Archive for the ‘Information Security’ Category

LIST OF Materials for ISO Internal Audit

Leave a Comment

5 Books Every API Hacker Should Read

If you’re into web API security testing, then you know that API hacking books are a valuable resource. They can teach you new things, introduce you to new concepts around breaking web application programming and help you stay up-to-date on the latest trends in your field. That’s why I’ve put together this list of 5 […]

Leave a Comment

Hacking a powered-off iPhone: vulnerabilities never sleep

Can a device be hacked when switched off? Recent studies suggest so. Let’s see how this is even possible. Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method for hacking an iPhone — even if the device is off. The study examined the […]

Leave a Comment

IT admin gets 7 years for wiping his company’s servers to prove a point

Han Bing allegedly felt undervalued after his security warnings were ignored, and decided to prove his point by trashing four financial servers. An indignant IT admin, seemingly aiming to prove the lax security his employer had hitherto ignored, proceeded to delete a bunch of vital financial databases, and has subsequently been given seven years in […]

Leave a Comment

Second Course Exam for Free – ISO 9001, ISO 14001, ISO 27001 & EU GDPR

I just wanted to inform you that, at the end of September, Advisera launched “Second Course Exam for Free” promotional campaign. The campaign will start on September 22, and end on September 29, 2022. In this promotion the second course exam is completely FREE OF CHARGE. The bundles are displayed on two landing pages, one […]

Leave a Comment

Vendor Security Assessment

Assessing the security of network equipment. This document provides guidance on how operators should assess the security of vendor’s security processes and vendor equipment and is referenced in the Telecom Security Act Code of Practice. The purpose of the guidance is to allow operators to objectively assess the cyber risk due to use of the […]

Leave a Comment

Netgear Router Models With FunJSQ Let Attackers Execute Arbitrary Code

It has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner. In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party […]

Leave a Comment

ISO 27001 Internal Audit

DISC LLC presents a phase approach to deliver ISO 27001 Internal Audit services to SaaS businesses.  The Engagement: We understand that your core business is your SaaS application and you desire an audit.  The audit is to be an independent assessment of the company’s ISMS, to measure the maturity of the program, to identify if […]

Leave a Comment

5 Kali Linux books you should read this year

Advanced Security Testing with Kali Linux Independently published / Author: Daniel Dieterle This book covers the more intermediate and advanced uses of the Kali Linux pentesting distribution. You will learn topics like: The MITRE ATT@CK Framework Command & Control (C2) frameworks In-depth network scanning Web app pentesting Advanced techniques like “Living off the Land” AV […]

Leave a Comment

Risk Management document templates

Risk Assessment and Risk Treatment Methodology The purpose of this document is to define the methodology for assessment and treatment of information risks, and to define the acceptable level of risk. The document is optimized for small and medium-sized organizations – we believe that overly complex and lengthy documents are just overkill for you. There […]

Leave a Comment

Google announced the completion of the acquisition of Mandiant for $5.4 billion

Google announced the completion of the $5.4 billion acquisition of threat intelligence firm Mandiant. The acquisition was announced in March 2022 by both companies: “RESTON, Va., March 8, 2022 – Mandiant, Inc. (NASDAQ: MNDT) today announced that it has entered into a definitive agreement to be acquired by Google LLC for $23.00 per share in an all-cash transaction […]

Leave a Comment

HP Z2 G9 Small Form Factor Workstation – Wolf Pro Security Edition

Security management Included with HPZ2 G9: HP Secure Erase; HP Sure Click; HP BIOSphere Gen6; HP Sure Admin; Hood Sensor Optional Kit; HP Client Security Manager Gen6; HP Sure Start Gen7; HP Sure Recover Gen4; HP Sure Sense Gen2; HP Sure Run Gen5[19,20,21,22,23,24,25,26,31]

Leave a Comment

How do I become a cyber security professional?

Leave a Comment

PenTesting at the speed of Your SDLC

Cobalt’s has announced a new offering, Agile Pentesting! With Agile Pentesting, conduct a pentest that has a targeted scope focused on a specific area of an asset, or a specific vulnerability across an asset. Agile Penesting is flexible in nature, and aligns pentesting to DevSecOps workflows in a way that’s friction-free. Leverage Agile Pentesting to level […]

Leave a Comment

Government guide for supply chain security: The good, the bad and the ugly

ust as developers and security teams were getting ready to take a breather and fire up the BBQ for the holiday weekend, the U.S.’s most prestigious security agencies (NSA, CISA, and ODNI) dropped a 60+ page recommended practice guide, Securing the Software Supply Chain for Developers. My first reaction was that it’s great to see these […]

Leave a Comment

List of Data Breaches and Cyber Attacks in August 2022 – 97 Million Records Breached

August 2022 has been a lesson in being careful with whom you provide sensitive information. In a month that saw the former US president accused of misappropriating classified government documents, there were also a spate of malicious insiders compromising their employer’s systems. Meanwhile, the bastion of password security, LastPass, announced that its systems had been […]

Leave a Comment

US-based CISOs get nearly $1 million per year

The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 […]

Leave a Comment

CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw ( CVE-2021-38406  CVSS score: 7.8) impacting Delta Electronics industrial automation software. According to Binding Operational Directive (BOD) […]

Leave a Comment

Digital Ethics Book Bundle

As technology advances, so must our ability to use such technology ethically. The rise of AI (artificial intelligence) and big data raises concerns about data privacy and cyber security. ITG have combined their latest titles into one bundle, saving you 20% – ideal for bank holiday reading. Digital Ethics Book Bundle Understand the growing social, […]

Leave a Comment

77% of security leaders fear we’re in perpetual cyberwar from now on

A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare. In addition, 82 percent believe geopolitics and cybersecurity are “intrinsically linked,” and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of Ukraine. Of those asked, 64 percent believe […]

Leave a Comment