Hot on the heels of disclosing a critical zero-day vulnerability in Chrome that was being exploited in the wild by attackers, Google has now uncovered another critical zero-day that is being used alongside it to take over Windows machines. Source: Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7
It didn’t require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customers… and phone hijackers. Source: Comcast security nightmare: default ‘0000’ PIN on everybody’s account Best Practice Information Security Enter your email address: Delivered by FeedBurner
In its annual security intelligence report, Microsoft offers up its top tips for blocking out hackers. Source: Microsoft: Do these things now to protect your network | ZDNet Enter your email address: Delivered by FeedBurner
#InfoSecTools The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks Source: Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool
Malware can spread much more easily on obsolete platforms, warns security body. With less than a year until the end of Windows 7 support, don’t get caught out. Source: Windows 7 migration warning: Plan now to avoid security worries later | ZDNet Phishing Scam Subscribe to DISC InfoSec blog by Email
Follow the guidance in this CIS document to configure Microsoft 365 security settings to the level that suits your organization. Source: Center for Internet Security releases Microsoft 365 benchmarks
Patching vulnerabilities is often seen as a key element of keeping systems secure. But a new report suggests businesses could be ‘smarter’ in their patching regimes and prioritize the i… Source: Businesses can safely delay patching most vulnerabilities 🔒 securing the business 🔒 DISC InfoSec
Report claims US public and private sectors had over 300,000 cybersecurity-related job openings between April 2017 and March 2018. By Catalin Cimpanu for Zero Day US lawmakers have introduced a bipartisan bill in the House of Representatives meant to address the cybersecurity workforce shortage crisis. The bill, named the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within […]
Redesigned NordVPN apps for iOS and macOS are available now! NordVPN team has been on a mission “Make the app UX go WOW” for a while. As they want users to have smooth and hassle-free NordVPN experience, rethinking our app navigation from the ground up felt like the right thing to do. Tweak after tweak, […]
Luke Irwin The dramatic rise in cyber attacks over the past few years has caught most businesses off guard. Their cyber security departments are severely understaffed, causing them to look desperately for qualified professionals to help tackle the threat. There has never been a better time to get into cyber security, so if you’re looking […]
Cyberspace, the Internet, the digital world – call it what you will – is always developing. But so are the threats and risks that come with it. It doesn’t matter if you are working in the most mature enterprise environment, unemployed, retired, or still at school, whether you often have a smartphone in your hand […]
Is this a good time to be in the field of InfoSec, (ISC)2 report shows the skills shortage is getting worse. Over the next five years, the number of unfilled cybersecurity jobs will rise to a whopping 1.8 million, a 20% increase from 2015 estimates, according to a new (ISC)2 survey released. Cybersecurity Faces 1.8 Million […]
The textbook for the Open University’s postgraduate information security course. The recommended textbook for all IBITGQ ISO 27001 courses. Available in softcover or eBook format. Description Fully updated expert information security management and governance guidance based on the international standard for information security management, ISO 27001. As global threats to information security increase in frequency […]
There are plenty of good books out there, feel free to share your favorite InfoSec books in the comment section Cracking the Coding Interview Blue Team Field Manual (BTFM) (RTFM) The Art of Exploitation, 2nd Edition The Art of Invisibility Identity Theft by Ron Cantor Smalltalk Best Practice Patterns Cryptography Engineering: Design Principles and Practical Applications […]
By Tracy Shumaker In order for CISOs to stay relevant in their field today, they must add communication and soft skills to their list of capabilities. Traditionally, their role has been to take charge of IT security. Now CISOs oversee cybersecurity and risk management systems. They must manage teams and get leadership approval in order […]
If you’re just starting a new job in information security, you’ve just finished your university degree, or you’re looking for the next step in your career but not sure which direction to take, try this… Information Security Expertise Bundle Designed to help you develop your knowledge and understanding of key information security topics, this collection […]
Opening theme video from RSA Conference 2016 – #RSA2016 Observations from the 2016 RSA Conference Related articles Tripwire at RSA Conference 2016: Cyberwar @ the Endpoint PhoneBoy Speaks Ep 1063: Heading to RSA Conference 2016 Digital Equilibrium Project Looks to Balance Privacy, Security 2016: RSA Conference and The DomainTools Report RSA 2016: discover the security […]
Excellence in the Field of Mathematics The Cryptographers’ Panel Crypto 101: Encryption, Codebreaking, SSL and Bitcoin Beyond Encryption: Why We Can’t Come Together on Security and Privacy Peek into the Future: Symantec Ascending the Path to Better Security: Cisco Louder Than Words: Intel Security Trust in the Cloud in Tumultuous Times: Microsoft The (Inevitable?) Decline […]
by Stephen Northcutt A question came up on the GIAC Advisory Board: “How should an organization deal with ransomware?” One of the members, Alan Waggoner, gave a good answer. All posts to that mailing list are private, so this is reposted with his permission. 1. Get reliable, tested backups of everything that is important. 2. […]
The top titles your peers have been reading this year IT Governance Publishing (ITGP) publishes industry-leading titles on all aspects of IT governance, risk management, and compliance. ITGP 2015 bestsellers will give you the knowledge you need to transform your working life in 2016. Browse through top 10 below: 1) Web Application Security is […]
