16255
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
#DiyakoSecureBow
————————————
Analytics
The Future of Application Security 2024
Special Thanks🙏❤️😇
Checkmarx
-Business Secure Continuity-
2024.03.20
——————————————————
#applicationsecurity #Cybersecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_appsec-report-2024-activity-7176164532287881222-3vr0?utm_source=share&utm_medium=member_ios
Tech book
Okta Administration Up and Running: Drive operational excellence with IAM solutions for on-premises and cloud apps 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.15
Tech book
Hacker: Hack The System 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12
Tech book
Hard Real-Time Computing Systems: Predictable Scheduling Algorithms and Applications. Fourth Edition 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12
Mental Models for Cyber Defense
- Part 1 of 3 -
Attack Surface Management is a PRIORITY:
https://JymCheong.hacklido.com/d/100-mental-models-for-cyber-defense-part-1-of-3-attack-surface-management-is-a-priority
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.06
https://www.linkedin.com/posts/alirezaghahrood_mental-models-for-cyber-defense-part-1-activity-7171039338699321346-pa6b?utm_source=share&utm_medium=member_ios
Analytics
Threat Research
The 2024 Crypto Crime Report:
The latest trends in ransomware, scams, hacking and more Feb. 2024.
Special Thanks😍👍🏽😇🙏
Chainalysis
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.04
https://www.linkedin.com/posts/alirezaghahrood_crypto-crime-rep-2024-activity-7170278035965755392-gg5D?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
SCADA Security
Mode Matters:
Monitoring PLCs for Detecting Potential ICS/OT Incidents 2024.
-Business Secure Continuity-
2024.03.02
——————————————————
#scada #operationaltechnology #otsecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_detecting-ics-incidents-2024-activity-7169610602670112769-dX0t?utm_source=share&utm_medium=member_ios
Threat Research
Cutting Edge
Part 1 - Suspected APT Targets Ivanti Connect Secure VPN in New 0-Day Exploitation
https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day
Part 2 - Investigating Ivanti Connect Secure VPN 0-Day Exploitation
https://www.mandiant.com/resources/blog/investigating-ivanti-zero-day-exploitation
Part 3 - Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts
https://www.mandiant.com/resources/blog/investigating-ivanti-exploitation-persistence
🎬:The Boy, the Mole, the Fox and the Horse
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.29
Tech book
Modern Software Testing Techniques:
A Practical Guide for Developers and Testers 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24
https://www.linkedin.com/posts/alirezaghahrood_ciso-as-a-service-activity-7167027883171799040-TQd8?utm_source=share&utm_medium=member_ios
Why the Right Metrics Matter When it Comes to Vulnerability Management
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business.
So how do you know what to focus on? Cyber hygiene, scan coverage, average time to fix, vulnerability severity, remediation rates, vulnerability exposure… the list is endless. Every tool on the market offers different metrics, so it can be hard to know what is important.
vulnerability management program, the progress you've made, so you can create audit-ready reports that:
•Prove your security posture
•Meet vulnerability remediation SLAs and benchmarks
•Help pass audits and compliance
•Demonstrate ROI on security tools
•Simplify risk analysis
•Prioritize resource allocation
Why you need to measure vulnerability management?
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.23
Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.21
https://www.linkedin.com/posts/alirezaghahrood_red-team-tactics-attacking-apis-httpslnkdin-activity-7166036807938248705-j3U8?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
There's an equal risk of disruptions and breaches in digital infrastructure as there is in physical, eco-conscious infrastructure. Industries can innovate with smart grids, green technology and integrated urban planning.
To sum up, cybersecurity is not only a technical concern but a critical element of ESG and sustainability. Companies prioritising cybersecurity practices can safeguard their data, reduce environmental harm, promote social responsibility, improve business resilience, and encourage innovation and collaboration.
So:
Cybersecurity Is a Sustainability Enabler.
-Business Secure Continuity-
2024.02.17
——————————————————
#residentialsecurity #disasterrecovery #cybersecurityleadership
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-residentialsecurity-disasterrecovery-activity-7164541614474960896-ei_H?utm_source=share&utm_medium=member_ios
We worry about tomorrow
Like it’s promised.
2024 marks the rise of vCISO services, with 45% of MSPs and MSSPs joining the trend. Position yourself as a cybersecurity leader.
Watch the webinar for a 5-phase action plan to vCISO success: https://thehackernews.com/2024/02/new-webinar-5-steps-to-vciso-success.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.16
https://www.linkedin.com/posts/alirezaghahrood_we-worry-about-tomorrow-like-its-promised-activity-7164289701921730560-yQGR?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
Analytics
Threat Research
Threat Detection Report: Techniques, Trends, Takeaways 2024.
Special Thanks🙏❤️😇
Red Canary
-Business Secure Continuity-
2024.03.16
——————————————————
#cybersecurity #Vulnerability
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-detection-report-2024-activity-7174625222535331840-kJTR?utm_source=share&utm_medium=member_ios
⚠️ Vulnerability Alert: Fortinet warns of a severe SQL Injection vulnerability (CVE-2023-48788) in FortiClientEMS allowing unauthenticated attackers to execute code remotely.
Details:
https://thehackernews.com/2024/03/fortinet-warns-of-severe-sqli.html
Check if your versions are affected and upgrade ASAP!
🥶https://www.fortiguard.com/psirt/FG-IR-24-013
Analytics
Red Team Tactics
Top 10 Blockchain Hacking Techniques 2023
https://blog.openzeppelin.com/top-10-blockchain-hacking-techniques-of-2023
Blue Team Techniques
Microsoft Entra ID: The Complete Guide
To Conditional Access Policies
https://www.rezonate.io/blog/microsoft-entra-id-the-complete-guide-to-conditional-access-policies
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.03.15
https://www.linkedin.com/posts/alirezaghahrood_vulnerability-alert-fortinet-warns-of-activity-7174341133844574209-7mj8?utm_source=share&utm_medium=member_ios
Tech book
Azure Security 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12
Tech book
Cloud and Edge Networking 2023.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.12
#DiyakoSecureBow
———————————
SCADA Security
Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents 2024
-Business Secure Continuity-
2024.02.008
——————————————————
#plcprogramming #otsecurity
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_detecting-ics-incidents-2024-activity-7171863795022061572-2EmN?utm_source=share&utm_medium=member_ios
Malware analysis
1. Scam .pdf files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads
2. ComPromptMized: Unleashing 0-click Worms that Target GenAI-Powered Applications
https://sites.google.com/view/compromptmized
3. Malicious traffic detection system
https://github.com/stamparm/maltrail
4. CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.05
https://www.linkedin.com/posts/alirezaghahrood_malware-analysis-1-scam-pdf-files-https-activity-7170644257706307585-Ttf1?utm_source=share&utm_medium=member_ios
Analytics
Outbreak Alerts Annual Report 2023
Challenges to the Cyber Landscape in 2024:The cybersecurity landscape is ever changing, marked by the continual emergence of new threats. Being aware of
the primary challenges enables organizations to remain vigilant against evolving risks and adjust their cybersecurity strategy accordingly.
Understanding these key challenges is vital for efficient risk management, safeguarding sensitive data, ensuring uninterrupted business operations, fostering trust,
and staying proactive against emerging threats. Let’s discuss what are some of the key challenges...
Special Thanks❤️😇🙏
Fortinet
FortiGuard Labs
Fortinet Partner
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.03
https://www.linkedin.com/posts/alirezaghahrood_outbreak-alerts-report-forti-2023-activity-7169975709170450432-GFOt?utm_source=share&utm_medium=member_ios
⚠️ Lazarus Group hackers found exploiting a Windows kernel zero-day vulnerability (CVE-2024-21338) weeks after a patch was released, allowing them to gain system-level control and disable security software on targeted systems.
Details here:
https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html
Iranian hackers are using fake job offers to target Middle East industries, particularly in aerospace, aviation, and defense. The cyberattacks have been linked to threat group UNC1549, backed by Iran.
Learn more:
https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.29
https://www.linkedin.com/posts/alirezaghahrood_lazarus-group-hackers-found-exploiting-activity-7169028461347491840-Db0S?utm_source=share&utm_medium=member_ios
Ever wondered how SOC teams can sift through millions of alerts without missing a beat?
Discover how Threat Intelligence Platforms are revolutionizing SOC investigations and turning chaos into clarity.
Explore how to refine threat hunting: https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.28
https://www.linkedin.com/posts/alirezaghahrood_ever-wondered-how-soc-teams-can-sift-through-activity-7168407552190234626-5-J3?utm_source=share&utm_medium=member_ios
Red Team Tactics
Attacking APIs
https://blog.devsecopsguides.com/attacking-apis
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.24
Research
Hardware Security
Exploring AMD Platform Secure Boot
https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.21
exploit
Buffer Overflow Exploits Demystified
Part 1: https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploits-demystified-from-theory-to-practice
Part 2: https://vandanpathak.com/kernels-and-buffers/buffer-overflow-exploits-demystified-from-theory-to-practice-part-2
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.17
https://www.linkedin.com/posts/alirezaghahrood_exploit-buffer-overflow-exploits-demystified-activity-7164532285327695872-e79l?utm_source=share&utm_medium=member_ios
Yashar Esmaildokht #Kudos You are such an invaluable member of the team #TeamPlayer
Yashar, good friend, with good morals and Lover Technology😍.All these years of friendship, communication and Recent collaborations…I am proud of this friendship.Your place is at a higher level than anywhere etc, especially the engineering platform, the cloud manager, the storage technologies, and the diverse services of Linux.I am happy that you are both expert and With professional creative. It is pleasant to cooperate and talk based on knowledge and experience with you❤️😘🙏👍🏽 Knowledge and experiences are always developing.
Take care of your lovely and professional ethics✌🏼
ياشار، دوست سالم، با اخلاق و خوره تكنولوژي متن بازم😍
اين همه سال دوستي و ارتباط و همكاري هاي اخير
باعث افتخار من هست اين دوستي. جاي تو در سطوح بالاتر از هر جاي كه الان قرار گرفته اي هست ومخصوصا مهندسي پلتفرم، ابري، تكنولوژي هاي ذخيره ساز، مديريت سرويس هاي متنوع لينوكسي
خوشحالم براي اينكه هم متخصصي و هم سالم
لذت بخش هست همكاري و گپ و گفت مبتني بر دانش و تجارب
❤️😘🙏👍🏽
دانش و تجارب ات هميشه رو به توسعه است
از سلامت و اخلاقيات حرفه اي دوست داشتني ات به شدت ازش
مراقبت كن✌🏼
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.02.16
#DiyakoSecureBow
————————————
CLTC WHITE PAPER SERIES
A Comparative Study of Interdisciplinary Cybersecurity
Education
University of California, Berkeley
Center for Long-Term Cybersecurity and @SCHOOL OF INFORMATION for the WILLIAM + William and Flora Hewlett Foundation
Special Thanks
LISA Ho
Sahar Rabiei
Drake White
September 2023
California Lighting Technology Center (CLTC), UC Davis
Center for Long-Term Cybersecurity
UC Berkeley Executive Education
🙏✌🏼😇❤️
The five-technical core knowledge units are
Basic Scripting and Programming (BSP)
Basic Networking (BNW)
Network Defense (NDF)
Basic Cryptography (BCY)
Operating Systems Concepts (OSC)
The five non-technical core knowledge units are:
Cyber Threats (CTH)
Policy, Legal, Ethics and Compliance (PLE)
Security Program Management (SPM)
Security Risk Analysis (SRA)
Cybersecurity Planning and Management (CPM)
-Business Secure Continuity-
2024.02.13
——————————————————
#berkeley #education #cybersecurityskills
#BusinessSecureContinuity
https://www.linkedin.com/posts/diyako-secure-bow_interdisciplinary-cybersecurity-education-activity-7163026536483176449-xlrN?utm_source=share&utm_medium=member_ios