2013, InfoSec and Technology - Cyber Security Informer

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities.

Government

Government Hacking Cyber threats Mobile

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

ISO IEC 27001:2013 – Information technology — Security techniques — Information security management systems — Requirements. ISO/IEC 27017:2015 – Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services.

Marketing

Marketing InfoSec Risk Technology

Business Must Change: InfoSec in 2019

The Falcon's View

JANUARY 3, 2019

Consider, if you will, that fundamentally we in infosec want people to make better decisions. No matter how you look at it, DevOps is the way that business should operate, and that is - interestingly enough - exactly matched to the org management model that Laloux describes (without ever getting into technology or DevOps!).

InfoSec

InfoSec Engineering Digital transformation CISO

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

SC Magazine

MAY 17, 2021

5G is among the technologies that researchers predict will have a big impact on the security landscape in the next decade. The project is based on work Baines did for Europol’s Cyber Crimes Center, Project 2020, which made a similar series of predictions in 2013 targeting last year. Photo by Mario Tama/Getty Images).

Manufacturing

Manufacturing IoT Technology Artificial Intelligence

ISO/IEC 27002 update

Notice Bored

FEBRUARY 20, 2022

Aside from restructuring and generally updating the controls from the 2013 second edition, the committee (finally!) To supplement the extensive suite we already offer, we are currently finalising topic-specific policy templates on threat intelligence and data masking (details to follow). hopefully.

IoT

IoT Information Security Risk Technology

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Healthcare Data Privacy Laws. Health data and patient data in the U.S.

Data privacy

Data privacy Encryption Data breaches Insurance

Top Breach and Attack Simulation (BAS) Vendors

eSecurity Planet

MAY 5, 2021

Breach and attack simulation (BAS) is a relatively new IT security technology that can automatically spot vulnerabilities in an organization’s cyber defenses, akin to continuous, automated penetration testing. DXC Technology. AttackIQ calls San Diego, California, home and started as an automated validation platform in 2013.

Penetration Testing

Penetration Testing Risk Technology Marketing

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

Wednesday 13th, March 2013, 10 years ago, Kali Linux v1.0 A fresh start in March 2013. BackTrack Linux became Kali Linux in March 2013. Moto) first saw the light of day at Black Hat Europe 2013 and was based on Debian 7. In information security (infosec) there is the need to be on the latest version.

InfoSec

InfoSec Penetration Testing Architecture Software

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. In a moment you hear from someone who’s been publishing high quality infosec content on YouTube for the last six years and now has over half a million subscribers. How did he get started and what’s next?

Media

Media Hacking InfoSec Marketing

NBlog Aug 23 - ISMS comms plan

Notice Bored

AUGUST 23, 2020

Yesterday I started preparing an ISMS communications plan to satisfy ISO/IEC 27001 :2013 clause 7.4, Ben Woelk, program manager for the Information Security Office at Rochester Institute of Technology, has published a detailed ISO comms plan - 16 pages laying out all the things they planned to communicate as part of their ISMS.

Information Security

Information Security Security Awareness Security Performance Risk

The Hacker Mind Podcast: Hacking the Art of Invisibility

ForAllSecure

MARCH 1, 2022

Vamosi: One sunny morning in 2013. Vamosi: Within InfoSec there's an informal use of AppSec as well. In 2013, we only knew that someone calling themselves Dread Pirate Roberts was running the site. I know that whenever I get a piece of new technology, I'm all excited. Maintaining OpSec is everyone's responsibility.

Hacking

Hacking Mobile Cryptocurrency VPN

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 13, 2020

Fortunately I was covering security for ZDNet from day one, and eventually got pretty good at explaining infosec to others. No infosec Twitter or Discord. See other zero-days Mayhem, a ForAllSecure fuzz testing technology, has found. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work.

Hacking

Hacking InfoSec Internet Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Brian Krebs is an independent investigative reporter known for his coverage of technology, malware , data breaches , and cybercrime developments. Longtime network and system administrator Jack Daniel is a technology community activist, mentor, and storyteller. Markstedter actively contributes to filling the infosec education gap.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

On Detection: Tactical to Functional

Security Boulevard

SEPTEMBER 30, 2022

Out-Minidump is a PowerShell script written by Matt Graeber that leverages a technology called “reflection” to allow direct, in-memory, Win32 function calls from PowerShell. To help make this idea concrete, we can analyze two tools which are literally different, but functionally the same. Oxford University Press. [4]: 4]: Aristotle.

Engineering

Engineering InfoSec Threat Reports Information Security

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

ForAllSecure

SEPTEMBER 10, 2021

PPP wanted to give their past high school selves the infosec education they didn’t have. Megan Kerns of Carnegie-Mellon University joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. in InfoSec however, learning happens 365 days a year.

Hacking

Hacking Education InfoSec Engineering

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

Pentester Academy

MARCH 23, 2023

This is extremely similar to CVE-2013–3630, just using a different variable. Moodle SpellChecker Path Authenticated Remote Command Execution >Moodle allows an authenticated administrator to define spellcheck settings via the web interface. An administrator can update the aspell path to include a command injection.

Authentication

Authentication Mobile Passwords Penetration Testing

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec

InfoSec Manufacturing Technology Software

The Hacker Mind Podcast: The Right To Repair

ForAllSecure

FEBRUARY 10, 2021

To answer these questions, Paul Roberts, Editor-in-Chief of the Security Ledger, has founded securepairs.org , a group of infosec experts who are volunteering their free time to fight for the digital right to repair in local legislation. Back then Paul was writing infosec stories for IDG and I was doing the same at ZDNet.

InfoSec

InfoSec Manufacturing Technology Software

Cyber Security Informer

New Leak Shows Business Side of China’s APT Menace

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Trending Sources

Business Must Change: InfoSec in 2019

From a tech explosion to accidental cyberattacks, researchers offer a glimpse into 2030

ISO/IEC 27002 update

Security Compliance & Data Privacy Regulations

Top Breach and Attack Simulation (BAS) Vendors

Happy 10th anniversary & Kali's story.so far

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

NBlog Aug 23 - ISMS comms plan

The Hacker Mind Podcast: Hacking the Art of Invisibility

The Hacker Mind Podcast: Bug Bounty Hunters

Top Cybersecurity Accounts to Follow on Twitter

On Detection: Tactical to Functional

The Hacker Mind Podcast: Learn Competitive Hacking with picoCTF

Lab Walkthrough?—?Moodle SpellChecker Path Authenticated RCE [CVE-2021–21809]

The Hacker Mind Podcast: The Right To Repair

The Hacker Mind Podcast: The Right To Repair

Stay Connected