporate security executives have never had a harder set of challenges to deal with.

Source: Security executives succeeding in the chaotic coronavirus world

What is your greatest security concern right now?

The collective response to this question is that security executives are most worried about the increase in phishing campaigns and fraud, especially with distracted employees who aren’t as diligent with security hygiene while working from home. As one executive stated, “My greatest concern right now is social engineering resulting from cyberattacks on people wherever they are. High stress means reduced cognitive functions, so attackers may find it easier to do social engineering, which opens the door to everything else.”

Other major concerns include mitigating the impact of an increased attack surface and the need to enhance remote access controls to make certain organizational security levels are met despite a large majority of employees working remotely. For example, one executive further explained that she was most focused on mitigating the impact of this increased attack surface, particularly enhancing remote access controls such that the organization would be secure even if 100% of the employees were now remote. Enhancements to firewall, NAC, DLP and other solutions were required. Vendor risk also was a much greater concern for this executive, with third parties potentially now more vulnerable.

Virtual CISO and Security Advisory – Download a #vCISO template!

Virtual CISO and CISO – Checkout a vCISO/CISO latest titles

10 Tenets of CISO Success

By: Melissa Musser, CPA, CITP, CISA, Risk & Advisory Services Principal, and Darren Hulem, IT and Risk Analyst The COVID-19 crisis, with a new reliance on working from home and an overburdened healthcare system, has opened a new door for cybercriminals. New tactics include malicious emails claiming the recipient was exposed COVID-19, to attacks on…Read more ›

Source: Consider a Virtual CISO to Meet Your Current Cybersecurity Challenges | GRF CPAs & Advisors

Small- to medium-sized nonprofits and associations are particularly at risk, and many are now employing an outsourced Chief Information Security Officer (CISO), also known as a Virtual CISO (vCISO), as part of their cybersecurity best practices.

vCISO model not only offers flexibility over time as the organization changes, providers are also able to deliver a wide range of specialized expertise depending on the client’s needs.

The vCISO offers a number of advantages to small- and medium-sized organizations and should be part of every nonprofit’s or association’s risk management practices.

Virtual CISO and Security Advisory – Download a #vCISO template!

Three Keys to CISO Success

Welp, at least that’s better than industry averages, says code-hosting biz

Source: To test its security mid-pandemic, GitLab tried phishing its own work-from-home staff. 1 in 5 fell for it

The mock attack simulated a targeted phishing campaign designed to get GitLab employees to give up their credentials.

The GitLab Red Team – security personnel playing the role of an attacker – obtained the domain name gitlab.company and set it up using the open source GoPhish framework and Google’s GSuite to send phishing emails. The messages were designed to look like a laptop upgrade notification from GitLab’s IT department.

“Targets were asked to click on a link in order to accept their upgrade and this link was instead a fake GitLab.com login page hosted on the domain ‘gitlab.company’,” explained security manager Steve Manzuik in a GitLab post.

“While an attacker would be able to easily capture both the username and password entered into the fake site, the Red Team determined that only capturing email addresses or login names was necessary for this exercise.”

Fifty emails went out and 17 (34 per cent) clicked on the link in the messages that led to the simulated phishing website. Of those, 10 (59 per cent of those who clicked through or 20 per cent of the total test group) went on to enter credentials. And just 6 of the 50 message recipients (12 per cent) reported the phishing attempt to GitLab security personnel.

Download a CyberAware Cheat Sheet

Santander Consumer Bank, the Belgian branch of the bank, had a misconfiguration in its blog domain that was allowing its files to be indexed.

Source: Santander, one of the biggest European banks, was leaking sensitive data on their website

A Santander Consumer spokesperson said:

“The incident highlighted relates specifically to the Santander Consumer Bank Belgium blog only. The blog contains only public information and articles, and therefore no customer data or critical information from the blog  has been compromised. Our security team has already fixed the issue to ensure the blog is secure.”

What exactly is wrong with the Santander website?

When we visited the Santander blog on its Belgian domain, we noticed that the www endpoint of the blog subdomain had a misconfiguration that allowed all of its files to be indexed by search engines

Included in these indexed files was an important info.json file that seemed to contain its Cloudfront API keys.

Download a CyberAware Cheat Sheet

CISO/vCISO Recruitment

What are enterprises seeking in their next CISO – a technologist, a business leader or both? Joyce Brocaglia of Alta Associates shares insights on the key qualities

What kinds of CISOs are being replaced? Brocaglia says that an inability to scale and a tactical rather than strategic orientation toward their role are two reasons companies are looking to replace the leaders of their security teams—or place them underneath a more senior cybersecurity executive. They are looking for professionals with broad leadership skills rather than a “one-trick pony.”

Today’s organizations want the CISO to be intimately involved as a strategic partner in digital transformation initiatives being undertaken. This means that their technical expertise must be broader than just cybersecurity, and they must have an understanding of how technology impacts the business—for the better and for the worse. And candidates must be able to explain the company’s security posture to the board and C-suite in language they understand—and make recommendations that reflect an understanding of strategic risk management.

CISOs who came up through the cybersecurity ranks are sometimes at a disadvantage as the CISO role becomes more prominent—and critical to the business. Professionals in this position will do well to broaden their leadership skills and credentials, sooner rather than later.

Source: CISO Recruitment: What Are the Hot Skills?



Interview with Joyce Brocaglia, CEO, Alta Associates

10 Steps to Cyber Security pdf

Free Download Cybersecurity For Dummies Cheat Sheet

10 steps to improve your online security and stop hackers

10 Steps To Becoming An Elite Cyber Security Pro Hacker

Full Ethical Hacking Course – Network Penetration Testing for Beginners

Subscribe to DISC InfoSec blog by Email

Cyber Security Planning Guide

Open a PDF file The best practice guide for an effective infoSec function.



Guide to Developing a Cybersecurity Strategy & Roadmap







Subscribe to DISC InfoSec blog by Email

Blue Team Cheat Sheets

Open a PDF file The best practice guide for an effective infoSec function.

Cyber Security Fundamentals: What is a Blue team?

Subscribe to DISC InfoSec blog by Email

CyberSecurity for Dummies

Open a PDF file The best practice guide for an effective infoSec function.

 
Introduction to Cybersecurity


What You Should Learn Before Cybersecurity

Subscribe to DISC InfoSec blog by Email

5G CYBERSECURITY

Preparing a Secure Evolution to 5G

5G CYBERSECURITY




Tech Talk: 5G Security


Security of 5G networks: EU Member States complete national risk assessments


Bye bye privacy with 5G

Subscribe to DISC InfoSec blog by Email

Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4. Users continue to fall for LinkedIn, Facebook, and security-minded messages. See the full report!

Source: Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

This is what happens when you reply to spam email | James Veitch


How to Spot a Phishing Email I Fortune



Anatomy of Scam Emails – How To Recognise A Phishing Scam Message

Subscribe to DISC InfoSec blog by Email

Because of the COVID-19 crisis, ISO enabled free access to ISO 22301, ISO 22395, ISO 22320, ISO 22316, and ISO 31000 standards – find the links here.

Source: ISO 31000 and ISO 22301 available now for free to read

ISO standards:

Subscribe to DISC InfoSec blog by Email

SANS Faculty has a comprehensive open source free tools available to support your information security career, training and research.

SANS Free tool list


to download pdf for open source free tools list



Open Source Tools For Working Remotely From Home: pfsense, OpenVPN, Syncthing, and Nextcloud

Subscribe to DISC InfoSec blog by Email

#Coronavirus Business Continuity Management (#BCM) Bundle

Ensure your organisation can survive in the face of disaster; learn how to create and implement an effective business continuity plan.

#Coronavirus Business Continuity Management (#BCM) Bundle

Webinar: Business Continuity Management: Impact Analysis and Risk Assessment

Subscribe to DISC InfoSec blog by Email

Intro: No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can detect common threats.[…]

Source: Threat Simulation Overview and Setup – Active Countermeasures

Why You Need Threat Hunting!


Cyber Threat Hunting: Identify and Hunt Down Intruders


Real-Time Threat Hunting – SANS Threat Hunting & Incident Response Summit 2017


Detecting Malware Beacons with Zeek and RITA

Subscribe to DISC InfoSec blog by Email

Privilege Escalation FTW

Windows Privilege Escalation Techniques (Local)

Learn System Hacking E13: Windows 10 Privilege Escalation

Subscribe to DISC InfoSec blog by Email

https://en.wikipedia.org/wiki/Tokenization_(data_security)

Source: Tokenization vs. Encryption vs. Aliasing – How to Truly Minimize Compliance Risk

The tokenization of things | Matthew Roszak | TEDxSanFrancisco

Subscribe to DISC InfoSec blog by Email