DISC InfoSec blog

https://www.crowdstrike.com/blog/9-ways-a-public-sector-ciso-uses-crowdstrike-identity-threat-protection/ Identity isn’t a security problem — it’s the security problem.  This was the takeaway from my recent meeting with a local government CISO in the Washington, D.C. area. Tasked with protecting infrastructure, including the fire and police departments, the CISO turned to CrowdStrike a year ago for endpoint and identity protection. The CISO outlined the main challenge […]

Going into 2023, cybersecurity is still topping the list of CIO concerns. This comes as no surprise. In the first half of 2022, there were 2.8 billion worldwide malware attacks and 236.1 ransomware attacks. By year end 2022, it is expected that six billion phishing attacks will have been launched. SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic) […]

I’ve been meaning to talk more about what I actually do, which is help the teams within Microsoft who are threat modeling (for our boxed software) to do their jobs better.  Better means faster, cheaper or more effectively.  There are good reasons to optimize for different points on that spectrum (of better/faster/cheaper) at different times in different […]

An IRONSCALES survey published in October 2021 shows over 80% of respondents experienced an increase in email phishing attacks since the start of the pandemic. Phishing involves the utilization of legitimate-looking emails to steal the login credentials or other sensitive information of a target organization. While it’s just as much a risk for small and […]

In the private sector, hackers and cybercriminals are prone to leaving organizations with good security infrastructures alone. Because they often go after low-hanging fruit, hacking into a well-protected network is perceived as more trouble than it’s worth. But the public sector is a different matter entirely. The government and government agencies have access to assets […]

I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual […]

Table of Contents InfraGard DHS CISA Automated Indicator Sharing Abuse.ch AlienVault COVID-19 Cyber Threat Coalition Feeds BlockList.de Phishtank Verified Online Url Feeds Proofpoint Emerging Threats Rules The CINS Score SANS Internet Storm Center VirusTotal Cisco Talos Intelligence The Spamhaus Project VirusShare Malware Repository Google Safe Browsing Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on […]

Threat actors are actively exploiting public cloud services from Amazon and Microsoft to spread RATs such as Nanocore, Netwire, and AsyncRAT used to steal sensitive information from compromised systems. The malware campaign was spotted by Cisco Talos in October 2021, most of the victims were located in the United States, Italy and Singapore. Threat actors leverages cloud services like […]

Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source build toolset for managed code as well as native C++ code and was part of .NET Framework. It is used for building apps and gives users […]

SANS 2021 Top New Attacks and Threat Report Download System Security Threats | Computer Science Posters

2022 is going to be a year of building greater resiliency and integrating this into all aspects of business operations. This will require organizations of all levels to review how they are responding to a larger scale of sophisticated threats. To build on the efforts of 2021, CISOs need to address how they can implement […]

Last month, my wife was contacted by a phisher, mascaraing as someone from social security. This threat actor made an attempt to obtain her social security number using the threat of fraud investigation to verify her social security number. Because of my background in security, I was able to act quickly to prevent her from […]

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access. Even if the vulnerabilities […]

FireEye published its M-Trend 2021 report based on the data collected during the investigation, 650 new threat groups were tracked in 2020 FireEye published its annual report, titled M-Trend 2021, which is based on the data collected during the investigation on security incidents it managed. Most of the incidents investigated by Mandiant (59%) in 2020 […]

Attackers increasingly try to confuse and bypass machine-learning systems. So the companies that deploy them are getting creative. Source: Facebook’s ‘Red Team’ Hacks Its Own AI Programs

Intro: No software project is complete without testing. In this blog series, we’ll cover how to test if your Threat Hunting platform can detect common threats.[…] Source: Threat Simulation Overview and Setup – Active Countermeasures Why You Need Threat Hunting! Cyber Threat Hunting: Identify and Hunt Down Intruders Real-Time Threat Hunting – SANS Threat Hunting […]

  Threat Modeling for Data Protection When evaluating the security of an application and data model ask the questions: What is the sensitivity of the data? What are the regulatory, compliance, or privacy requirements for the data? What is the attack vector that a data owner is hoping to mitigate? What is the overall security […]