InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Nov 29 2020
To download 10 Best InfoSec Hacking Books pdf
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/10-best-InfoSec-hacking-books.pdf” title=”10 best InfoSec hacking books”]
To download 10 Best InfoSec Hacking Books pdf
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/Metsploit-cheatsheet.pdf” title=”Metsploit cheatsheet”]
Nov 17 2020
The next Windows PC you buy could come with an advanced security co-processor that will protect your data from being stolen by hackers.
The next Windows PC you buy could come with an advanced security co-processor that will protect your data from being stolen by hackers. Building on work it started with the Xbox One, on Tuesday Microsoft announced the existence of Pluton. It’s a new project the company is working on with both AMD and Intel, as well as Qualcomm, to create x86 and ARM CPUs that integrate a dedicated security component.
At its simplest, Pluton is an evolution of the existing Trusted Platform Module (TPM) you find in many modern computers. TPMs store security-related information about your operating system and enable features like Windows Hello. However, for all the additional security they add to PCs, they still have vulnerabilities. As security researchers have shown, it’s possible for hackers to attack the bus interface that allows the TPM and CPU to communicate with one another.
That’s where Pluton comes into the picture. By integrating the TPM into the CPU, Microsoft says it’s able to close off that avenue of attack. When the first slate of Pluton-equipped CPUs and computers start making their way out to consumers, Microsoft says they’ll emulate TPM chips so that they can take advantage of existing APIs and provide Windows users with immediate usefulness. The end goal is for Pluton-equipped CPUs to protect your credentials, encryption keys and personal data. In that way, it will be similar to the T2 and Titan M security chips Apple and Google offer, but with the added advantage of being there for the entire Windows ecosystem to use.
Source: Microsoft’s Pluton chip upgrades the hardware security of Windows PCs
Microsoft Pluton is a new security chip for Windows PCs
httpv://www.youtube.com/watch?v=f85ipqsOcqc&ab_channel=REFILLSOLUTIONS
Nov 06 2020
Pwn2Own Tokyo 2020 hacking competition is started, bug bounty hunters already hacked a NETGEAR router and a Western Digital NAS devices.
The Pwn2Own Tokyo is actually coordinated by Zero Day Initiative from Toronto, Canada, and white hat hackers taking part in the competition have to demonstrate their ability to find and exploit vulnerabilities in a broad range of devices.
On the day one of the competition, bug bounty hunters have successfully hacked a vulnerability in the NETGEAR Nighthawk R7800 router. The participants were the Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security, and the Team Flashback earned $20,000 for a remote code execution exploit that resulting from the chaining of two bugs in the WAN interface.
“The team combined an auth bypass bug and a command injection bug to gain root on the system. They win $20,000 and 2 points towards Master of Pwn.” reads the post on the official site of the Pwn2Own Tokyo 2020.
The Trapa team successfully chained a pair of bugs to gain code execution on the LAN interface of the router, the experts earned $5,000 and 1 point towards Master of Pwn.
The STARLabs team earned the same amount after using a command injection flaw to take control of the device.
The Western Digital My Cloud Pro series PR4100 NSA device was targeted by The Trapa Security team also earned $20,000 for a working exploit for the Western Digital My Cloud Pro series PR4100 NSA device.
The exploit code chained an authentication bypass bug and a command injection vulnerability to gain root on the device.
Source: Pwn2Own Tokyo Day one: NETGEAR Router, WD NAS Device hacked
Pwn2Own Tokyo (Live from Toronto) 2020 – Day One
httpv://www.youtube.com/watch?v=jX0b8iKXnbI&ab_channel=ZeroDayInitiative
Nov 05 2020
These scams seek to collect personal information about you, often appearing to come from a real business or agency. Someone may pose as an official disaster aid worker, or send you a fraudulent COVID contact tracing email. If you receive a message with a link, you should not click it as it may download malware to your device to steal passwords and personal information. Government agencies like FEMA or the IRS will never contact you asking for a FEMA registration number, a Social Security number, or a bank account or credit card number to give you a COVID or FEMA payment—or ask you to pay anything up front to fill out an application or to access state or federal resources.
Before sharing, check that what you are reading is from a trustworthy source. Disinformation can be life threatening in a global pandemic.
No cures or vaccines have been approved for COVID-19 yet. Online offers claiming to provide a medicine or device to treat or prevent COVID should be ignored. When there is a new breakthrough in the treatment and prevention of COVID, it will be widely reported on by reputable news sources.
Fake charities often emerge following a crisis, soliciting donations, but not using them for the described purpose. Before donating, check out www.ftc.gov/charity to research the organization and make sure it’s legitimate.
If you receive a robocall, you should hang up instead of pushing any buttons or giving away any personal information. If a call claims to be from the IRS or FEMA, but demands immediate payment through debit card or wire transfer, it is fraudulent. Federal agencies will never demand immediate payment over the phone, threaten immediate arrest, or ask you to make a payment to anyone other than the U.S. Treasury.
Warning Signs that a Loved One may be the Victim of a Scam
Victims to a scam may be embarrassed or uncomfortable asking for help. It’s not always obvious when someone has been scammed, so check in with your loved ones frequently, especially if they are older, live alone, or are otherwise high risk.
Warning signs include large ATM withdrawals, charges, or checks; secretiveness and increased anxiety about finances; large quantities of goods being delivered that they do not need; an unusual number of phone calls or visits from strangers; and a sudden lack of money, unpaid bills, or a change in daily habits.
For more information, and to get help with a potential FEMA fraud, you can call the National Center for Disaster Fraud Hotline at 866-720-5721 or FEMA’s Public Inquiry Unit at 916-210-6276. For questions about pandemic scams, go to www.ftc.gov/coronavirus or www.cdc.goc/coronavirus/2019-ncov .
Aug 28 2020
A former Cisco employee pleaded guilty to accessing the company’s cloud infrastructure in 2018, five months after resigning, to deploy code that led to the shut down of more than 16,000 WebEx Teams accounts and the deletion of 456 virtual machines.
According to a plea agreement filed on July 30, 2020, 30-year-old Sudhish Kasaba Ramesh accessed Cisco’s cloud infrastructure hosted on Amazon Web Services without permission on September 24, 2018 — he resigned from the company in April 2018.
Source: Cisco engineer resigns then nukes 16k WebEx accounts, 456 VMs
From Weakest Link to Human Firewall in Seven Days
Download a Security Risk Assessment Steps paper!
Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Subscribe to DISC InfoSec blog by Email
👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
Aug 19 2020
Find online courses from top universities. Search all edX MOOCs from Harvard, MIT and more and enroll in a free course today.
Source: edX Courses | View all online courses on edX.org
Download a Security Risk Assessment Steps paper!
Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Subscribe to DISC InfoSec blog by Email
👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
Jul 28 2020
Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government
Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores
Rite Aid facial recognition rollout faces trouble
httpv://www.youtube.com/watch?v=ltA9fABnee8
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jul 17 2020
Twitter Inc had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform’s security. Twitter said hackers had targeted employees with access to its internal systems and “used this access to take control of many highly-visible (including verified) accounts.”
The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.
The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.
Source: Twitter stepped up search to fill top security job ahead of hack
httpv://www.youtube.com/watch?v=4pquwx-doYg
Explore latest CISO Titles at DISC InfoSec
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jul 11 2020
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/07/Ten-Steps-to-Reduce-Your-Cyber-Risk.pdf” title=”Ten Steps to Reduce Your Cyber Risk”]
Reduce your cyber risk with ISO 27001
Contact DISC InfoSec if you have a question regarding ISO 27001 implementation.
Explore the subject of Cyber Attack
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jul 07 2020
If Microsoft Edge was installed in Windows 10 via Windows Update, you can not remove it via standard methods. That does not mean you cannot remove it, though, as a technique has been discovered to uninstall the program via the command prompt.
Source: How to uninstall Microsoft Edge forced-installed via Windows Update
New Microsoft Edge browser cant be uninstalled when you get it on Windows update
httpv://www.youtube.com/watch?v=2mvyKqFzf5o
Explore the subject of Cyber Attack
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jun 17 2020
The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, recorded in March 2018.
Source: AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ZDNet
Was the US hit by a massive ‘DDoS attack’?
httpv://www.youtube.com/watch?v=54IJil_rZkY
What is DDOS? Is America Under a Foreign Cyber Attack?!
httpv://www.youtube.com/watch?v=Sp5ZgIGunTc
Would like to know more on InfoSec Awareness…
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 14 2020
Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use.
Source: Tech firms suspend use of ‘biased’ facial recognition technology
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Why Cities Are Banning Facial Recognition Technology | WIRED
httpv://www.youtube.com/watch?v=sYftT5YgwVI
Facial-recognition technology: safe or scary?
httpv://www.youtube.com/watch?v=-yvxbi5GMnA
ARTIFICIAL INTELLIGENCE Dangers to Humanity: AI, U.S., China, Big Tech, Facial Recogniton, Drones, Smart Phones, IoT, 5G, Robotics, Cybernetics, & Bio-Digital Social Programming
Jun 10 2020
In the months and years ahead, deepfakes threaten to grow from an Internet oddity to a widely destructive political and social force.
Source: Deepfakes Are Going To Wreak Havoc On Society. We Are Not Prepared.
Best Of Deep Fakes Compilation
httpv://www.youtube.com/watch?v=xkqflKC64IM
Funniest DeepFakes *Compilation* II.
httpv://www.youtube.com/watch?v=RpRlrrNwr4U
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 04 2020
Cyber extortionists have stolen sensitive data from a company which supports the US Minuteman III nuclear deterrent.
Source: Hackers steal secrets from US nuclear missile contractor
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Jun 02 2020
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
May 31 2020
With no nationwide Covid-19 notification software in sight, security and interoperability issues loom large.
Source: State-Based Contact Tracing Apps Could Be a Mess
Big Tech’s Contact-Tracing Apps Might Make Things Worse | Mashable
httpv://www.youtube.com/watch?v=ViA0xR5q_w4
Coronavirus outbreak: What are the privacy risks behind ‘contact tracing’ apps?
httpv://www.youtube.com/watch?v=FmbOxY7yBL0
Download a Security Risk Assessment Checklist paper!
Subscribe to DISC InfoSec blog by Email
Apr 26 2020
Open a PDF file The best practice guide for an effective infoSec function.
Introduction to Cybersecurity
httpv://www.youtube.com/watch?v=ULGILG-ZhO0
What You Should Learn Before Cybersecurity
Subscribe to DISC InfoSec blog by Email
Apr 25 2020
Preparing a Secure Evolution to 5G
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/04/5G-CYBERSECURITY.pdf” title=”5G CYBERSECURITY”]
Tech Talk: 5G Security
httpv://www.youtube.com/watch?v=7ETDxh2d2sU
Security of 5G networks: EU Member States complete national risk assessments
httpv://www.youtube.com/watch?v=O_Jt9wp9FDc
Bye bye privacy with 5G
httpv://www.youtube.com/watch?v=a0359OG6CyY
Subscribe to DISC InfoSec blog by Email
Apr 14 2020
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/04/SANS-Free-tool-list.pdf” title=”SANS Free tool list”]
to download pdf for open source free tools list
Open Source Tools For Working Remotely From Home: pfsense, OpenVPN, Syncthing, and Nextcloud
httpv://www.youtube.com/watch?v=UHzAke2oyfo
Subscribe to DISC InfoSec blog by Email
Jan 29 2020
https://en.wikipedia.org/wiki/Tokenization_(data_security)
Source: Tokenization vs. Encryption vs. Aliasing – How to Truly Minimize Compliance Risk
The tokenization of things | Matthew Roszak | TEDxSanFrancisco
httpv://www.youtube.com/watch?v=Rto-earGcxg
Subscribe to DISC InfoSec blog by Email
