Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

How does Red Teaming differ from a Penetration Test?

Jan 14, 2020 By JUMPSEC In JUMPSEC
JUMPSEC Jargon Buster - Nikoo explains how Red Teaming differs from a Penetration Test. There are a number of ways that a red teaming exercise differentiate from a pen test. Firstly, the scope of standard penetration test is usually clearly defined with the goal to identify as many vulnerabilities as possible and attempt to exploit them on the stated targets during the engagement.
View Video
alienvault

How to identify phishing emails and what to do

Jan 13, 2020 By Jason Nelson In AT&T Cybersecurity

Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message: “Old friends post embarrassing pictures of Jason Nelson online; click here to see.” Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way.

Read Post
upguard

What are the CIS Controls for Effective Cyber Defense?

Jan 13, 2020 By Abi Tyas Tunggal In UpGuard

The CIS Critical Security Controls are a prioritized set of actions for cybersecurity that form a defense-in-depth set of specific and actionable best practices to mitigate the most common cyber attacks. A principle benefit of the CIS Controls are that they prioritize and focus on a small number of actions that greatly reduce cybersecurity risk.

Read Post

RDS: Do Not Allow COM Port Redirection- The Policy Expert

Jan 13, 2020 By CalCom In CalCom
Do Not Allow COM Port Redirection will determine whether the redirection of data to client COM ports from the remote computer will be allowed in the RDS session. By default, RDS allows COM port redirection. It can be used, for example, to use a USB dongle in an RDS session.
View Video
tripwire

Developing a Data Protection Compliance Program - Verizon's 9-5-4 Model

Jan 13, 2020 By Anthony Israel-Davis In Tripwire

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization can measure and improve its data protection program. It also details ways in which a company can measure the maturity of the program.

Read Post
elastic

Embracing offensive tooling: Building detections against Koadic using EQL

Jan 13, 2020 By Daniel Stepanic In Elastic

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).

Read Post
armo

The Migration Path to Microservices & Security Considerations, Of Course

Jan 13, 2020 By Cyber Armor In ARMO

While the move to microservices-based architecture is relatively new, it is already mainstream. A majority of companies are choosing it as their default architecture for new development,and you are not cool if you are not using microservices. With regards to migrating legacy apps and breaking them down to microservices, companies are showing more conservatism, and rightly so.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.