Archive for the ‘Cyber Threats’ Category

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a¬†joint statement¬†that blames Russia for the¬†SolarWinds¬†supply chain attack. The four agencies were part of the task force Cyber Unified Coordination Group (UCG) […]

Leave a Comment

FBI: Hackers stole source code from US government agencies and private companies

FBI blames intrusions on improperly configured SonarQube source code management tools. FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications. Officials provided two examples of past incidents: “In August 2020, unknown threat actors leaked […]

Leave a Comment

Spotting a Common Scam

Spotting a Common¬†Scam¬† These scams seek to collect personal information about you, often appearing to come from a real business¬†or agency.¬†Someone may pose as an official disaster aid worker, or¬†send you a¬†fraudulent¬†COVID¬†contact tracing email.¬†If you receive a message with a link, you should not click it as it may download malware to your device to […]

Leave a Comment

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

The publication of ‚ÄėVault 7‚Äô cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded. The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency‚Äôs elite computer hackers ‚Äúprioritized building cyber weapons at the expense of […]

Leave a Comment

Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet

Academics record light variations in a light bulb to recover the sound waves (speech, conversations, songs) from a room 25 meters (80 feet) away. Source: Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet Download a Security Risk Assessment steps paper! Download a vCISO template Subscribe to DISC InfoSec blog by […]

Leave a Comment

Threat Simulation Overview and Setup – Active Countermeasures

Intro: No software project is complete without testing. In this blog series, we‚Äôll cover how to test if your Threat Hunting platform can detect common threats.[‚Ķ] Source: Threat Simulation Overview and Setup – Active Countermeasures Why You Need Threat Hunting! Cyber Threat Hunting: Identify and Hunt Down Intruders Real-Time Threat Hunting – SANS Threat Hunting […]

Leave a Comment

Global Threat Detection Report

2019 Global Threat Detection Report 2019 Global Threat Detection Report via CrowdStrike The best practice guide for an effective infoSec function Practice Guide Open a PDF file 2019 Global Threat Detection Report. 2019 Global Threat Report- The 1-10-60 Rule World Economic Forum Global Risks Report 2019 “Threat Detection & Prevention” appliances Subscribe to DISC InfoSec […]

Leave a Comment

What is Cyber Threat Intelligence

What is Cyber Threat Intelligence and How is it used?     Threat Intelligence At Microsoft: A Look Inside – Cyber Threat Intelligence Summit   Security Threat Tables Threat Table Threats List Security Alert Security Exploits Cyber Alert Security Risks Security Vulnerability WebApp Vulnerability Symantec¬†Security Response Microsoft¬†Security Response   Live Cyber Attack Threat Map World’s […]

Leave a Comment

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Microsoft has renewed its Attack Surface Analyzer tool (version 2.0) to take advantage of modern, cross-platform technologies. Source: Microsoft renewed its Attack Surface Analyzer, version 2.0 is online  Subscribe in a reader

Leave a Comment