Feb 11 2021

Is your business ready for the new world?

Category: Information Security,ISO 27kDISC @ 11:19 am

There is light at the end of the tunnel with Covid-19 and businesses will need to be ready for whatever it may bring. Perhaps not a business as usual or will it be a case of your customers may want to reduce their vendors and their services. In 2021 customers may want to do business with a vendor who secures their information and have a better chance of surviving disaster.

Embracing an ISO standard (ISO 27001/2) can help differentiate you from your competitors and show you as a business that can cope in this new world, using ISO standards as foundation will show the world what type of company you are, doing security stuff more efficiently, as well as effectively.

Working with DISC InfoSec who have 20 years’ experience in helping Businesses in the USA to successfully achieve ISO Certification by: 

  • Advice and Guidance throughout the implementation and certification process 
  • Risk assessment of existing Management System and Gap Analysis 
  • Design, build and assess a tailor-made compliant ISO Management System 
  • Write up all the Policies, Procedures and Flowcharts 
  • ISMS manual with all the relevant clauses 
  • Internal Auditor Instructions and training if required
  • Registration and Certification with a certificating Body of your choice

At DISC InfoSec we use International Register of Certificating Auditors (QSA/BSI) qualified Lead Auditors to carry out your implementation to ensure successful Certification.

DISC InfoSec ISO 27001 Assessment

DISC InfoSec ISO 27001 Consultants

Contact DISC InfoSec for any question

ISO 27001 implementation Titles

Feb 11 2021

Digital Security and 5G Security Architecture

Category: Information Security,Mobile SecurityDISC @ 9:16 am

Normal day-to-day life was brought to a halt by the COVID-19 pandemic, which greatly impacted the lives of virtually all people worldwide in unprecedented fashion. As people have stayed home and isolated themselves to avoid contracting and spreading the virus, there has been increased reliance on virtual connectivity due to a sharp increase in remote work and people performing their daily transactions over the internet.

This situation is now leading to an accelerated adoption of 5G architecture, resulting in a 5G-based Internet of Things (IoT) ecosystem. The 5G-based IoT ecosystem is a system of connected devices that reside on the 5G network. The benefits of the 5G network include providing new technology capabilities, allowing for higher productivity compared to previous mobile technologies, transferring and delivering 1,000x higher mobile data volume per area between devices, connecting a higher number of devices with a higher user data rate, providing 10x longer battery life for low power massive machine communications, and 5x reduced End-to-End (E2E) latency.

Due to the increased digital usage and the already existing risks and threats associated with current and previous cellular network technologies, there has been a higher number of data breaches and cyberattacks, with malicious actors taking advantage of citizens and businesses during the pandemic. Some of these identified risks/threats that lead to data breaches and cyber-attacks include:

  • Bidding down attacks, which weaken existing authentication mechanisms
  • Malicious network connections to networks by rogue user devices
  • Pretense of user devices roaming on networks
  • Sensitive data vulnerability due to poor data encryption or no encryption
  • Higher risk of attackers due to new remote access threats
  • Authentication traffic spikes due to acts by malicious actors

Source: Digital Security and 5G Security Architecture

Tags: 5G security

Feb 10 2021

Ransomware Profitability

Category: Information Security,RansomwareDISC @ 11:34 pm
Ransomware Profitability

Feb 08 2021

Security in the Digital World

Category: Information SecurityDISC @ 11:32 pm

This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to:  picture\4864.jpeg

* Keep your information secure

* Put the necessary controls on your home network, protecting your family from cyber crime

* Prevent identity theft when shopping online or using contactless payment

* Keep your children safe when using the Internet.

Security in the Digital World

Feb 08 2021

Holistic InfoSec For Web Developers

Category: Information Security,Web SecurityDISC @ 11:22 pm
Holistic InfoSec For Web Developers: Physical and People (Fascicle 0) by [Kim Carter, Russ McRee, Leanne Carter, Simon Bennetts]

This book begins by taking the reader to the 30,000′ view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them to lower levels. I detail how to setup a security focussed distribution with all the tools and configuration options required for working through the book. We then walk through the Process and Practises that the attacker often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles.

The rest of the book focusses on the specific area on the cover of this book.

My intention with “Holistic Info-Sec for Web Developers” is in many ways to help you answer your own questions and show you that creating systems and arming people to withstand the types of attacks commonly encountered today is not our of reach of mere mortals. That by simply lifting the lower hanging fruit for an attacker often means they will move on to an easier target. Unless they are specifically targeting you. In which case you should find many of the risks and countermeasures I address, affective for increasing the difficulty for your attacker, and thus dramatically increasing your chances of defence and counter-attack.

Fascicle 0 focusses on:

1. The chosen threat modelling approach
2. Setting up your tool-belt
3. The process of penetration testing
4. A collection of processes and practises formulated from penetration testing, useful for augmenting each and every Scrum Sprint
5. Physical and People security

Holistic InfoSec For Web Developers: Physical and People

Tags: InfoSec for Web Developer

Feb 04 2021

9 Course Ethical Hacking Bundle

Category: Hacking,Information Security,Security trainingDISC @ 3:30 pm
9 Course Ethical Hacking Bundle [PC/Mac Online Code]

Learn Ethical Hacking & Cyber Security with this training bundle This ’9 Course Ethical Hacking Bundle’ from Total Training is for beginners and IT pros looking to learn how to protect sites against cyber threats. Learn about Firewalls, Social Engineering, Cyber Anonymity, Cryptography, and more.

With this 9 Course Ethical Hacking Bundle, you will get the training you need to land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings globally, and demand is greatly outpacing supply – which means more opportunity, job security, and higher pay for you!

9 Course Ethical Hacking Bundle

Courses Included:
Ethical Hacking: Social Engineering
Ethical Hacking: Recon and Footprinting
Ethical Hacking: Malware Development
Ethical Hacking: Honeypots, IDS and Firewalls
Ethical Hacking: Hacking Databases
Ethical Hacking: Hacking Applications
Ethical Hacking: Cyber Anonymity
Ethical Hacking: Cryptography for Hackers
Ethical Hacking: Wireless Hacking

Tags: Ethical Hacking, InfoSec training

Jan 31 2021

SIM National Unpacking the Hack

Category: Information SecurityDISC @ 8:22 pm

In this SIM DigiRisk Town Hall this panel of seasoned CIOs will share some of their valuable tips and advice for approaching this for your company.

Tags: SolarWinds hack

Jan 31 2021

Byron Roosa’s ‘A Look At Jython-Enhanced Reverse Engineering

Category: App Security,Information SecurityDISC @ 1:23 pm
BSidesSF 2020 – Byron Roosa’s ‘A Look At Jython-Enhanced Reverse Engineering With Ghidra’

Tags: Jython, Reverse Engineering

Jan 30 2021

Police Say They Can Use Facial Recognition, Despite Bans

Category: Information SecurityDISC @ 12:38 am
Police Say They Can Use Facial Recognition, Despite Bans – More than a dozen cities have passed facial recognition bans in the past couple of years, but police say there are loopholes from privacy

Jan 27 2021

Security in the digital world

Category: cyber security,Information SecurityDISC @ 11:48 pm

This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to:

* Keep your information secure
* Put the necessary controls on your home network, protecting your family from cyber crime
* Prevent identity theft when shopping online or using contactless payment
* Keep your children safe when using the Internet.

Security in the digital world

Tags: digital world

Jan 27 2021

Law enforcement announced global action against NetWalker Ransomware

Category: Botnet,Information Security,RansomwareDISC @ 5:43 pm
Law enforcement announced global action against NetWalker Ransomware

A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators.

Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.

“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.

“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”

The group has been active since 2019, the NetWalker ransomware has been offered with the Ransomware-as-a-Service (RaaS) model.

The list of victims of the group is long, it includes Pakistan’s largest private power company K-ElectricArgentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF), the latter paid a $1.14 million ransom to recover its files.

Jan 27 2021

IN RARE ADMISSION, APPLE SAYS THREE SECURITY BUGS ‘ACTIVELY EXPLOITED’ BY HACKERS

Category: Bug Bounty,Information SecurityDISC @ 12:17 pm
In rare admission, Apple says three security bugs ‘actively exploited’ by hackers

Jan 26 2021

SANS Faculty Free Tools

Category: Information Security,Security ToolsDISC @ 4:44 pm

SANS Faculty free tools download

Jan 26 2021

Ghost hack – criminals use deceased employee’s account to wreak havoc

Category: Cybercrime,Information SecurityDISC @ 12:00 pm
Ghost hack – criminals use deceased employee’s account to wreak havoc

Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave.

In particular, most companies have a slick and quick procedure for removing ex-staff from the payroll.

Firstly, it doesn’t make economic sense to pay someone who is no longer entitled to the money; secondly, many countries require employers to withold payroll taxes automatically, to pay them in promptly, and to account for them accurately.

Why get into trouble with the tax office over former employees when you can have a simple “staff leaving” checklist that will help to keep you compliant and solvent at the same time?

Unfortunately, we’re not always quite so switched on (or, to be more precise, not quite so good at switching things off) when it comes to ex-staff and cybersecurity.

History is full of stories of havoc wreaked by ex-employees who maintained both their grudges and their paswords or access tokens after being fired or laid off.

Some of these revenge attacks have acquired legendary status, like the man from the splendidly named town of Maroochydore in Maroochy Shire in Queensland, Australia, who used insider information and a purloined computer to “hack” the council’s waste management system.

This crook quite literally, if you will pardon the expression, showered the shire with… well, with 1,000,000 litres of raw sewage, by operating all the right pumps in all the wrong ways.

As amusing as this crime sounds with 20 years of hindsight – it happened in the year 2000 – the disgruntled former contractor caused an environmental hazard, including polluting a tidal canal, that took days to clean up.

He was caught, tried and convicted of 27 counts of unauthorised computer access, and one count of wilfully and unlawfully causing serious environmental harm:

“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant, investigations manager for the Australian Environmental Protection Agency.

Then there was the US sysadmin who was fired in 2009 and decided to get his own back by planting keyloggers on his former employee’s network, harvesting passwords until he had access to the accounts of senior staff, and then remotely hacking into a presentation by the CEO to the board of directors.

Source: Ghost hack

Jan 26 2021

Dance like nobody’s watching, browse the web like everyone is

Category: Information SecurityDISC @ 12:58 am

Jan 26 2021

Cyber Security Spend To Jump 10% to $60 Billion in 2021

Category: Information SecurityDISC @ 12:48 am
Cyber Security Spend To Jump 10% to $60 Billion in 2021

Jan 25 2021

New campaign targeting security researchers

Category: Information Security,Information WarfareDISC @ 6:10 pm

Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.

In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control.

Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including “guest” posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.

A screenshot from the actors' blog of an analysis done by the actor about a publicly disclosed vulnerability.
Example of an analysis done by the actor about a publicly disclosed vulnerability.

While we are unable to verify the authenticity or the working status of all of the exploits that they have posted videos of, in at least one case, the actors have faked the success of their claimed working exploit. On Jan 14, 2021, the actors shared via Twitter a YouTube video they uploaded that proclaimed to exploit CVE-2021-1647, a recently patched Windows Defender vulnerability. In the video, they purported to show a successful working exploit that spawns a cmd.exe shell, but a careful review of the video shows the exploit is fake. Multiple comments on YouTube identified that the video was faked and that there was not a working exploit demonstrated. After these comments were made, the actors used a second Twitter account (that they control) to retweet the original post and claim that it was “not a fake video.”

Source: New campaign targeting security researchers

Jan 25 2021

VisualDoor: SonicWall SSL-VPN Exploit

Category: Information Security,VPNDISC @ 12:28 am

TL;DR: SonicWall “Virtual Office” SSL-VPN Products ship an ancient version of Bash vulnerable to ShellShock, and are therefore vulnerable to unauthenticated remote code execution (as a “nobody” user) via the /cgi-bin/jarrewrite.sh URL.

The exploit is incredibly trivial. We simply spaff a shellshock payload containing a bash /dev/tcp backconnect at it, and we get a shell. Now, the environment on these things is incredibly limited – its stripped down Linux. But we have bash, openssl, and FTP. So you could always download your own toolkit for further exploitation.

Anyway, here is the public exploit. It is incredibly trivial and recycles the telnetlib handler for reverse shells from exploits released by Stephen Seeley. https://github.com/darrenmartyn/visualdoor.

Source: VisualDoor: SonicWall SSL-VPN Exploit

Jan 24 2021

The Prescription Coffee Mug

Category: cyber security,Information SecurityDISC @ 3:13 pm

Jan 23 2021

Hacker blunder leaves stolen passwords exposed via Google search

Category: Information Security,Password SecurityDISC @ 2:18 pm

Source: Hacker blunder leaves stolen passwords exposed via Google search

Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches.

The phishing campaign has been running for more than half a year and uses dozens of domains that host the phishing pages. It received constant updates to make the fraudulent Microsoft Office 365 login requests look more realistic.

Creds in plain sight

Despite relying on simple techniques, the campaign has been successful in bypassing email protection filters and collected at least 1,000 login credentials for corporate Office 365 accounts.

Researchers at cybersecurity companies Check Point and Otorio analyzing this campaign discovered that the hackers exposed the stolen credentials to the public internet.

In a report published today, they explain that the attackers exfiltrated the information to domains they had registered specifically for the task. Their mistake was that they put the data in a publicly visible file that Google indexed.

As a result, Google could show results for queries of a stolen email address or password, as seen in the screenshot above:

« Previous PageNext Page »