Author

Korede Ola

Browsing

As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches.

Here are concise blue team documentation containing tools, techniques, cheat sheets, and other resources to assist those defending organizations and detecting adversaries.

The Concise Blue Team cheat Sheets

For businesses that want to run lean, using free and open source tools can be a strategic advantage. But choosing the right tools is essential.

To help you choose tools that are up to the task, we put together a guide highlighting the best free and open source security tools on the market.

In the guide, we cover tools in these categories:

  • Network security monitoring
  • Host security
  • Log collection and aggregation
  • App security
  • SIEMs and event consoles
  • Malware analysis
  • Threat intel

[embeddoc url=”https://itblogr.com/wp-content/uploads/2020/04/Building-a-powerful-cybesecurity-arsenal.pdf” viewer=”google”]

Covid-19 cases and cyberattacks following a similar curve – Thales

The study by Thales’s Cyber Threat Intelligence team shows that the pattern of malicious cyber activity matches the worldwide spread of Covid-19, with major attacks reported first in Asia, then in Central, Eastern and Western Europe.

In the midst of an unprecedented global health crisis, malicious actors are taking advantage of the situation to attack the information systems of companies, organizations, and individuals.

Hackers are using the pandemic as an opportunity to carry out targeted cyberattacks. Some of the new Android apps that track the propagation of the virus, for example, are infected with malware such as Trojan horses or ransomware.

There has also been an exponential increase in fraudulent or abusive activities online:

  • Large numbers of domain names related to Covid-19 have been registered in recent weeks, more than 50% of which are thought to be part of “lure and decoy” operations.
  • Large-scale spam campaigns using Covid-19 as a handle are attempting to spread ransomware, steal data or install banking malware.
  • E-mail phishing campaigns are trying to get users to connect to fraudulent web pages offering downloads of comprised documents about Covid-19.
  • Other e-mail campaigns are asking users to transfer money to sites claiming to be collecting charitable donations or to fake e-commerce sites offering personal protective equipment, for example. Initially, these attacks of opportunity were being carried out by cybercriminals, but a growing number of state-sponsored groups are now using the subject of Covid-19 to conduct various types of espionage.

Working from home: bigger risks for companies and organizations

The urgent introduction of large-scale teleworking or telecommuting is increasing cyber risks, not least because cyber attackers often try to comprise an organization’s information system by exploiting the following vulnerabilities:

  • The use of personal devices for professional purposes (Shadow IT): employees working at home might use equipment or solutions that have not been approved by the company’s IT security specialists and are not under their control. This equipment can be a point of entry to critical data or the enterprise information system.
  • Unauthorised installation of applications, software or tools that could be a security risk.
  • Use of data storage solutions that offer inadequate security or have been deployed too quickly.

To help meet the IT security requirements of companies, organisations and their employees, Thales is now offering free access to two remote collaboration solutions — the Citadel professional chat and call app and the Cryptobox secure telework solutions — both of which are already widely used by French government agencies and major enterprise customers.

The remote connection to corporate applications and cloud services can also be at risk, especially when employee are working remotely. To help them connect securely, Thales also offers its SafeNet Trusted Access solution.

Risks are significantly higher than usual in these difficult times, so it’s more important than ever to protect your data, your networks and your information systems to avoid creating a cyber-crisis in addition to the health crisis we are already facing.

[embeddoc url=”https://itblogr.com/wp-content/uploads/2020/03/COVID-19-Cyber-Threat-Assesment.pdf” viewer=”google”]

Source: Thales

The software development landscape changes constantly. New areas of specialization, technologies, and methodologies pop into existence every few months, forged by the relentless innovation of the software industry. With it, terms to describe specialized types of developers become part of the unofficial industry lingo and show up in job ads and corporate titles.

Before the existence of the internet, many of these specializations didn’t exist. The worldwide web has shifted most aspects of our lives, including revolutionizing the career paths of software engineers.

There isn’t an official industry glossary of terms. Understanding the skills that each type of developer needs to have is confusing to newcomers, and can be intimidating to non-technical people.

The cheat sheet below highlights the 3 major It Developer categories

Other tiers similar to frontend, backend and full-stack developer include Middle-Tier Developer,   which is a developer who writes non-UI code that runs in a browser and often talking to non-core code running on a server. In general, middle tier is the “plumbing” of a system. The term middle-tier developer is used to describe someone who is not specialized in the front-end or the back-end but can do a bit of both, without being a full stack developer. Only rarely engineers have this as a title, as it is more of a description of a skill set than a career path.

 

With the coronavirus constantly in the news, more businesses than ever are considering the viable option of  telework as opposed to traditional onsite work for their company and employees. The new cyber threats and data breaches constantly reported indicates that business owners have to ask themselves the question: How do I maintain my cybersecurity when my employees work remotely?

Whether you have one employee working on a mobile device while on a business trip or your entire staff telecommuting from home, your cybersecurity shouldn’t be sacrificed for convenience. By understanding your options and working with quality IT services providers, you can safely navigate the cyber world and keep your business protected.

Cyber Security and Telework

Maintaining your cybersecurity while allowing your employees to work remotely can be a challenge, but it can be accomplished with minimal risk if you plan ahead and choose the right options for your business. If you don’t expect someone to infiltrate your network, you won’t be protected when someone tries. Always prepare for the worst-case scenario.

The report below states the constants that incorporate and facilitate the ability to work from home for security professionals

[embeddoc url=”https://itblogr.com/wp-content/uploads/2020/03/Work-From-Home-Handbook-for-Security-Professionals.pdf” viewer=”google”]

Following the responses of nations to the Coronavirus pandemic and in line with precautionary measures instituted by world health bodies, the solution to mitigate the spread of the Covid-19 viruses at offices gets tense by the day.

Important alterations to take note of specifically in the cybersecurity space include:

  • All the interview sessions will be conducted via Skype, video call or tele-conversation.
  • Most employees will work from home
  • Generally, projects that can be completed virtually are prioritized that projects requiring physical presence

As of today, 93% of interviews have to be adjusted to suit virtual environments, including Skye. Preparing for a Skype interview due to Covid-19? remember these steps:

1. Test your audio and camera prior to the interview session.

2. Elevate your laptop to avoid staring down into the camera and creating an “angle of depression”.

3. Dress professionally like you would on a face-to-face interview

4. Position yourself at a table, against a plain, neutral non-busy background.

5. Check the lighting in the room and avoid flares or distractive reflections.

6. Close all other applications on your laptop.

7. Silence your cell phone, and disable vibration.

8. Have a copy of your resume at hand.

9. Attach post-its around the laptop screen with prompts + questions you wish to ask the interviewer.

10. Exclude kids, pets, etc from the room for the duration of the interview.

11. Have a pen and paper at hand. 12. Have a glass of water next to you.

13. Have the phone number of the interviewer in case the video connection is lost.

14. Smile and always have at least one question

In 2015, the United States Congress passed the cybersecurity Act of 2015 (CSA), and within this
legislation is Section 405(d): Aligning Health Care Industry Security Approaches. As an approach to this
requirement, in 2017 HHS convened the 405(d) Task Group leveraging the Healthcare and Public Health
(HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. The Task Group is
comprised of a diverse set of over 150 members representing many areas and roles, including
cybersecurity, privacy, healthcare practitioners, Health IT organizations, and other subject matter
experts.
The Task Group’s charge was to develop a document that is available to everyone at no cost and
includes a common set of voluntary, consensus-based, and industry-led guidelines, practices,
methodologies, procedures, and processes that serve as a resource to meet three core goals to:
1. Cost-effectively reduce cybersecurity risks for a range of health care organizations;
2. Support voluntary adoption and implementation; and
3. Ensure on an ongoing basis that content is actionable, practical, and relevant to healthcare
stakeholders of every size and resource level.
Progress || The Task Group assembled in May 2017 and since then, many achievements have been
made with this effort. The table highlights current accomplishments made by those involved.

The report below elaborates the current health industry cybersecurity best practices.

[embeddoc url=”https://itblogr.com/wp-content/uploads/2020/03/Health-industry-Cybersecurity-Practices.pdf” download=”all” viewer=”google”]

 

Until recently, end-to-end encryption (E2EE) was the sole domain of the tech savvy because of the complicated operations required to use it. However, recent technological advances have made end-to-end encryption much easier to use and more accessible. In this article, we will explain what is end-to-end encryption and what advantages it offers over regular encryption.

What is end-to-end encryption (E2EE)?

When you use E2EE to send an email or a message to someone, no one monitoring the network can see the content of your message — not hackers, not the government, and not even the company (e.g., ProtonMail) that facilitates your communication.

This differs from the encryption that most companies already use, which only protects the data in transit between your device and the company’s servers. For example, when you send and receive an email using a service that does not provide E2EE, such as Gmail or Hotmail, the company can access the content of your messages because they also hold the encryption keys. E2EE eliminates this possibility because the service provider does not actually possess the decryption key. Because of this, E2EE is much stronger than standard encryption.

How does end-to-end encryption work?

To understand how E2EE works, it helps to look at a diagram. In the example below, Bob wants to say hello to Alice in private. Alice has a public key and a private key, which are two mathematically related encryption keys. The public key can be shared with anyone, but only Alice has the private key.

First, Bob uses Alice’s public key to encrypt the message, turning “Hello Alice” into something called ciphertext — scrambled, seemingly random characters.

Bob sends this encrypted message over the public internet. Along the way, it may pass through multiple servers, including those belonging to the email service they’re using and to their internet service providers. Although those companies may try to read the message (or even share them with third parties), it is impossible for them to convert the ciphertext back into readable plaintext. Only Alice can do that with her private key when it lands in her inbox, as Alice is the only person that has access to her private key. When Alice wants to reply, she simply repeats the process, encrypting her message to Bob using Bob’s public key.

Advantages of end-to-end encryption services

There are several advantages of E2EE over the standard encryption that most services utilize:

  • It keeps your data safe from hacks. E2EE means fewer parties have access to your unencrypted data. Even if hackers compromise the servers where your data is stored (e.g., the Yahoo mail hack), they cannot decrypt your data because they do not possess the decryption keys.
  • It keeps your data private. If you use Gmail, Google can know every intimate detail you put in your emails, and it can save your emails even if you delete them. E2EE gives you control over who reads your messages.
  • It’s good for democracy. Everyone has the right to privacy. E2EE protects free speech and shields persecuted activists, dissidents, and journalists from intimidation.

end-to-end encryption

End-to-end encryption is the most secure way to communicate privately and securely online. By encrypting messages at both ends of a conversation, end-to-end encryption prevents anyone in the middle from reading private communications.

Source: Proton mail

At first glance, February appears to be a big improvement cyber security-wise compared to the start of the year. The 632,595,960 breached records accounts for about a third of January’s total, and is considerably lower than the figures for this time last year.

Unfortunately, the number of breached records doesn’t tell the full story, as there were a whopping 105 incidents – making February 2020 the second leakiest month we’ve ever recorded.

You can find detailed breakdowns of some of the more notable incidents by subscribing to our Round-ups or by visiting our cheatsheet page where we have a dedicated variety of handy cybersecurity cheatsheets.

Cyber attacks

Ransomware

Data breaches

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance

The new decade has begun relatively well, with a six-month low of only 61 disclosed cybersecurity incidents.

By comparison, 2019 saw an average of almost 80 data breaches and cyber attacks per month.

It’s not all good news, though. Several major incidents occurred in January, boosting the total number of breached records to a substantial 1,505,372,820.

That includes several worrying incidents involving UK organizations – which are highlighted in bold.

You can find detailed breakdowns of some of the more notable incidents by subscribing to our Round-ups or by visiting our cheatsheet page where we have a dedicated variety of handy cybersecurity cheatsheets.

In the meantime, you can check out the full list here:

Cyber attacks

Ransomware

Data breaches

 

Financial information

Malicious insiders and miscellaneous incidents

In other news…

Source: IT Governance