16245
@cissp International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course - - - - - - - - - - +also group: https://t.me/cisspgroup ————————— @alirezaghahrood
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
Red Canary Threat Detection Report:
Techniques, Trends, & Takeaways 2024.
Special Thanks❤️😇👍🏽🙏
Red Canary
-Secure Business Continuity-
2024.10.15
——————————————————
#SecurityReport #attackchain #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_redcanary-tdr-2024-activity-7251802308009762816-nEMy?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
SCADA Security
SANS 2024 State of ICS/OT Cybersecurity October 2024.
Special Thanks❤️😇👍🏽🙏
SANS Institute
SANS ICS
-Secure Business Continuity-
2024.10.10
——————————————————
#SCADA #ICS #OT #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ics-ot-cybersecurity-2024-activity-7250123124417957888-d0bC?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Threat Research
DRAY BREAK
Breaking Into DrayTek Routers Before Threat Actors Do It Again 2024.
Special Thanks❤️😇👍🏽🙏
Forescout Technologies Inc.
-Secure Business Continuity-
2024.10.06
——————————————————
#Threat #Router #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_drag-break-2024-activity-7248592527765757952-ehmp?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Whitepaper
Blue Team Techniques
Detecting and mitigating Active Directory compromises 2024:
Introduction
This guidance – authored by the Australian Signals Directorate (ASD), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) – aims to inform organisations about 17 common techniques used to target Active Directory as observed by the authoring agencies. This guidance provides an overview of each technique and how it can be leveraged by malicious actors, as well as recommended strategies to mitigate these techniques. By implementing the recommendations in this guidance, organisations can significantly improve their Active Directory security, and therefore their overall network security, to prevent intrusions by malicious actors.
Microsoft’s Active Directory is the most widely used authentication and authorisation solution in enterprise
information technology (IT) networks globally. Active Directory provides multiple services, including Active Directory Domain Services (AD DS), Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS). These services provide multiple authentication options, including smart card logon, as well as single sign-on with on-premises and cloud-based services.
Active Directory’s pivotal role in authentication and authorisation makes it a valuable target for malicious actors. It is routinely targeted as part of malicious activity on enterprise IT networks. Active Directory is susceptible to compromise due to its permissive default settings, its complex relationships, and permissions; support for legacy protocols and a lack of tooling for diagnosing Active Directory security issues. These issues are commonly exploited by malicious actors to compromise Active Directory.
Special Thanks❤️😇👍🏽🙏
Australian Signals Directorate
@australian cyber security center
Cybersecurity and Infrastructure Security Agency
@canadian centre for cyber security
National Security Agency
National Cyber Security Centre
-Secure Business Continuity-
2024.09.27
——————————————————
#CISA #NIST #MicrosoftSecurity #CyberSecurity #AD
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_ciso-as-a-service-activity-7245519345785688065-ofwH?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Security Operation Center (SOC) is a centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents.
A SOC acts like the hub or central command post, taking in telemetry from across an organization's IT infrastructure, including its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how they will be managed and acted upon.
10 key functions performed by the SOC:
1. Take Stock of Available Resources
How The SOC Protects
The SOC should also have a complete understanding of all cybersecurity tools on hand and all workflows in use within the SOC. This increases agility and allows the SOC to run at peak efficiency
2. Preparation and Preventative Maintenance
Preparation
Preventative Maintenance
3. Continuous Proactive Monitoring
4. Alert Ranking and Management
5. Threat Response
These are the actions most people think of when they think of the SOC. As soon as an incident is confirmed, the SOC acts as first responder, performing actions like shutting down or isolating endpoints, terminating harmful processes (or preventing them from executing), deleting files, and more. The goal is to respond to the extent necessary while having as small an impact on business continuity as possible.
6. Recovery and Remediation
7. Log Management
8. Root Cause Investigation
9. Security Refinement and Improvement
Cybercriminals are constantly refining their tools and tactics—and in order to stay ahead of them, the SOC needs to implement improvements on a continuous basis. During this step, the plans outlined in the Security Road Map come to life, but this refinement can also include hands-on practices such as red-teaming and purple-teaming.
10. Compliance Management
Many of the SOC’s processes are guided by established best practices, but some are governed by compliance requirements. The SOC is responsible for regularly auditing their systems to ensure compliance with such regulations, which may be issued by their organization, by their industry, or by governing bodies. Examples of these regulations include GDPR, HIPAA, and PCI DSS. Acting in accordance with these regulations not only helps safeguard the sensitive data that the company has been entrusted with—it can also shield the organization from reputational damage and legal challenges resulting from a breach.
Special Thanks❤️😇👍🏽🙏
Trellix
-Secure Business Continuity-
2024.09.25
——————————————————
#CyberSecurity #SOC #CSIRT #ASM #TTP #IR #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-cybersecurity-soc-activity-7244670207393157120-Wv21?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
The Importance of Industrial Cybersecurity
As enterprises invest heavily in digital transformation, industrial cybersecurity will increasingly serve as a critical enabler for safely and securely advancing business goals through technological innovation.
Advancing connectivity and digitalization of operational technology (OT) provides significant benefits to the business, including:
• increased automation,
• improved process efficiency,
• better asset utilization, and
• enhanced telemetry of machinery for business forecasting and equipment maintainability.
But when the cyber risks of this connectivity aren’t addressed in tandem with innovation, the benefits can be diminished by heightened impact from security incidents.
The previous year offered up dramatic examples of the types of critical infrastructure risks that are exacerbated by the absence of effective OT cybersecurity preparation. The industrial world has seen electric power plants at risk from vulnerable information technology (IT) remote administration tools, and disruptive cyber attacks against water treatment facilities and natural gas pipelines.
This is a pivotal time for boards of directors and their executive teams— led by guidance from CISOs and risk executives—to start aligning appropriate risk management with operational innovation
Special Thanks❤️😇👍🏽🙏
-Secure Business Continuity-
2024.09.21
——————————————————
#CyberSecurity #IIOT #OT #ICS
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_industrial-cybersecurity-4-ce0ciso-activity-7243155703085838336-IK90?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
🔐 Introducing Diyako Secure Bow:
At DSB Co, we provide specialized and advanced cybersecurity services, helping businesses protect themselves against emerging and complex cyber threats.
💡Our Main Service:
VCISO (CISO as a Service)
DSB Co is a leader in cybersecurity, offering
VCISO (Chief Information Security Officer as a Service).This service provides organizations with an efficient solution to manage and optimize their cybersecurity strategies without the need to hire a full-time CISO.
🔧 VCISO Sub-services:
1. Cybersecurity Strategy Development and Implementation: We design and implement tailored cybersecurity strategies to meet the unique needs of your organization.
2. Risk Assessment and Management: Identifying and assessing security risks, and offering solutions to mitigate these threats.
3. Continuous Cybersecurity Monitoring and Improvement: Ongoing monitoring of activities and systems to ensure security measures are updated and optimized.
4. Employee Training and Awareness: Providing cybersecurity training to staff to reduce human-related risks.
5. Consulting on Security Technology Selection and Implementation: Guidance and support in selecting and implementing the best security tools.
🌐 Why Diyako Secure Bow
With our team of experienced professionals and consultants, we guarantee the highest level of information security and provide practical, effective solutions for managing your organization's cybersecurity.
+😇With nearly two decades of experience, a team of professionals holding internationally recognized certifications, and proven expertise in enterprise-level projects🙏❤️
-Secure Business Continuity-
2024.09.15
——————————————————
#vCISO #CISO #CyberSecurity #InformationSecurity
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyako-secure-bow-en-resume-activity-7240967137840840704-In_X?utm_source=share&utm_medium=member_ios
Research
Unveiling Mac Security:
A Comprehensive Exploration of Sandboxing and AppData TCC 2024.
https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.09.09
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Why national cybersecurity authorities would request the information in the
proposed Cyber Incident Reporting Form:
In defining which entities should be covered by a reporting mandate, NCAs may wish to consider a variety of factors. Whether an entity is part of critical infrastructure, as defined by national cybersecurity strategies or other foundational policy documents, should be a primary area of consideration. Additionally, NCAs should consider the size of the entity and their ability
to access and implement cybersecurity best practices. Determination of the scope of reporting mandates should be done in consultation with relevant industry leaders and sector-specific government regulators; governments may also benefit from broad public consultation to best scope the mandate. Governments should also send clear signals that they welcome voluntary
reporting from non-covered entities and indicate how to make such voluntary reports.
Consistent with this approach, we offer one possible definition of a covered entity: A covered entity is an entity that owns or operates an information technology (IT), operational technology (OT), other digital system, or social media account in one or more of the critical sectors defined by the published national cybersecurity strategy and has:
● “More than 50 employees,
● More than 1,000 customers, or
● Revenues greater than a nationally relevant threshold.
Beyond the definition, ensuring that every organization knows whether or not it is a covered entity is a challenge. National cybersecurity authorities, ideally in collaboration with sector-specific government entities, should implement broad awareness campaigns among business leaders and relevant trade councils to inform as many organizations as possible about their reporting obligations. Further, some organizations may ask the government to provide them with guidance about whether they are a covered entity, so NCAs should be prepared to handle such inquiries.
Special Thanks❤️😇👍🏽🙏
Cyber Threat Alliance
Institute for Security and Technology (IST)
Chainalysis
@Ciphertrace
CREST
CYBERA
Cybercrime Support Network
CyberPeace Institute
-Secure Business Continuity-
2024.08.31
——————————————————
#NSA #CISA #SANS #Incident
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cyber-incident-reporting-activity-7235575598163648512-PlbE?utm_source=share&utm_medium=member_ios
Techbook
Sec code review
Clean Code Fundamentals:
Hands-on Guide to Understand the Fundamentals of Software Craftsmanship and Clean Code in Java 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.08.26
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Red Team Tactics
Windows API for Red Team 2024.
Special Thanks❤️😇👍🏽🙏
Joas A Santos
-Secure Business Continuity-
2024.08.20
——————————————————
#CyberSecurity #APISecurity #WAF #Fortinet
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_api-protection-2024-activity-7231495563672748033-lrDV?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Cyber Criminals and attackers have become so creative in their crime type that they have started finding methods to hide data in the volatile memory of the systems. Today, in this article we are going to have a greater understanding of live memory acquisition and its forensic analysis. Live Memory acquisition is a method that is used to collect data when the system is found in an active state at the scene of the crime.Memory forensics is a division of digital forensics that generally emphasizes extracting artefacts from the volatile memory of a system that was compromised. This domain is speedily spreading in cybercrime investigations. The main reason for this is that certain artefacts are extracted from system memory only and cannot be found anywhere else. Analysing memory after capturing the ram is extremely important when it comes to collecting information on ports that were in use, the number of processes running, and the path of
certain executables on the system while carrying out the investigation.
The VolatilityFramework is one such memory analysis tool that works on command-line on Windows and Linux systems.Volatility Workbench is a GUI version of one of the same tool Volatility for analysing the artefacts from a memory dump. It is available free of cost, open-source, and runs on the Windows Operating sys.
Special Thanks❤️😇👍🏽🙏
IgniteTech Infotech
IgniteTech
@hackingarticles
-Secure Business Continuity-
2024.08.09
——————————————————
#CyberSecurity #Dumlp #Forensic #CHFI
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_memory-forensic-2024-activity-7227645320313110529-sGoK?utm_source=share&utm_medium=member_ios
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.08.02
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
2024 Dependency Management Report.
Special Thanks❤️😇👍🏽🙏
Endor Labs
-Secure Business Continuity-
2024.10.15
——————————————————
#CWE #Vulnerability #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_dependency-report-2024-activity-7251800101097021440-luKK?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Infographics DevOps , AppSec
DevSecOps Reference Architecture 2024.
Special Thanks❤️😇👍🏽🙏
-Secure Business Continuity-
2024.10.10
——————————————————
#SecDevOps #Appsec #DevSecOps #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_devsecops-2024-arch-activity-7249904836211597312-4FWd?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
IoT Security
The EMB3D Threat Model for Embedded Devices Sept. 2024.
https://emb3d.mitre.org
Special Thanks❤️😇👍🏽🙏
MITRE
-Secure Business Continuity-
2024.10.06
——————————————————
#Mitre #Attack #CyberSecurity #vCISO
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_mitre-map-2024-activity-7248588598533378048--f1f?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Human Risk Management (HRM):
In the evolving landscape of cybersecurity, traditional defenses like firewalls, encryption, and intrusion detection systems are no longer sufficient on their own. As cyber threats grow more sophisticated, attackers increasingly exploit the weakest link: human behavior. This has given rise to a new paradigm in cybersecurity—Human Risk Management (HRM).
HRM focuses on managing and mitigating risks that stem from human actions, whether intentional or accidental. Unlike traditional security approaches that primarily focus on technical controls, HRM recognizes that employees, partners, and even customers can be exploited through phishing attacks, social engineering, or simple human error. With cybercriminals often targeting individuals rather than systems, understanding and addressing the human factor has become essential.
Key Components of HRM
Security Awareness Training: The cornerstone of HRM is continuous education. Employees need to be trained not just once but regularly, ensuring they understand the latest threats and how to respond appropriately.
Behavioral Analytics: HRM uses tools to analyze user behavior, identifying potential risks such as unusual access patterns, abnormal downloads, or inconsistent login times that could indicate compromised accounts.
Cultural Change: Cybersecurity isn't just an IT issue; it's a company-wide concern. HRM promotes a culture of security where every employee is vigilant and understands their role in protecting the organization.
Incident Response and Reporting: Encouraging a quick and transparent reporting culture is key. Employees need to feel safe reporting suspicious activities or mistakes, allowing the organization to respond swiftly before threats escalate.
Tailored Policies: Different roles within an organization carry different levels of risk. HRM customizes security policies to reflect the unique vulnerabilities associated with each role, ensuring a more targeted approach to risk mitigation.
Why HRM Matters
The rise of remote work, cloud computing, and increasingly sophisticated phishing tactics has made human risk a critical focus for organizations. HRM helps bridge the gap between technology and human behavior, creating a more holistic and resilient defense strategy.
By treating humans as a core component of the cybersecurity ecosystem—rather than the weakest link—HRM represents the new frontier in building a robust and adaptive defense against modern cyber threats. Organizations that implement HRM not only improve their security posture but also foster a proactive and security-conscious workforce, reducing the likelihood of breaches and data loss.
Special Thanks❤️😇👍🏽🙏
Infosec
Keatron Evans
-Secure Business Continuity-
2024.09.26
——————————————————
#SecurityAwareness #Phishing #SE #simulation #BCP #Risk
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-securityawareness-phishing-activity-7245020235555127296-NzqS?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
A Guide to Building a Secure SDLC
Which Scanning Tools Should I look at,and where do they go?
Special Thanks❤️😇👍🏽🙏
@Matt Brown
-Secure Business Continuity-
2024.09.21
——————————————————
#CyberSecurity #ApplicationSecurity #SDLC #RASP
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_guide-4-secure-sdlc-activity-7243162284502507520-YsJz?utm_source=share&utm_medium=member_ios
𝗙𝗿𝗲𝗲 𝗦𝗜𝗘𝗠 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 𝟮𝟬𝟮𝟰
General
📎Windows Logging Basics:
https://lnkd.in/grKYFQzJ
📎Jose Bravo - What is a SIEM? (5 Vídeos):
https://lnkd.in/gc2UDpeD
📎PowerSIEM Analyzing Sysmon Events with PowerShell:
https://lnkd.in/g_8Eq8vm
QRadar
https://lnkd.in/gd7V_4pe
📎QRadar 101:
https://lnkd.in/esbz2RjK
📎QRadar SIEM Foundation:
https://lnkd.in/es8NAdAw
📎Ariel Query Language Guide: https://lnkd.in/eAMKy25q
Splunk
📎Course Catalog :
https://lnkd.in/ekm6RekE
📎Basic Searching:
https://lnkd.in/gygnTMfD
📎Practical Splunk - Zero to Hero : https://lnkd.in/ePF_3PWj
📎Splunk Use Cases:
https://lnkd.in/eJ4CTNV2
📎Exploring Splunk:
https://lnkd.in/e8gVvMuu
Microsoft Sentinel
📎What is Microsoft Sentinel: https://lnkd.in/gdB7dAdU
📎Microsoft Sentinel Level 400 training :
https://lnkd.in/ezDkpWmx
📎SOC 101:
https://lnkd.in/evnF6kNm
FortiSIEM:
https://lnkd.in/e5TvYZYt
AlienVault OSSIM
📎Cybrary - AlienVault OSSIM: https://lnkd.in/gRZAansT
Elastic - SIEM
📎Fundamentals:
https://lnkd.in/gYNYs9vS
ArcSight
📎Paul Brettle - What is Series: https://lnkd.in/gh5ruPZt
📎Paul Brettle - ArcSight ESM 101: https://lnkd.in/gS33AJdk
📎ArcSight Tutorial:
https://lnkd.in/guEydy_U
M SureLogSIEM Training
📎Training (English):
https://lnkd.in/eAnAYDWJ
📎Training PDF:
https://lnkd.in/eXYFmqqV
📎User Guide PDF:
https://lnkd.in/e4HqkexW
LogSign
📎Training:
https://lnkd.in/eXnjymv6
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.09.20
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Whitepaper
Malware analysis
The EV Code Signature Market for eCrime 2024.
The EV Code Signature Market for eCrime:
• Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity.
• This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate certificates.
• The cybercrime market for EV certificates offers a wide range of services, including various certificate authorities and delivery methods.
• To obtain code signing certificates, resellers can register new companies, impersonate existing ones, or acquire then through theft.
Introduction
Code signing is a technology that allows software developers to attach a digital signature to their programs, proving that the code is authentic and has not been tampered with. Malicious actors exploit code signing to bypass security measures, gain administrative privileges, and enhance user trust by using legitimate-seeming certificates.
The cybercrime market for code signing certificates mainly focuses on EV certificates, with prices ranging from $2000 to $6000. The resellers can either register a new company or impersonate an existing company to get a valid certificate from a certificate authority.
Malware campaigns, such as QakBot and Grandoreiro, have used valid EV code signing certificates obtained through company impersonation or exploiting closed companies. Code signing certificates can also be obtained through theft, as seen in incidents like the theft of NVIDIA's code signing certificates by the Lapsus$ extortion group in early 2022.
Special Thanks❤️😇👍🏽🙏
Intrinsec
-Secure Business Continuity-
2024.09.17
——————————————————
#CyberSecurity #ThreatIntelligence
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cyber-threat-intelligence-2024-activity-7241890551652925441-8nGV?utm_source=share&utm_medium=member_ios
Tech book
Ethical Password Cracking:
Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.09.09
Tech book
API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.09.01
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
CyberSentry Program:
(Mission Need)
Successful cyberattacks on our nation’s critical infrastructure can have severe consequences for our power and water supply, our bank accounts, our medical care, and other important National Critical Functions (NCFs) that underpin our national security, public safety, and economic prosperity. These kinds of attacks are becoming more common and more dangerous.
Many organizations have deployed advanced cybersecurity capabilities to safeguard their enterprises against cyber threats. More can be done to help protect the nation’s most critical infrastructure from malicious activity, including threats originating from advanced cyber actors and highly sophisticated criminal organizations that could result in severe impacts to NCFs and, by extension, everyone in the United States.Through the CyberSentry program, CISA supports national efforts to defend U.S. critical infrastructure networks, thus protecting American interests, American people, and the American way of life.
National Terrorism Advisory System
The National Terrorism Advisory System (NTAS) is designed to communicate information about terrorist threats by providing timely, detailed information to the American public. All Americans share responsibility for the nation's security, and should always be aware of the heightened risk of terrorist attack in the United States and what they should do. contains current NTAS advisories (both Alerts and Bulletins), archived copies of expired advisories, and additional information on the NTAS system.DHS replaced the color-coded alerts of the Homeland Security Advisory System (HSAS) with the National Terrorism Advisory System (NTAS) in 2011.
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
Cybersecurity and Infrastructure Security Agency
-Secure Business Continuity-
2024.08.26
——————————————————
#CISA #DOD #DHS #CyberSecurity #Vulnerability #NIST
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_cybersentry-program-2024-activity-7233794950046392320-qpw4?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
OT Security:
Operational technology (OT) is the hardware and software that monitors and controls devices, processes, and infrastructure, and is used in industrial settings.
However, as OT itself becomes increasingly connected and hosts numerous critical physical processes, it becomes a tempting target for threat actors. Processes and systems can be hacked, and threats jeopardize data integrity and potentially endanger the safety and continuity of industrial operations
OT systems control and monitor physical equipment and processes in industries like manufacturing and energy. They focus on real-time management to ensure efficiency and safety. IT systems, on the other hand, are designed to collect, process, and store data, assisting in business decision-making and communication.
Special Thanks❤️😇👍🏽🙏
CISA Alumni Group
Cybersecurity and Infrastructure Security Agency
-Secure Business Continuity-
2024.08.24
——————————————————
#OTSecurity #OT #Operationaltechnology #Energy #NetworkSecurityDesign
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-otsecurity-ot-activity-7233115193294168064-xmVb?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Analytics
A Visual Exploration of Exploitation in the Wild 2024.
Special Thanks❤️😇👍🏽🙏
Cyentia Institute
Tenable
-Secure Business Continuity-
2024.08.19
——————————————————
#CyberSecurity #EXPLOITATION #ACKNOWLEDGMENTS #TENABLE
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_epss-exploits-2024-activity-7231188866605473792-9QgR?utm_source=share&utm_medium=member_ios
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Threat Research
ERIAKOS Scam Website Campaign: Screens Victims Based on Mobile and Ad Access, Likely to Evade Detection 2024.
Special Thanks❤️😇👍🏽🙏
Recorded Future
-Secure Business Continuity-
2024.08.02
——————————————————
#CyberSecurity #Attack #Phishing #Scam
#SecureBusinessContinuity
https://www.linkedin.com/posts/diyako-secure-bow_threat-research2024-activity-7225082593606549504-VO5K?utm_source=share&utm_medium=member_ios
Tech book
Mobile Security
Malware analysis
The Android Malware Handbook:
Detection and Analysis by Human and Machine 2024.
-Cyber Security awareness-
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
2024.08.02
#DiyakoSecureBow
————————————
CISO as A Service (vCISO)
Hardware Security
PKfail Research Report 2024.
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
Special Thanks❤️😇👍🏽🙏
BINARLY
👇🏻
/channel/CISOasaService/15270
-Secure Business Continuity-
2024.07.30
——————————————————
#CyberSecurity #Hardware #CVE
#SecureBusinessContinuity