In this post, we are going to talk about MITRE ATT&CK® technique T1001 – Data Obfuscation. As the name indicates, this technique consists in making data, usually sent over Command and Control (C&C) communications, more difficult to detect and decode. There are countless ways to do that, but here we are going to focus on disguising […]

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for […]

Experts observed a new tactic adopted by Magecart groups, they used Telegram to exfiltrate stolen payment details from compromised websites Source: Hackers use e-skimmer that exfiltrates payment data via Telegram CISA Webinar: E-Skimming This Is How Easy It Is To Get Hacked | VICE on HBO Download a Security Risk Assessment Steps paper! Security Risk […]

Apple planned to release a fix for the Safari bug by Spring 2021, delaying it for one year. The bug allows stealing local data files. Source: Safari Bug That Allows Stealing Data Disclosed After Apple Delays A Patch Data Loss/Leak Prevention | Security Basics

  5 Common Accidental Sources of Data Leaks – Nightfall AI How do bad actors gain access to a company’s data? Most of the time, well-meaning everyday people are the real source of data insecurity. In cybersecurity and infosec, it’s common to assume that criminals are behind all data breaches and major security events. Bad […]

More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. Source: 15 billion credentials available in the cybercrime marketplaces Exploring the Dark Web Explore the subject of Cyber Attack Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email Take […]

The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants. Source: Republicans push bill requiring tech companies to help access encrypted data

Experts found tens of thousands of printers that are exposed online that are leaking device names, organization names, WiFi SSIDs, and other info. Source: A daily average of 80,000 printers exposed online via IPP Exploiting Network Printers How To Hack A Printer And See All Documents Printed Download a Security Risk Assessment steps paper! Download […]

The lawsuit alleges that a data scraper took login credentials from about 5,500 people and then harvested phone numbers of their friends. Source: Facebook sues developer over alleged data scraping abuse What Is Web/Data Scrapping ? How To Scrap Large Data From A Website Would like to know more on InfoSec Awareness… Download a Security […]

As hackers shift tactics, business owners can take steps to prevent attacks and minimize damage. Source: How hoteliers can mitigate data breaches The 5 Most Dangerous New Attack Techniques and How to Counter Them Data Breaches: Crisis and Opportunity Download a Security Risk Assessment Checklist paper! Subscribe to DISC InfoSec blog by Email

More than two dozen SQL databases stolen from online shops in various countries are being offered for sale on a public website. In total, the seller provides over 1.5 million rows of records but the damage is likely much larger. Source: Hacker extorts online shops, sells databases if ransom not paid More than two dozen […]

By Ena Kadribasic on Security The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products. Companies now have advanced B2B payment solutions at their fingertips, and online financial solutions have never been more convenient – largely thanks to the progress made […]

  This report examines the general state of security within business today, exploring the hurdles that are preventing companies from an ideal security posture and suggesting the steps that can lead to improved security in the digital economy. As the technology industry enters the next phase of maturity, there are more questions about the implications […]

photo courtesy of Unsplash By Jasmine Dyoco Another day, another data breach. Lately, it seems like we can’t go more than a few days without hearing about another cyber attack. Data breaches have recently occurred at health insurance providers like Anthem, banks like Capital One, and even the Equifax credit bureau. If there’s anything these recent […]

Millions of Instagram influencers had their private contact data scraped and exposed A massive database containing contact information of millions of Instagram influencers, celebrities and brand accounts has been found online. The database, hosted by Amazon Web Services, was left exposed and without a password allowing anyone to look inside. At the time of writing, […]

Unsecured SkyMed Database Exposed PII Data Of 137K Individuals Reportedly, the unsecured SkyMed database exposed huge records having medical and personal information of US citizens online. Source: Unsecured SkyMed Database Exposed PII Data Of 137K Individuals ISO/IEC 27018:2014, 1st Edition: Information technology – Security techniques – Code of practice for protection of personally identifiable information […]

Source: Firefox Send’s free encrypted file transfers are now available to all

Protecting your online privacy is important. There has been a lot of discussion in recent years about how to stay safe online, and an increasing number of people are turning to Virtual Private Netw… Source: 3 data leaks that could be undermining your online privacy DISC InfoSec 🔒 securing the business 🔒  Data Security