Build a security culture
Feb 23 2021
Keybase secure messaging fixes photo-leaking bug – patch now!
Keybase, owned by online meeting and teleconferencing behemoth Zoom, is a secure messaging and file sharing service that describes itself as providing “end-to-end encryption for things that matter.”
End-to-end encryption is pretty much what it says: encryption that starts on your computer, typically inside an individual app such as when browser submits a login form, and only gets stripped off at the far end when the data arrives at its final destination, such as when a website receives the login form with your username and password in it.
End-to-end encryption over the internet doesn’t just mean that your data is encrypted while it’s in transit from node to node along its network journey – it’s supposed to be a stronger guarantee than that.
It not only means that your data isn’t decrypted while it’s at any “rest stops” along the way, such as when an email message is held at your ISP for delivery later on, but also means that your data cannot be decrypted along the way, no matter whether you trust the person operating that “rest stop” or not.
Feb 17 2021
Black Start: Preparedness for Any Situation
In Stephen King’s 1994 made-for-TV movie “The Stand,” most of the human race is wiped out by a deadly virus. As a result, power stations are unmanned and Americans are left without electricity for months. That is, until a husband and wife team works engineering magic at a power plant, flipping the right switches to bring the entire grid back online.
Anyone familiar with the black start process knows that in real life, it doesn’t happen with quite so much Hollywood pizzazz. But black start is a remarkable process and the controls and instrumentation used during a black start must operate with the utmost precision and speed.
A black start unit is one that can start its own power without support from the grid in the event of a major system collapse or a system-wide blackout. In the U.S., every region within the North American Electric Reliability Corp. (NERC) has its own black start plan and procedures. Each region also designates certain plants as black start units. The controls used on a black start unit include a DC auxiliary support system, an ignition source, a gas turbine and a diesel generator.
Carlo Barrera, senior consulting engineer at PAL Turbine Services LLC, has overseen several conversions of gas turbines to have black start capabilities, including projects for Puget Sound Energy and Massachusetts Municipal Wholesale Electric Co. For the city of Gardner, Kan., PAL installed its own programmable logic controller for turbine control. At a later date, black start capability was incorporated and proved out using a load bank.
Barrera said the DC auxiliary support system is perhaps the most important part of the control system. The battery system must have enough capability to provide DC power for multiple start attempts in case the gas turbine fails to start or fire the first time. “The battery systems need to have the capability in reserve power for two or three firing attempts if a true blackout emergency happens, since gas turbines don’t always start on the first attempt in a blackout situation,” Barrera said.
When the loss of AC power in the grid is noticed on a black-start turbine, an undervoltage relay initiates the start of numerous DC motor-driven auxiliaries. Devices like the turbine lube oil pump, liquid fuel forwarding pump, atomizing air compressor, starting clutch, diesel starting motor and shaft turning ratchet all require DC power to operate. DC auxiliary support system suppliers include GE, Siemens and ABB.
Source: Black Start: Preparedness for Any Situation
Feb 17 2021
5 Top Technology Tips for 21st Century College Students
Take Care of College Technology Addiction
Due to technology’s entertaining nature, you are likely to spend more than the recommended amount of time on it. If you find yourself taking more than 5 hours daily on social media websites, that is already a sign that you are leading towards technology addiction. In such a case, you may not focus on college academic work. Consequently, you may record unimpressive grades.
You need to find a way to deal with such an addiction. Create a plan with the specific hours you intend to spend on different daily activities. Stick to your routine and fight the urge to use your phone at inappropriate times. Ensure you have hit your daily targets before you use your tablet.
The trick is to ensure you maintain your focus. Besides, do not forget about face-to-face communication. Find time to spend with your friends. You can leave your technological devices in one location and travel to a different destination. It helps to ensure that you can live without these devices without feeling uncomfortable.
Safeguard Your Identity as You Surf Online
Although the internet has numerous advantages, there are also pitfalls to its use. For example, some tech-savvy people have the expertise to find people’s passwords within minutes. If you are a lazy person who prefers simple passwords, you may become a victim. They can use this information to your detriment.
How do you ensure your details are safe as you work online? For every account you sign up for, use a strong password. It could be a mixture of lower and uppercase letters, numbers, and special characters. Where possible, use the two-step authentication feature.
What are the additional tips that can help you? When entering an account password, ensure there is no one peeking over your shoulders. Do not allow untrustworthy people to use your devices. Additionally, do not click suspicious links.
5 Top Technology Tips for 21st Century College Students
Feb 11 2021
Is your business ready for the new world?
There is light at the end of the tunnel with Covid-19 and businesses will need to be ready for whatever it may bring. Perhaps not a business as usual or will it be a case of your customers may want to reduce their vendors and their services. In 2021 customers may want to do business with a vendor who secures their information and have a better chance of surviving disaster.
Embracing an ISO standard (ISO 27001/2) can help differentiate you from your competitors and show you as a business that can cope in this new world, using ISO standards as foundation will show the world what type of company you are, doing security stuff more efficiently, as well as effectively.
Working with DISC InfoSec who have 20 years’ experience in helping Businesses in the USA to successfully achieve ISO Certification by:
- Advice and Guidance throughout the implementation and certification process
- Risk assessment of existing Management System and Gap Analysis
- Design, build and assess a tailor-made compliant ISO Management System
- Write up all the Policies, Procedures and Flowcharts
- ISMS manual with all the relevant clauses
- Internal Auditor Instructions and training if required
- Registration and Certification with a certificating Body of your choice
At DISC InfoSec we use International Register of Certificating Auditors (QSA/BSI) qualified Lead Auditors to carry out your implementation to ensure successful Certification.
DISC InfoSec ISO 27001 Assessment
DISC InfoSec ISO 27001 Consultants
Contact DISC InfoSec for any question
ISO 27001 implementation Titles
Feb 11 2021
Digital Security and 5G Security Architecture
Normal day-to-day life was brought to a halt by the COVID-19 pandemic, which greatly impacted the lives of virtually all people worldwide in unprecedented fashion. As people have stayed home and isolated themselves to avoid contracting and spreading the virus, there has been increased reliance on virtual connectivity due to a sharp increase in remote work and people performing their daily transactions over the internet.
This situation is now leading to an accelerated adoption of 5G architecture, resulting in a 5G-based Internet of Things (IoT) ecosystem. The 5G-based IoT ecosystem is a system of connected devices that reside on the 5G network. The benefits of the 5G network include providing new technology capabilities, allowing for higher productivity compared to previous mobile technologies, transferring and delivering 1,000x higher mobile data volume per area between devices, connecting a higher number of devices with a higher user data rate, providing 10x longer battery life for low power massive machine communications, and 5x reduced End-to-End (E2E) latency.
Due to the increased digital usage and the already existing risks and threats associated with current and previous cellular network technologies, there has been a higher number of data breaches and cyberattacks, with malicious actors taking advantage of citizens and businesses during the pandemic. Some of these identified risks/threats that lead to data breaches and cyber-attacks include:
- Bidding down attacks, which weaken existing authentication mechanisms
- Malicious network connections to networks by rogue user devices
- Pretense of user devices roaming on networks
- Sensitive data vulnerability due to poor data encryption or no encryption
- Higher risk of attackers due to new remote access threats
- Authentication traffic spikes due to acts by malicious actors
Source: Digital Security and 5G Security Architecture
Feb 08 2021
Security in the Digital World
This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to: picture\4864.jpeg
* Keep your information secure
* Put the necessary controls on your home network, protecting your family from cyber crime
* Prevent identity theft when shopping online or using contactless payment
* Keep your children safe when using the Internet.
Feb 08 2021
Holistic InfoSec For Web Developers
![Holistic InfoSec For Web Developers: Physical and People (Fascicle 0) by [Kim Carter, Russ McRee, Leanne Carter, Simon Bennetts]](https://m.media-amazon.com/images/I/51YryVRT2sL.jpg)
This book begins by taking the reader to the 30,000′ view, so you can start to see the entire security landscape. I then attempt to explain a very simple threat modelling approach that I believe Bruce Schneier created, called the Sensible Security Model (SSM). We take the learnings from the first chapter and apply them to lower levels. I detail how to setup a security focussed distribution with all the tools and configuration options required for working through the book. We then walk through the Process and Practises that the attacker often execute, and we take the learnings from that and train the defenders on how they can bring the finding of defects from the most expensive place to the cheapest place, within your Sprint cycles.
The rest of the book focusses on the specific area on the cover of this book.
My intention with “Holistic Info-Sec for Web Developers” is in many ways to help you answer your own questions and show you that creating systems and arming people to withstand the types of attacks commonly encountered today is not our of reach of mere mortals. That by simply lifting the lower hanging fruit for an attacker often means they will move on to an easier target. Unless they are specifically targeting you. In which case you should find many of the risks and countermeasures I address, affective for increasing the difficulty for your attacker, and thus dramatically increasing your chances of defence and counter-attack.
Fascicle 0 focusses on:
1. The chosen threat modelling approach
2. Setting up your tool-belt
3. The process of penetration testing
4. A collection of processes and practises formulated from penetration testing, useful for augmenting each and every Scrum Sprint
5. Physical and People security
Holistic InfoSec For Web Developers: Physical and People
Feb 04 2021
9 Course Ethical Hacking Bundle
![9 Course Ethical Hacking Bundle [PC/Mac Online Code]](https://images-na.ssl-images-amazon.com/images/I/51EQWIKoa%2BL._AC_.jpg)
Learn Ethical Hacking & Cyber Security with this training bundle This ’9 Course Ethical Hacking Bundle’ from Total Training is for beginners and IT pros looking to learn how to protect sites against cyber threats. Learn about Firewalls, Social Engineering, Cyber Anonymity, Cryptography, and more.
With this 9 Course Ethical Hacking Bundle, you will get the training you need to land an entry level Cyber Security position paying upwards of six figures! There are currently over a million Cyber Security job openings globally, and demand is greatly outpacing supply – which means more opportunity, job security, and higher pay for you!
9 Course Ethical Hacking Bundle
Courses Included:
Ethical Hacking: Social Engineering
Ethical Hacking: Recon and Footprinting
Ethical Hacking: Malware Development
Ethical Hacking: Honeypots, IDS and Firewalls
Ethical Hacking: Hacking Databases
Ethical Hacking: Hacking Applications
Ethical Hacking: Cyber Anonymity
Ethical Hacking: Cryptography for Hackers
Ethical Hacking: Wireless Hacking
Jan 31 2021
SIM National Unpacking the Hack
In this SIM DigiRisk Town Hall this panel of seasoned CIOs will share some of their valuable tips and advice for approaching this for your company.
Jan 27 2021
Security in the digital world
This must-have guide features simple explanations, examples, and advice to help you be security-aware online in the digital age. Learn how to:
* Keep your information secure
* Put the necessary controls on your home network, protecting your family from cyber crime
* Prevent identity theft when shopping online or using contactless payment
* Keep your children safe when using the Internet.
Jan 27 2021
Law enforcement announced global action against NetWalker Ransomware
A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators.
Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations.
“The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransomware known as NetWalker.” reads the press release published by DoJ.
“NetWalker ransomware has impacted numerous victims, including companies, municipalities, hospitals, law enforcement, emergency services, school districts, colleges, and universities. Attacks have specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”
The group has been active since 2019, the NetWalker ransomware has been offered with the Ransomware-as-a-Service (RaaS) model.
The list of victims of the group is long, it includes Pakistan’s largest private power company K-Electric, Argentina’s official immigration agency, Dirección Nacional de Migraciones, and the University of California San Francisco (UCSF), the latter paid a $1.14 million ransom to recover its files.
Jan 26 2021
Ghost hack – criminals use deceased employee’s account to wreak havoc
Many, if not most, organisations will tell you that they have processes and procedures that they follow when employees leave.
In particular, most companies have a slick and quick procedure for removing ex-staff from the payroll.
Firstly, it doesn’t make economic sense to pay someone who is no longer entitled to the money; secondly, many countries require employers to withold payroll taxes automatically, to pay them in promptly, and to account for them accurately.
Why get into trouble with the tax office over former employees when you can have a simple “staff leaving” checklist that will help to keep you compliant and solvent at the same time?
Unfortunately, we’re not always quite so switched on (or, to be more precise, not quite so good at switching things off) when it comes to ex-staff and cybersecurity.
History is full of stories of havoc wreaked by ex-employees who maintained both their grudges and their paswords or access tokens after being fired or laid off.
Some of these revenge attacks have acquired legendary status, like the man from the splendidly named town of Maroochydore in Maroochy Shire in Queensland, Australia, who used insider information and a purloined computer to “hack” the council’s waste management system.
This crook quite literally, if you will pardon the expression, showered the shire with… well, with 1,000,000 litres of raw sewage, by operating all the right pumps in all the wrong ways.
As amusing as this crime sounds with 20 years of hindsight – it happened in the year 2000 – the disgruntled former contractor caused an environmental hazard, including polluting a tidal canal, that took days to clean up.
He was caught, tried and convicted of 27 counts of unauthorised computer access, and one count of wilfully and unlawfully causing serious environmental harm:
“Marine life died, the creek water turned black and the stench was unbearable for residents,” said Janelle Bryant, investigations manager for the Australian Environmental Protection Agency.
Then there was the US sysadmin who was fired in 2009 and decided to get his own back by planting keyloggers on his former employee’s network, harvesting passwords until he had access to the accounts of senior staff, and then remotely hacking into a presentation by the CEO to the board of directors.
Source: Ghost hack
« Previous Page — Next Page »
