ISACA-CISA

https://mega.nz/#F!T2x0waZK!Ok09MXLc4ULlLefQ-5ct_w


Security Plus Comptia

https://mega.nz/#F!H3pH0ACB!OEtXp59qZIqMh7oQI5Gcdg

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code.

https://www.keycloak.org/about.html

The 10 Interesting News :

1.Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops!:https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover

2.Shark Tank' Star Barbara Corcoran Gets Back the Nearly $400,000 Stolen in Phishing Scam:https://www.etonline.com/shark-tank-star-barbara-corcoran-gets-back-the-nearly-400000-stolen-in-phishing-scam-142267

3.Chinese cybersecurity company accuses CIA of 11-year-long hacking campaign:https://www.reuters.com/article/us-china-usa-cia/chinese-cybersecurity-company-accuses-cia-of-11-year-long-hacking-campaign-idUSKBN20Q2SI

4.US Charges Two With Laundering $100M for North Korean Hackers:
https://www.bleepingcomputer.com/news/security/us-charges-two-with-laundering-100m-for-north-korean-hackers

5.Ransomware Attackers Use Your Cloud Backups Against You Backups Against You:https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you

6.'Malware-free' attacks now most popular tactic amongst cybercriminals:https://www.zdnet.com/article/malware-free-attacks-now-most-popular-tactic-amongst-cybercriminals

7.Concern over Coronavirus Leading to Global Spread of Fake Pharmacy Spam:https://www.imperva.com/blog/concern-over-coronavirus-leading-to-global-spread-of-fake-pharmacy-spam

8.RSA - The 5 Most Dangerous New Attack Techniques and How to Counter Them:https://www.youtube.com/watch?v=xz7IFVJf3Lk

9.What to know about cyberattacks targeting energy pipelines:https://thehill.com/policy/energy-environment/485254-what-to-know-about-recent-cyberattacks-on-energy-pipelines

10.Hackers Target Companies With Coronavirus Scams:https://www.wsj.com/articles/hackers-target-companies-with-coronavirus-scams-11583317802

Is your organization prepared for remote access by many users in context of Covid-19?
Pre-requisites:
1. Policies/Procedures
2. Awareness
3. Tools
4. Infrastructure ( security and optimization)
5. Controls
6. Engagements

Questions:
1. Do you have a Business Continuity Plan? Has it been reviewed and Aligned? Risk Evaluation?
2. What are the possible business and customer impacts? What will be the minimum services provided? What are the legal obligations?
3. Do you have a VPN or remote access and work from home policy?
4. Has your HR created adequate awareness?
5. Do you have an adequate VPN gateway/Firewall?
6. Will your Gateway and Throughput be adequate to support the work from home connections. Remote IT support for staff?
7. Controls for security, monitoring, proactive response and data leakage.
8. What are the engagement plans? Collaboration tools.
9. Health and safety arrangements for onsite staff and arrangements for medical assistance.
10. Align your plans with your suppliers and business partners.
11. Have communication plans for staff, partners and customers.
12. Escalation process.
13. Pilots have been executed to test run?

COVID-19 and Collaboration: A Quick Start Guide to Remote Work

The COVID-19 outbreak is disrupting global supply chains, film openings, trade shows and conferences, just to name a few. And it will continue to disrupt many aspects of life and work as long as the uncertainty about its spread and severity continues.
The outbreak has driven companies to cancel travel and instruct individuals to work from home. Both of those responses require a careful rethinking of collaboration strategies.
Sustained remote work requires different tactics than occasional forays into telecommuting.


Data Point No. 1: Decide on which collaboration tools to use.
Work proves dysfunctional enough without trying to figure out where conversations are happening, which isn’t collaboration. Collaboration should focus on the work, not where to work.

Data Point No. 2: Simplify the collaboration toolset.
The plethora of collaboration tools, easy access through software as a service (SaaS) and a lack of collaboration design in most organizations have resulted in the implementation of too many tools. Some firms use Facebook for Work, Microsoft Office with Teams and Slack together, leaving it difficult for employees to figure out where to go for what information. Even if simplification of the environment isn’t in the cards, take the time to reinforce the intent of the various environments so people will know where to spend their time and attention.

Data Point No. 3: Select which tools to use to support which processes.
Every collaboration tool can support a process in one way or another. For efficiency, decide ahead of time, holistically or project by project which tools will be used for what. A good example is document feedback. Will teams use the collaborative features of Microsoft Word to provide feedback on marketing content, or will they use Adobe Acrobat to capture comments?

Data Point No. 4: Get to know your collaboration apps.
Now is a good time to ensure high levels of competency around the use of collaboration tools and adopting features previously ignored or underinvested. Make sure team members, for instance, understand how to populate and search profiles for expertise, how to migrate content between environments, how to share screens and manage presenter privileges. The list goes on. Assigning tools to processes in Data Point No. 3 will inform training priorities.

Data Point No. 5: Document escalation and conflict remediation approaches.
Working virtually requires ways to resolve conflicts that differ from those conducted in the physical world. There is no right answer, but there needs to be an answer for each time. Take the time to talk through how to resolve issues large (strategic choices) and small (a disagreement about an example in a white paper or video).

Data Point No. 6: Decide where content will go (or more directly, where you will put your stuff).
Search works pretty well at revealing unintentionally hidden locations where content ends up. Projects should always be intentional. Decide where content will go and how it will be managed at the start of a project. Set expectations and leverage peer feedback to enforce those expectations.

Data Point No. 7: Use automated scheduling.
Don’t spend time chatting or emailing about when to have a meeting. Use built-in tools for checking on people’s schedules and book a time that works for most of the team, and let the scheduling system manage the feedback. For external meetings, use a tool like x.aiʼs AI-based scheduling system to manage time convergence.

Data Point No. 8: Create a community of practice around collaboration.
Making collaboration work well isn’t often an assigned accountability. With an increase in remote work, it needs to be. Forming a community of practice around collaboration can help all teams get better at remote work by nurturing continuous learning.

Data Point No. 9: Rethink key performance indicators.
Many teams may not have team efficiency metrics associated with their work.

With the rise of remote work, timeliness of meeting starts, updated action boards and maintenance of actions on assigned tasks should be considered as measurable actions by all team participants.

Data Point No. 10: Rewards
Realign some incentives to reward those who participate in and encourage the growth of collaborative work.
All of these decisions should be made regardless of working from home or not. The familiarity and collegial atmosphere of a shared work environment often lead to emergent answers rather than designed ones. When something unexpected happens, like a quick shift to remote work, emergence may be too costly a choice for near-term productivity. Now is the time for design. Focusing on the design of work also offers a sense of control in a situation that can seem out of control. And it keeps people talking with purpose rather than speculation driven by uncertainty.

https://t.me/cissp

International channel for Transmission Knowledge In the field of Cyber Security with a Focus on the Content of the CISSP-ISC2 course

+also group:
@cisspgroup

Online possession, posting and circulation of child pornography or rape/gang rape content is a punishable offence. Report these contents through National Cybercrime Reporting Portal (https://cybercrime.gov.in) of MHA.

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions.

Https://github.com/Veil-Framework/Veil

The mission of OWASP Software Assurance Maturity Model (SAMM) is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture. OWASP SAMM supports the complete software lifecycle, including development and acquisition, and is technology and process agnostic. It is intentionally built to be evolutive and risk-driven in nature.

https://owaspsamm.org/model/

The information presented below is for educational purposes only. Access to data located as a result of the reconnaissance may be subject to a breach of the law. Make sure you are working legally before use.

https://research.securitum.com/it-infrastructure-reconnaissance-part-1-google-hacking/

https://research.securitum.com/it-infrastructure-reconnaissance-part-2-shodan-censys-zoomeye/

https://research.securitum.com/it-infrastructure-reconnaissance-part-3/