Malicious actors are using the outbreak of the Wuhan novel coronavirus, or 2019-nCoV, as an opportunity to launch emailed-based cyber attacks, according to security specialist Proofpoint.
https://www.healthcareitnews.com/news/coronavirus-outbreak-used-hackers-spread-malware
https://www.healthcareitnews.com/news/coronavirus-outbreak-used-hackers-spread-malware
Healthcare IT News
Coronavirus outbreak used by hackers to spread malware
One sophisticated attack method takes advantage of the trusted World Health Organization name to distribute an attachment that will install the AgentTesla Keylogger.
VirusBay is a web-based, collaboration platform that connects security operations center (SOC) professionals with relevant malware researchers.
VirusBay is designed to help organizations effectively respond to and recover from an IT security incident when it is not possible for an external expert to visit their facility.
IOCs
VirusBay enables an affected enterprise to collaborate with malware researchers on Indicators of Compromise and the creation of an incident report, among other things. In return, the researcher gains access to malware samples for analysis to improve detection for all.
The ultimate goal of VirusBay is to build a community of expertise and data sharing.
https://beta.virusbay.io/
The project platform is ready for beta-sharing and is currently being presented to the research community for feedback and expressions of interest.
VirusBay is designed to help organizations effectively respond to and recover from an IT security incident when it is not possible for an external expert to visit their facility.
IOCs
VirusBay enables an affected enterprise to collaborate with malware researchers on Indicators of Compromise and the creation of an incident report, among other things. In return, the researcher gains access to malware samples for analysis to improve detection for all.
The ultimate goal of VirusBay is to build a community of expertise and data sharing.
https://beta.virusbay.io/
The project platform is ready for beta-sharing and is currently being presented to the research community for feedback and expressions of interest.
Forwarded from cissp (Alireza Ghahrood)
https://t.me/cissp
International channel for Transmission Knowledge In the field of Cyber Security with a Focus on the Content of the CISSP-ISC2 course
+also group:
@cisspgroup
International channel for Transmission Knowledge In the field of Cyber Security with a Focus on the Content of the CISSP-ISC2 course
+also group:
@cisspgroup
Telegram
cissp
@cissp
International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course
- - - - - - - - - -
+also group: https://t.me/cisspgroup
—————————
@alirezaghahrood
International channel 4 Transmission Knowledge In the Field of Cyber Security with a Focus on the Content of the CISSP-ISC2 Course
- - - - - - - - - -
+also group: https://t.me/cisspgroup
—————————
@alirezaghahrood
soc
Bug bounty
Hunting
data anayltics
SANS
Cert
Cyber security
elearn
ceh
ecsa
Programming
Forensic
Pentest
windows os
And els
and many. more the link expires on March 15
Download :
https://mega.nz/#F!2fRgmYSa!dvEPOubQEBUiRaXu7SktBg
Bug bounty
Hunting
data anayltics
SANS
Cert
Cyber security
elearn
ceh
ecsa
Programming
Forensic
Pentest
windows os
And els
and many. more the link expires on March 15
Download :
https://mega.nz/#F!2fRgmYSa!dvEPOubQEBUiRaXu7SktBg
ANSI:American National Standard Institute
www.ansi.org
EIA:Elctronuc Industrial Alliance
www.eia.org
TIA:Telecommunications Industry
www.tiaonline.org
ICEA:Insulated Cable Engineers Association
www icea.net
NFPA:National Fire Protection Association
www.nfpa.org
NEMA:National Electrical Manufacturers Association
www.nema.org
FCC:Federal Communication Commission
www.fcc.gov
UL:Underwriters Laboratories
www.ul.com
ISO:International Organization for Standardization
www.iso.org
IEC:International Electrotechnical Commission
www.iec.ch
IEEE:Institute of Electrical and Electronic Engineers
www.ieee.org
NIST:National Institute of Standards and Technology
www.nist.gov
ITU:International Telecommunications Union
www.itu.int
CSA :Canadian Standard Association
www.csa.ca
ETSI:European Telecommunications Standards Institute
www.etsi.org
BICSI:Building Industry Consulting Services International
www.bicsi.org
OSHA:Occupational Safety and Health Administration
www.osha.gov
www.ansi.org
EIA:Elctronuc Industrial Alliance
www.eia.org
TIA:Telecommunications Industry
www.tiaonline.org
ICEA:Insulated Cable Engineers Association
www icea.net
NFPA:National Fire Protection Association
www.nfpa.org
NEMA:National Electrical Manufacturers Association
www.nema.org
FCC:Federal Communication Commission
www.fcc.gov
UL:Underwriters Laboratories
www.ul.com
ISO:International Organization for Standardization
www.iso.org
IEC:International Electrotechnical Commission
www.iec.ch
IEEE:Institute of Electrical and Electronic Engineers
www.ieee.org
NIST:National Institute of Standards and Technology
www.nist.gov
ITU:International Telecommunications Union
www.itu.int
CSA :Canadian Standard Association
www.csa.ca
ETSI:European Telecommunications Standards Institute
www.etsi.org
BICSI:Building Industry Consulting Services International
www.bicsi.org
OSHA:Occupational Safety and Health Administration
www.osha.gov
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing.
github.com/gophish/gophish
github.com/gophish/gophish
GitHub
GitHub - gophish/gophish: Open-Source Phishing Toolkit
Open-Source Phishing Toolkit. Contribute to gophish/gophish development by creating an account on GitHub.
Linux- Pentest os
1. TAILS: The Amnesiac Incognito Live System
2. JonDo Live-DVD
3. Whonix
4. Qubes OS
5. UPR (Ubuntu Privacy Remix)
1. TAILS: The Amnesiac Incognito Live System
2. JonDo Live-DVD
3. Whonix
4. Qubes OS
5. UPR (Ubuntu Privacy Remix)
These tools can boost DevOps and DevSecOps efforts by integrating security into the development process
A key concept to understand in application security is that of the Software Development Lifecycle (SDLC). In that process, there are stages for code development, deployment and ongoing maintenance. As part of that lifecycle there are a number of critical application security approaches.
-Static Analysis: At the foundational level is the security of the application code as it is being developed, which is often an area where static code analysis tools (SCAT) can play a role. This area is called static application security testing, or SAST.
-Dynamic Analysis: For code that is running, dynamic application security testing (DAST) enables the detection of different types of security risks.
-Interactive Application Security Testing: Combining both DAST and SAST approaches is the domain of Interactive Application Security Testing (IAS).
-Software Composition Analysis (SCA): There can also be configuration issues with applications that can potentially be exploited. There are also software dependency and libraries that have known vulnerabilities, which is where vulnerability management capabilities fit in
• Acunetix
Acunetix provides a web application security scanner platform that can help organizations of any size identify potential issues in deployed applications.
• Checkmarx
CheckMarx positions itself as a platform for managing and understanding software exposure risk. It is well suited for mid-to-large organizations looking for the ability to do static code analysis and interactive application testing in a scalable approach.
• Micro Focus Fortify
Fortify is a good option for organizations looking for an easy to use solution for application security testing and monitoring.
• NowSecure
NowSecure is focused on mobile security and enabling developers to integrate secure practices and code as part of the mobile DevOps lifecycle.
• Rapid7
Rapid7's insightAppSec is well suited for organizations of any size that are looking for dynamic application security testing that provides developers with the ability to also test if a fix actually works.
• Snyk
Snyk's technology enables organizations to monitor applications for potential risks stemming from underlying application dependencies that can change over time.
• Synopsys
Synopsys has a broad portfolio of application security tools that can meet different needs, as well as a new overarching platform that can take a more holistic approach than point products.
• Veracode
Veracode's Application Security Platform is well suited for both developers and security professionals at organizations of any size looking for multiple application security scanning capabilities.
• Whitehat
Whitehat's platform provides a solid basis for organizations with separate developer and security teams to stay on top of potential risks and identify both known and unknown application vulnerabilities.
A key concept to understand in application security is that of the Software Development Lifecycle (SDLC). In that process, there are stages for code development, deployment and ongoing maintenance. As part of that lifecycle there are a number of critical application security approaches.
-Static Analysis: At the foundational level is the security of the application code as it is being developed, which is often an area where static code analysis tools (SCAT) can play a role. This area is called static application security testing, or SAST.
-Dynamic Analysis: For code that is running, dynamic application security testing (DAST) enables the detection of different types of security risks.
-Interactive Application Security Testing: Combining both DAST and SAST approaches is the domain of Interactive Application Security Testing (IAS).
-Software Composition Analysis (SCA): There can also be configuration issues with applications that can potentially be exploited. There are also software dependency and libraries that have known vulnerabilities, which is where vulnerability management capabilities fit in
• Acunetix
Acunetix provides a web application security scanner platform that can help organizations of any size identify potential issues in deployed applications.
• Checkmarx
CheckMarx positions itself as a platform for managing and understanding software exposure risk. It is well suited for mid-to-large organizations looking for the ability to do static code analysis and interactive application testing in a scalable approach.
• Micro Focus Fortify
Fortify is a good option for organizations looking for an easy to use solution for application security testing and monitoring.
• NowSecure
NowSecure is focused on mobile security and enabling developers to integrate secure practices and code as part of the mobile DevOps lifecycle.
• Rapid7
Rapid7's insightAppSec is well suited for organizations of any size that are looking for dynamic application security testing that provides developers with the ability to also test if a fix actually works.
• Snyk
Snyk's technology enables organizations to monitor applications for potential risks stemming from underlying application dependencies that can change over time.
• Synopsys
Synopsys has a broad portfolio of application security tools that can meet different needs, as well as a new overarching platform that can take a more holistic approach than point products.
• Veracode
Veracode's Application Security Platform is well suited for both developers and security professionals at organizations of any size looking for multiple application security scanning capabilities.
• Whitehat
Whitehat's platform provides a solid basis for organizations with separate developer and security teams to stay on top of potential risks and identify both known and unknown application vulnerabilities.