DISC InfoSec blog

If you’re into web API security testing, then you know that API hacking books are a valuable resource. They can teach you new things, introduce you to new concepts around breaking web application programming and help you stay up-to-date on the latest trends in your field. That’s why I’ve put together this list of 5 […]

Can a device be hacked when switched off? Recent studies suggest so. Let’s see how this is even possible. Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method for hacking an iPhone — even if the device is off. The study examined the […]

Han Bing allegedly felt undervalued after his security warnings were ignored, and decided to prove his point by trashing four financial servers. An indignant IT admin, seemingly aiming to prove the lax security his employer had hitherto ignored, proceeded to delete a bunch of vital financial databases, and has subsequently been given seven years in […]

I just wanted to inform you that, at the end of September, Advisera launched “Second Course Exam for Free” promotional campaign. The campaign will start on September 22, and end on September 29, 2022. In this promotion the second course exam is completely FREE OF CHARGE. The bundles are displayed on two landing pages, one […]

Assessing the security of network equipment. This document provides guidance on how operators should assess the security of vendor’s security processes and vendor equipment and is referenced in the Telecom Security Act Code of Practice. The purpose of the guidance is to allow operators to objectively assess the cyber risk due to use of the […]

It has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner. In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party […]

DISC LLC presents a phase approach to deliver ISO 27001 Internal Audit services to SaaS businesses.  The Engagement: We understand that your core business is your SaaS application and you desire an audit.  The audit is to be an independent assessment of the company’s ISMS, to measure the maturity of the program, to identify if […]

Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) frameworks In-depth network scanning Web app pentesting Advanced techniques like “Living off the Land” AV […]

Risk Assessment and Risk Treatment Methodology The purpose of this document is to define the methodology for assessment and treatment of information risks, and to define the acceptable level of risk. The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you. There […]

Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction […]

Security management Included with HPZ2 G9: HP Secure Erase; HP Sure Click; HP BIOSphere Gen6; HP Sure Admin; Hood Sensor Optional Kit; HP Client Security Manager Gen6; HP Sure Start Gen7; HP Sure Recover Gen4; HP Sure Sense Gen2; HP Sure Run Gen5[19,20,21,22,23,24,25,26,31]

Cobalt’s has announced a new offering, Agile Pentesting! With Agile Pentesting, conduct a pentest that has a targeted scope focused on a specific area of an asset, or a specific vulnerability across an asset. Agile Penesting is flexible in nature, and aligns pentesting to DevSecOps workflows in a way that’s friction-free. Leverage Agile Pentesting to level […]

ust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.’s most prestigious security agencies (NSA, CISA, and ODNI) dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers. My first reaction was that it’s great to see these […]

August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems. Meanwhile, the bastion of password security, LastPass, announced that its systems had been […]

The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw ( CVE-2021-38406  CVSS score: 7.8) impacting Delta Electronics industrial automation software. According to Binding Operational Directive (BOD) […]

As technology advances, so must our ability to use such technology ethically. The rise of AI (artificial intelligence) and big data raises concerns about data privacy and cyber security. ITG have combined their latest titles into one bundle, saving you 20% – ideal for bank holiday reading. Digital Ethics Book Bundle Understand the growing social, […]

A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare. In addition, 82 percent believe geopolitics and cybersecurity are “intrinsically linked,” and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of Ukraine. Of those asked, 64 percent believe […]