Sep 09 2024

AI cybersecurity needs to be as multi-layered as the system itā€™s protecting

The article emphasizes that AI cybersecurity must be multi-layered, like the systems it protects. Cybercriminals increasingly exploit large language models (LLMs) with attacks such as data poisoning, jailbreaks, and model extraction. To counter these threats, organizations must implement security strategies during the design, development, deployment, and operational phases of AI systems. Effective measures include data sanitization, cryptographic checks, adversarial input detection, and continuous testing. A holistic approach is needed to protect against growing AI-related cyber risks.

For more details, visit the full article here

Benefits and Concerns of AI in Data Security and Privacy

Predictive analytics provides substantial benefits in cybersecurity by helping organizations forecast and mitigate threats before they arise. Using statistical analysis, machine learning, and behavioral insights, it highlights potential risks and vulnerabilities. Despite hurdles such as data quality, model complexity, and the dynamic nature of threats, adopting best practices and tools enhances its efficacy in threat detection and response. As cyber risks evolve, predictive analytics will be essential for proactive risk management and the protection of organizational data assets.

AI raises concerns about data privacy and security. Ensuring that AI tools comply with privacy regulations and protect sensitive information.

AI systems must adhere to privacy laws and regulations, such as GDPR, CPRA to protect individuals’ information. Compliance ensures ethical data handling practices.

Implementing robust security measures to protect data (data governance) from unauthorized access and breaches is critical. Data protection practices safeguard sensitive information and maintain trust.

1. Predictive Analytics in Cybersecurity

Predictive analytics offers substantial benefits by helping organizations anticipate and prevent cyber threats before they occur. It leverages statistical models, machine learning, and behavioral analysis to identify potential risks. These insights enable proactive measures, such as threat mitigation and vulnerability management, ensuring an organizationā€™s defenses are always one step ahead.

2. AI and Data Privacy

AI systems raise concerns regarding data privacy and security, especially as they process sensitive information. Ensuring compliance with privacy regulations like GDPR and CPRA is crucial. Organizations must prioritize safeguarding personal data while using AI tools to maintain trust and avoid legal ramifications.

3. Security and Data Governance

Robust security measures are essential to protect data from breaches and unauthorized access. Implementing effective data governance ensures that sensitive information is managed, stored, and processed securely, thus maintaining organizational integrity and preventing potential data-related crises.

Adversarial AI Attacks, Mitigations, and Defense Strategies: A cybersecurity professional’s guide to AI attacks, threat modeling, and securing AI with MLSecOps

Data Governance: The Definitive Guide: People, Processes, and Tools to Operationalize Data Trustworthiness

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: AI attacks, AI security, Data Governance


Sep 02 2024

Build a secure future with DISC InfoSec

Category: Information Securitydisc7 @ 10:23 am

Your Trusted Partner in Information Security

DISC LLC, situated at Sonoma county, CA, is dedicated to offering premier information security services. As a consultant specializing in information security, we pride ourselves in helping businesses across the United States build resilient security programs.

Our Expertise

vCISO Services

When are vCISO services most appropriate? Our expert virtual Chief Information Security Officer (vCISO) services are designed to build a robust security program that effectively detects and mitigates risks. Reach out to us today to develop a security program tailored to todayā€™s challenges.

ISO 27001 and ISMS Implementation

We specialize in implementing ISO 27001 standards and establishing Information Security Management Systems (ISMS) that ensure your organizationā€™s compliance with the highest industry standards. Achieve certification and maintain a strong competitive edge in security compliance.

DISC InfoSec offers insights on ISO 27k through its posts

Comprehensive Security Risk Assessments

Our detailed security risk assessment services identify potential threats and vulnerabilities in your systems. By understanding these risks, we develop strategic measures to counteract them, safeguarding your business from data breaches and other security incidents.

Ensuring Security Compliance – GRC Consulting

In the Information Security and Compliance industry, organizations are increasingly seeking services that help them manage the growing complexity of cyber threats and regulatory requirements.

Maintaining security compliance is crucial in todayā€™s digital landscape. DISC LLC helps organizations navigate complex regulatory requirements, ensuring they meet all necessary standards to protect their data and operations.

Overview: As regulations and standards like GDPR, HIPAA, CCPA, and ISO 27001 become stricter, organizations seek expert advice to ensure compliance and reduce risk.

Key DISC GRC Services:

  • Risk assessments and mitigation strategies.
  • Compliance audits and certification readiness (e.g., ISO27k, NIST 800-171, SOC 2).
  • Policy development and regulatory advisory.

Cloud Security

With the rapid adoption of cloud services, securing cloud environments (e.g., AWS, Azure, Google Cloud) is critical. Cloud security solutions focus on protecting data, identities, and workloads in cloud infrastructure.

DISC provide Cloud security assessments and architecture reviews.

How to manage information in the cloud: Best practice frameworks

Data Privacy and Protection

With regulations like GDPR and CCPA, and with advent of an AI organizations need to implement measures that protect sensitive data, data governance and ensure that personal information is handled according to legal standards.

Protecting sensitive data and complying with privacy regulations is essential. AI systems must be designed to handle data securely and adhere to relevant legal and ethical standards

Types of AI

Understanding the risks associated with AI systems: AI Risk Management

Why Choose DISC LLC?

  • Expertise: Our team consists of experienced professionals with extensive knowledge in infosec and compliance.
  • Customized Solutions: We provide tailored security solutions that align with your unique business needs.
  • Proactive Approach: Our proactive approach ensures timely detection and mitigation of security risks.

Contact DISC LLC today at info@deurainfosec.com or call us at +17079985164 to learn more about how our services can fortify your organizationā€™s security posture.
Build a secure future with DISC LLC.

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: DISC InfoSec Services


Aug 27 2024

LiteSpeed Cache Plugin Vulnerability Risked 5+ Million WordPress Websites

Category: Information Security,Web Securitydisc7 @ 11:15 am

WordPress admins using the Litespeed Cache plugin must update their sites with the latest plugin release to address a critical vulnerability. Exploiting the flaw allows an unauthenticated attacker to take control of target websites.

LiteSpeed Cache Plugin Vulnerability Could Allow Site Takeover

The security researcher John Blackbourn from PatchStack discovered a critical privilege escalation vulnerability in the LiteSpeed Cache plugin. LiteSpeed Cache for WordPress offers an exclusive server-level cache and numerous site optimization features. The plugin boasts over 5 million active installations, indicating its popularity among WordPress users. Nonetheless, it also shows how any vulnerability in the plugin potentially threatens millions of websites. Specifically, the vulnerability existed in the pluginā€™s crawler feature that exhibits a user simulation functionality to perform crawler requests as authenticated users. However, due to a weak security hash in this feature, the plugin allowed an unauthenticated adversary to spoof an authenticated user and gain elevated site privileges. The worst exploitation scenarios even allowed the installation of malicious plugins and a complete site takeover. This vulnerability, identified as CVE-2024-28000, received a critical severity rating and a CVSS score of 9.8. It affected all plugin releases until 6.3.0.1. Detailed technical analysis of the vulnerability is available in the recent post from PatchStack.

Vulnerability Patched With Latest Plugin Release

Upon noticing the vulnerability, Blackbourn responsibly disclosed the flaw via Patchstack to the plugin developers. In response, the developers patched the vulnerability with the LiteSpeed Cache plugin version 6.4. The researcher also received a $14,400 bounty under the Patchstack Zero Day program for this bug report. Since the patch has arrived, all WordPress admins must update their sites with the latest plugin release to avoid potential threats. Ideally, users should update to the LiteSpeed Cache plugin version 6.4.1, which appears as the latest release on the pluginā€™s official page.


Attribution link:Ā https://latesthackingnews.com/2024/08/26/litespeed-cache-plugin-vulnerability-risked-5-million-wordpress-websites/

Essential WordPress Security Plugins

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: Plugin Vulnerability, WordPress, Wordpress security


Aug 24 2024

Expertise inĀ Virtual CISOĀ (vCISO) Services

Category: Information Security,vCISOdisc7 @ 10:51 am

Deura Information Security Consulting

DISC InfoSec

Expertise in Virtual CISO (vCISO) Services

Deura Information Security Consulting offers comprehensive vCISO services designed to build robust security programs that effectively detect and mitigate risks. Our seasoned consultants will work with you to develop a security strategy tailored to meet today’s challenges.

Achieve Compliance with ISO 27001

Securing your information assets and achieving compliance is crucial. Our experts specialize in assisting businesses with ISO 27001 implementation. Benefit from our extensive experience in information security management systems (ISMS) to ensure your organization meets the stringent requirements of ISO 27001.

Services Offered

  • vCISO Services: Enhance your organization’s security posture with our virtual Chief Information Security Officer services.
  • ISO 27001 Implementation: Guidance on compliance and certification processes to achieve ISO 27001.
  • Security Risk Assessment:
  • Information Security Management Systems (ISMS):
  • Security Compliance Management:

Why Choose Us

At Deura Information Security Consulting, our focus is on creating and implementing security programs that address your specific needs. Contact us at info@deurainfosec.com or call +1 707-998-5164 to schedule a consultation.

Our extensive industry knowledge ensures that your security infrastructure is built to detect and mitigate risks effectively. Choose Deura Information Security Consulting for expert vCISO services and ISO 27001 compliance support.

In what situations would a vCISO or CISOaaS service be appropriate?

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: vCISO, vCISO services, Virtual CISO


Jul 31 2024

How Millions of Phishing Emails were Sent from Trusted Domains: EchoSpoofing Explained

Category: DNS Attacks,Information Security,Phishingdisc7 @ 11:44 am

Injecting spoofed headers with email relaying involves manipulating the email headers to disguise the true origin of an email, making it appear as if it was sent from a legitimate source. Hereā€™s a detailed explanation of how this process works:

1. Understanding Email Headers

Email headers contain vital information about the sender, recipient, and the path an email takes from the source to the destination. Key headers include:

  • From: The email address of the sender.
  • To: The recipientā€™s email address.
  • Subject: The subject line of the email.
  • Received: Information about the mail servers that handled the email as it traveled from sender to recipient.
  • Return-Path: The email address where bounces and error messages should be sent.

2. Email Relaying

Email relaying is the process of sending an email from one server to another. This is typically done by SMTP (Simple Mail Transfer Protocol) servers. Normally, email servers are configured to relay emails only from authenticated users to prevent abuse by spammers.

3. Spoofing Headers

Spoofing email headers involves altering the email headers to misrepresent the emailā€™s source. This can be done for various malicious purposes, such as phishing, spreading malware, or bypassing spam filters. Hereā€™s how it can be done:

a. Crafting the Spoofed Email

An attacker can use various tools and scripts to create an email with forged headers. They might use a command-line tool like sendmailmailx, or a programming language with email-sending capabilities (e.g., Pythonā€™s smtplib).

b. Setting Up an Open Relay

An open relay is an SMTP server configured to accept and forward email from any sender to any recipient. Attackers look for misconfigured servers on the internet to use as open relays.

c. Injecting Spoofed Headers

The attacker crafts an email with forged headers, such as a fake ā€œFromā€ address, and sends it through an open relay. The open relay server processes the email and forwards it to the recipientā€™s server without verifying the authenticity of the headers.

d. Delivery to Recipient

The recipientā€™s email server receives the email and, based on the spoofed headers, believes it to be from a legitimate source. This can trick the recipient into trusting the emailā€™s content.

4. Example of Spoofing Email Headers

Hereā€™s an example using Pythonā€™s smtplib to send an email with spoofed headers:

import smtplib
from email.mime.text import MIMEText

# Crafting the email
msg = MIMEText("This is the body of the email")
msg['Subject'] = 'Spoofed Email'
msg['From'] = 'spoofed.sender@example.com'
msg['To'] = 'recipient@example.com'

# Sending the email via an open relay
smtp_server = 'open.relay.server.com'
smtp_port = 25

with smtplib.SMTP(smtp_server, smtp_port) as server:
    server.sendmail(msg['From'], [msg['To']], msg.as_string())

via Frontend Transport

The statement about the term ā€œvia Frontend Transportā€ in header values refers to a specific configuration in Microsoft Exchange Server that could suggest a misconfiguration allowing email relaying without proper verification. Letā€™s break down the key elements of this explanation:

1. Frontend Transport in Exchange

In Microsoft Exchange Server, the Frontend Transport service is responsible for handling client connections and email traffic from the internet. It acts as a gateway, receiving emails from external sources and forwarding them to the internal network.

2. Email Relaying

Email relaying is the process of forwarding an email from one server to another, eventually delivering it to the final recipient. While this is a standard part of the SMTP protocol, it becomes problematic if a server is configured to relay emails without proper authentication or validation.

3. The Term ā€œvia Frontend Transportā€

When email headers include the term ā€œvia Frontend Transportā€, it indicates that the email passed through the Frontend Transport service of an Exchange server. This can be seen in the Received headers of the email, showing the path it took through various servers.

4. Suggestion of Blind Email Relaying

The concern arises when these headers suggest that Exchange is configured to relay emails without altering them or without proper checks. This could imply that:

  • The Exchange server is not adequately verifying the senderā€™s authenticity.
  • The server might be forwarding emails without checking if they come from trusted sources.
  • Such a configuration can be indicative of an open relay, where the server forwards any email it receives, which is highly vulnerable to abuse.

5. Abuses of Open Relays

Open relays are notorious for being exploited by spammers and malicious actors because they can be used to send large volumes of unsolicited emails while obscuring the true origin of the message. This makes it difficult to trace back to the actual sender and can cause the relay serverā€™s IP address to be blacklisted.

https://www.securitynewspaper.com/2023/12/20/how-to-send-spoof-emails-from-domains-that-have-spf-and-dkim-protections/embed/#?secret=pu82rHzNqA#?secret=1UMPUIgHIO

Hereā€™s a detailed breakdown of the key points:

Scenario Breakdown

  1. Attackers Use a Genuine Microsoft Office 365 Account
    • The attackers have managed to send an email from a genuine Microsoft Office 365 account. This could be through compromising an account or using a trial account.
  2. Email Branded as Disney
    • The email is branded as coming from Disney (disney.com). This branding could involve setting the ā€œFromā€ address to appear as if itā€™s from a Disney domain, which can trick recipients into believing the email is legitimate.
  3. Gmailā€™s Handling of Outlookā€™s Servers
    • Gmail has robust mechanisms to handle high volumes of emails from trusted servers like Outlookā€™s (Microsoftā€™s email service). These servers are built to send millions of emails per hour, so Gmail will not block them due to rate limits.
  4. SPF (Sender Policy Framework)
    • SPF is a protocol that helps prevent email spoofing by allowing domain owners to specify which mail servers are authorized to send emails on their behalf. The attackers benefit from this because:
      • The email is sent through Microsoftā€™s official relay server, protection.outlook.com.Disneyā€™s SPF record includes spf.protection.outlook.com, which means emails sent through this relay server are authorized by Disneyā€™s domain.
      .
  5. Spoofed Headers
    • Spoofed headers involve altering the email headers to make the email appear as if it originated from a different source. In this scenario, the attackers have spoofed headers to make the email look like itā€™s from Disney.
  6. SPF Check Passed
    • Since the email is sent via a server included in Disneyā€™s SPF record (protection.outlook.com), it will pass the SPF check, making it seem legitimate to the recipientā€™s email server.

DKIM (DomainKeys Identified Mail)

DKIM is another email authentication method that allows the receiver to check if an email claiming to come from a specific domain was indeed authorized by the owner of that domain. This is done by verifying a digital signature added to the email.

Points of Concern

  • SPF Check Passed
    • The email passed the SPF check because it was sent through an authorized server (protection.outlook.com) included in Disneyā€™s SPF record.
  • Spoofed Headers
    • The headers were manipulated to make the email appear as if it came from Disney, which can deceive recipients.
  • Gmail Handling
    • Gmail will trust and not rate-limit emails from Outlookā€™s servers, ensuring the email is delivered without being flagged as suspicious due to high sending volumes.

Potential for DKIM

To fully understand if the email can pass DKIM checks, we would need to know if the attackers can sign the email with a valid DKIM key. If they manage to:

  • DKIM Alignment
    • Ensure the DKIM signature aligns with the domain in the ā€œFromā€ header (disney.com).
  • Valid DKIM Signature
    • Use a valid DKIM signature from an authorized domain (which would be difficult unless they have compromised Disneyā€™s signing keys or a legitimate sending infrastructure).

Proofpoint and similar services are email security solutions that offer various features to protect organizations from email-based threats, such as phishing, malware, and spam. They act as intermediaries between the sender and recipient, filtering and relaying emails. However, misconfigurations or overly permissive settings in these services can be exploited by attackers. Hereā€™s an explanation of how these services work, their roles, and how they can be exploited:

Roles and Features of Proofpoint-like Services

  1. Email Filtering and Protection
    • Spam and Phishing Detection: Filters out spam and phishing emails.
    • Malware Protection: Scans and blocks emails containing malware or malicious attachments.
    • Content Filtering: Enforces policies on email content, attachments, and links.
  2. Email Relay and Delivery
    • Inbound and Outbound Filtering: Manages and filters both incoming and outgoing emails to ensure compliance and security.
    • Email Routing: Directs emails to the appropriate recipients within an organization.
    • DKIM Signing: Adds DKIM signatures to outgoing emails to authenticate them.
  3. Authentication and Authorization
    • IP-Based Authentication: Uses IP addresses to authenticate incoming email servers.
    • SPF, DKIM, and DMARC Support: Implements these email authentication protocols to prevent spoofing.

How Misconfigurations Allow Exploitation

  1. Permissive IP-Based Authentication
    • Generic Configuration: Proofpoint is often configured to accept emails from entire IP ranges associated with services like Office365 or Google Workspace without specifying particular accounts.
    • IP Range Acceptance: Once a service like Office365 is enabled, Proofpoint accepts emails from any IP within the Office365 range, regardless of the specific account.
  2. Exploitation StepsStep 1: Setting Up the Attack
    • Attackerā€™s Office365 Account: The attacker sets up or compromises an Office365 account.
    • Spoofing Email Headers: The attacker crafts an email with headers that mimic a legitimate sender, such as Disney.
    Step 2: Leveraging Proofpoint Configuration
    • Sending Spoofed Emails: The attacker sends the spoofed email from their Office365 account.
    • Proofpoint Relay Acceptance: Proofpointā€™s permissive configuration accepts the email based on the IP range, without verifying the specific account.
    Step 3: Proofpoint Processing
    • DKIM Signing: Proofpoint processes the email, applying DKIM signatures and ensuring it passes SPF checks because it comes from an authorized IP range.
    • Email Delivery: The email is then delivered to the targetā€™s inbox, appearing legitimate due to the DKIM signature and SPF alignment.

Example of a Permissive Configuration in Proofpoint

  1. Admin Setup
    • Adding Hosted Services: Proofpoint allows administrators to add hosted email services (e.g., Office365) with a single-click configuration that relies on IP-based authentication.
  2. No Specific Account Configuration
    • Generic Acceptance: The setup does not specify which particular accounts are authorized, leading to a scenario where any account within the IP range is accepted.
  3. Exploitation of Misconfiguration
    • Blind Relay: Due to this broad acceptance, attackers can send emails through Proofpointā€™s relay, which then processes and delivers them as if they were legitimate.

A recent attack exploited a misconfiguration in Proofpointā€™s email routing, allowing millions of spoofed phishing emails to be sent from legitimate domains like Disney and IBM. The attackers used Microsoft 365 tenants to relay emails through Proofpoint, bypassing SPF and DKIM checks, which authenticate emails. This ā€œEchoSpoofingā€ method capitalized on Proofpointā€™s broad IP-based acceptance of Office365 emails. Proofpoint has since implemented stricter configurations to prevent such abuses, emphasizing the need for vigilant security practices.

For more details, visit https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

The Domain Name System: Understand Why Domain Name Is Still Relevant

How to Catch a Phish: A Practical Guide to Detecting Phishing EmailsĀ 

Step-by-step instructions on what to do if you fall prey to this type of cyber crime.Ā  (Phishing in 2024)

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: EchoSpoofing, trusted domains


Jul 24 2024

Cybersecurity jobs available right now

Category: Cyber career,Information Security,InfoSec jobsdisc7 @ 12:31 pm

Cybersecurity jobs available right now…

Applied Cryptographer

Quantstamp | EMEA | Remote ā€“ View job details

As an Applied Cryptographer, you will research about various cryptographic protocols and have knowledge of cryptographic primitives or concepts, like elliptic curve cryptography, hash functions, and PCPs. You should have experience with at least one major language, like Rust, Python, Java, or C; the exact language is not too important. You should be familiar with versioning software (specifically, GitHub), testing, and a familiarity with algorithms and data structures.

Cloud Security Specialist

KMS Lighthouse | Israel | On-site ā€“ View job details

As a Cloud Security Specialist, you will design, implement, and manage Azure and Microsoft 365 security solutions. Monitor security alerts, lead incident response, and conduct regular assessments. Ensure compliance with ISO 27001, SOC2 Type II and NIST standards.

CISO

CYBERcom | Israel | Hybrid ā€“Ā View job details

As a CISO, you will develop and implement comprehensive cybersecurity policies and procedures. Ensure compliance with relevant regulations and standards (e.g., GDPR, ISO 27001). Conduct risk assessments and develop mitigation strategies. Advise on security best practices and emerging threats. Collaborate with clients to enhance their security posture.

Cyber Range Lead

Booz Allen Hamilton | Japan | On-site ā€“ No longer accepting applications

As a Cyber Range Lead, you will lead a team of professionals as they use cyberspace capabilities to evaluate potential weaknesses as well as the effectiveness of mitigations for cyber security solutions. You will leverage cyberspace operations systems to aggregate threat feeds that inform briefings for senior leadership aligned to our clientā€™s mission area.

Cybersecurity Technical Consultant

Thales | Mexico | Hybrid ā€“Ā View job details

As a Cybersecurity Technical Consultant, you will provide onsite or remote consulting services and support to Thales customer with a focus on high quality, accuracy and customer satisfaction. Develop and deliver technical hands-on product deep knowledge transfer to customers. Track and ensure successful completion of high impact projects by creating project scoping plans, design guides and relevant documentation.

Cyber Security Advisor

H&M | Sweden | On-site ā€“Ā View job details

As a Cyber Security Advisor, you will conduct security assessment of in-house developed and/or by third-party provided solutions in order to ensure that they are in compliance with H&Mā€™s security standards. Conduct security maturity and risk assessment for internal and external partners.

Cyber Security Engineer

PetroApp | Egypt | Remote ā€“Ā View job details

As a Cyber Security Engineer, you will develop and implement cyber security policies, procedures, and controls to protect the companyā€™s digital assets. Conduct Pen-tests, monitor network traffic and security alerts to detect and respond to potential security breaches. Perform vulnerability assessments and penetration testing to identify and remediate security vulnerabilities. Conduct regular audits of security systems and processes to ensure compliance with industry standards and regulations.

Cyber Security Governance Risk & Compliance Manager

Munster Technological University | Ireland | On-site ā€“Ā View job details

As a Cyber Security Governance Risk & Compliance Manager, you will develop, implement, and maintain a robust IT governance, risk, and compliance framework in line with industry best practices and regulatory requirements. Drive risk maturity through project lifecycle and provide independent assessments, challenge inherent risks in material changes e.g., business decisions, projects, process changes, implementation of new systems, applications, and infrastructure.

Cyber Security Instructor

ABM College | Canada | On-site ā€“Ā View job details

As a Cyber Security Instructor, you will create dynamic classroom learning experiences using various teaching strategies to facilitate adult learners in achieving learning objectives in accordance with the program objectives as set out in the curriculum. Ensure students are motivated to learn and to maximize their potential. Develop different classroom strategies to ensure knowledge and skills acquisition and retention.

Digital Forensics and Incident Response Analyst

Accenture | Philippines | On-site ā€“Ā View job details

As a Digital Forensics and Incident Response Analyst, you will perform incident response to cybersecurity incidents, including but not limited to APT & Nation State attacks, Ransomware infections and Malware outbreaks, Insider Threats, BEC, DDOS, Security and Data breach, etc. Conduct in-depth investigations of cybersecurity incidents, identifying the root cause, the extent of the impact, and recommended actions for containment, eradication, and recovery, and providing a final report that contains recommendations on how to prevent the same attack in the future by strengthening security posture.

Director of Information Security, Cyber Risk and Compliance

S&P Global | Italy | On-site ā€“ No longer accepting applications

As a Director of Information Security, Cyber Risk and Compliance, you will become familiar with the Cyber Risk and Compliance team activities and Market Intelligence regarding SOC reporting, relevant regulatory requirements, control frameworks, internal and external audit processes, customer interactions including security questions and audits, and overall company and divisional cyber security processes and controls. Make recommendations related to balancing requirements and deadlines made by corporate departments with human resource and technical capabilities that exist in Market Intelligence. Negotiate differences to find and implement solutions acceptable to both corporate groups and Market Intelligence.

Head of Identity Management Platform

Nexi Croatia | Croatia | Hybrid ā€“Ā View job details

As Head of Identity Management Platform, you will leverage your strong background in Identity and Privileged Access Management, expertise in IT technologies, and in-depth knowledge of IT security to organize and lead complex projects, manage third-party teams, and oversee platform lifecycle activities such as upgrades and integrations.

Head of Consulting

Orange Cyberdefense | Norway | Hybrid ā€“Ā View job details

As a Head of Consulting, you will lead, mentor, and develop a team of cybersecurity consultants, fostering a culture of excellence and continuous improvement. Define and implement the consultancy departmentā€™s strategy in alignment with the companyā€™s goals, ensuring the delivery of innovative and effective cybersecurity solutions. Ensure that all consultancy activities adhere to industry standards, regulatory requirements, and best practices, mitigating risks to both clients and the company.

Head of Security CU TH

Ericsson | Thailand | On-site ā€“Ā View job details

As a Head of Security CU TH, you will facilitate execution of and follow up on security strategy, policies & instructions, governance model and frameworks. Support the business in implementation and maintenance of ISO 27001 controls across the CU as per the MA scope and Ericsson Global ISO 27001 control framework. Manage local security incidents and support investigations.

IT Program Manager

Bose Corporation | USA | On-site ā€“Ā View job details

As an IT Program Manager, you will develop, implement, and manage cybersecurity programs in alignment with the organizationā€™s strategic objectives. Oversee the security projects related to enterprise applications, with a focus on safeguarding sensitive data and ensuring compliance with regulatory standards. Facilitate regular security assessments and audits to identify vulnerabilities and implement corrective actions.

Penetration Tester

Navy Federal Credit Union | USA | On-site ā€“Ā View job details

As a Penetration Tester, you will manage penetration tests from inception through delivery. Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks. Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking.

Principal Data Security Specialist

Oracle | Spain | On-site ā€“Ā View job details

As a Principal Data Security Specialist, you will focus on delivering technical and procedural guidance to assist customers in defining the platform requirement though to realisation of the subscription value. Research and evaluate emerging solutions and services to drive continuous improvement.

Senior Architect ā€“ Cyber Security

Presight | UAE | On-site ā€“Ā View job details

As a Senior Architect ā€“ Cyber Security, you will develop and implement security architecture solutions to secure the organizationā€™s IT infrastructure. Design and review security policies, standards, and procedures. Conduct security assessments and risk analysis to identify vulnerabilities and recommend mitigation strategies. Lead security projects and collaborate with cross-functional teams to integrate security measures.

Senior CyberSecurity Architect

Hexagon Geosystems | European Economic Area | Remote ā€“Ā View job details

As a Senior CyberSecurity Architect, you will plan, organize, test, and document the implementation of new security systems and tools; define the success criteria and security requirements, and develop reference architecture, functional and non-functional requirements for proof-of-concept efforts and projects. Lead in performing threat modeling, security architecture review, and risk assessments of new and existing technical solutions.

(Senior) Information Security Officer

Oetker Digital | Germany | Hybrid ā€“Ā View job details

As a (Senior) Information Security Officer, you will develop, implement, and monitor a strategic, comprehensive company information security and IT risk management program, based on the Oetker Group-wide security directive. Manage and assist in the development in implementation of the information security policies, procedures, and guidelines. Provide guidance and counsel to the C-Level, the senior management team, and staff about information security and its alignment with business objectives and risk management.

Technology & Cyber Risk: Senior Officer ā€“ Cybersecurity Risk

Citi | Poland | On-site ā€“Ā View job details

As a Technology & Cyber Risk: Senior Officer ā€“ Cybersecurity Risk, you will review and evaluate compliance and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from cyber risks. Assess cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices. Support independent assurance activities to assess areas of concern including substantive and controls testing.

Vulnerability Manager

TTM Technologies | USA | Remote ā€“Ā View job details

As a Vulnerability Manager, you will be responsible for identifying, assessing, prioritizing, and managing vulnerabilities across our systems and networks. Conduct regular vulnerability assessments and penetration tests across our systems, applications, and networks.

Starting Your Cyber Security Career: Building a Successful Career in Cyber Security

Cybersecurity Career Master Plan


InfoSec services
Ā |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: Cybersecurity Career Master Plan, Cybersecurity jobs


Jun 06 2024

How to Implement ISO 27001: A 9-Step Guide

Category: Information Security,ISO 27kdisc7 @ 8:47 am
https://itgovernance.eu/blog/en/a-9-step-guide-to-implementing-iso-27001?

How to Implement ISO 27001: A 9-Step Guide

The hardest part of many projects is knowing where to start.

ISO 27001Ā is no exception. This standard describes best practice for an ISMS (information security management system).

In other words, it lays out the requirements you must meet, but doesnā€™t show you the how. How you can adopt or implement them.

With ISO 27001:2013 certification no longer available, many organisations are preparing to adopt theĀ 2022 version of the standardĀ ā€“ which means tackling a newĀ Annex A control set, among other new requirements.

ISO 27k Chat bot

1. Project mandate

The implementation project should begin by appointing a project leader.

Theyā€™ll work with other members of staff to create a project mandate, which is essentially a set of answers to these questions:

  • What do we hope to achieve?
  • How long will the project take?
  • Does the project have top management support?
  • What resources ā€“ financial and otherwise ā€“ will the project need?

2. Develop the ISO 27001 implementation plan

The next step is to use your project mandate to create a more detailed outline of:

  • Your information security objectives;
  • Your project risk register;
  • Your project plan; and
  • Your project team.

Information security objectives

Your information security objectives should be more granular and specific than your answer to ā€˜What do we hope to achieve?ā€™ from step 1.

Theyā€™ll inform and be included in your top-level information security policy. Theyā€™ll also shape how the ISMS is applied.

Project risk register

Your project risk register should account for risks to the project itself, which might be:

  • Managerial ā€“ will operational management continue to support the project?
  • Budgetary ā€“ will funding continue to see the project through?
  • Legal ā€“ are specific legal obligations at risk?
  • Cultural ā€“ will staff resist change?

Each risk in the register should have an assigned owner and a mitigation plan. You should also regularly review the risks throughout the project.

Project plan

The project plan should detail the actions you must take to implement the ISMS.

This should include the following information:

  • Resources required
  • Responsibilities
  • Review dates
  • Deadlines

Project team

The project team should represent the interests of every part of the organisation and include various levels of seniority.

Drawing up a RACI matrix can help with this. This identifies, for the projectā€™s key decisions, whoā€™s:

  • Responsible;
  • Accountable;
  • Consulted; and
  • Informed.

One critical person to appoint and include in the project team is the information security manager. Theyā€™ll have a central role in the implementation project and eventually be responsible for the day-to-day functioning of the ISMS.


3. ISMS initiation

Youā€™re now ready to initiate your ISMS!

Documentation structure

A big part of this is establishing your documentation structure ā€“ any management system is very policy- and procedure-driven.

We recommend a four-tier approach:

A. Policies
These are at the top of the ā€˜pyramidā€™, defining your organisationā€™s position and requirements.

B. Procedures
These enact the requirements of your policies at a high level.

C. Work instructions
These set out how employees implement individual elements of the procedures.

D. Records
These track the procedures and work instructions, providing evidence that youā€™re following them consistently and correctly.

This structure is simple enough for anyone to grasp quickly. At the same time, it provides an effective way of ensuring you implement policies at each level of your organisation. Plus, that you develop well-functioning, cohesive processes.

Tips for more effective policies and procedures

Your policies and procedures must also be effective. Here are four tips:

  1. Keep them practicable by balancing aspirations against the reality. If your policies and/or procedures appear too idealised, staff will be much less likely to follow them.
  2. Keep them clear and straightforward, so staff can easily follow your procedures.
  3. Use version control, so everyone knows which is the latest document.
  4. Avoid duplication. This will also help with the version control.

Make sure you systematically communicate your documentation ā€“ particularly new or updated policies ā€“ throughout your organisation. Be sure to also communicate them to other stakeholders.

Continual improvement

As part of your ISMS initiation, youā€™ll need to select a continual improvement methodology.

First, understand that continual improvement might sound expensive, but is cost-effective if done well. As ISO 27001 pioneer Alan Calder explains:

Continual improvement means getting better results for your investment. That typically means one of two things:

1. Getting the same results while spending less money.
2. Getting better results while spending the same amount of money.

Yes, you need to be looking at your objectives, and asking yourself how well your ISMS is currently meeting them. And where your management system falls short, money may have to be spent.

But many improvements have little financial cost. You can make a process more efficient ā€“ perhaps by cutting out a step, or automating some manual work.

While continual improvement is a critical element of an ISO 27001 ISMS, the Standard doesnā€™t specify any particular continual improvement methodology.

Instead, you can use whatever method you wish, so long as it continually improves the ISMSā€™s ā€œsuitability, adequacy and effectivenessā€ (Clause 10.1). That can include a continual improvement model youā€™re already using for another activity.


ISO 27001 Standard, Risk Assessment andĀ Gap Assessment

ISO 27001 standards and training

Key strategies for ISO 27001:2022 compliance adoption

What is ISO 27002:2022

ISO 27k Chat bot

Implementation Guide ISO/IEC 27001:2022

Please send an email related to ISO27001:2022 implementation to info@DeuraInfoSec.com and we are happy to help!

ISO 27001 Controls Handbook: Implementing and auditing 93 controls to reduce information security risks

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: Implement ISO 27001, ISO 27001 2022


May 14 2024

Free & Downloadable Access Control Policy Template

Category: Access Control,Information Securitydisc7 @ 7:18 am
https://heimdalsecurity.com/blog/access-control-policy-template/

Ensuring the security of your organizationā€™s information systems is crucial in todayā€™s digital landscape.

Access Control is a fundamental aspect of cybersecurity that safeguards sensitive data and protects against unauthorized access. To assist you in establishing robust access control measures, we are pleased to offer a comprehensive Access Control Policy Template, available for download.

Download the templates

  1. Access Control Policy Template ā€“ PDF
  2. Access Control Policy Template ā€“ Word
  3. Access Control Policy Template ā€“ Google Docs.

What does the Access Control Policy template include?

Our Access Control Policy template is designed to provide a clear, structured framework for managing access to your organizationā€™s information systems.

Here are some of the key components included in the template:

  • Document Control;
  • Purpose and Scope;
  • Policy Statement;
  • Roles & Responsibilities;
  • Access Control Principles;
  • Access Control Measures;
  • Access Control Technologies;
  • Monitoring and Auditing;
  • Incident Management;
  • Policy Compliance;
  • Policy Review.

Benefits of using our Access Control Policy template

Implementing an effective access control policy offers several key benefits:

  • Enhanced security: Protects sensitive data and systems from unauthorized access and potential breaches.
  • Regulatory compliance: Helps ensure compliance with relevant regulations and standards.
  • Operational efficiency: Clearly defined roles and responsibilities streamline access management processes.
  • Risk mitigation: Regular monitoring and auditing identify and address vulnerabilities proactively.

To take advantage of our comprehensive Access Control Policy Template, simply click on the links at the top of the article to download them. The download will start automatically.

You can then customize the template to fit the specific needs and context of your organization.

By doing so, youā€™ll be taking a significant step towards securing your information systems and safeguarding your valuable data.

Feel free to check out our other cybersecurity templates, such as patch management templatesincident response plan templatesemail security policy templatesthreat and vulnerability management templates, and more.

Gabriella is the Social Media Manager and Cybersecurity Communications Officer at HeimdalĀ®, where she orchestrates the strategy and content creation for the company’s social media channels. Her contributions amplify the brand’s voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.

RELATED ARTICLES

Free and Downloadable Account Management Policy Template [2024]

Free and Downloadable Email Security Policy Template [2024]

[Free & Downloadable] Cybersecurity Incident Response Plan Templates ā€“ 2024

[Free & Downloadable] Cybersecurity Risk Assessment Templates ā€“ 2024[Free & Downloadable] Threat & Vulnerability Management Templates ā€“ 2024

[Free & Downloadable] Patch Management Templates ā€“ 2024

Privacy Policy Template

Employee policy handbook template

The Complete Company Policies

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot


May 07 2024

Hackers Use Custom Backdoor & Powershell Scripts To Attack Windows Machines

Category: Information Securitydisc7 @ 7:45 am

The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines.

These backdoors are primarily delivered through spear-phishing campaigns, marking a significant escalation in the capabilities and focus of this Iranian state-sponsoredĀ hackingĀ group.

Sophisticated Tools For Stealthy Operations

The NiceCurl and TameCat backdoors represent a sophisticated toolkit in Damselflyā€™s arsenal, enabling threat actors to gain initial access to targeted environments discreetly.

NiceCurl, a VBScript-basedĀ malware, is designed to download and execute additional malicious modules, enhancing the attackersā€™ control over compromised systems.

On the other hand, the TameCat backdoor facilitates the execution of PowerShell and C# scripts, allowing for further exploitation by downloading additional arbitrary content.

These tools are part of a broader strategy employed by Damselfly to conduct espionage and potentially disrupt operations at targeted facilities.

According to Broadcom report, the groupā€™s activities have been primarily directed at energy companies and other critical infrastructure sectors across the U.S., Europe, and the Middle East.

The sophistication of their methods and the critical nature of their targets underscore the high level of threat they pose.

These include adaptive, behavior, file, and network-based detection mechanisms, ensuring robust defense against Damselflyā€™s tactics.

The security firmā€™s efforts are crucial in mitigating the risks posed by such state-sponsored cyber activities, characterized by their complexity and stealth.

The operations of the Damselfly group highlight the ongoing challenges in cybersecurity, where state-sponsored actors employ advanced techniques and malware to achieve their objectives.

Using custom backdoors like NiceCurl and TameCat, coupled with spear-phishing campaigns, enables these actors to maintain persistence in their target networks and carry out their missions with a high degree of secrecy and efficiency.

Ethical Hacking Module 6 – Trojans and Backdoors

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot


May 03 2024

What is Smishing?

Category: Information Security,Phishingdisc7 @ 10:21 am
https://www.sans.org/blog/a-tale-of-the-three-ishings-part-02-what-is-smishing/?

What is Smishing and Why?

Smishing is a type of social engineering attack. Social engineering is when a cyber attacker tricks their victim into doing something they should not do, such as giving money, their password, or access to their computer. Cyber attackers have learned the easiest way to get something is just ask for it. This concept is not new, con artists and scammers have existed for thousands of years, itā€™s just that the Internet makes it very simple for any cyber attacker to pretend to be anyone they want and target anyone they want.

Phishing is one of the most common forms of social engineering as itā€™s one of the simplest and most effective and an attack method we are all familiar with. However, both organizations and individuals are becoming not only far more aware of how phishing attacks work, but much better at spotting and stopping them. Phishing is still an effective attack method, but it is getting harder and harder for cyber criminals to be effective with phishing. This is where smishing comes in.

Smishing vs Phishing

Smishing is very similar to phishing, but instead of sending emails trying to trick people, cyber attackers send text messages. The term smishing is a combination of the words SMS messaging and phishing. You may have noticed a rise in random text messages that are trying to get you to click on links or respond to text messages. Thatā€™s smishing.

Why the Increase in Smishing Attacks?

  1. It is harder for organizations to secure mobile devices. Security teams often have neither the visibility nor control of employeesā€™ mobile devices like they do for workstations. This means itā€™s harder to both secure and monitor mobile devices.
  2. There are far fewer security controls that effectively identify and filter smishing attacks. This means when a cyber attacker sends a smishing text message to victims, that message is far more likely to make it and not be filtered.
  3. A text message tends to be much shorter than an email, there is far less context or information, making it harder to determine if the message is legitimate or not. In other words, people are more likely to fall victim.
  4. Texting tends to be far more informal than email, as such people tend to trust and act on text messages more. In other words, people are more likely to fall victim.

The Smishing Attacks

So, what type of text messaging attacks are there? While these attacks are always evolving, some of the most common are detailed below.

Links

The text message entices you to click on a link, often through a sense of urgency, something too good to be true, or simple curiosity. Once you click on the link, the goal is usually to harvest your personal information (by getting you to fill out a survey) or your login and password (to your bank or email account, for example). Notice how, in the link in the message below, the cyber attacker uses HTTPS, an encrypted connection to make the link look more legitimate.

Scams

In these attacks, the cyber attacker will attempt to start a conversation with you, build trust, and ultimately scam you. Romance scams are one common example where cyber criminals randomly text millions of people to find those who are lonely or emotionally vulnerable, build a pretend romance, and then take advantage of them.

Call-Back

Like some phishing emails, the text message has a phone number in it and is urging the victim to call. Once the victim calls the phone number they are then scammed.

What to Do About Smishing Attacks?

While many security training programs focus on phishing, we far too often neglect text based smishing attacks. In fact, this can create a situation where your workforce is highly aware of phishing attacks but may mistakenly think that cyber attackers only use email for attacks. From a training perspective, we recommend you teach people that cyber attackers can use a variety of different methods to trick people, to include both email phishing and text based smishing. For smishing, we do not recommend that you try to teach people about every different type of attack possible. Not only will this likely overwhelm your workforce, but cyber attackers are constantly changing their lures and techniques. Instead, like in phishing training, focus on the most commonly shared indicators and clues of an attack. This way, your workforce will be trained and enabled regardless of the method or lures cyber attackers use. Of note, the indicators below are the same indicators of an email phishing attack.

  • Urgency: Any message that creates a tremendous sense of urgency, trying to rush the victim into making a mistake. An example is a message from the government stating your taxes are overdue and if you donā€™t pay right away you will end up in jail.
  • Pressure: Any message that pressures an employee to ignore or bypass company policies and procedures. Gift card scams are often started with a simple text message.
  • Curiosity: Any message that generates a tremendous amount of curiosity or is too good to be true such as notice of an undelivered UPS package or receiving an Amazon refund.
  • Sensitive: Any message that requests (or requires) highly sensitive information such as your password or unique codes.
  • Tone: Any message that appears to be coming from a coworker, but the wording does not sound like them, or the overall tone is wrong.

Smishing Minefield: Defusing Text Message Threats

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: Smishing


Apr 08 2024

Implement Network Segmentation and Encryption in Cloud Environments

Explore Cloud Security

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO DirectoryĀ |Ā ISO 27k Chat bot

Tags: cloud security, encryption, Network segmentation


Apr 03 2024

ISO27k bot

Category: AI,Information Securitydisc7 @ 2:03 pm
Hey 👏 I’m the digital assistance of DISCInfoSec for ISO 27k implementation. I will try to answer your question. If I don’t know the answer, I will connect you with one my support agents. Please type your query regarding ISO 27001 implementation 👇

ISO 27k Chat bot

Tags: Chat bot, ISO 27k bot


Mar 29 2024

Compromised SaaS Supply Chain Apps: 97% Of Organizations At Risk Of Cyber Attacks

Category: Cloud computing,Cyber Attack,Information Securitydisc7 @ 7:55 am

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth.

However, this shift towards a more interconnected digital ecosystem has not come without its risks.

According to the ā€œ2024 State of SaaS Security Reportā€ by Wing Security, a staggering 97% of organizations faced exposure to attacks through compromised SaaS supply chain applications in 2023, highlighting a critical vulnerability in the digital infrastructure of modern businesses.

The report, which analyzed data from 493 companies in the fourth quarter of 2023, illuminates the multifaceted nature of SaaS security threats.

From supply chain attacks taking center stage to the alarming trend of exploiting exposed credentials, the findings underscore the urgent need for robust security measures.

Supply Chain Attacks: A Domino Effect

Supply chain attacks have emerged as a significant threat, with 96.7% of organizations using at least one app that had a security incident in the past year.

The MOVEit breach, which directly and indirectly impacted over 2,500 organizations, and North Korean actorsā€™ targeted attack on JumpCloudā€™s clients are stark reminders of the cascading effects a single vulnerability can have across the supply chain.

The simplicity of credential stuffing attacks and the widespread issue of unsecured credentials continue to pose a significant risk.

The report highlights several high-profile incidents, including breaches affecting Norton LifeLock and PayPal customers, where attackers exploited stolen credentials to gain unauthorized access to sensitive information.

MFA Bypassing And Token Theft

Despite adopting Multi-Factor Authentication (MFA) as a security measure, attackers have found ways to bypass these defenses, targeting high-ranking executives in sophisticated phishing campaigns.

Additionally, the report points to a concerning trend of token theft, with many unused tokens creating unnecessary risk exposure for many organizations.

Looking Ahead: SaaS Threat Forecast For 2024

As we move into 2024, the SaaS threat landscape is expected to evolve, with AI posing a new threat.

The report identifies two primary risks associated with AI in the SaaS domain: the vast volume of AI models in SaaS applications and the potential for data mismanagement.

Furthermore, the persistence of credential-based attacks and the rise of interconnected threats across different domains underscore the need for a holistic cybersecurity approach.

Practical Tips For Enhancing SaaS Security

The report offers eight practical tips for organizations to combat these growing threats, including discovering and managing the risk of third-party applications, leveraging threat intelligence, and enforcing MFA.

Additionally, regaining control of the AI-SaaS landscape and establishing an effective offboarding procedure are crucial steps in bolstering an organizationā€™s SaaS security.

The ā€œ2024 State of SaaS Security Reportā€ by Wing Security serves as a wake-up call for businesses to reassess their SaaS security strategies.

With 97% of organizations exposed to attacks via compromised SaaS supply chain apps, the need for vigilance and proactive security measures has never been more critical.

As the digital landscape continues to evolve, so must our approaches to protect it.

Mitigating Supply Chain Attacks in the Digital Age

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: supply chain attacks


Mar 26 2024

Eliminating SQL Injection Vulnerabilities in Software

Category: Data Breach,data security,Information Securitydisc7 @ 8:37 am

Eliminating SQL Injection Vulnerabilities in Software

SQL Injection Strategies: Practical techniques to secure old vulnerabilities against modern attacks

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: SQL Injection Vulnerabilities


Mar 22 2024

Python for Cybersecurity

Category: Information Security,Pythondisc7 @ 9:08 am

Are you interested in cybersecurity?

Interested in discovering how Python can bolster your abilities in safeguarding digital assets? Delve into the potential of Python for cybersecurity.

In the current digital era, cybersecurity holds greater significance than ever before. Python, renowned for its versatility and resilience, has emerged as a fundamental tool for cybersecurity professionals globally.

🔹 How Python can streamline threat detection and analysis.
🔹 Practical examples of Python scripts for automating security tasks.
🔹 Resources and tools to kickstart your journey into Python for cybersecurity.

Regardless of whether you’re an experienced cybersecurity professional or new to the field, Python has the potential to transform your approach to security challenges.

Python for Cybersecurity Cookbook: 80+ practical recipes for detecting, defending, and responding to Cyber threats

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: Python for Cybersecurity


Mar 21 2024

ChatGPT for Offensive Security

Category: ChatGPT,Information Securitydisc7 @ 7:42 am

ChatGPT for CybersecurityĀ 

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory


Mar 10 2024

ISO 27001 standards and training

Category: Information Security,ISO 27kdisc7 @ 9:29 pm

There’s more to cyber security than just ISO 27001. Protect your business with the full family of ISO standards.

Protect your organisation from cyber crime with ISO 27001 Training – Instructor-led live online, self-paced online and classroom.

Equip your staff to identify and address cyber security and privacy risks.

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: iso 27001, ISO 27001 training


Feb 28 2024

Industrial Cyber Espionage France’s Top Threat Ahead of 2024 Paris Olympics

https://www.infosecurity-magazine.com/news/cyber-espionage-france-2024/

Franceā€™s National Cybersecurity Agency (ANSSI) observed a significant rise in cyber espionage campaigns targeting strategic organizations in 2023.

These operations are increasingly focused on individuals and non-governmental structures that create, host or transmit sensitive data, ANSSI observed in its 2023 Cyber Threat Landscape report, published on February 27, 2024.

Besides public administration, the primary targets of cyber espionage activity included organizations associated with the French government, such as technology and defense contractors, research institutes and think tanks.

Overall, cyber espionage remained the top cyber threat ANSSIā€™s teams dealt with in 2023.

ANSSI has also noted an increase in attacks against business and personal mobile phones aimed at targeted individuals.

There has also been an upsurge in attacks that have used methods publicly associated with the Russian government.

ā€œThese attacks are not limited to mainland French territory: in 2023, ANSSI dealt with the compromise of an IT network located in a French overseas territory using an attack modus operandi publicly associated with China,ā€ reads the report.

30% Rise in Ransomware

Meanwhile, financially motivated attacks were also on the rise, with an observed 30% increase in ransomware attacks compared to 2022.

Monthly and yearly breakdown of ransomware attacks reported to ANSSI in 2022 (in blue) and in 2023 (in green). Source: ANSSI
Monthly and yearly breakdown of ransomware attacks reported to ANSSI in 2022 (in blue) and in 2023 (in green). Source: ANSSI

Small and medium enterprises (SMEs) and mid-sized businesses were the most targeted organizations, representing 34% of all cyber-attacks observed by ANSSI in 2023. Local administration came second, suffering 24% of all attacks in 2023.

In total in 2023, ANSSI recorded 3703 cyber events, 1112 of which were labeled as cyber incidents. In 2022, it recorded 3018 cyber events, including 832 cyber incidents.

The latest version of the LockBit ransomware, LockBit 3.0 (aka LockBit Black), was the most used malware in financially motivated cyber-attacks in 2023, taking over previous ransomware versions from the same threat group that dominated the ransomware landscape in 2022.

Top Ransomware versions detected by ANSSI in cyber-attacks targeting French organizations. Source: ANSSI
Top Ransomware versions detected by ANSSI in cyber-attacks targeting French organizations. Source: ANSSI

Read more: LockBit Takedown ā€“ What You Need to Know about Operation Cronos

Software Supply Chain Vulnerabilities Rule Supreme

Overall, 2023 has seen significant changes in the structure and methods of attackers. They are perfecting their techniques in order to avoid being detected, tracked, or even identified.

ā€œDespite efforts to improve security in certain sectors, attackers continue to exploit the same technical weaknesses to gain access to networks. Exploiting ‘zero-day’ vulnerabilities remains a prime entry point for attackers, who all too often still take advantage of poor administration practices, delays in applying patches and the absence of encryption mechanisms,ā€ reads the report, translated from French to English by Infosecurity.

The top five vulnerabilities exploited by threat actors to compromise French organizationsā€™ IT systems in 2023 include flaws in VMWare, Cisco, Citrix, Atlassian and Progress Software products.

These include the Citrix Bleed and the MOVEit vulnerabilities.

Read more: MOVEit Exploitation Fallout Drives Record Ransomware Attacks

Pre-Positioning Activities on ANSSIā€™s Radar for 2024

Finally, in a tense geopolitical context, ANSSI noted new destabilization operations aimed mainly at promoting a political discourse, hindering access to online content or damaging an organization’s image.

ā€œWhile distributed denial of service (DDoS) attacks by pro-Russian hacktivists, often with limited impact, were the most common, pre-positioning activities targeting several critical infrastructures in Europe, North America and Asia were also detected.

ā€œThese more discreet activities may nevertheless be aimed at larger-scale operations carried out by state actors waiting for the right moment to act,ā€ the report explained.

Vincent Strubel, ANSSIā€™s director general, commented: “While financially motivated attacks and destabilization operations saw a clear upturn in 2023, it was once again the less noisy threat, which remains the most worrying, that of strategic and industrial espionage and pre-positioning for sabotage purposes, which mobilised the ANSSI teams the most.ā€

These geopolitically driven threats will particularly be on ANSSIā€™s radar in 2024, as Paris is prepares to host the 2024 Olympic and Paralympic Games.

Spy in your Pocket….

An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime

Tags: 2024 Paris Olympics, Pegasus, Spy in Your Pocket


Feb 13 2024

New Azure Hacking Campaign Steals Senior Executive Accounts

Category: Hacking,Information Securitydisc7 @ 7:25 am

An ongoing campaign of cloud account takeover has affected hundreds of user accounts, including those of senior executives, and impacted dozens of Microsoft Azure environments.

Threat actors attack users with customized phishing lures inside shared documents as part of this ongoing effort.

Some documents that have been weaponized have embedded links to ā€œView document,ā€ which, when clicked, take users to a malicious phishing webpage to steal sensitive information and commitĀ financial fraud.

Attackers Targeting Wide Range Of Individuals

Threat actors appear to target a broad spectrum of people with varying titles from various organizations, affecting hundreds of users worldwide.

ā€œThe affected user base encompasses a wide spectrum of positions, with frequent targets including Sales Directors, Account Managers, and Finance Managers,ā€ Proofpoint researchers shared with Cyber Security News.

ā€œIndividuals holding executive positions such as ā€œVice President, Operations,ā€ ā€œChief Financial Officer & Treasurerā€ and ā€œPresident & CEOā€ were also among those targeted.ā€

Threat actors have a realistic approach, as seen by the variety of positions they have targeted, intending to compromise accounts that have varying degrees of access to important resources and responsibilities across organizational activities. 

In this campaign, researchers observed the usage of a particular Linux user agent that attackers employed during the attack chainā€™s access phase.

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 

The ā€˜OfficeHomeā€™ sign-in application is primarily accessed by attackers using this user-agent, along with other native Microsoft365 apps, like:

  • ā€˜Office365 Shell WCSS-Clientā€™ (indicative of browser access to Office365 applications) 
  • ā€˜Office 365 Exchange Onlineā€™ (indicative of post-compromise mailbox abuse, data exfiltration, and email threats proliferation) 
  • ā€˜My Signinsā€™ (used by attackers for MFA manipulation; for more info about this technique, see our recent Cybersecurity Stop of the Month blog) 
  • ā€˜My Appsā€™ 
  • ā€˜My Profileā€™

Attackers use their own MFA techniques to keep accessing systems permanently. Attackers choose various authentication techniques, such as registering additional phone numbers to authenticate via SMS or phone calls.

MFA manipulation events executed by attackers in a compromised cloud tenant
MFA manipulation events executed by attackers in a compromised cloud tenant

Criminals get access to and download confidential data such as user credentials, internal security protocols, and financial assets.

Mailbox access is also used to target individual user accounts with phishing threats and migrate laterally across compromised organizations.

Internal emails are sent to the impacted companiesā€™ finance and human resources departments to commit financial fraud.

Attackers design specialized obfuscation rules to hide their activities and erase any proof of malicious activity from the inboxes of their victims.

Obfuscation mailbox rules created by attackers following successful account takeover
Obfuscation mailbox rules created by attackers following successful account takeover

ā€œAttackers were observed employing proxy services to align the apparent geographical origin of unauthorized activities with that of targeted victims, evading geo-fencing policies,ā€ researchers said.

Thus, in your cloud environment, be aware of account takeover (ATO) and possible illegal access to key resources. Security solutions must offer precise and prompt identification of both initial account compromise and post-compromise actions, together with insight into services and applications that have been misused.

Hacking Executive Leadership

A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It

InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: Azure Hacking


Feb 09 2024

Key strategies for ISO 27001:2022 compliance adoption

Category: Information Security,ISO 27kdisc7 @ 1:18 pm

In this Help Net Security interview, Robin Long, founder ofĀ Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard.

Long advises organizations to establish a detailed project roadmap and to book certification audits at an early stage. He also recommends selecting an internal team that includes a leader with the ISO 27001 Lead Implementer qualification and suggests that in some cases, the best approach to the standard may be to start by prioritizing a limited number of ā€œsecurity winsā€ before embarking on full implementation.

A few general points about ISO 27001, before getting onto the questions:

1. The documentation behind ISO/IEC 27001:2022 (ā€œISO 27001ā€) is broken into two main parts: ISO/IEC 27001 itself, which contains the primary guidance, and a ā€˜guidance documentā€™ called ISO/IEC 27002, which lists suggested information security controls that may be determined and implemented based on the risk analysis that is carried out according to the requirements of the primary document.

ISO 27001 is also supported by the other standards ISO/IEC 27000:2018 (IT security techniques) and ISO/IEC 27005:2022 (Information security, cybersecurity, and privacy protection), among others.

All these are developed and maintained by the International Organization for Standardization (ISO), which is based in Geneva, Switzerland.

2. Although there are a number of things that you are obliged to do if youā€™re seeking certified conformity to the standard, it is actually quite flexible about the details. Even the ā€œrequirementsā€ ā€“ the obligatory clauses in the 27001 document ā€“ generally allow a fairly broad range of interpretation. This makes sense when you think that ISO 27001 has been developed as a one-size-fits-all system for all types and sizes of organization that handle sensitive information.

When you look at it like that, it immediately becomes less intimidating.

3. If you decide to go ahead and implement ISO 27001, itā€™s highly recommended to put together a detailed road map that defines targets of what should be achieved by what date in the timeline of the project (Gantt charts are good for this ā€“ look them up!). This helps to keep the project under control and reduces the risk of time and budget overrun. Breaking the project up into weekly components also makes it less daunting.

4. Youā€™ll also need to define a (small) group of people to carry out, maintain and be accountable for implementation of the standard. You might call this the ā€˜ISMS Teamā€™ (where ISMS means Information Security Management System, another way to describe ISO 27001). This team should ideally incorporate expertise and experience in IT, business development and data protection, and have a channel to senior management.

How do you recommend organizations approach understanding and implementing ISO 27001ā€™s wide range of controls and requirements, especially those new to information security management?

As a consultant myself, Iā€™m aware of the conflict of interest, but I have to say that I do think it makes sense to hire external advice for assistance with implementation of ISO 27001, for internal audit, and interaction with certification auditors.

One of the main responsibilities of such an advisor is to assist with understanding of the standard and information security management generally, at both high and low levels. The range of ISO27002 controls ā€“ for example ā€“ is wide indeed, but a competent consultant will break them down into manageable portions that are taken on one by one, in a carefully planned order.

Whether or not you decide to hire a consultant, itā€™s a pretty good idea also to send the leader of the ISMS Team on an ISO2 7001 Lead Implementer (LI) course. These courses typically run for about three days, and they are helpful. Note that ISO 27001 requires the organisation to provide evidence of the competence of key participants in the project, and the LI qualification for a team member indicates a reasonable degree of knowledge and commitment regarding the standard.

Of course, there are also a number of helpful online resources including the ISO27k Forum.

Implementing ISO 27001 can be resource-intensive. What advice do you have for organizations, particularly SMEs, in effectively allocating resources and budget for ISO 27001 implementation?

Itā€™s true that implementation of ISO 27001 necessarily consumes resources, in terms of money and other assets ā€“ particularly peopleā€™s time. The critical question is whether the resource cost is offset by perceived gains, and this is largely about efficiency of allocation. Among other methods that we can use to attempt to optimise this are:

1. Use of a roadmap ā€“ as mentioned above ā€“ that takes the organisation all the way through to the two-stage certification audit process at a granular (weekly) level.

2. Early selection of the certification auditor and agreement of tentative dates for the certification audits. The benefits of doing this include the psychological one of getting an end date in the diary to help define the project roadmap. The cost of certification audits is also an important part of the overall budget, and the certification body will provide quotes for these at this stage.

Note that along with the two initial certification audits, there are a couple of (roughly annual) surveillance audits and a recertification audit after three years. These audits all cost money, of course, and require budgeting.

3. Watching out for some of the less obvious costs, including the potential charges associated with:

  • Legal work on modifications/additions to employment contracts, NDAs etc.
  • Pen testing/vulnerability scanning if necessary
  • Software that you choose to install e.g., anti-malware, IDS, etc.
What strategies can be employed to convince top management of the necessity and benefits of ISO 27001 compliance?

Consultancy companies love to answer this question ā€“ on their websites ā€“ with a list of bullet points.

However, I can tell you that in nearly all cases there is just a single key factor at play, and it is a commercial one: Potential important clients or partners have been identified that require certification to the standard. Organisations that operate in sensitive sectors (finance, critical infrastructure, healthcareā€¦) have already learned this or are in the process of learning it, and donā€™t need to be told about it. If they donā€™t know, then by all means tell them!

Other reasons that I consider completely valid and credible include:

  • Perceived improvement in the level of an organisationā€™s information security provides assurance to other stakeholders apart from clients ā€“ investors, senior management, regulators, suppliers and so on ā€“ regarding information security risks to the organisation.
  • Implementation of ISO 27001 can help smaller companies with their expansion. For example, it can help with the development of sound HR policies, with procedures around business continuity, disaster recovery and change management, and several other areas.
  • Note that ISO 27001 isnā€™t by any means just about personal data but is also concerned with other types of sensitive information, in particular intellectual property or ā€œIPā€ (including trade secrets and source code). For many tech start-ups, these are the main assets of the business, and need to be well protected.
Risk management and performance evaluation are critical yet challenging aspects of ISO 27001. How should organizations approach these elements to ensure an effective Information Security Management System (ISMS)?

These are indeed arguably the core areas of ISO 27001. Among the critical things to remember regarding risk assessments are:

  • You should really at least try to come up with all the possible information security risks (internal and external) that are or might be faced by your organisation. This is best done by brainstorming in a group based around the ISMS Team.

ISO 27001 fundamentally breaks down to: ā€œWhat information security risks do we face? How should we best manage them?ā€

  • Just as the chicken may come before the egg, note that what should happen in this case is that you identify the risks first and then select the controls that help to manage those risks.

You definitely donā€™t have to apply all of the controls, and nearly all organisations treat some, validly, as non-applicable in their Statement of Applicability. For example, businesses where all employees work remotely simply donā€™t have the full range of risks that can benefit from mitigation by the physical controls.

When it comes to performance evaluation, itā€™s largely a case of working through the relevant clauses and controls and agreeing how good a job the organisation is doing trying to meet the associated requirements. The ones that are selected for monitoring, measurement and evaluation will depend on the type and size of the organisation and its business objectives. These are basically key performance indicators (KPIs) for information security and might include supplier evaluations and documented events, incidents, and vulnerabilities.

Specifically for cloud solutions like Microsoft 365, what unique challenges do organizations face in implementing ISO 27001, and how can they be addressed?

The switch towards remote working and use of cloud resources has been quite disruptive for ISO 27001. The 2022 version has been somewhat adapted (via modifications to the controls) to reflect the change in working conditions. However, it still gives a lot of attention to traditional physical places of work, networks, and pre-SaaS style suppliers.

The big switch away from locally downloaded software to cloud services means that we need to take advantage of the flexibility of ISO 27001 to interpret the 27002 controls in a corresponding way, for example:

  • Thinking less about networks and more about secure configuration of cloud resources.
  • Focusing on aspects of the ā€˜supplier relationshipsā€™ controls that are relevant to SaaS suppliers.
  • Remembering that if cloud resources are very important for handling and storage of sensitive data in your business, then the new control 5.23 (Information security for use of cloud services) is correspondingly important for your business and must be tackled carefully and rigorously. It almost definitely applies to you ā€“ and thereā€™s a lot there.
  • Note that business continuity/disaster recoveryĀ for an organisation with employees that work remotely using cloud services becomes largely a question of how the relevant cloud provider(s) manage backups, redundancy of storage/compute etc.
ISO 27001 requires a commitment to continuous improvement. How should organizations approach this, particularly regarding incident management and response?

This is an enigmatic section of clause 10 (Improvement) that organisations tend to struggle with (the second part is about dealing with non-conformities and is much clearer regarding what needs to be done).

It seems to me that the best approach is to raise the question of ā€˜how can we make the ISMS better?ā€™ at the periodic ISMS management meetings, come up with some examples whereby this may be achieved and then provide any observed progress in the right direction. That means that by the time of the first follow-up (surveillance) audit you should be able to present a list of several potential improvements along with how they are being achieved.

Iā€™d like to finish up by mentioning that nothing stops your organisation implementing ISO 27001 without getting the certification, or even doing a partial implementation. Many businesses like the concept of ISO 27001 but arenā€™t quite ready to commit fully. In that case, I highly recommend the following implementation model:

1. Decide which areas of information security are priorities for your organisation in terms of incremental increase in security, resources (money, time, personnel) required and ease of implementation. You can call these your ā€˜lowest-hanging security fruitā€™ if you must. Possible examples include access control, HR security or endpoint security.
2. Work through these one by one according to the relevant 27002 controls.
3. Once you have the highest priority areas covered off, start working on lower levels of priority.
4. After a few months of this, you may feel that ISO 27001 isnā€™t quite so formidable, and that you are ready to tackle it. Go for it!

InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory

Tags: ISO 27001 2022, ISO 27001 compliance


Next Page »