InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Mar 09 2019
Hot on the heels of disclosing a critical zero-day vulnerability in Chrome that was being exploited in the wild by attackers, Google has now uncovered another critical zero-day that is being used alongside it to take over Windows machines.
Source: Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7
Mar 07 2019
Does your organization need NIST, CSC, ISO, or FAIR frameworks? Here’s how to start making sense of security frameworks.
Source: How to choose the right cybersecurity framework
Mar 06 2019
Firefox gets another new feature from the Tor Uplift project started in 2016.
Source: Firefox to add Tor Browser anti-fingerprinting technique called letterboxing | ZDNet
Mar 05 2019
It didn’t require an account PIN to switch carriers. Everybody uses 0000, it said, making it easier for customers… and phone hijackers.
Source: Comcast security nightmare: default ‘0000’ PIN on everybody’s account
Mar 04 2019
IT Governance Ltd, the world’s one-stop shop for ISO27001 information, books, toolkits, training and consultancy for ISO27001 Information Security Management, has now sold 1,034 copies of its ISO27001 ISMS Documentation Toolkit.
“We estimate that between 5% and 10% of all ISO27001-certified organisations worldwide have drawn on the comprehensive, best practice templates contained in our ISO27001 Toolkit,” commented Alan Calder, CEO of IT Governance.
Mar 04 2019
The workforce and skills gap in cybersecurity continues to plague organizations.
Source: RSAC 2019: 58% of Orgs Have Unfilled Cyber Positions | Threatpost
Mar 03 2019
ISO27002: 2013 compliant! This tool has a very specific, high-level purpose in any ISMS project, which is to quickly and clearly identify the controls and control areas in which an organization does not conform to the requirements of the standard.
Use this self-assessment tool to quickly and clearly identify the extent to which your organization has implemented the controls and addressed the control objectives in ISO 27002.
Special offer: Get two gap analysis tools for the price of one!
Complete your gap analysis with the ISO 27002:2013 ISMS Controls Gap Analysis Tool.
Buy the ISO 27001:2013 ISMS Gap Analysis Tool and get this tool for free!
Use the following code at the checkout when you buy the ISO 27001:2013 ISMS Gap Analysis Tool and the ISO 27002:2013 ISMS Controls Gap Analysis Tool will automatically be added to your shopping cart: B1G1GAP*
Mar 03 2019
BeEF [Browser Exploitation Framework] is a penetration testing tool which focuses strongly on the web browsers. BeEF passes the hardened network perimeters.
Source: Hacking with BeEf – Stealing Social Media Credentials
Mar 02 2019
Cyber Defense Magazine October 2018 Edition has arrived. MARCH 2019 EDITION (RSA CONFERENCE PRINT EDITION & E-MAG COMING NEXT WEEK)
Source: Cyber Defense Magazine – March 2019 has arrived. Enjoy it!
Mar 01 2019
Make sure you can surf safely
In a nutshell, a VPN establishes a secure, encrypted connection between your device and a private server, hiding your traffic from being seen by others. Of course, the VPN itself can still see your traffic, which is why you should choose a VPN from a company you trust. (A good rule of thumb is to avoid free VPNs, because if they’re not charging you a fee, they may be monetizing in some less desirable way.) In addition, law enforcement can get its hands on your information through the VPN company. However, for the most part, a VPN offers you a way to hide your online activity from others.
Source: How to set up a VPN
Mar 01 2019
RV110W, RV130W, RV215W need patching to close remote hijacking bug
Mar 01 2019
A botnet is a collection of any type of internet-connected device that an attacker has compromised. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.
Source: What is a botnet? And why they aren’t going away anytime soon
Feb 28 2019
A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows could allow elevation of privilege
Source: Cisco WebEx Meetings affected by a new elevation of privilege flaw
Feb 28 2019
In its annual security intelligence report, Microsoft offers up its top tips for blocking out hackers.
Source: Microsoft: Do these things now to protect your network | ZDNet
Feb 27 2019
Researchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacks
Source: Thunderclap flaws allow hacking most of modern computers
Feb 26 2019
Huawei may well be causing excitement with its foldable smartphone, the Mate X, but the company’s troubles in the US continue. The American government has already banned the use of some Huawe…
Source: Senators want Huawei equipment removed from US power grid because of security concerns
Feb 26 2019
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.Amid growing concerns about web-borne
Source: Beef : The Browser Exploitation Framework Project
Feb 25 2019
MarioNet attack lets hackers create botnets from users’ browsers.
Source: New browser attack lets hackers run bad code even after users leave a web page | ZDNet
Feb 25 2019
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.
Source: Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
Feb 22 2019
A viral tweet prompted closer scrutiny.
Source: Discovery of cameras built into airlines’ seats sparks privacy concerns
