Adam Shostack

MAY 20, 2020

For example, I believe that patch management is way harder than you’d believe if you read infosec twitter, but so what? Related: My 2013 SIRA talk, “ Building a Science of Security “, “ Zeroing in on Malware Propagation Methods.” That would be exciting and actionable.

InfoSec 124

InfoSec Government Engineering Phishing 124

Adam Shostack

JANUARY 2, 2025

For example, I believe that patch management is way harder than you'd believe if you read infosec twitter, but so what? Related: My 2013 SIRA talk, " Building a Science of Security ", " Zeroing in on Malware Propagation Methods." That would be exciting and actionable.

InfoSec 100

InfoSec Government Engineering Phishing 100

Security Affairs

JULY 2, 2019

Malware is currently delivered from: 'hxxps://customermgmt.net/page/macrocosm' #cybersecurity #infosec — USCYBERCOM Malware Alert (@CNMF_VirusAlert) July 2, 2019. The alert refers to an ongoing activity aimed at infecting government networks by exploiting the CVE-2017-11774 Outlook vulnerability. South Korean, and Europe. .

Energy and Utilities 110

Energy and Utilities Malware Advertising InfoSec 110

Notice Bored

MAY 23, 2021

The most significant thing to report is that the project to revise the 3 rd (2013) edition of ISO/IEC 27002 appears on-track to reach final draft stage soon and will hopefully be approved this year, then published soon after (during 2022, I guess).

IoT 98

IoT InfoSec Risk 98

Notice Bored

FEBRUARY 24, 2022

Last week's release of a completely restructured ISO/IEC 27002:2022 has naturally prompted a rash of questions from anxious ISO27k users around the world about the implications for ISO/IEC 27001:2013, particularly on the certification aspects since '27002:2022 no longer aligns with '27001:2013 Annex A.

Information Security 63

Information Security Risk IoT InfoSec 63

Troy Hunt

JANUARY 10, 2018

I ended up moving this section after the miscellaneous one simply because of this: We've seen a 2016 copyright, a 2010 copyright and now a 2013 copyright published on a 2014 page! Blocking Paste. Again, see comments above re why this is odd.

Hacking 280

Hacking Government Encryption Risk 280

Troy Hunt

JUNE 15, 2023

" Thing is, "control" is a bit of a nuanced term; there are many people in roles where they don't have access to any of the above means of verification but they're legitimately responsible for infosec and responding to precisely the sorts of notifications HIBP sends out after a breach. Need more resources?

Accountability 272

Accountability Small Business InfoSec DNS 272

SC Magazine

MAY 17, 2021

Enter Project 2030, a collaboration between Oxford Visiting Researcher Victoria Baines and Trend Micro Vice President of Security Research Rik Ferguson, which uses a mixture of survey data and forward-thinking understanding of technology to predict the infosec concerns a decade from now.

Manufacturing 95

Manufacturing IoT Technology Artificial Intelligence 95

Notice Bored

FEBRUARY 20, 2022

Aside from restructuring and generally updating the controls from the 2013 second edition, the committee (finally!) The newly-published third edition of ISO/IEC 27002 is a welcome update to the primary ISO27k controls catalogue (officially, a 'reference set of generic information security controls').

IoT 102

IoT Information Security Risk Technology 102

Notice Bored

JUNE 5, 2022

b) and c)) and justification for inclusions, whether they are implemented or not, and the justification for exclusions of controls from Annex A; Point d) is the only reference to the S tatement o f A pplicability in ISO/IEC 27001 :2013 - a very succinct specification for such an important document, hence the reason for this blog piece.

Risk 72

Risk Information Security Accountability InfoSec 72

eSecurity Planet

AUGUST 9, 2022

M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”. See the Best Cybersecurity Awareness Training for Employees.

Data privacy 145

Data privacy Encryption Data breaches Insurance 145

Kali Linux

MARCH 28, 2023

Wednesday 13th, March 2013, 10 years ago, Kali Linux v1.0 A fresh start in March 2013. BackTrack Linux became Kali Linux in March 2013. Moto) first saw the light of day at Black Hat Europe 2013 and was based on Debian 7. In information security (infosec) there is the need to be on the latest version.

InfoSec 52

InfoSec Penetration Testing Architecture Software 52

eSecurity Planet

MAY 5, 2021

AttackIQ calls San Diego, California, home and started as an automated validation platform in 2013. DXC Technology has over 40 years of infosec experience, most of which as HPE’s Enterprise Services. Picus Security is a continuous security validation vendor located in San Francisco and founded in 2013. FireEye’s Mandiant.

Penetration Testing 67

Penetration Testing Risk Technology Marketing 67

Notice Bored

SEPTEMBER 23, 2020

One of the recurrent (zombie) threads on the ISO27k Forum concerns the status of ISO/IEC 27001:2013 Annex A. To kick off, I’ll emphasise the critical distinction between two key terms: Mandatory requirements are formally described in the main body of ISO/IEC 27001:2013.

Risk 52

Risk Information Security Accountability InfoSec 52

Notice Bored

AUGUST 25, 2020

Systematically checking through ISO/IEC 27001:2013 for all the documentation requirements is an interesting exercise. Some documents are identified explicitly in the standard and are clearly mandatory, while many others are only noted in passing, often in ambiguous terms or merely alluded-to.

Risk 52

Risk Information Security Cybersecurity InfoSec 52

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media 52

Media Hacking InfoSec Marketing 52

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media 52

Media Hacking InfoSec Marketing 52

Notice Bored

AUGUST 23, 2020

Yesterday I started preparing an ISMS communications plan to satisfy ISO/IEC 27001 :2013 clause 7.4, with a little help from the Web. Naturally I started out with the standard itself.

Information Security 52

Information Security Security Awareness Security Performance Risk 52

ForAllSecure

MARCH 1, 2022

Vamosi: One sunny morning in 2013. Vamosi: Within InfoSec there's an informal use of AppSec as well. In 2013, we only knew that someone calling themselves Dread Pirate Roberts was running the site. In infosec terms, he created an air gap for as part of his personal communications protocol. It's basic privacy hygiene.

Hacking 52

Hacking Mobile Cryptocurrency VPN 52

ForAllSecure

NOVEMBER 13, 2020

Fortunately I was covering security for ZDNet from day one, and eventually got pretty good at explaining infosec to others. No infosec Twitter or Discord. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. I started in journalism. Stok, he also started out more with more humble interests.

Hacking 40

Hacking InfoSec Internet Internet 40

ForAllSecure

NOVEMBER 12, 2020

Fortunately I was covering security for ZDNet from day one, and eventually got pretty good at explaining infosec to others. No infosec Twitter or Discord. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. I started in journalism. Stok, he also started out more with more humble interests.

Hacking 40

Hacking InfoSec Internet Internet 40

ForAllSecure

NOVEMBER 12, 2020

Fortunately I was covering security for ZDNet from day one, and eventually got pretty good at explaining infosec to others. No infosec Twitter or Discord. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work. I started in journalism. Stok, he also started out more with more humble interests.

Hacking 40

Hacking InfoSec Internet Internet 40

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY. Markstedter actively contributes to filling the infosec education gap. — Jack Daniel (@jack_daniel) October 10, 2018.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Boulevard

SEPTEMBER 30, 2022

Oxford University Press. [4]: 4]: Aristotle. Categories (H.P Cooke, Hugh Tredennick, Trans.). Loeb Classical Library 325. Harvard University Press. [5]: 5]: Graeber, Matthew. Out-Minidump. GitHub repository. [6]: 6]: Schroeder, William. GitHub repository. [13]: 13]: Delpy, Benjamin. Mimikatz sekurlsa::logonPasswords. GitHub repository. [8]

Engineering 40

Engineering InfoSec Information Security Threat Reports 40

ForAllSecure

SEPTEMBER 10, 2021

PPP wanted to give their past high school selves the infosec education they didn’t have. Megan Kerns of Carnegie-Mellon University joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. in InfoSec however, learning happens 365 days a year.

Hacking 52

Hacking Education InfoSec Engineering 52

Pentester Academy

MARCH 23, 2023

This is extremely similar to CVE-2013–3630, just using a different variable. Moodle SpellChecker Path Authenticated Remote Command Execution >Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection.

Authentication 52

Authentication Mobile Passwords Penetration Testing 52

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec 52

InfoSec Manufacturing Technology Software 52

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec 52

InfoSec Manufacturing Technology Software 52