16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results
https://lnkd.in/gAzKvnHM
Special Thanks
Zimperium
And
OWASP® Foundation
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06
https://www.linkedin.com/posts/alirezaghahrood_state-of-mobile-app-security-2023-activity-7123873520664674304-TXEH?utm_source=share&utm_medium=member_ios
⚡ Urgent — F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.
Learn more: https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
🚨 Urgent: Proof-of-concept (PoC) exploits have been publicly released for the recently discovered vulnerabilities in VMware Aria Operations, Citrix NetScaler ADC, and NetScaler Gateway.
Read: https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html
Don't wait—apply fixes now and safeguard your systems.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
#DiyakoSecureBow
————————————
Cybersecurity Playbook for SOC:
New vulnerability from Threat Intelligence
Undoubtedly the one you will execute most, a new vulnerability from threat intelligence.
Detection
• Threat intelligence indicates there is a new vulnerability impacting your assets.
• Here I assume the threat intelligence is already tuned to only include information relevant to your assets instead of a news broadcast of all vulnerabilities in the world. Again, this relies on an accurate and up-to-date inventory and signifies the importance of keeping the house in order.
Verification
• If there are IOC/TTP, check for attacks already happened. If attack already happened,
follow no 1.
• Use vulnerable version/configuration information to confirm the assets are
vulnerable or not.
• Check firewall rules and other security configurations to confirm possible attack vectors. This can be partially done using automated tools.
Communication
• Start triage using available vulnerability and asset criticality information. Perform escalation according to triage results and predefined escalation plan.
• Discuss mitigation strategy between SOC, risk management, and IT support teams.That can range from an immediate shutdown to wait till the next patching window, depending on many factors such as the triage result and the availability and impact of the patch/workaround.
• The mitigation strategy also needs to include preventive actions for new builds of assets in the future, such as updating patch level of system images or templates.
Action
• Execute agreed mitigation strategy.
• Track the mitigation actions to completion.
• Rescan the vulnerability to confirm closure
-Business Secure Continuity-
1402.08.02
——————————————————
#SOC #CSIRT #CERT #Splunk #SIEM
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7122559686318379008
Messaging Layer Security: Secure and Usable End-to-End Encryption
The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.
https://www.ietf.org/blog/mls-secure-and-usable-end-to-end-encryption/
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Threat_Research
Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
exploit
1. CVE-2023-34051:
VMware Aria Operations for Logs - authentication bypass
https://github.com/horizon3ai/CVE-2023-34051
2. CVE-2023-28432:
MinIO information disclosure
https://github.com/yTxZx/CVE-2023-28432
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
#DiyakoSecureBow
————————————
Current State Of Cloud
Security Programs Public Cloud Providers Used
There is not one dominant public cloud platform in the market, but Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) continue to be the primary public cloud providers used. In this survey, 74% of respondents use AWS, 79% use Azure, and 41% use GCP.
Interdepartmental alignment on security policies and enforcement is
crucial for proactive security.
Length of Time to Detect Misconfigurations.
The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies. CSA is also tasked with educating various stakeholders within these industries about security concerns in all other forms of computing. CSA’s membership is a broad coalition of industry practitioners, corporations, and professional associations. One of CSA’s primary goals is to conduct surveys that assess information
security trends. These surveys help gauge the maturity of information security technology at various points in the industry, as well as the rate of adoption of security best practices.
Goals of the study
• Current state of cloud security programs, including top risks and usage of security tools
• Cloud Security Posture Management (CSPM) challenges faced by organizations in mitigating misconfiguration vulnerabilities
• Organizational readiness, success KPIs, and teams responsible for different aspects of cloud security posture management
By https://lnkd.in/dutQSQH
Cloudsecurityalliance
and
VMware
Special Thanks
Hillary Baron and Other teammates
-Business Secure Continuity-
1402.07.30
——————————————————
#Cloud #Vmware #CyberSecurity #CSA
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7121714286992740352
Analytics
Threat Research
Testing the security of extensions developed by Google
https://ndevtk.github.io/writeups/2023/08/18/extensions
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.28
🕵️♂️ ALERT: Google TAG security experts uncover Russian and Chinese state-backed threat actors exploiting WinRAR vulnerability (CVE-2023-38831) to infiltrate systems.
Get details here: https://thehackernews.com/2023/10/google-tag-detects-state-backed-threat.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.27
hardening
Tech book
Cloud Security
AWS Identity and Access Management User Guide 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
Tech book
Cloud Security
Design and Deploy a Secure Azure: Environment Mapping the NIST Cybersecurity Framework to Azure Services 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
exploit
1. CVE-2023-20198:
Cisco ISO XE Software Web Management User Interface Vulnerability
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software
Checkscript: https://github.com/Atea-Redteam/CVE-2023-20198
2. CVE-2023-36728:
Windows SQL Server Pre-Auth Overflow Read
https://v-v.space/2023/10/16/sqlserver-dos-CVE-2023-36728
3. CVE-2023-38545:
Socks5 heap buffer overflow
https://github.com/d0rb/CVE-2023-38545
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
-No War
Stop War-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
IoT Security
IoT Bug Bounty Hunting
Part 1: https://bugprove.com/knowledge-hub/iot-bug-bounty-hunting-using-bug-prove
Part 2: https://bugprove.com/knowledge-hub/iot-bug-hunting-part-2-walkthrough-of-discovering-command-injections-in-firmware-binaries
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.24
🤖 Google expands Vulnerability Rewards Program to address vulnerabilities and attack scenarios tailored to generative artificial intelligence (AI) systems, while also strengthening the supply chain.
Learn more:
https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05
https://x.com/alirezaghahrood/status/1717962052101095492?s=46&t=lFvs7vGDLtDfxDuLTS1UGw
🚨 VMware releases crucial security updates to fix a new critical vulnerability (CVE-2023-34048) in vCenter Server.
Details in the article: https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html
Protect your systems from remote code execution.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
exploit
1. CVE-2023-4966:
Citrix NetScaler ADC/Gateway Bleed - Session Tokens Leak
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966
2. CVE-2023-38140:
Windows Kernel Paged Pool Memory Disclosure
https://packetstormsecurity.com/files/cve/CVE-2023-38140
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03
In your organization and business
How much is the management of technology, information and related security in accordance with the standards and BP?
Is technology risk and information security in the scope of ERM?!
Did you do a cyber maneuver?
How about technical inspections/Audit?
How well do you know the technical risks that affect your business?
The trend of the day is sustainability, not limited to slogans and magazines
To the extent of culturalization and appropriate measures
-Cyber Security awareness-
Up2date 4 Defense Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Reversing
Attacking Cisco RG/OpenRG modem
https://reverse.put.as/2023/10/20/attacking-the-heart-of-an-openrg-modem
exploit
1. CVE-2023-21931:
Oracle Weblogic PreAuth RCE🥶
https://github.com/MMarch7/weblogic_CVE-2023-21931_POC-EXP
2. CVE-2023-36745:
MS Exchange Server Privilege Escalation🤓🥸
https://github.com/N1k0la-T/CVE-2023-36745
3. CVE-2023-4863:
Heap buffer overflow in Google WebP
https://paper.seebug.org/3056
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02
Malware analysis
1. LummaStealer Malware
https://blogs.vmware.com/security/2023/10/an-ilummanation-on-lummastealer.html
2. Munchkin malware utility
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin
3. Analysis of Hospitality Phishing Campaign
https://www.akamai.com/blog/security-research/2023/oct/hospitality-phishing-campaign-DNS-analysis-global-threat
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01
signals to others that you’re who you say you are!
Verifications on your LinkedIn profile
At LinkedIn, we know that authenticity is key to creating meaningful interactions. The "Verifications" badge on your profile indicates that you were able to confirm specific information about your account. Having verified information helps provide authenticity signals to others that you’re who you say you are. Seeing verified information on others’ profiles helps foster a trusted community so you can make more informed decisions around connecting with other professionals.
https://lnkd.in/eXsP9GYe
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.30
https://www.linkedin.com/posts/alirezaghahrood_%D9%81%D8%B1%D9%87%D9%86%DA%AF-%D8%B3%D8%A7%D8%B2%DB%8C-%D9%88-%DA%86%D8%A7%D9%84%D8%B4-signals-to-others-that-activity-7121793863907700737-IYg_
🚨 Cisco issued an alert about a new zero-day vulnerability in IOS XE (CVE-2023-20273). Attackers are actively exploiting it to install a malicious Lua-based implant on vulnerable devices.
Learn more: https://thehackernews.com/2023/10/cisco-zero-day-exploited-to-implant.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.29
#DiyakoSecureBow
————————————
National Cyber Power Index 2022
Authors:
Special Thanks of
Julia Voo
Irfan Hemani
@Daniel Cassidy
Eric Rosenbach
A NOTE TO READERS
From Eric Rosenbach, Belfer Center Co-Director and former Chief of Staff and Assistant Secretary for the U.S. Department of Defense
The Belfer Center’s mission is to provide leadership to advance critical policy-relevant knowledge of important international security issues. The release of the National Cyber Power Index in 2022 does just that. Over the past two years, the NCPI has catalysed conversations and debate between policymakers, academia, and industry on the concept of cyber power and how states are and can further harness their capabilities to enhance their overall ability to achieve national objectives.
Harnessing a state’s cyber power requires a whole-of-nation approach. National governments should not just be concerned about destructive operations, espionage, or enhancing its cyber resilience, but also other state’s efforts at surveillance, information control, technology competition, financial motivations, and shaping what is acceptable and possible through norms and standards.
During my time in the U.S. government, I sought and applied analytical methods to assess cyber threats to U.S. national security. With the challenges in the cyber domain only increasing, it is critical for analytical tools to also be available, presenting the full range of cyber power, and informing critical public debates today. The framework that the NCPI provides is one that allows policymakers to consider a fuller range of challenges and threats from other state actors. The incorporation of both qualitative and quantitative models, with more than 1000 existing sources of data and with 29 indicators to measure a state’s capability, is more comprehensive than any other current measure of cyber power.
NCPI 2022 builds on the foundations outlined in the 2020 paper and should be understood as a snapshot of the current status of the thirty countries and not be considered a linear step from the 2020 index. Due to the team’s methodology, downwards movements do not mean that a country’s cyber power has diminished in absolute terms. Instead, this movement should be interpreted as relative to the assessment of demonstrated cyber power of other countries drawn from publicly available sources only.
-Business Secure Continuity-
1402.07.27
——————————————————
#CyberSecurity #NSA #Malware
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7120697438666928130
Citrix is warning of active exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that can hijack sessions and bypass multi-factor authentication.
Learn more: https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html
Patch immediately and terminate active sessions.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
Hardening
Cisco Secure Firewall Management Center Hardening Guide Ver. 7.2 2023
Cisco Hardening Guides:
https://www.cisco.com/c/en/us/support/security/defense-center/products-installation-and-configuration-guides-list.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
#DiyakoSecureBow
————————————
CISA Open Source Software Security Roadmap
Overview
The federal government, critical infrastructure, and state, local, tribal, and territorial (SLTT) governments greatly depend upon open source software (OSS). OSS is software for which the humanreadable source code1 is made available to the public for use, study, re-use, modification,
enhancement, and re-distribution. OSS is part of the foundation of software used across critical infrastructure, supporting every single critical infrastructure sector and every National Critical Function:
one study2 found that 96% of studied codebases across various sectors contain open source code, and 76% of code in studied codebases was open source. Therefore, to fulfill CISA’s mission of understanding, managing, and reducing risks to the federal government and critical infrastructure, we
must understand and protect the open source software that we rely upon.
As a public good, open-source software is supported by diverse and wide-ranging communities—which are composed of individual maintainers, non-profit software foundations, and corporate stewards. CISA must integrate into and support these communities, with a particular focus on the critical OSS components that the federal government and critical infrastructure systems rely upon. CISA recognizes the immense benefits of open source software, which enables software developers to work at an accelerated pace and fosters significant innovation and collaboration. With these benefits
in mind, this roadmap lays out how CISA will help enable the secure usage and development of OSS, both within and outside the federal government. As detailed below, the roadmap centers on four key
goals:
1) establishing CISA’s role in supporting the security of OSS,
2) understanding the prevalence of key open source dependencies,
3) reducing risks to the federal government, and
4) hardening the broader OSS ecosystem
-Business Secure Continuity-
1402.07.26
——————————————————
#CISA #FBI #NSA #CyberSecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/alirezaghahrood_os-software-sec-roadmap-2023-activity-7120291786693955585-4jZB
Offensive security
Red Team Tactics
A Hitch-hacker's Guide to DACL-Based Detections
Part 1A: https://trustedsec.com/blog/a-hitchhackers-guide-to-dacl-based-detections-part-1-a
Part 1B: https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-part-1b
Part 2: https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-part-2
Part 3: https://trustedsec.com/blog/a-hitch-hackers-guide-to-dacl-based-detections-part-3
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.26
Excited to announce I’m #OpenForBusiness and providing services on LinkedIn. Check out my services page for Cybersecurity, IT Consulting, Corporate Events, Non-profit Consulting, Corporate Training, Public Speaking, Team Building, Executive Coaching, Online Research and Information Security.
https://www.linkedin.com/posts/alirezaghahrood_openforbusiness-ugcPost-7120083005343154176-QsSE
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.25
#DiyakoSecureBow
————————————
Don’t have time to read the full report?
Here are a few findings you won’t want to miss.
The highest volume of critical and high-severity
vulnerabilities were discovered within the government and
nonprofit industry.
During analysis, we found a few key observations, including:
• Web applications have the highest volume of high and critical vulnerabilities of all types of tests that
NetSPI performs. This is likely due to the high exposure of internet facing web applications and that there are more web application penetration tests performed than any other assessment. Not to mention web application pentesting is in NetSPI’s DNA and our methodology is very collaborative to fully prove out vulnerabilities and demonstrate their full impact.
• Access Control issues are top findings for all three application penetration tests. While validating authorization prior to access of functionality or data differs depending on application technology, the importance of
performing this check is crucial to the confidentiality, integrity, and availability of the data.
• Many of the vulnerabilities listed here require human-driven pentesting to discover. As applications and APIs become more complex, human intuition and understanding will become even more essential to root
out security weaknesses in business logic, cross-application interactions, and authorization controls. NetSPI’s testing methodology focuses on these complex and high risk issues to identify vulnerabilities that automated tools are unable to correctly identify
By NetSPI
Special Thanks ✌ Aaron Shilts , Other teammates ❤️
-Business Secure Continuity-
1402.07.24
——————————————————
#API #Pentest #Offensive #redTeam #Misconfiguration
#BusinessSecureContinuity
https://www.linkedin.com/feed/update/activity:7119509760957128704