DISC InfoSec blog

Apr 23 2019

Ten Must-Have CISO Skills

Category: CISO — DISC @ 10:23 am

Source: Ten Must-Have CISO Skills – By Darren Death

Recommended titles for CISO

CISO’s Library

CISOs and the Quest for Cybersecurity Metrics Fit for Business

CISO should have answers to these questions before meeting with the senior management.

What are the top risks
Do we have inventory of critical InfoSec assets
What leading InfoSec standards and regulations apply to us
Are we conducting InfoSec risk assessment
Do we have risk treatment register
Are we testing controls, including DR/BCP plans
How do we measure compliance with security controls
Do we have data breach response plan
How often we conduct InfoSec awareness
Do we need or have enough cyber insurance
Is security budget appropriate to current threats
Do we have visibility to critical network/systems
Are vendor risks part of our risk register

Subscribe in a reader

Comments (1)

Apr 21 2019

Stuxnet Malware Analysis

Category: Malware — DISC @ 6:15 pm

Stuxnet Malware Analysis By Amr Thabet

Subscribe in a reader

Tags: advanced malware, Advanced persistent threat, Stuxnet

Comments (0)

Apr 20 2019

Every Linux Networking Tool

Category: Network security,Security Tools — DISC @ 4:31 pm

Every Linux Networking Tool – By Julia Evans

No alt text provided for this image

Subscribe in a reader

Tags: Hacker (computer security), Linux Networking Tool, Network tools, security tools

Comments (0)

Apr 19 2019

Malware Analysis

Category: Malware — DISC @ 12:17 pm

Malware Analysis

Malware Analysis: An Introduction – SANS.org

Introduction to Malware Analysis | SANS Lenny Zeltser

Five Awesome Tools to perform Behavioural Analysis of Malware

Earlier posts on Malware | DISC InfoSec blog

Subscribe in a reader

Tags: complex malware, Malware, malware 2.0

Comments (0)

Apr 18 2019

What CISO does for a living

Category: CISO — DISC @ 9:14 am

What CISO does for a living by Louis Botha

It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/04/CISO-does-for-living.pdf” title=”CISO does for living”]

Download of What CISO does for a living (pdf)

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?

CISO should have answers to these questions before meeting with the senior management.

What are the top risks
Do we have inventory of critical InfoSec assets
What leading InfoSec standards and regulations apply to us
Are we conducting InfoSec risk assessment
Do we have risk treatment register
Are we testing controls, including DR/BCP plans
How do we measure compliance with security controls
Do we have data breach response plan
How often we conduct InfoSec awareness
Do we need or have enough cyber insurance
Is security budget appropriate to current threats
Do we have visibility to critical network/systems
Are vendor risks part of our risk register

Subscribe in a reader

Tags: Chief Information Security Officer, CISO

Comments (1)

Apr 17 2019

Two-factor authentication: A cheat sheet

Category: 2FA,Cheat Sheet — DISC @ 10:55 am

A password alone will not protect sensitive information from hackers–two-factor authentication is also necessary. Here’s what security pros and users need to know about two-factor authentication.

Source: Two-factor authentication: A cheat sheet

Subscribe in a reader

Tags: 2FA, two factor auth

Comments (0)

Apr 16 2019

Google’s location history data shared routinely with police

Category: Information Privacy — DISC @ 2:18 pm

Law enforcement officials in the US have been routinely mining Google’s location history data for criminal investigations.

Source: Google’s location history data shared routinely with police

Subscribe in a reader

Comments (0)

Apr 15 2019

Hackers could read non-corporate Outlook.com, Hotmail for six months

Category: Email Security — DISC @ 7:42 pm

Hackers and Microsoft seem to disagree on key details of the hack.

Source: Hackers could read non-corporate Outlook.com, Hotmail for six months

Subscribe in a reader

Comments (0)

Apr 15 2019

Internet Explorer flaw leaves Windows users vulnerable to hackers — even those who don’t use the browser

Category: Web Security — DISC @ 11:24 am

A zero-day exploit found in Internet Explorer means hackers could steal files from Windows users. What’s particularly interesting about this security flaw is that you don’t even need to…

Source: Internet Explorer flaw leaves Windows users vulnerable to hackers — even those who don’t use the browser

Comments (0)

Apr 14 2019

Insider Threat Report

Category: Insider Threat — DISC @ 3:29 pm

Insider Threat Report – Out of sight should never be out of mind

Tags: Insider Threat Report

Comments (0)

Apr 13 2019

Anatomy of a spearphishing attack

Category: Phishing — DISC @ 2:12 pm

Anatomy of a spear phishing attack

You may be wondering what it takes to send this type of attack. This is not trivial, and can only be done by someone trained in advanced hacking techniques. We will first take a look at the steps required to send an attack, and then we’ll look at steps to mitigate this threat. For the (simplified) attack steps we am freely borrowing from a great blog post by Brandon McCann, a well-known pentester.

Spear Phishing | KnowBe4

Image result for spear phishing attack

Beyond the Nigerian Prince: A How-To Guide to Modernizing Phishing Defenses | Webinar

Comments (0)

Apr 12 2019

‘Dragonblood’ Flaw In WPA3 Lets Hackers Easily Grab Your Wi-Fi Passwords

Category: Wi-Fi Security — DISC @ 2:55 pm

In a research paper titled Dragonblood, published by security researchers Mathy Vanhoef and Eyal Ronen, it has been revealed that WPA3’s secure handshake called Simultaneous Authentication of Equals (SAE), commonly known as Dragonfly, is affected by password partitioning attacks.

Source: ‘Dragonblood’ Flaw In WPA3 Lets Hackers Easily Grab Your Wi-Fi Passwords

Artist's impression of wireless hackers in your computer.

Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords

Multiple Vulnerabilities in WPA3 Protocol

Tags: Wi-Fi security, WPA3

Comments (0)

Apr 11 2019

Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi

Category: Wi-Fi Security — DISC @ 2:06 pm

Public Wi-Fi is rife with security risks, and cybersecurity professionals aren’t taking any chances, according to a Lastline report.

Source: Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi

05 public wifi wi-fi

The risks of public Wi-Fi

Tags: Information Privacy, PII security, Wi-Fi, wireless network security

Comments (0)

Apr 10 2019

How to achieve cyber resilience in 7 steps

Category: Cyber resilience — DISC @ 5:28 pm

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/04/Cyber-Resilience-in-7-Steps.pdf” title=”Cyber Resilience in 7 Steps”]

Cyber Resiliency Metrics | MITRE

Comments (0)

Apr 09 2019

LimeRAT spreads in the wild

Category: Malware — DISC @ 3:58 pm

Cybaze-Yoroi ZLab team spotted an interesting infection chain leveraging several techniques able to defeat traditional security defences and spread LimeRAT.

Source: LimeRAT spreads in the wild

2019 State of Malware | MalwareByte Labs