所謂:知己知彼,才能百戰百勝!
本次活動我們將請Allen來分享近期常見的駭客攻擊手法,例如癱瘓伺服器、竊取個資、詐騙金錢等,若知道這些攻擊的手法,相信NPO未來在應對上將更遊刃有餘,歡迎大家踴躍來參加.
簡報出處:
NPO 要知道的資訊安全 Allen Own
https://speakerdeck.com/allenown/npo-yao-zhi-dao-de-zi-xun-an-quan
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
Últimos retos en el ámbito de la Ciberseguridad: Análisis de amenazas Ciberné...Cristian Garcia G.
Esta presentación tiene como fin analizar los vectores de amenazas online, tales como: ataques basados en correo electrónico, plataformas web, redes sociales, ingeniería social, botnets, y también vectores de amenazas offline, tales como: vulnerabilidades de USB y las emanaciones electromagnéticas. Asimismo, las vulnerabilidades de días cero y las infracciones más grandes divulgadas por la compañía; es así como, bajo esta problemática, dará a conocer las medidas para proteger los datos y luchar contra el fenómeno de la ciberdelincuencia.
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
iOS is probably the most security mobile operating system nowadays. However, is it enough? Last year, we identified the malicious profiles attack, which leverages features of iOS to grant remote hackers deep control over victim’s devices. This presentation reviews recent threats, their evolvements and uncover a new vulnerability that makes it possible to effectively conceal attacks.
Endpoint threats aren't threats if proper defenses are in place. Listen and learn from Adrian on how to set up proper defenses for endpoints in your organization.
Presentation made for HexCon21
We look at what is a Capture the Flag Event and how it can provide a great training opportunity for anyone interested or working in Cyber Security... for free! We also look at some examples of thinking outside the box challenges
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Exploring the Capabilities and Economics of CybercrimeCylance
In this talk we will look at the current attacker community as well as the tactics and capabilities that are currently being leveraged against targets across the globe. We will then go into the financial mechanics behind both financial based cybercrime as well as nationstate espionage. We will touch on some of the scary capabilities of attackers and try to work thru the reason why we still aren’t seeing the broad scale destructive attacks that everyone has been predicting for years.
By Jim Walter, Senior Research Scientist, Cylance
Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. In this guide, we explore how the features and benefits of Cisco Advanced Malware Protection for Endpoints as well as ways you can get in touch if you would like to know more or put AMP to the test with a free trial.
https://re-solution.co.uk/security
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
Rick Holland of Forrester Research shares the results of his investigation into why targeted attacks on employees of businesses are increasing despite there being more information security products than ever.
Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville
Agenda and Presenters
* How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication
Rick Holland, Principal Analyst, Forrester Research
* How Duo Helps You Avoid “Expense In Depth”
Brian Kelly, Principal Product Marketing Manager , Duo Security
* A Case for Multi-factor Authentication
Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
Splunk for Security Workshop
Join our Splunk Security Experts and learn how to use Splunk Enterprise in a live, hands-on incident investigation session. We'll use Splunk to disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
Learn how to add two-factor authentication to secure remote access for employees, staff, partners, and customers that need to access PeopleSoft at your organization.
iOS Security: The Never-Ending Story of Malicious ProfilesYair Amit
iOS is probably the most security mobile operating system nowadays. However, is it enough? Last year, we identified the malicious profiles attack, which leverages features of iOS to grant remote hackers deep control over victim’s devices. This presentation reviews recent threats, their evolvements and uncover a new vulnerability that makes it possible to effectively conceal attacks.
Endpoint threats aren't threats if proper defenses are in place. Listen and learn from Adrian on how to set up proper defenses for endpoints in your organization.
Presentation made for HexCon21
We look at what is a Capture the Flag Event and how it can provide a great training opportunity for anyone interested or working in Cyber Security... for free! We also look at some examples of thinking outside the box challenges
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
Due to the fast-growing on mobile application trends along with business competition, the lack of security concern on mobile development become critical issues which may lead to reputation damage, financial loss and non-compliance (e.g. Privacy and Cybersecurity laws). It's time to focus on Mobile Defense-in-Dev(Depth) !!
The talk will provide the real-world case-studies on mobile application threats in conjunction with the cybersecurity risk mitigation using Secure development standard and guideline which should be integrated into the development process.
Exploring the Capabilities and Economics of CybercrimeCylance
In this talk we will look at the current attacker community as well as the tactics and capabilities that are currently being leveraged against targets across the globe. We will then go into the financial mechanics behind both financial based cybercrime as well as nationstate espionage. We will touch on some of the scary capabilities of attackers and try to work thru the reason why we still aren’t seeing the broad scale destructive attacks that everyone has been predicting for years.
By Jim Walter, Senior Research Scientist, Cylance
Cisco Advanced Malware Protection (AMP) for Endpoints prevents threats at point of entry, then continuously tracks every file it lets onto your endpoints. In this guide, we explore how the features and benefits of Cisco Advanced Malware Protection for Endpoints as well as ways you can get in touch if you would like to know more or put AMP to the test with a free trial.
https://re-solution.co.uk/security
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
Rick Holland of Forrester Research shares the results of his investigation into why targeted attacks on employees of businesses are increasing despite there being more information security products than ever.
Presented by Duo Security with guests Forrester Research and University of Tennessee, Knoxville
Agenda and Presenters
* How To Stop Targeted Attacks and Avoid “Expense In Depth” with Strong Authentication
Rick Holland, Principal Analyst, Forrester Research
* How Duo Helps You Avoid “Expense In Depth”
Brian Kelly, Principal Product Marketing Manager , Duo Security
* A Case for Multi-factor Authentication
Bob Hillhouse, Associate CIO and CISO University of Tennessee, Knoxville
Learn about the OWASP Top 10 Mobile Risks and best practices to avoid mobile application security pitfalls such as insecure data storage, insecure communication, reverse engineering, and more.
These slides were originally presented on a webinar November 2016. Watch the presentation here: https://youtu.be/LuDe3u0cSVs
Hands on Security, Disrupting the Kill Chain, SplunkLive! AustinSplunk
Splunk for Security Workshop
Join our Splunk Security Experts and learn how to use Splunk Enterprise in a live, hands-on incident investigation session. We'll use Splunk to disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.
Securing Access to PeopleSoft ERP with Duo Security and GreyHellerDuo Security
Learn how to add two-factor authentication to secure remote access for employees, staff, partners, and customers that need to access PeopleSoft at your organization.
Practical Attacks Against Encrypted VoIP Communicationsiphonepentest
The slides from MDSec's presentation at HackInTheBox KUL 2013. The presentation describes attacks that can be used to deduce spoken conversations from encrypted VoIP communications. The presentation uses Skype as a case study.
自律聯盟從近年來NPO活動問卷與研究中發現,NPO的多元化發展如:社會企業、公共關係、品牌建立、資源募集、企業社會責任等皆為NPO夥伴們關注的重要議題。因此,自律聯盟於102年11月27日(三)下午於台北市洪建全教育文化基金會敏隆講堂舉辦培力課程,由企業社會責任(Corporation Social Responsibility,CSR)的角度出發,談NPO的合作策略。
自律聯盟從近年來NPO活動問卷與研究中發現,NPO的多元化發展如:社會企業、公共關係、品牌建立、資源募集、企業社會責任等皆為NPO夥伴們關注的重要議題。因此,自律聯盟於102年11月27日(三)下午於台北市洪建全教育文化基金會敏隆講堂舉辦培力課程,由企業社會責任(Corporation Social Responsibility,CSR)的角度出發,談NPO的合作策略。
線上講座網址:https://youtu.be/zEbNNvmEZ8U
不論是企業或 NPO,大家對數據的重視度都更甚以往,希望根據組織內外都信任的資料,讓決策達到真正的Data-driven(資料驅動)。但組織內外的資料五花八門、四散各地,要如何從中抽絲剝繭,找出有意義的數據呢?
本次無國界醫生台灣分部的 IT Jennifer 將用實際案例引領大家設定問題、規劃資料格式、挖掘數據。還會講解怎麼用 Power BI 作為分析工具找到答案!(Power BI 是微軟的資料視覺化工具,可以快速做出互動式視覺圖表,讓大家更容易從大量數據中理出頭緒,還有免費版哦)
想推進政策、解決公共問題,光靠政府或公民社會單方面的努力都難以促成最佳結果,因而有效率的「公私協力」模式便成為大家嚮往的理想狀態。但執行專案時,必然會遇到實際狀況和現行制度產生衝突,導致進展緩慢,甚至就此卡關。
在這場「跨部門協作辛酸史」座談中,我們邀請了各方公部門和私部門代表,請六位講者分享過往在跨部門協力時遭遇的困境和磨合過程,並提出執行面、制度面的反省與建議。
陳昭文|公私協力的十年磨劍: 從KAMERA到救急救難一站通
我們過去長年致力於促進緊急醫療資訊透明分享行動,著手建置台灣最大型急診動能監測系統(Project KAMERA);希冀改良外傷照護系統,則推廣外傷登錄作業並進行「全國外傷品質改善計畫」。認為學術應加速入世濟眾而推動開放科學,籌劃首次醫療救護跨界黑客松(Code for healthcare)及急診資料挑戰賽(KAMERA Data Challenge)。輔佐高市衛生局進行「到院前心肺休止風險地圖」及「緊急轉診宅急便」等資料科學專案;並串連跨領域單位組成「救急救難一站通」團隊,構築區域內急重症的自我學習系統。在此分享過去在區域建立急重症自我學習系統之耕耘經驗,如何讓公私單位逐步整合至問題導向協力專案,並運用策略埋下資料治理與資料民主化的種子。
* 疫情中,客服最常被問到的問題
** 視訊會議
** 多人共用免費的公用信箱,被鎖住了!
** 「驗證網域」是什麼?
* 你想要的是單一功能,卻需要導入一個雲端系統才可以?!
** Google Meet vs Google 非營利版
** 當我們的工作中,加入越來越多數位工具和流程:投入的成本 vs 效率的回饋
** 導入 Google 非營利版或 M365 非營利版,組織準備好了嗎?
* 微觀的需求 vs 組織整體的數位政策和想像
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.