Nov 03 2020

Privacy-focused Brave browser grew over 130% in the past year

Category: Information Privacy,Web SecurityDISC @ 1:07 pm

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its ‘Stable’ version.

Source: Privacy-focused Brave browser grew over 130% in the past year



Brave Browser Review 2020: Should you make the switch?
httpv://www.youtube.com/watch?v=cQuTwpUFIXU&ab_channel=dottotech



Why you should download Brave Browser NOW!

Tags: data privacy, Information Privacy, loss of privacy

Nov 02 2020

Cyber Security Training Courses

Category: cyber security,Security Awareness,Security trainingDISC @ 11:17 pm

Cyber Security Training Courses via Simpliv

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2020/11/Simpliv-Links.pdf” title=”Simpliv Links”]

To review each course download a pdf of Cyber Security Training Courses

Tags: Cyber Security Training Courses

Nov 01 2020

Open Shell brings back the glory days of the Windows Start Menu

Category: Windows SecurityDISC @ 11:14 pm

Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8.

Source: Open Shell brings back the glory days of the Windows Start Menu



Make Your Start Menu Look Like Windows 7 With Open Shell
httpv://www.youtube.com/watch?v=WlBVCNHB8uQ&ab_channel=majorgeeks

Tags: Open Shell, Windows Start Menu

Oct 30 2020

In a first, researchers extract secret key used to encrypt Intel CPU code

Category: Crypto,CryptograghyDISC @ 2:49 pm

Hackers can now reverse-engineer updates or write their own custom firmware.

Source: In a first, researchers extract secret key used to encrypt Intel CPU code

Oct 29 2020

Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery

Category: RansomwareDISC @ 2:05 pm

A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals.

Source: Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery



Understanding malware as a service
httpv://www.youtube.com/watch?v=VoOJaKZvZ-o&ab_channel=BitdefenderOEM



MaaS Chaos. Is Malware-as-a-Service Growing?
In the legitimate business world, there’s something known as Software-as-a-Service, or SaaS. Here’s a definition: A software licensing-and-delivery model in which centrally located and controlled software is made available and licensed/rented on a subscription basis by users. SaaS clients are generally businesses.

Now, organized online crooks have moved into that space and business model too. It didn’t take long for that large-scale approach to not only hit the Internet, but to create a lucrative malware business for criminals who are selling viruses and more to anyone who wants it and is willing to pay for it. It’s “MBA-like” thinking for the purpose of making money by committing technologically based crimes.

Malware-as-a-Service is the latest term for the business of a network of sophisticated cyber-crooks providing illegal services, for a fee.



One of the reasons that cybercrime has grown so rapidly is that the criminals at the top of the “food chain” have built scalable business models for their crimes. This allows experienced hacking groups to collaborate, and new criminals to leverage the resources of veteran hackers. “Crime-as-a-service” is nothing new, but the tools change rapidly as crimeware developers work to exploit the latest vulnerabilities and stay ahead of security. The Emotet banking trojan has emerged as a leader in providing malware delivery services to other hacking groups, and you will want to make sure you understand and defend against this threat.

Emotet emerges as a leader in Malware-as-a-Service

Tags: Emotet, malware-as-a-service

Oct 27 2020

Google Mending Another Crack in Widevine

Category: data securityDISC @ 12:05 pm

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management (DRM) technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated.

The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. Google says the weakness does not affect L1 and L2 streams, which encompass more high-definition video and audio content.

“As code protection is always evolving to address new threats, we are currently working to update our Widevine software DRM with the latest advancements in code protection to address this issue,” Google said in a written statement provided to KrebsOnSecurity.

In January 2019, researcher David Buchanan tweeted about the L3 weakness he found, but didn’t release any proof-of-concept code that others could use to exploit it before Google fixed the problem.

Source: Google Mending Another Crack in Widevine




Tags: digital rights management, DRM

Oct 26 2020

Botnet Infects Hundreds of Thousands of Websites

Category: BotnetDISC @ 9:02 pm

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.

The botnet, dubbed KashmirBlack, uses a modular infrastructure that includes features such as load balancing communications with command-and-control servers and storing files on cloud storage services, such as Dropbox and GitHub, to speed access to any new code updates for the systems infected with the software. The KashmirBlack botnet mainly infects popular CMS platforms, exploiting dozens of known vulnerabilities on targeted servers and performing millions of attacks per day on average, according to a pair of reports published by Imperva researchers today.

Source: Botnet Infects Hundreds of Thousands of Websites



CyberHub Podcast – Practitioner Brief 10-26-20 Emotet upgrades, Kashmirblack & ransomware surge
httpv://www.youtube.com/watch?v=2td9wQ4LleY&ab_channel=TheCyberHubPodcast




Oct 21 2020

PayPal to allow cryptocurrency buying, selling and shopping on its network

Category: Crypto,CryptograghyDISC @ 10:36 am

PayPal Holdings Inc joined the cryptocurrency market on Wednesday, allowing customers to buy, sell and hold bitcoin and other virtual coins using the U.S. digital payments company’s online wallets.

Source: PayPal to allow cryptocurrency buying, selling and shopping on its network



PayPal to Allow Cryptocurrency Buying, Selling and Shopping on its Network ₿₿₿
httpv://www.youtube.com/watch?v=QdOvU6YzNbU&ab_channel=RulesForRebels







Tags: cryptocurrency, PayPal

Oct 19 2020

Hackers hijack Telegram, email accounts in SS7 mobile attack

Category: HackingDISC @ 3:12 pm

Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business.

Source: Hackers hijack Telegram, email accounts in SS7 mobile attack



Telegram SS7 attack
httpv://www.youtube.com/watch?v=dkvQqatURdM&ab_channel=ThomasBrewster

Oct 15 2020

Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Category: Data Breach,Security BreachDISC @ 8:44 am

Nook, line and sinker: Servers restored from backups, punters unable to download purchased e-books

Source: Confirmed: Barnes & Noble hacked, systems taken offline for days, miscreants may have swiped personal info

Oct 12 2020

Microsoft and others orchestrate takedown of TrickBot botnet

Category: BotnetDISC @ 9:41 pm

FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, Symantec, and the Microsoft Defender team participated in the takedown.

Source: Microsoft and others orchestrate takedown of TrickBot botnet | ZDNet



Microsoft takes action against Trickbot ransomware attacks
httpv://www.youtube.com/watch?v=39MFGABNf2U&ab_channel=CBCNews%3ATheNational

Tags: botnet, TrickBot

Oct 09 2020

So you thought your personal data was deleted? Not so fast

Category: Information PrivacyDISC @ 4:37 pm

Here’s why it may be impossible to delete your personal information from Houseparty and other social media services – despite privacy legislation!

Source: So you thought your personal data was deleted? Not so fast | WeLiveSecurity



How to erase your iPhone — Apple Support
httpv://www.youtube.com/watch?v=zX4xvkJDHVw&ab_channel=AppleSupport

Oct 08 2020

Massachusetts school district shut down by ransomware attack

Category: RansomwareDISC @ 11:13 pm

The Springfield Public Schools district in Massachusetts has become the victim of a ransomware attack that has caused the closure of schools while they investigate the cyberattack.

Source: Massachusetts school district shut down by ransomware attack



FBI warning schools to create a ransomware attack plan
httpv://www.youtube.com/watch?v=riLtsU9IKiI&ab_channel=News5Cleveland



Oct 06 2020

HP Printer Bug Bounty Expands To Include Cartridge Security

Category: cyber securityDISC @ 11:06 pm

Including HP Official Ink and Toner cartridge security, HP announced rewards up to $10,000 under the new printer bug bounty program.

After pioneering a bug rewards program for printer security, HP takes another step in this direction. As announced, HP has expanded its bug bounty program for printers to include cartridge security vulnerabilities.

Source: HP Printer Bug Bounty Expands To Include Cartridge Security

Tags: Bug Bounty, Cartridge Security

Oct 05 2020

Hackers claim they can now jailbreak Apple’s T2 security chip

Category: Jail breakDISC @ 10:54 pm

Jailbreak involves combining last year’s checkm8 exploit with the Blackbird vulnerability disclosed this August.

Source: Hackers claim they can now jailbreak Apple’s T2 security chip | ZDNet



How to Disable T2 Security
httpv://www.youtube.com/watch?v=rzjXgPmVtdQ



👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Oct 04 2020

Clinical Trials Hit by Ransomware Attack on Health Tech Firm

Category: RansomwareDISC @ 9:53 pm

No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on healthcare computer networks.

A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that has slowed some of those trials over the past two weeks.

The attack on eResearch Technology, which has not previously been reported, began two weeks ago when employees discovered that they were locked out of their data by ransomware, an attack that holds victims’ data hostage until they pay to unlock it. ERT said clinical trial patients were never at risk, but customers said the attack forced trial researchers to track their patients with pen and paper.

Source: Clinical Trials Hit by Ransomware Attack on Health Tech Firm

 

 
Clinic.al Trials Hit by Ransomware Attack on Health Tech Firm
httpv://www.youtube.com/watch?v=9wYhmwTtZ3w&ab_channel=NewsHotDailyc


👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

 

Oct 02 2020

The Cybersecurity Maturity Model Certification (CMMC)

Category: Cyber maturityDISC @ 1:32 pm

CMMC – A pocket guide | Available now for pre-order 📢

Suitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.

A clear, concise primer on the CMMC (Cybersecurity Maturity Model Certification), this pocket guide:

  • Summarizes the CMMC and proposes useful tips for implementation
  • Discusses why the scheme has been created
  • Covers who it applies to and why being non-compliant will result in missed business opportunities
  • Highlights the requirements for achieving and maintaining compliance

Available for pre-order! Buy today and we’ll email you as soon as The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide becomes available on 11/10/2020. Buy Now

 

Tags: CMMC

Oct 02 2020

How cyber security can protect your business

Category: cyber security,Security Awareness,Security ProfessionalDISC @ 1:08 pm

Christopher Wright is one of IT Governance Publishing’s most prolific writers, having released five books with us over the past six years.

His work covers many different topics, including advice on organizational cyber security, project management and risk management auditing.

In How Cyber Security Can Protect Your Business – A guide for all stakeholders, Wright provides an effective and efficient framework to help organizations manage cyber governance, risk and compliance.

How Cyber Security Can Protect Your Business

Businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously. Wright’s pocket guide:

  • Explains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape;
  • Gives strategic, business-focused guidance and advice relevant to C-suite executives;
  • Provides an effective and efficient framework for managing cyber governance, risk and compliance; and
  • Makes clear what is required to implement an effective cyber security strategy.

Receive 15% off all of Christopher Wright’s books throughout October by entering the voucher code WRIGHT15 at the checkout.
How Cyber Security Can Protect Your Business - A guide for all stakeholders
 

            Buy now

 




Oct 01 2020

List of data breaches and cyber attacks in September 2020 – 267 million records breached 

Category: Cyber Attack,Data BreachDISC @ 10:09 am

Take a look at the top data breaches and cyber attacks in September, as well as our full list of 102 incidents.

Source: List of data breaches and cyber attacks in September 2020 – 267 million records breached – IT Governance UK Blog


    Data Breaches: Crisis and Opportunity

Sep 29 2020

12 Bare-Minimum Benchmarks for AppSec Initiatives

Category: App SecurityDISC @ 1:40 pm

The newly published Building Security in Maturity Model provides the software security basics organizations should cover to keep up with their peers.

As application security methodology and best practices have evolved over more than a decade, the Building Security in Maturity Model (BSIMM) has been there each year to track how organizations are making progress. BSIMM11, released last week by Synopsys, is based on the software security practices in place at 130 different firms across numerous industries, including financial services, software, cloud, and healthcare.

The practices were measured by the model’s proprietary yardstick, which lumps 121 different software security metrics into four major domains: governance, intelligence, secure software development lifecycle (SSDL) touchpoints, and deployment. Each of these domains are further broken down into three practice categories containing numerous activities that slide from simple to very mature.

Similar to previous reports, BSIMM11 shows that most organizations are at the very least hitting the basics — including activities like performing external penetration testing and instituting basic software security training across development organizations. The following are the most common activities cited for each practice category, providing an excellent yardstick for the bare minimum that organizations should be doing to keep up with their peers.

Source: 12 Bare-Minimum Benchmarks for AppSec Initiatives







DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Download a Security Risk Assessment Steps paper!

« Previous PageNext Page »