Blog - Cyber Security Informer

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time. So what does the average modern website look like? Supply chain attack tactics. Controls and guardrails.

Risk

Risk Architecture Hacking Media

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

Integrating IoTs into monitoring both equipment settings and the outcomes of each production step helps manufacturers detect quality problems at the source. . Every item in the inventory gets an RFID tag, and each tag has a unique identification number (UID) with encoded digital information about the item. Inventory management.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Data Loss Prevention: Best Practices for Secure Data Management

Centraleyes

APRIL 16, 2024

Beyond being a set of security protocols, data loss prevention policies are a strategic approach that involves identifying, monitoring, and protecting sensitive data throughout its lifecycle. Continuous Monitoring and Adaptation A successful DLP implementation is an ongoing process that requires continuous monitoring and adaptation.

Encryption

Encryption Education Risk Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

A “Naver”-ending game of Lazarus APT

Security Boulevard

APRIL 26, 2022

Zscaler’s ThreatLabz research team has been closely monitoring a campaign targeting users in South Korea. Some details about this campaign were published in this Korean blog, however they did not perform the threat attribution. This same email address was recently mentioned in Prevailion's blog. Attribution to Lazarus APT.

Phishing

Phishing DNS Cryptocurrency Accountability

The Art of Ruthless Prioritization and Why it Matters for SecOps

McAfee

SEPTEMBER 29, 2021

The SecOps team works around the clock with precious and limited resources to monitor enterprise systems, identify and investigate cybersecurity threats, and defend against security breaches. They are surrounded by consoles and monitors tracking many activities within enterprise networks. A Data-Driven Approach to Prioritization.

DNS

DNS Manufacturing Data breaches Risk

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Additionally, dashboards share data about threat names, any relevant reference URLs, tags, adversary and malware families, and attack IDs. SANS: Internet Storm Center Best for threat explanations Internet Storm Center is one of the oldest and most trusted threat intelligence feed options on the market.

Internet

Internet Internet Cybersecurity Malware

Node.js Vulnerability Cheatsheet

Security Boulevard

FEBRUARY 17, 2022

Trust boundary violations. But the SOP does not limit javascript code, and the HTML <script> tag is allowed to load Javascript code from any origin. You probably conduct system logging to monitor for malicious activities going on in your network. Trust Boundary Violations. Arbitrary file writes. Mass assignment.

Authentication

Authentication Encryption Engineering Firewall

The Need for Continuous and Dynamic Threat Modeling

Cisco Security

APRIL 21, 2021

This blog is co-authored by Mohammad Iqbal and is part four of a four-part series about DevSecOps. This can in turn be monitored for architecture drift. To monitor the architecture for drift based on a requirement. Both types of S3 buckets are identified through their AWS tags (“Customer” and “Admin” respectively).

Architecture

Architecture Risk Engineering

Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI

Troy Hunt

NOVEMBER 14, 2017

That's pretty much XSS 101 - just get an alert box to fire - and reflecting a script tag is one of the most fundamental techniques attackers use to run their script on your website. I put it out there in "report-only" mode and monitored things for a few days which meant I'd get the violation reports but nothing would break.

Hacking

Hacking Risk

TrustSec Policy Analytics – Part One: What are policy analytics?

Cisco Security

MAY 24, 2021

Why all the buzz around pursuing group-based policy management to achieve zero trust? Adopting zero-trust initiatives and best practices is all the rage. Simply put, applying “never trust; always verify” to anyone and any device attempting to access an enterprise network is a no-brainer nowadays. And rightly so. Not so fast.

Engineering

Engineering Architecture Manufacturing Software

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account.

Risk

Risk Data collection Artificial Intelligence Accountability

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

Duo's Security Blog

FEBRUARY 16, 2024

Duo’s latest annual Trusted Access Report , aptly titled "Navigating Complexity," peels back the layers on the ever-evolving world of access management and analyzes real-world data from 16 billion authentications across millions of devices and users. Download the 2024 Trusted Access Report. Get the infographic.

Authentication

Authentication Accountability Risk Mobile

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

Security researchers from Imperva described in a blog called XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT how they discovered multiple security vulnerabilities in OpenAI’s ChatGPT that, if exploited, would enable bad actors to hijack a user’s account.

Risk

Risk Data collection Artificial Intelligence Accountability

What’s New in the Federal Zero Trust Strategy?

Duo's Security Blog

JANUARY 28, 2022

So it was good to see that in response to last May’s Executive Order 14028 , the Office of Management and Budget (OMB) released a memo Wednesday outlining a new strategy for moving the federal government toward a zero trust cybersecurity posture. Check out Lindsey O’Donnell-Welch’s coverage of the news in Decipher.) What’s the Vision?

Authentication

Authentication Government DNS Encryption

Machine Learning in Cybersecurity Course – Part 2: Specific Applications and Challenges

NopSec

APRIL 7, 2019

In our l ast week’s blog post , we outlined the first part of that webinar, without going into the three specific applications and the challenges. For example, we could tag all messages that contain the expression ‘make money’ as spam. This would likely catch some spam messages, but it would not get us very far.

Cybersecurity

Cybersecurity Data breaches Malware Risk

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

In part one of this issue of our Black Hat USA NOC (Network Operations Center) blog, you will find: Adapt and Overcome. This is the only way a community can have trust and grow, together. This continues today, with the staff of Black Hat hand selecting trusted partners to build and secure the network. Network Visibility.

Engineering

Engineering Wireless Malware DNS

Black Hat Asia 2022: Building the Network

Cisco Security

MAY 26, 2022

In part one of this issue of our Black Hat Asia NOC blog, you will find: . We were able to import the list of MAC addresses of the Meraki MRs, to ensure that the APs were named appropriately and tagged, using a single source of truth document shared with the NOC management and partners, with the ability to update en masse at any time.

Wireless

Wireless Mobile Engineering Firewall

The Legitimisation of Have I Been Pwned

Troy Hunt

MARCH 21, 2018

Transparency has been a huge part of that effort and I've always written and spoken candidly about my thought processes, how I handle data and very often, the mechanics of how I've built the service (have a scroll through the HIBP tag on this blog for many examples of each). — Jannis Tenbrink (@the_jannis) October 2, 2017.

Data breaches

Data breaches Government Passwords Media

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

MAY 11, 2021

. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives [sic],” reads an update to the DarkSide Leaks blog. “High trust level of our targets. A panel for monitoring results for your target. Under the “Why choose us?”

Ransomware

Ransomware Advertising Healthcare Penetration Testing

Happy 10th anniversary & Kali's story.so far

Kali Linux

MARCH 28, 2023

As we were scrapping it all and starting from scratch when starting with Kali, we moved to Git and used GPG to tag releases, at the same time, published all our build-scripts allowing anyone to build Kali on any platform. As these are for a limited time, as well as being handmade item, do expect the price tag to match it.

InfoSec

InfoSec Penetration Testing Architecture Software

Project Svalbard: The Future of Have I Been Pwned

Troy Hunt

JUNE 10, 2019

Search for your account across multiple breaches [link] — Have I Been Pwned (@haveibeenpwned) December 4, 2013 I’ll save the history lesson for the years between then and today because there are presently 106 blog posts with the HIBP tag you can go and read if you’re interested, let me just talk briefly about where the service is at today.

Data breaches

Data breaches Passwords InfoSec Accountability

Cyber Security Informer

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

Machine Identities are Essential for Securing Smart Manufacturing

Webinars

Trending Sources

Data Loss Prevention: Best Practices for Secure Data Management

Webinars

A “Naver”-ending game of Lazarus APT

The Art of Ruthless Prioritization and Why it Matters for SecOps

6 Best Threat Intelligence Feeds to Use in 2023

Node.js Vulnerability Cheatsheet

The Need for Continuous and Dynamic Threat Modeling

Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI

TrustSec Policy Analytics – Part One: What are policy analytics?

A Pandora's Box: Unpacking 5 Risks in Generative AI

2024 Duo Trusted Access Report: 5 Key Findings for MSPs to Strengthen Security

A Pandora’s Box: Unpacking 5 Risks in Generative AI

What’s New in the Federal Zero Trust Strategy?

Machine Learning in Cybersecurity Course – Part 2: Specific Applications and Challenges

Black Hat USA 2022: Creating Hacker Summer Camp

Black Hat Asia 2022: Building the Network

The Legitimisation of Have I Been Pwned

A Closer Look at the DarkSide Ransomware Gang

Happy 10th anniversary & Kali's story.so far

Project Svalbard: The Future of Have I Been Pwned

Stay Connected