6 free cybersecurity tools CISOs need to know about

Contact DISC

6 free cybersecurity tools for 2021

1: Infection Monkey

Infection Monkey is an open source Breach and Attack Simulation tool that lets you test the resilience of private and public cloud environments to post-breach attacks and lateral movement, using a range of RCE exploiters.

Infection Monkey was created by Israeli cybersecurity firm Guardicore to test its own segmentation offering. Developer Mike Salvatore told told The Stack: “Infection Monkey was inspired by Netflix’s Chaos Monkey.

“Chaos Monkey randomly disables production instances to incentivize engineers to design services with reliability and resilience in mind. We felt that the same principles that guided Netflix to create a tool to improve fault tolerance could be applied to network security. Infection Monkey can be run continuously so that security-related shortcomings in a network’s architecture can be quickly identified and remediated.”

The company recently added a Zero Trust assessment, as well as reports based on the MITRE ATT&CK framework.

Source: 6 free cybersecurity tools CISOs need to know about

Leave a Comment

Cybersecurity Standards

Browse Cyber Security Standards in the leading UK and international cyber security standards bookstore

Browse Cyber Security Standards in the leading UK and international cyber security standards bookstore

Leave a Comment

Nmap Cheat Sheet

No alternative text description for this image
Nmap Cheat Sheet- Infographic via SANS Institute

Leave a Comment

Physical cyber threats: What do criminals leave when they break in? 

Many organizations have maintained heavy investment in cybersecurity over the last year, even in an unpredictable time when other spending has faltered. Gartner estimates that IT security and risk management spending still grew 2.6 percent even as IT spending as a whole fell by 8 percent.

However, while businesses have continued to fortify their networks against remote invaders, most have overlooked the potential for cyber threats from physical intruders. With very few exceptions such as government facilities, organizations tend to be extremely vulnerable to cyberattacks that involve a threat actor gaining direct access to the infrastructure.

While such attacks are extremely rare in comparison to the endless virtual attacks launched every day, physical security gaps can allow threat actors to circumvent otherwise strong defenses to inflict serious damage. Unlike an ordinary burglary, the threat is not what is stolen by the intruder, but what they leave behind – anything from keyloggers to backdoor malware. It’s especially important that organizations that are in high-risk sectors such as finance be prepared for such attacks.

Fortunately, however, with the right precautions it is possible to minimize the risk of a physical intruder, and spot incursions based on digital and physical evidence left behind.

Leave a Comment

How do I select a network monitoring solution for my business?

Network monitoring is essential for any organization with a network. Requirements may vary, but in general any IT team is going to need a single, comprehensive solution that shows the entire network in context and makes diagnosing network issues fast and easy.

An effective solution should be able to discover every device connected to the network, automatically generate a network map showing connections and give administrators an easy way to run device inventories and determine what should be monitored.

The solution should generate alerts for a myriad of network issues and support customizable thresholds, so the IT team can proactively respond before end users are impacted. It should monitor the entire network infrastructure (physical, virtual and cloud) while also supporting network traffic analysis, network and application performance monitoring, configuration management and log management. As well, the ability to automate common administrative tasks or implement self-healing actions will drastically reduce the workload of the IT team.

The importance of ease-of-use cannot be overstated! The solution also needs to be able to scale to meet future needs and should support widely geographically distributed networks. Integration with 3rd-party systems is also a key requirement, whether by out-of-the-box connectors or via a robust API.

How do I select a network monitoring solution for my business?

Leave a Comment

Security Logging in Cloud Environments – AWS

Which Services Can We Leverage?

AWS offers multiple services around logging and monitoring. For example, you have almost certainly heard of CloudTrail and CloudWatch, but they are just the tip of the iceberg.

CloudWatch Logs is the default logging service for many AWS resources (like EC2, RDS, etc.): it captures application events and error logs, and allows to monitor and troubleshoot application performance. CloudTrail, on the other hand, works at a lower level, monitoring API calls for various AWS services.

Although listing (and describing) all services made available by AWS is out of scope for this blog post, there are a few brilliant resources which tackle this exact problem:

In the remainder of this section I’ll provide a summary of the main services we will need to design our security logging platform. Before doing so, though, it might be helpful having a high-level overview of how these services communicate (special thanks to Scott Piper for the original idea)

Source: Security Logging in Cloud Environments – AWS

Leave a Comment

Georgetown County has yet to recover from a sophisticated cyber attack

Leave a Comment

Keybase secure messaging fixes photo-leaking bug – patch now!

Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”

End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits a login form, and only gets stripped off at the far end when the data arrives at its final destination, such as when a website receives the login form with your username and password in it.

End-to-end encryption over the internet doesn’t just mean that your data is encrypted while it’s in transit from node to node along its network journey – it’s supposed to be a stronger guarantee than that.

It not only means that your data isn’t decrypted while it’s at any “rest stops” along the way, such as when an email message is held at your ISP for delivery later on, but also means that your data cannot be decrypted along the way, no matter whether you trust the person operating that “rest stop” or not.

Leave a Comment

Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

How are companies’ legal departments changing to meet the needs of their organization and the needs arising from worldwide changes?

Organizations face much more regulatory compliance and privacy scrutiny than ever before, and everyone is under a constant threat of cyber breach or attack. Legal plays a critical role in ensuring that all compliance obligations are met, and overall risk to the organization is mitigated.

I firmly believe a new strategy is required to deal with these new converging market forces, one that is rooted in data management. What we’ve observed over the past couple of years is how you treat data is key to addressing so many of the concerns facing your organization. How an organization collects, stores, uses and secures its data ultimately determines the extent to which that data poses risks, incurs costs and provides value. All of these greater trends have combined to create new business challenges that no longer can be addressed by a single organizational department.

Let me give you an example:

Let’s say your company receives a California Consumer Privacy Act data access request.

First, you must securely validate the requestor’s identity. Then, you must route the request appropriately and act on it promptly. The person or group responsible for the data must locate it, collect it, review it, possibly redact information and then securely deliver this information to the requestor.

You can see how this request quickly crosses conventional divisions and responsibilities—it’s not just someone in your Privacy department’s responsibility – she will need to work with someone with expertise in e-discovery. And, if that user submits a request for data deletion, things get even more complex, because before deleting anything, you must first confirm that the information can legally be deleted (as it can be subject to retention requirements imposed by regulatory compliance obligations or a legal hold).

In this demanding environment, traditional approaches to enterprise data inventory and management are inadequate.

To help put this process into perspective, we like to ask six simple questions:

1. Do you know where your data is?
2. Do you know who owns your data?
3. Do you know what regulations govern your data?
4. Do you know what third parties have access to your data?
5. Can you forensically prove data integrity throughout all the processes that use your data?
6. Can you easily and quickly respond to requests for your data?

Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations

Leave a Comment

What Are the Advantages of Using Pay by Phone Casinos?

New casinos launch online often and as the choice for these sites grows, so does the variety of payment options. Not long ago, many online casinos were limited to credit/debit cards and very few e-Wallets. Today, there is a broad range of payment options accepted by online casinos.

One payment method, nonetheless, has become quite popular; pay by phone. With more people accessing online casinos from their mobile, it’s easy to see why mobile payments are becoming widespread. Besides, the option has several advantages, as highlighted below.

Play on Credit

When paying using your phone, you can choose to pay through telephone bills. This means that you can add money to your casino even when you don’t have money and pay the bill later. Operating more like a credit card, you get a form of credit when you choose this option.

The money is usually credited into your account immediately, yet you will only pay for it when paying your phone bill. The great thing about this is that it gives you float since you don’t have to immediately pay for your deposit.

Again, if you don’t have money at a particular moment or want to track how much you use in gaming, this option allows you to do this with ease. However, you should note that you will eventually pay the bill, probably at the end of each month.

No Additional Costs

Most phone providers don’t charge extra fees to deposit at the casino using a phone bill. Nonetheless, you will incur the usual rates that your provider charges for mobile payments in most cases.

However, it is worth checking with the provider to confirm if additional charges apply. Further, online casinos don’t impose any fees on your phone bill deposits. Again, it is essential to confirm this from your specific casino.

The goal is to find a provider and a casino that don’t impose extra fees for the service. According to this guide, there are many such casinos that don’t charge you for phone deposits. Thus, you won’t have a hard time finding a perfect site that meets your gaming expectations.

High Level of Security

Depositing using your phone is exceptionally safe and secure. The added security level is because you never enter your credit/debit card details or banking information like is the case with some traditional payment options.

Although rare, some sites get hacked, especially those that don’t have up-to-date security measures such as SSL data encryption and robust firewalls. If this happens, the information you have shared with your casino can be compromised.

Fortunately, if you choose this option, you will never worry about your bank information being stolen. Besides security, the method also enhances the privacy of your banking information since the casino doesn’t have access to your banking details.

What Are the Advantages of Using Pay by Phone Casinos?

Leave a Comment

Nvidia announces official “anti-cryptomining” software drivers

Nvidia, the graphics chip company that wants to buy ARM, made a unusual announcement last week.

The company is about to launch its latest GeForce GPU (graphics processing unit) chip, the RTX 3060, and wants its users know that the chip is “tailored to meet the needs of gamers and those who create digital experiences.”

Nvidia says:

Our GeForce RTX GPUs introduce cutting-edge technologies — such as RTX real-time ray-tracing, DLSS AI-accelerated image upscaling technology, Reflex super-fast response rendering for the best system latency, and many more.

Ray-tracing is an algorithm used in generating synthetic images that are almost unbelievably realistic, correctly modelling complex optical interactions such as reflection, transparency and refraction, but this sort of realism comes at huge computational cost.

You can therefore see why gamers and digital artists might be very keen to get their hands on the latest special-purpose hardware that can speed up the creation of images rendered in this way.

Nvidia announces official “anti-cryptomining” software drivers

Leave a Comment

NSA Equation Group tool was used by Chinese hackers years before it was leaked online

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group.

Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years before it was leaked online by Shadow Brokers hackers.

In 2015, Kaspersky first spotted the NSA Equation Group, it revealed it was operating since at least 2001 and targeted almost any industry with  sophisticated zero-day malware.

The arsenal of the hacking crew included sophisticated tools that requested a significant effort in terms of development, Kaspersky speculated the Equation Group has also interacted with operators behind Stuxnet and Flame malware. 

Based on the evidence collected on the various cyber espionage campaigns over the years, Kaspersky experts hypothesize that the National Security Agency (NSA) is linked to the Equation Group.

Jian used the same Windows zero-day exploit that was stolen from the NSA Equation Group ‘s arsenal for years before it was addressed by the IT giant. 

In 2017, the Shadow Brokers hacking group released a collection of hacking tools allegedly stolen from the US NSA, most of them exploited zero-day flaws in popular software.

One of these zero-day flaws, tracked as CVE-2017-0005, was a privileged escalation issue that affected Windows XP to Windows 8 operating systems,

“In this blog we show that CVE-2017-0005, a Windows Local-Privilege-Escalation (LPE) vulnerability that was attributed to a Chinese APT, was replicated based on an Equation Group exploit for the same vulnerability that the APT was able to access.” reads the analysis published by CheckPoint. ““EpMe”, the Equation Group exploit for CVE-2017-0005, is one of 4 different LPE exploits included in the DanderSpritz attack framework. EpMe dates back to at least 2013 – four years before APT31 was caught exploiting this vulnerability in the wild.”

Source: NSA Equation Group tool was used by Chinese hackers years before it was leaked online

Leave a Comment

Exploiting Medical Information Systems

Leave a Comment

Nigerian Instagram star helped North Korean hackers in $1.3B scheme

Nigerian Instagram star conspired with North Korean hackers to steal more than $1.3 billion from companies and banks in the U.S. and other countries, federal prosecutors said.

Ramon Olorunwa Abbas, 37, also known as “Ray Hushpuppi,” is being accused of helping three North Korean computer hackers steal the funds from companies and banks, including one in Malta, in February 2019, according to the Justice Department.

“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” Assistant Attorney General John Demers of the Justice Department’s National Security Division said in a statement on Feb. 17.

Leave a Comment

How safe is our water supply from cyberattacks?

Our sister station WFLA in Tampa Florida reported earlier this month that a hacker altered the levels of chemicals in the water supply of a Florida city to ‘potentially damaging’ levels. A plant operator at a water treatment facility in Oldsmar, Florida noticed someone had remotely accessed the computer system he was monitoring and increased the sodium hydroxide levels in the city’s water substantially.

The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.

“We’re well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.”

Leave a Comment

The What and Why of Ethical Hacking

Ethical hacking refers to gaining unauthorized access to a system through different strategies. An ethical hack is carried out by following the footsteps of real hackers who mean harm to the system. By duplicating their strategies ethical hackers can identify vulnerabilities in the system. Once these activities are identified there is a better chance of resolving the issues before actual hackers find a way to gain access to your system or application.

What do Ethical Hackers Do?

Ethical hackers are also known as “white hats“, they can be thought of as experts who perform security assessments to ensure that an organization’s security is not at risk. Companies hire teams of ethical hackers who help to identify system vulnerabilities and ensure that the security of the company is not compromised in any way. They generally follow four key protocols listed and explained below:

The What and Why of Ethical Hacking

Leave a Comment

Privacy bug in the Brave browser exposes Tor addresses to user’s DNS provider

A privacy bug in the Brave Browser caused the leak of the Tor onion URL addresses visited in the Tor mode by the users.

A bug in the Private Window with Tor implemented in the Brave web browser could reveal the onion sites visited by the users.

The Tor mode implemented in the Brave web browser allows users to access .onion sites inside Brave private browsing windows.

When users are inside a Private Window with Tor, Brave doesn’t connect directly to a website, instead, it connects to a chain of three different computers in the Tor network.

An anonymous researcher initially reported that the Brave’s Tor mode was sending queries for .onion domains to public internet DNS resolvers, other experts confirmed his findings.

“If you’re using Brave you probably use it because you expect a certain level of privacy/anonymity. Piping .onion requests through DNS where your ISP or DNS provider can see that you made a request for an .onion site defeats that purpose.” explained the researcher. “Anyhow, it was reported by a partner that Brave was leaking DNS requests for onion sites and I was able to confirm it at the time.”

Leave a Comment

How to stay safe while remote working this Data Privacy Day

OneLogin’s recent research into remote working practices shows it is proving to be fertile ground for hackers – Here’s how to stay safe

How to stay secure

Another key step to keep your business safe from breaches is to ensure that your employees are following security best practices. To celebrate Data Privacy Day, we’ve provided some practical steps to do this. For example:

  • Don’t share your work computer with friends, housemates or family members: 26% of respondents admitted doing this
  • Don’t download personal applications onto a company device: 23% of respondents admitted doing this
  • Don’t work on a public wifi that is not protected: 22% of respondents admitted doing this
  • Don’t share your corporate password with others: 12% of respondents admitted doing this
  • Don’t leave your corporate devices unattended in a public space:10% of respondents admitted doing this
  • Do encourage your company to engage with multi-factor authentication (MFA), which gives you multiple layers of protection: Only 36% of respondents suggested that MFA had been implemented

Source: How to stay safe while remote working this Data Privacy Day

Leave a Comment

66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home

Two-thirds of remote workers risk potentially breaching GDPR guidelines by printing out work-related documents at home, according to a new study from Go Shred.

The confidential shredding and records management company discovered that 66% of home workers have printed work-related documents since they began working from home, averaging five documents every week. Such documents include meeting notes/agendas (42%), internal documents including procedure manuals (32%), contracts and commercial documents (30%) and receipts/expense forms (27%).

Furthermore, 20% of home workers admitted to printing confidential employee information including payroll, addresses and medical information, with 13% having printed CVs or application forms.

The issue is that, to comply with the GDPR, all companies that store or process personal information about EU citizens within EU states are required to have an effective, documented, auditable process in place for the collection, storage and destruction of personal information.

However, when asked whether they have disposed of any printed documents since working from home, 24% of respondents said they haven’t disposed of them yet as they plan to take them back to the office and a further 24% said they used a home shredding machine but disposed of the documents in their own waste. This method of disposal is not recommended due to personal waste bins not providing enough security for confidential waste and therefore still leaving employers open to a data breach and potential fines, Go Shred pointed out.

Most concerning of all, 8% of those polled said they have no plans to dispose of the work-related documents they have printed at home, with 7% saying they haven’t done so because they do not know how to.

Source: 66% of Workers Risk Breaching GDPR by Printing Work-Related Docs at Home via Infosecurity Magazine

Leave a Comment

Windows and Linux servers targeted by new WatchDog botnet for almost two years

ddos-botnet-globe-cyber-map.png

Due to the recent rise in cryptocurrency trading prices, most online systems these days are often under the assault of crypto-mining botnets seeking to gain a foothold on unsecured systems and make a profit for their criminal overlords.

The latest of these threats is a botnet named WatchDog. Discovered by Unit 42, a threat intelligence division at Palo Alto Networks, this crypto-mining botnet has been active since January 2019.

Written in the Go programming language, researchers say they’ve seen WatchDog infect both Windows and Linux systems.

The point of entry for their attacks has been outdated enterprise apps. According to an analysis of the WatchDog botnet operations published on Wednesday, Unit 42 said the botnet operators used 33 different exploits to target 32 vulnerabilities in software such as:

Windows and Linux servers targeted by new WatchDog botnet for almost two years

Leave a Comment