Security Affairs

FEBRUARY 2, 2021

9TH ANNUAL INFOSEC AWARDSNOW OPEN FOR NOMINATIONS WITH AN INCREDIBLE SOCIAL MEDIA LIVE BOOST AND VIRTUAL RED CARPET TO CELEBRATE OUR WINNERS, HELD DURING RSA CONFERENCE 2021 IN SAN FRANCISCO, CA, USA. (You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec 111

InfoSec DNS Media Marketing 111

Security Boulevard

APRIL 16, 2022

The post BSides Budapest 2021: Piotr Glaska’s ‘DNS in Offensive Techniques’ appeared first on Security Boulevard. Our thanks to BSides Budapest IT Security Conference for publishing their superb security videos on the organization’s’ YouTube channel.

DNS 52

DNS Education InfoSec Cybersecurity 52

Threatpost

NOVEMBER 22, 2019

DNS, rogue employees and phishing/social engineering should be top of the list of threat areas for organizations to address.

Social Engineering 86

Social Engineering DNS Engineering Phishing 86

Security Affairs

MARCH 3, 2021

9TH ANNUAL INFOSEC AWARDSNOW OPEN FOR NOMINATIONS WITH AN INCREDIBLE SOCIAL MEDIA LIVE BOOST AND VIRTUAL RED CARPET TO CELEBRATE OUR WINNERS, HELD DURING RSA CONFERENCE 2021 IN SAN FRANCISCO, CA, USA. (You can download a PDF version once you open the page flipping version) Do you like Yumpu, an alternative online flipbook version?

InfoSec 86

InfoSec DNS Media Marketing 86

Security Boulevard

DECEMBER 9, 2022

The post USENIX Security ’22 – Abhishek Bhaskar, Paul Pearce ‘Many Roads Lead To Rome: How Packet Headers Influence DNS Censorship Measurement’ appeared first on Security Boulevard. Our thanks to USENIX for publishing their Presenter’s USENIX Security ’22 Conference tremendous content on the organization’s’ YouTube channel.

DNS 40

DNS Education InfoSec Cybersecurity 40

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that.

InfoSec 52

InfoSec Artificial Intelligence Computers and Electronics Software 52

Troy Hunt

JANUARY 10, 2018

I've implemented CAA on HIBP and it's simply a matter of some DNS records and a check with a CAA validator : Unfortunately, there are no such records for Aadhaar: Now in fairness to Aadhaar, CAA is very new and the take-up is low ; we cannot be critical of them for not having implemented it yet.

Hacking 279

Hacking Government Encryption Risk 279

Troy Hunt

JUNE 15, 2023

We can't touch DNS. " Thing is, "control" is a bit of a nuanced term; there are many people in roles where they don't have access to any of the above means of verification but they're legitimately responsible for infosec and responding to precisely the sorts of notifications HIBP sends out after a breach.

Accountability 272

Accountability Small Business InfoSec DNS 272

Security Affairs

JANUARY 25, 2019

As anticipated before, the “ longText ” variable encodes a JAR executable containing the infamous, multi-platform (Win/macOS), Adwind/JRat malware: a Remote Access Tool well known to the InfoSec community.

Malware 108

Malware VPN Advertising InfoSec 108

Cisco Security

MARCH 2, 2021

Do we trust the IP, DNS, Web, and Other based request coming from the asset? centralized DNS analytics, full URI capture, and sandboxing with full analytics. At any point multiple threat vectors can be exposed and automation can assist with threat mitigation and re-evaluation of an assets disposition.

DNS 115

DNS Authentication Risk Technology 115

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that.

InfoSec 40

InfoSec Artificial Intelligence Computers and Electronics Software 40

SecureWorld News

SEPTEMBER 7, 2023

Glenn Kapetansky, Senior Principal & Chief Security Officer, Trexin: "For those who predict that quantum computing will break InfoSec, I want to point out that very smart people have been working equally long on next-gen cyber techniques that work in a post-quantum computing world.

Encryption 113

Encryption Technology Risk Architecture 113

BH Consulting

JANUARY 12, 2021

In the words of Duo Security’s Head of Advisory CISOs Wendy Nather, “This is not a marketing report to toss in your swag bag and ignore …this report will change how we think about running infosec programs.” Six Open Source tools for your security team MORE Finding SUNBURST victims using passive DNS. Links we liked.

Data privacy 52

Data privacy InfoSec DNS CISO 52

eSecurity Planet

DECEMBER 20, 2023

per year Tenable Tenable One, an exposure management platform Identifies assets using DNS records, IP addresses, and ASN, and provides over 180 metadata fields Tenable Attack Surface Management, Add-on for Splunk ISO/IEC 27001/27002 $5,290 – $15,076.50

Software 113

Software Risk Architecture Internet 113

Threatpost

NOVEMBER 28, 2018

Examples of how attackers carry out mass exploitation campaigns and how to defend against them.

DNS 75

DNS InfoSec Hacking 75

Threatpost

JANUARY 24, 2019

A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.

Risk 72

Risk Architecture DNS InfoSec 72

Threatpost

MAY 17, 2019

The importance of reading the network tealeaves of a company’s network traffic to head off an attack.

DNS 63

DNS Data breaches InfoSec Hacking 63

ForAllSecure

MARCH 24, 2021

Perhaps even more significant was in 2008 when researcher Dan Kaminsky found a fundamental flaw in the Domain Name System (DNS) protocol, one that could lead to cache poisoning. Shellshock, as a name, stuck and became the name going forward. This momentary obsession over the name is not entirely a joke.

Software 52

Software Passwords Internet Internet 52

ForAllSecure

MARCH 24, 2021

Perhaps even more significant was in 2008 when researcher Dan Kaminsky found a fundamental flaw in the Domain Name System (DNS) protocol, one that could lead to cache poisoning. Shellshock, as a name, stuck and became the name going forward. This momentary obsession over the name is not entirely a joke.

Software 52

Software Passwords Internet Internet 52

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY. Markstedter actively contributes to filling the infosec education gap. — Jack Daniel (@jack_daniel) October 10, 2018.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

APRIL 24, 2021

One of the brightest lights in infosec and probably the kindest soul I knew. He is best known for his study on DNS cache poisoning and for his investigation into the Sony Rootkit attacks. At the moment the causes of death are not known, but it does not matter. I guess theres no hiding it now. We lost @dakami yesterday.

Cybersecurity 145

Cybersecurity InfoSec DNS Hacking 145

eSecurity Planet

FEBRUARY 25, 2022

“If my boutique infosec consultancy has these resources…what does a state sponsored one have?” “Many logs age like milk,” he said, adding, “looking at you DNS logs.” “Many logs age like milk,” he said, adding, “looking at you DNS logs.”

B2B 125

B2B Cyber Attacks Firewall Cyber threats 125

ForAllSecure

JANUARY 11, 2023

I joined a Discord server called InfoSec prep. I discuss this in greater detail in EP 44, where the SAN Institute is deliberately looking to hire people without CS degrees into the infosec world. So effectively, it is sent some I think it was XP dirtree which caused a DNS lookup on the collaborator server. People like me.

DNS 40

DNS Hacking Penetration Testing Education 40

SecureList

MAY 26, 2021

One more constellation of vulnerabilities that appeared in the infosec sky was a threesome of critical bugs in the popular SolarWinds Orion Platform – CVE-2021-25274 , CVE-2021-25275 , CVE-2021-25276. These vulnerabilities were found in-the-wild and had been used by APT and ransomware groups.

Phishing 144

Phishing Malware Ransomware Adware 144

Troy Hunt

DECEMBER 10, 2019

[link] — Troy Hunt (@troyhunt) December 9, 2019 The tweet I quoted linked to a blog post titled Pentesting Training Website Challenges Authentication Best Practices and referenced the infosec community doing much "pitchfork raising".

Passwords 197

Passwords Password Management Accountability Authentication 197