InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Mar 04 2019
IT Governance Ltd, the world’s one-stop shop for ISO27001 information, books, toolkits, training and consultancy for ISO27001 Information Security Management, has now sold 1,034 copies of its ISO27001 ISMS Documentation Toolkit.
“We estimate that between 5% and 10% of all ISO27001-certified organisations worldwide have drawn on the comprehensive, best practice templates contained in our ISO27001 Toolkit,” commented Alan Calder, CEO of IT Governance.
Mar 04 2019
The workforce and skills gap in cybersecurity continues to plague organizations.
Source: RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions | Threatpost
Mar 03 2019
ISO27002: 2013 compliant! This tool has a very specific, high-level purpose in any ISMS project, which is to quickly and clearly identify the controls and control areas in which an organization does not conform to the requirements of the standard.
Use this self-assessment tool to quickly and clearly identify the extent to which your organization has implemented the controls and addressed the control objectives in ISO 27002.
Special offer: Get two gap analysis tools for the price of one!
Complete your gap analysis with the ISO 27002:2013 ISMS Controls Gap Analysis Tool.
Buy the ISO 27001:2013 ISMS Gap Analysis Tool and get this tool for free!
Use the following code at the checkout when you buy the ISO 27001:2013 ISMS Gap Analysis Tool and the ISO 27002:2013 ISMS Controls Gap Analysis Tool will automatically be added to your shopping cart: B1G1GAP*
Mar 03 2019
BeEF [Browser Exploitation Framework] is a penetration testing tool which focuses strongly on the web browsers. BeEF passes the hardened network perimeters.
Source: Hacking with BeEf – Stealing Social Media Credentials
Mar 02 2019
Cyber Defense Magazine October 2018 Edition has arrived. MARCH 2019 EDITION (RSA CONFERENCE PRINT EDITION & E-MAG COMING NEXT WEEK)
Source: Cyber Defense Magazine – March 2019 has arrived. Enjoy it!
Mar 01 2019
Make sure you can surf safely
In a nutshell, a VPN establishes a secure, encrypted connection between your device and a private server, hiding your traffic from being seen by others. Of course, the VPN itself can still see your traffic, which is why you should choose a VPN from a company you trust. (A good rule of thumb is to avoid free VPNs, because if they’re not charging you a fee, they may be monetizing in some less desirable way.) In addition, law enforcement can get its hands on your information through the VPN company. However, for the most part, a VPN offers you a way to hide your online activity from others.
Source: How to set up a VPN
Mar 01 2019
RV110W, RV130W, RV215W need patching to close remote hijacking bug
Mar 01 2019
A botnet is a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Source: What is a botnet? And why they aren’t going away anytime soon
Feb 28 2019
A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows could allow elevation of privilege
Source: Cisco WebEx Meetings affected by a new elevation of privilege flaw
Feb 28 2019
In its annual security intelligence report, Microsoft offers up its top tips for blocking out hackers.
Source: Microsoft: Do these things now to protect your network | ZDNet
Feb 27 2019
Researchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacks
Source: Thunderclap flaws allow hacking most of modern computers
Feb 26 2019
Huawei may well be causing excitement with its foldable smartphone, the Mate X, but the company’s troubles in the US continue. The American government has already banned the use of some Huawe…
Source: Senators want Huawei equipment removed from US power grid because of security concerns
Feb 26 2019
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.Amid growing concerns about web-borne
Source: Beef : The Browser Exploitation Framework Project
Feb 25 2019
MarioNet attack lets hackers create botnets from users’ browsers.
Source: New browser attack lets hackers run bad code even after users leave a web page | ZDNet
Feb 25 2019
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.
Source: Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
Feb 22 2019
A viral tweet prompted closer scrutiny.
Source: Discovery of cameras built into airlines’ seats sparks privacy concerns
Feb 21 2019
Digital Shadows’ Photon Research Team has found that cybercriminals have diversified their extortion methods, and the threat landscape is as wide and varied as it’s ever been.
Source: A Tale of Epic Extortions – How Cybercriminals Monetize Our Online Exposure
Feb 20 2019
The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.
Feb 20 2019
Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services.
Source: Phishers’ new trick for bypassing email URL filters – Help Net Security
Feb 19 2019
It’s tax season, and with it comes Tax Scams. Stay Cyber Aware and Cyber Safe.
“Thousands of people have lost millions of dollars and their personal information to tax scams. Scammers use the regular mail, telephone, or email to set up individuals, businesses, payroll and tax professionals.
The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Recognize the telltale signs of a scam.” See also: How to know it’s really the IRS calling or knocking on your door
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/02/TaxScam-1.pdf” title=”TaxScam”]
