#DiyakoSecureBow
————————————
Current State Of Cloud
Security Programs Public Cloud Providers Used
There is not one dominant public cloud platform in the market, but Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) continue to be the primary public cloud providers used. In this survey, 74% of respondents use AWS, 79% use Azure, and 41% use GCP.

Interdepartmental alignment on security policies and enforcement is
crucial for proactive security.

Length of Time to Detect Misconfigurations.

The Cloud Security Alliance (CSA) is a not-for-profit organization with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies. CSA is also tasked with educating various stakeholders within these industries about security concerns in all other forms of computing. CSA’s membership is a broad coalition of industry practitioners, corporations, and professional associations. One of CSA’s primary goals is to conduct surveys that assess information
security trends. These surveys help gauge the maturity of information security technology at various points in the industry, as well as the rate of adoption of security best practices.

Goals of the study
• Current state of cloud security programs, including top risks and usage of security tools
• Cloud Security Posture Management (CSPM) challenges faced by organizations in mitigating misconfiguration vulnerabilities
• Organizational readiness, success KPIs, and teams responsible for different aspects of cloud security posture management

By https://lnkd.in/dutQSQH
Cloudsecurityalliance
and
VMware
Special Thanks
Hillary Baron and Other teammates


-Business Secure Continuity-
1402.07.30
——————————————————
#Cloud #Vmware #CyberSecurity #CSA
#BusinessSecureContinuity

https://www.linkedin.com/feed/update/activity:7121714286992740352

signals to others that you’re who you say you are!

Verifications on your LinkedIn profile

At LinkedIn, we know that authenticity is key to creating meaningful interactions. The "Verifications" badge on your profile indicates that you were able to confirm specific information about your account. Having verified information helps provide authenticity signals to others that you’re who you say you are. Seeing verified information on others’ profiles helps foster a trusted community so you can make more informed decisions around connecting with other professionals. 
https://lnkd.in/eXsP9GYe


⁩-Cyber Security awareness-
 
 Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.07.30

https://www.linkedin.com/posts/alirezaghahrood_%D9%81%D8%B1%D9%87%D9%86%DA%AF-%D8%B3%D8%A7%D8%B2%DB%8C-%D9%88-%DA%86%D8%A7%D9%84%D8%B4-signals-to-others-that-activity-7121793863907700737-IYg_

exploit
1. CVE-2023-34051:
VMware Aria Operations for Logs - authentication bypass
https://github.com/horizon3ai/CVE-2023-34051

2. CVE-2023-28432:
MinIO information disclosure
https://github.com/yTxZx/CVE-2023-28432


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01

Malware analysis
1. LummaStealer Malware
https://blogs.vmware.com/security/2023/10/an-ilummanation-on-lummastealer.html

2. Munchkin malware utility
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin

3. Analysis of Hospitality Phishing Campaign
https://www.akamai.com/blog/security-research/2023/oct/hospitality-phishing-campaign-DNS-analysis-global-threat


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01

Threat_Research
Understanding DNS Tunneling Traffic in the Wild
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.01

Reversing
Attacking Cisco RG/OpenRG modem
https://reverse.put.as/2023/10/20/attacking-the-heart-of-an-openrg-modem

exploit
1. CVE-2023-21931:
Oracle Weblogic PreAuth RCE🥶
https://github.com/MMarch7/weblogic_CVE-2023-21931_POC-EXP

2. CVE-2023-36745:
MS Exchange Server Privilege Escalation🤓🥸
https://github.com/N1k0la-T/CVE-2023-36745

3. CVE-2023-4863:
Heap buffer overflow in Google WebP
https://paper.seebug.org/3056


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02

Messaging Layer Security: Secure and Usable End-to-End Encryption

The IETF has approved publication of Messaging Layer Security (MLS), a new standard for end-to-end security that will make it easy for apps to provide the highest level of security to their users. End-to-end encryption is an increasingly important security feature in Internet applications. It keeps users’ information safe even if the cloud service they’re using has been breached.
https://www.ietf.org/blog/mls-secure-and-usable-end-to-end-encryption/



⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.02

In your organization and business

How much is the management of technology, information and related security in accordance with the standards and BP?
Is technology risk and information security in the scope of ERM?!
Did you do a cyber maneuver?
How about technical inspections/Audit?
How well do you know the technical risks that affect your business?

The trend of the day is sustainability, not limited to slogans and magazines
To the extent of culturalization and appropriate measures



-Cyber ​​Security awareness-

Up2date 4 Defense Today,
Secure Tomorrow
@CisoasaService
1402.08.02

#DiyakoSecureBow
————————————
Cybersecurity Playbook for SOC:

New vulnerability from Threat Intelligence
Undoubtedly the one you will execute most, a new vulnerability from threat intelligence.

Detection
• Threat intelligence indicates there is a new vulnerability impacting your assets.
• Here I assume the threat intelligence is already tuned to only include information relevant to your assets instead of a news broadcast of all vulnerabilities in the world. Again, this relies on an accurate and up-to-date inventory and signifies the importance of keeping the house in order.

Verification
• If there are IOC/TTP, check for attacks already happened. If attack already happened,
follow no 1.
• Use vulnerable version/configuration information to confirm the assets are
vulnerable or not.
• Check firewall rules and other security configurations to confirm possible attack vectors. This can be partially done using automated tools.

Communication
• Start triage using available vulnerability and asset criticality information. Perform escalation according to triage results and predefined escalation plan.
• Discuss mitigation strategy between SOC, risk management, and IT support teams.That can range from an immediate shutdown to wait till the next patching window, depending on many factors such as the triage result and the availability and impact of the patch/workaround.
• The mitigation strategy also needs to include preventive actions for new builds of assets in the future, such as updating patch level of system images or templates.

Action
• Execute agreed mitigation strategy.
• Track the mitigation actions to completion.
• Rescan the vulnerability to confirm closure


-Business Secure Continuity-
1402.08.02
——————————————————
#SOC #CSIRT #CERT #Splunk #SIEM
#BusinessSecureContinuity

https://www.linkedin.com/feed/update/activity:7122559686318379008

exploit
1. CVE-2023-4966:
Citrix NetScaler ADC/Gateway Bleed - Session Tokens Leak
https://github.com/assetnote/exploits/tree/main/citrix/CVE-2023-4966

2. CVE-2023-38140:
Windows Kernel Paged Pool Memory Disclosure
https://packetstormsecurity.com/files/cve/CVE-2023-38140


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03

🚨 Urgent: Proof-of-concept (PoC) exploits have been publicly released for the recently discovered vulnerabilities in VMware Aria Operations, Citrix NetScaler ADC, and NetScaler Gateway.

Read: https://thehackernews.com/2023/10/alert-poc-exploits-released-for-citrix.html

Don't wait—apply fixes now and safeguard your systems.


⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03

🚨 VMware releases crucial security updates to fix a new critical vulnerability (CVE-2023-34048) in vCenter Server.

Details in the article: https://thehackernews.com/2023/10/act-now-vmware-releases-patch-for.html

Protect your systems from remote code execution.



⁩-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.03

⚡ Urgent — F5 warns of a critical vulnerability (CVE-2023-46747) in BIG-IP, allowing unauthenticated remote code execution.

Learn more: https://thehackernews.com/2023/10/f5-issues-warning-big-ip-vulnerability.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05

🤖 Google expands Vulnerability Rewards Program to address vulnerabilities and attack scenarios tailored to generative artificial intelligence (AI) systems, while also strengthening the supply chain.
Learn more:
https://thehackernews.com/2023/10/google-expands-its-bug-bounty-program.html


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.05

https://x.com/alirezaghahrood/status/1717962052101095492?s=46&t=lFvs7vGDLtDfxDuLTS1UGw

The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results
https://lnkd.in/gAzKvnHM

Special Thanks
Zimperium
And
OWASP® Foundation


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06

https://www.linkedin.com/posts/alirezaghahrood_state-of-mobile-app-security-2023-activity-7123873520664674304-TXEH?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow
————————————
exploit
Red Team Tactics
ndays are also 0days:
Can hackers launch 0day RCE attack on popular software only with chromium ndays?", DEFCON 31.


-Business Secure Continuity-
1402.08.06
——————————————————
#vulnerability #rce #cyberdefense
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_0day-rce-2023-activity-7123865964982476800-G79T?utm_source=share&utm_medium=member_ios

SCADA Security
Secure PLC Coding:
Top 20 Secure PLC Coding Practices
https://github.com/Fortiphyd/Secure_PLC_Coding


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.06

Threat Research
5G Network Security
The Network Effect of Telecommunications Vulnerabilities for Location Disclosure
https://citizenlab.ca/2023/10/finding-you-teleco-vulnerabilities-for-location-disclosure


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07

#DiyakoSecureBow
————————————
Defending Against Cyberthreats
Is More Important Than Ever

Cybercriminals continue to target dealerships with ever-evolving methods to steal user and client data, from simply stealing passwords to sophisticated
phishing schemes. Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important. Now is the time to assess and reassess to improve your
security and be up to date on the latest cyberthreats.
For this e-book, we compiled data from dealership personnel and market research based on a recent survey conducted by CDK Global. Our goal is to provide dealerships with key insights to consider when evaluating their cybersecurity posture and ongoing strategy.
We’ve also scattered quotes from dealer participants throughout the book so you can read how other dealers are addressing cybersecurity.

“With all of the manufacturer, customer and our own
data stored, it’s extremely important to protect it all.”

Special Thanks
CDK Global

-Business Secure Continuity-
1402.08.07
——————————————————
#cyberattacks #cyberinsurance
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_dealership-cyber-security-2023-activity-7124258556677120000-enB2?utm_source=share&utm_medium=member_ios

Offensive security
Red Team Tactics
NoFilter: Abusing Windows Filtering Platform for privilege escalation 2023.
https://github.com/deepinstinct/NoFilter

Special Thanks
Ron Ben Yizhak
Deep Instinct


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.07

https://www.linkedin.com/posts/alirezaghahrood_no-filter-cyber-securtity-2023-activity-7124453825620402176-WBMP?utm_source=share&utm_medium=member_ios

https://x.com/alirezaghahrood/status/1718688774102667471?s=46&t=lFvs7vGDLtDfxDuLTS1UGw

exploit
1. Wyze Cam v3 RCE Exploit
https://github.com/blasty/unwyze

2. CVE-2023-5044:
Kubernetes ingress-nginx <1.9.0 - API command injection
https://raesene.github.io/blog/2023/10/29/exploiting-CVE-2023-5044
https://github.com/r0binak/CVE-2023-5044

3. CVE-2023-46747:
F5 BIG-IP unauthenticated RCE and authentication bypass
https://github.com/AliBrTab/CVE-2023-46747-POC


-Cyber Security awareness-
 
Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.08.09