16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
Lost revenue, angry customers, regulatory fines… cyberattacks have far-reaching consequences.
👉 Projected costs to hit $10.5 trillion by 2025
👉 88% of breaches due to human error 🤓
https://thehackernews.com/2024/04/unmasking-true-cost-of-cyberattacks.html
Anyway
The Word Pilots' Day 26 April was selected by the International Federation of Air Line Pilots' Associations 2013 as a day that saw a prominent figure in aviation history, Fesa Evrensev taking to the sky 4 the first time
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.7
https://www.linkedin.com/posts/alirezaghahrood_lost-revenue-angry-customers-regulatory-activity-7189411954933829632-EsC8?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Whitepaper
Blue Team Techniques
Active Directory: Tactical Containment to Curb Domain Dominance 2024.
Special Thanks❤️😇👍🏽🙏
Chris Tierney
Russell Eubanks
-Secure Business Continuity-
2024.04.24
——————————————————
#CyberSecurity #ActiveDirectory #Microsoft #ACL
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ad-domain-sec-2024-activity-7188784637677092864-Lumt?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
exploit
Unveiling the Cracks in Virtualization, Mastering the Host System - VMware Workstation Escape 2024.
Special Thanks❤️😇👍🏽🙏
BlackHat
-Secure Business Continuity-
2024.04.22
——————————————————
#CyberSecurity #Vmware #Exploit
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_vmware-escape-exploit-2024-activity-7188066648619175936-DALU?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
———————————
ABSTRACT:
Internet of Things (IoT) devices are gaining more and more importance in our daily lives. Through their deep integration they pose a potential risk for the user’s privacy. In this thesis, I use reverse engineering methods to analyze the security of the Xioami IoT ecosystem and its devices. I implement a tool to emulate the Xiaomi cloud and analyze the cloud protocol. I use different, some unconventional, methods to extract the device firmware and get privileged access on the devices. The evaluation shows that, even though Xiaomi is a large IoT company, their cloud protocol and Software Development Kit (SDK) have serious flaws. Also, the actual vendors of the devices do not put much effort into device security. A slightly positive aspect of this is the fact that users can use the flaws to get full control over their own devices.
Special Thanks
Technische Universität Darmstadt Department of Computer Science Secure Mobile Networking Lab
Technische Universität Darmstadt
🙏😇❤️👍🏽
-Secure Business Continuity-
2024.0420
——————————————————
#cybersecurity #Iot #Privacy #vulnerability
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_security-analysis-iot-ecosystem-2024-activity-7187306502112636929-FlF3?utm_source=share&utm_medium=member_ios
"With heartfelt appreciation, we extend our gratitude for the unwavering support and trust you have shown us, both overtly and covertly. Your generosity holds immense value for us. 😊🙏❤️😇".
4000✌🏼
Diyako Secure Bow
-Secure Business Continuity-
2024.04.16
——————————————————
#marketanalysis #branding
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-marketanalysis-branding-activity-7185860284752826368-B7vk?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
A HOLISTIC APPROACH TO MITIGATING HARM FROM INSIDER THREATS:
All enterprises face potential losses due to insider threats, whether the threat actors arebmalicious or otherwise. This white paper delves into where insider threats come from, how to anticipate them and the psychology behind them. In this ISACA white paper, learn about new insights that your enterprise can use to anticipate and assess insider threats and mitigation tactics to reduce the associated risk.
MICE (money, ideology, coercion and ego).
Human Security Engineering.
Special Thanks❤️😇👍🏽🙏
ISACA
-Secure Business Continuity-
2024.04.14
——————————————————
#CSCU #Threats #CyberSecurity #ISACA
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_a-holistic-approach-2-mitigating-harm-from-activity-7185234443555524608-y-Cb?utm_source=share&utm_medium=member_ios
🛑 URGENT - Critical zero-day security vulnerability (CVE-2024-3400) discovered in Palo Alto Networks firewalls.
Hackers are already exploiting it in the wild, enabling them "to execute arbitrary code with root privileges."
Details👇
https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html
😱 Yikes! Did you know that over 11,000 secrets (passwords, API keys...) were leaked on the Python repository PyPI, and over 12.8 million on GitHub in 2023?
GitGuardian's findings are alarming - read the details:
https://thehackernews.com/2024/04/gitguardian-report-pypi-secrets.html
The question you need to ask: Are you affected by the XZ Util Backdoor?
Prevent future risks and make sure you have a defense-in-depth strategy using Wiz CDR and runtime sensor.
See Wiz in Action:
https://thn.news/wiz-cloud-security
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.12
Malware analysis
Exploring Infostealer Malware Techniques on Automotive Head Units 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.09
#DiyakoSecureBow
————————————
Mobile Security
Mobile Threat Intelligence Framework (MoTIF) Principles
Ver. 1.0, March 2024.
Special Thanks❤️😇👍🏽🙏
GSMA
GSMA - Mobile for Development
-Secure Business Continuity-
2024.04.09
——————————————————
#CyberSecurity #Ti #Mobile
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ciso-as-a-service-activity-7183312971366883328-bmOe?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
"The Sophos Active Adversary Report for 1H 2024".
Special Thanks❤️😇👍🏽🙏
Sophos
Sophos Solutions
Sophos Partners
-Business Secure Continuity-
2024.04.06
——————————————————
#CyberSecurity #Threat #mitre
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_sophos-report-h1-2024-activity-7182236835677421568-q50V?utm_source=share&utm_medium=member_ios
🚨 Heads up, WordPress admins!
A critical SQL injection flaw in the LayerSlider plugin (CVE-2024-2879) could lead to sensitive data leaks. If you haven't updated, make sure to install version 7.10.1 or latest.
Find details:
https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html
Anyway
Vulnerability Management process:
1. Tool spots a vulnerability
2. Correctly Assign the Vulnerability to the proper Developer Organization
3. Validate the vulnerability isn’t a false positive
4. Prioritize the vulnerability according to a risk score / patching timeline
5. Identify if there is an existing patch/work around
6. Determine amount of time and resources to patch
7. Create a patch/fix on a developer laptop
8. Test patch/fix
9. Deploy to Quality Assurance Environment
10. Perform Regression Testing
11. Create a Change Ticket
12 Pass a Change Approval Process
13. Schedule a Change Release
14. Deploy Fix into Production
15. Validate Success of Fix or Roll Back
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.04
https://www.linkedin.com/posts/alirezaghahrood_heads-up-wordpress-admins-a-critical-activity-7181546900301496322-2075?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
We’re All in this Together:
A Year in Review of Zero-Days Exploited In-the-Wild in 2023", March 2024.
This report presents a combined look at what Google knows about zero-day exploitation, bringing together analysis from TAG and Mandiant holistically for the first time. The goal of this report is not to detail each individual exploit or exploitation incident, but look for trends, gaps, lessons learned, and successes across the year as a whole. As always, research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations.
We’re excited to bring together a broader look at this space with the integration of Mandiant into Google. The report leverages TAG and Mandiant original research, combined with breach investigation findings and reporting from reliable open sources. The numbers presented here reflect our joint understanding, deduplicating how our teams separately may have tracked exploited vulnerabilities in years past. As a result, discerning readers may notice a difference between our numbers here and in prior years’ reporting
Special Thanks❤️😇👍🏽🙏
Mandiant (now part of Google Cloud)
Google
-Business Secure Continuity-
2024.04.03
——————————————————
#Cybersecurity #cloud #google #mandiant
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_year-review-2023-google-security-activity-7181149672256724992-9Fdl?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Tech book
Introduction to Kubernetes Networking and Security 2024.
Special Thanks❤️😇👍🏽🙏
Tigera
https://www.tigera.io
-Business Secure Continuity-
2024.04.01
——————————————————
#Cybersecurity #cloud #kubernetes
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_kubernetes-security-2024-activity-7180543419528691713-gtwr?utm_source=share&utm_medium=member_ios
hardening
Windows 10/11 Hardening Script
https://github.com/ZephrFish/WindowsHardeningScript
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.28
https://www.linkedin.com/posts/alirezaghahrood_hardening-windows-1011-hardening-script-activity-7179022123380727808-lbNa?utm_source=share&utm_medium=member_ios
Is your cybersecurity strategy evolving? Traditional perimeter defenses are no longer enough. Discover how focusing on privileged users can transform your security posture.
Dive deeper into the shift ➜
https://thehackernews.com/2024/02/superusers-need-super-protection-how-to.html
Tech book
Windows Security Internals with PowerShell 2024.
/channel/CISOasaService/14994
Tech book
Practical Hardware Pentesting:
A guide to attacking embedded systems and protecting them against the most common hardware attacks.
https://github.com/PacktPublishing/Practical-Hardware-Pentesting
/channel/CISOasaService/14995
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.27
#DiyakoSecureBow
————————————
Threat intelligence:
Eyes on the ene
Special Thanks❤️😇👍🏽🙏
AuditBoard
CyberRisk Alliance Alliance
-Secure Business Continuity-
2024.04.25
——————————————————
#CyberSecurity #Threat #Alliance #Risk
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-intelligence-2024-activity-7189186838543089664-G8l_?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Malware analysis
Voice Phishing Syndicates Unmasked: An In-Depth Investigation and Exposure 2024.
Special Thanks❤️😇👍🏽🙏
BlackHat
-Secure Business Continuity-
2024.04.23
——————————————————
#CyberSecurity #VoIP #Exploit #Phishing
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_voice-phishing-2024-activity-7188394361255034880-NQ-x?utm_source=share&utm_medium=member_ios
Tech book
Cloud Security
Kubernetes Security and Observability 2022
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.21
💀 Concerned about malware in PDFs or Office docs?
Sandbox analysis reveals threats (macros, suspicious images, & more) before you click.
🔥 Discover the power of static analysis:
https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html
SCADA Security
Unpacking the Blackjack Group's Fuxnet Malware
https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.19
#DiyakoSecureBow
————————————
Analytics
Unit42 Incident Response Report 2024:
How This Report Helps You
New headlines covering nation-state threat actors come out every day–not to mention news of the latest vulnerabilities and security risks. Your time is more valuable than ever, and sorting out which threats really matter is a difficult task.
This report helps because it gathers real-world information from organizations like yours, so you can learn which threats really affect your peers–and how you can face them. Read on to find out how threat actors gain access to organizations, what they do once they get in, and how our incident responders’ top recommendations help you stop them.
Cybersecurity can often feel like an endless battle between attackers and defenders. At Unit 42, we believe intelligence, insight, and preparation still gives defenders the edge. We think the story of cybersecurity can be hopeful, with a strategic understanding of the threats we face today.
Special Thanks❤️😇👍🏽🙏
Palo Alto Networks
Palo Alto Networks Education Services
Palo Alto Networks Unit 42
Palo Alto Networks Israel R&D Center
-Secure Business Continuity-
2024.04.15
——————————————————
#Cert #Csirt #Paloalto #Respond #Response
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_incident-response-report-2024-activity-7185605007877029889-m5Wf?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
SureLog SIEM Extraordinary SOC Use Cases
Special Thanks❤️😇👍🏽🙏
SureLog SIEM
SureLog SIEM International
-Secure Business Continuity-
2024.04.09
——————————————————
#CyberSecurity #Ti #Siem #SOC
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_use-caae-log-mgmtsiem-2024-activity-7184784882017918976-lqv_?utm_source=share&utm_medium=member_ios
Malware analysis
Exploring Infostealer Malware Techniques on Automotive Head Units 2024
👇🏻
/channel/CISOasaService/15026
DevOps
Whitepaper
DevOps Automated Governance Reference Architecture 2019
👇🏻
/channel/CISOasaService/15027
😍
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.09
DevOps
Whitepaper
DevOps Automated Governance Reference Architecture 2019.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.09
#DiyakoSecureBow
————————————
State of AI in the Cloud 2024:
Our research shows that AI is taking over the cloud: 70% of organizations are using managed AI services, making them already nearly as popular as managed Kubernetes (!).
Special Thanks❤️😇👍🏽🙏
Wiz
-Secure Business Continuity-
2024.04.08
——————————————————
#CyberSecurity #AI #Cloud #Kubernetes
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_state-ai-cloud-2024-activity-7182965433606553600-dWHf?utm_source=share&utm_medium=member_ios
info
Cyber Education
Windows Commands Reference
https://lnkd.in/dhPhh-zN
For CISSP students, I have summarized here CISSP changes in 2024:
Rearranging the sequence and renaming topics within the curriculum is unlikely to substantially affect the exam outcome. This is because the exam emphasizes the application of theoretical concepts in real-world Cyber/Information Security scenarios rather than relying solely on definitions and theoretical knowledge. Consequently, the exam incorporates numerous practical scenarios and questions derived from hands-on experience, which are challenging to master through theoretical study alone
Special Thanks❤️👍🏽🙏😇
ISC2
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.05
https://www.linkedin.com/posts/alirezaghahrood_info-cyber-education-windows-commands-reference-activity-7181999600138940416-fkWv?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Google observed 97 zero-day vulnerabilities exploited in-the-wild in 2023, over 50 percent more than 2022 (62 vulnerabilities), but shy of the record 106 vulnerabilities exploited in 2021.
These numbers reflect the combined analysis of Google’s Threat Analysis Group (TAG) and Mandiant, brought together holistically for the first time.
We split the vulnerabilities we reviewed into two
main categories: end user platforms and products (e.g. mobile devices, operating systems, browsers, and other applications) and enterprise-focused technologies such as security software and appliance
Special Thanks❤️😇👍🏽🙏
Mandiant (now part of Google Cloud)
Google
Google Cloud
-Business Secure Continuity-
2024.04.04
——————————————————
#Cybersecurity #cloud #google #mandiant
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_year-review-2023-google-security-activity-7181528756056899585-x8P3?utm_source=share&utm_medium=member_ios
Threat_Research
The Art of Cross-Languages: Weblogic Serialization Vulnerability and IIOP Protocol
https://github.com/gobysec/Weblogic/blob/main/Weblogic_Serialization_Vulnerability_and_IIOP_Protocol_en_US.md
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.04.02
Developing an Enterprise IPv6 Security Strategy
Part 1 ,2- Baseline Analysis of IPv4 Network Security
https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-1-baseline-analysis-of-ipv4-network-security
https://insinuator.net/2015/12/developing-an-enterprise-ipv6-security-strategy-part-2-network-isolation-on-the-routing-layer
Malware_analysis
DinodasRAT Linux implant
https://securelist.com/dinodasrat-linux-implant/112284
😇
https://soundcloud.com/khruangbin/khruangbin-a-love
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.31
#DiyakoSecureBow
————————————
Offensive Security
Spoofed Emails: An Analysis of the Issues Hindering a Larger Deployment of DMARC 2024.
-Business Secure Continuity-
2024.03.27
——————————————————
#spoof #threats #Vulnerability
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_spoofed-emails-2024-activity-7178628056138268672-179S?utm_source=share&utm_medium=member_ios
Tech book
Practical Hardware Pentesting:
A guide to attacking embedded systems and protecting them against the most common hardware attacks.
https://github.com/PacktPublishing/Practical-Hardware-Pentesting
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.27