SOCIAL MEDIA AS A CYBER WEAPON
•
1 like•279 views
This document discusses how social media is used to gather personal data and how that data can enable cyber attacks. It notes that over 5 million records are lost or stolen daily and outlines the types of sensitive information that can be obtained from LinkedIn, Facebook, Twitter, and other online sources. The document warns that this data exposure enables personal, corporate, and marketing attacks but does not specify the nature of these threats or provide recommendations for mitigating risks.
Report
Share
Report
Share
Download to read offline
Recommended
Talk1 esc7 muscl-dataprotection_v1_2
This document provides guidance on data security best practices. It defines data and describes different data types and forms. It outlines key data security goals of confidentiality, integrity and availability that can be threatened by malware, hacking and phishing. The document recommends solutions like encryption, access controls and monitoring to protect data during usage, transit and storage. It stresses the importance of security awareness, safe behaviors like strong unique passwords and backups, and taking basic precautions.
Talk1 esc3 muscl-standards and regulation_v1_1
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
OFFENSIVE IDS
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
The Art of CTF
The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Daniel Kandel, VP of R&D at Skycure, gave a presentation reviewing mobile security trends in 2016 and predictions for 2017. In 2016, there was an increasing focus on attacking iOS devices and more targeted attack types. Various malware incidents occurred, such as Accessibility Clickjacking and HummingBad. In 2017, mobile attacks are predicted to grow more sophisticated using zero-day exploits. Mobile corporate espionage is also expected to increase. Organizations will need diversified mobile security strategies that can protect both managed and unmanaged devices from these evolving threats.
Netskope Overview
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Mobile Security Assessment
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
OFFICE 365 SECURITY
Some hidden security features ever office 365 admin should know about! as well as some best practises to secure your office 365 environment!
Recommended
Talk1 esc7 muscl-dataprotection_v1_2
This document provides guidance on data security best practices. It defines data and describes different data types and forms. It outlines key data security goals of confidentiality, integrity and availability that can be threatened by malware, hacking and phishing. The document recommends solutions like encryption, access controls and monitoring to protect data during usage, transit and storage. It stresses the importance of security awareness, safe behaviors like strong unique passwords and backups, and taking basic precautions.
Talk1 esc3 muscl-standards and regulation_v1_1
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
OFFENSIVE IDS
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
The Art of CTF
The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Daniel Kandel, VP of R&D at Skycure, gave a presentation reviewing mobile security trends in 2016 and predictions for 2017. In 2016, there was an increasing focus on attacking iOS devices and more targeted attack types. Various malware incidents occurred, such as Accessibility Clickjacking and HummingBad. In 2017, mobile attacks are predicted to grow more sophisticated using zero-day exploits. Mobile corporate espionage is also expected to increase. Organizations will need diversified mobile security strategies that can protect both managed and unmanaged devices from these evolving threats.
Netskope Overview
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Mobile Security Assessment
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
OFFICE 365 SECURITY
Some hidden security features ever office 365 admin should know about! as well as some best practises to secure your office 365 environment!
Intelligent Cybersecurity for the Real World
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
INCIDENT RESPONSE CONCEPTS
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
The Art and Science of Alert Triage
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
Segurity Empower Business
Blue Coat announced three acquisitions to expand its product portfolio: 1) Solera Networks for its security analytics and forensic capabilities, 2) Netronome for its SSL Visibility Appliance to intercept SSL traffic, and 3) Crossbeam Systems for its X-Series solution to provide scalability. The document discusses how these acquisitions will enhance Blue Coat's offerings in security analytics, SSL inspection, and consolidation/scalability. It also outlines Blue Coat's solutions in web security, traffic control, cloud caching, and key customer initiatives in mobility, guest WiFi, and web threat protection.
Splunk Discovery Dusseldorf: September 2017 - Security Session
The Splunk experience came to Dusseldorf on September 20th 2017! Attendees learnt how to bring together all their different systems to help achieve their security goals.
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
Cross Border Cyber Attacks: Impact on Digital Sovereignty
This document summarizes Saumil Shah's presentation on cross-border cyber attacks and their impact on digital sovereignty. The presentation discusses major cyber attacks since 2010, how cyber defense remains reactive, and the evolving global cyber landscape. It notes India's growing digital presence and vulnerabilities to mass-scale financial theft, sabotage, and psychological manipulation via cross-border cyber attacks. The presentation calls for realigning India's digital posture through developing an "IndigenOS" based on open standards, strengthening the role of CERT-IN, implementing stronger protections for Aadhaar data privacy, and establishing indigenous cryptography standards to bolster India's digital sovereignty.
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business.
Meeting plan:
1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses.
2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget?
About the speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
About BSG
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
Preparing for the inevitable: The mobile incident response playbook
The document discusses mobile incident response and provides guidance on preparing for and handling mobile security incidents. It covers assessing mobile threats, building an incident response toolkit, common mobile incident types and response strategies. Specific response playbooks are provided for incidents like a lost phone, a device acting suspiciously, and malware appearing in an app store. The conclusion emphasizes that mobile incident response requires a different approach than traditional IT due to limitations of mobile devices and the need for historical device data when responding to incidents.
VIRTUAL CISO AND OTHER KEY CYBER ROLES
A look at what is a Virtual CISO and which cyber security roles you may want to consider setting up in your organisation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
The document discusses preparing for cyber incidents involving industrial automation and control systems (IACS). It defines a cyber incident and outlines the PICERL framework for incident response involving preparation, identification, containment, eradication, remediation, and lessons learned. The document also provides statistics on IACS cyber incidents in 2014, including the top targeted industries and main attack vectors, and recommends establishing an incident response team, network documentation, and security controls.
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike Falcon with next-gen AV protects your Mac-based organization
If your organization has moved to a Mac-based platform, or are considering it, you may be aware that threats targeting Mac devices are on the rise. A new webcast from CrowdStrike, "Defending Against Threats Targeting the Mac Platform" discusses how the increase in Mac adoptions has given rise to a new class of targeted threats and explains why standard security solutions can't protect you.
In this CrowdCast, Peter Ingebrigtsen, as discussed why more companies are switching to the Mac platform, the new threats targeting Macs, and what you can do to better protect your organization.
Download the slides to learn:
Why more IT departments are switching to the Mac platform
How new threats targeting Macs are able to bypass standard security measures
How CrowdStrike's next-gen AV employs machine learning and behavioral analytics to defend against threats aimed at the Mac platform
On-Demand CrowdCast Link: https://www.crowdstrike.com/resources/crowdcasts/defending-threats-targeting-mac-platform/
A Day in the Life of a GDPR Breach
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?
Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.
What you will learn:
- What breach response will look like under the GDPR
- What tools and processes a data privacy officer will rely on in case of a breach
- What departments and entities will be involved beyond IT
- What activities are currently happening within organizations to prepare for the GDPR
- What the consequences of the breach could be
Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Webinar slides presented by Shailendra Sadh – CISSP, MS(InfoSec) | Senior Sales Engineer - March 2018.
GDPR Complaince: Don't Let SIEM BE Your Downfall
Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. If it can identify an individual in combination with other data, you must ensure that you’re not in breach of the GDPR. To help give guidance on this, we have conducted detailed analysis on how you should treat your SIEM solution and log data under the GDPR.
•Learn the most relevant aspects of GDPR, to understand its impact on log management
•Understand the risk of processing and storing log data in the context of GDPR
•Discover your obligations and the precautions you can take to comply and maintain visibility
•Observe specific compliance guidance and relevant use cases for network and information security logs
The Seven Axioms of Security - ITWeb 2017
It is time to transition defense from being reactive to proactive. This talk discusses seven axioms for implementing proactive defense strategy and measures for the future, concluding with a blueprint of the next evolution of pro-active defense architecture.
How to Replace Your Legacy Antivirus Solution with CrowdStrike
This document summarizes CrowdStrike's endpoint security product Falcon and argues that it provides more effective protection than legacy antivirus solutions. It notes that antivirus has an efficacy rate of only 45% against modern threats and is ineffective at stopping sophisticated attacks. CrowdStrike's Falcon uses techniques like machine learning, IOAs, and threat intelligence to prevent a wider range of attacks while having a smaller system footprint than antivirus. It also provides detection capabilities like endpoint detection and response to eliminate attack dwell time. The document aims to convince readers to replace their legacy antivirus with CrowdStrike's Falcon.
Evolving Cybersecurity Threats
Drawing from CrowdStrike's work, Cayce Beames will present evolving cybersecurity threats, discussed her thoughts on why traditional security is failing and shared a bit on what this "next generation endpoint protection" is about.
Cayce has been working in technology for over 25 years. From IT Systems Administration to Network Engineering and Internet Security, Risk Management and Compliance Auditing, Cayce has consulted with many Global corporations and traveled extensively. Cayce is currently a governance, risk and compliance analyst at CrowdStrike and founder of the not for profit, public benefit, education for kids organization called "The Computer Club" where she works to inspire kids and adults to address their fear of the unknown and make something awesome with technology.
A Day in the Life of a GDPR Breach - September 2017: France
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
LinkedIn to Your Network - The Social Engineering Threat
By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures.
Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets.
Learn about:
· The dangers of insider threats
·How attackers are leveraging social media to compromise targets
· Best practices for defending network interiors from attackers with authentic credentials
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Mobile devices and applications have taken the world by storm. Millions of consumers are using these devices for everything from conducting financial transactions, accessing health care information and sharing personal experiences over social media. Unfortunately there is still little regard or concern with how mobile platforms and major social networks collect, transmit and store personal and corporate information. This exacerbates existing privacy concerns and the need for new regulations in the age of big data. In this presentation we discuss the latest privacy concerns with this new technology. Topics will include:
• All new privacy concerns with mobile application data, geolocation, address book harvesting , third party information sharing and the latest mobile technology such as NFC (Near Field Communication)
• A close look at the top 20 mobile applications and how they transmit, store and reuse personal or private information
• Comparison of current privacy policies of the major social networks, what they tell you and what they don't
• Ramifications of international and US privacy regulations and how this impacts mobile devices, social networks, you and your business
More Related Content
What's hot
Intelligent Cybersecurity for the Real World
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
INCIDENT RESPONSE CONCEPTS
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
The Art and Science of Alert Triage
If you follow the trade press, one theme you hear over and over again is that organizations are drowning in alerts. It’s true that we need technological solutions to prioritize and escalate the most important alerts to our analysts, but the humans have a critical part to play in this process as well. The quicker they are able to make decisions about the alerts they review, the better they are able to keep up. An incident responders’ most common task is alert triage, the process of investigation and escalation that ultimately results in the creation of security incidents. As crucial as this process is, there has been remarkably little written about how to do it correctly and efficiently. In this presentation, learn incident response best practices from Sqrrl security expert, David Bianco.
Segurity Empower Business
Blue Coat announced three acquisitions to expand its product portfolio: 1) Solera Networks for its security analytics and forensic capabilities, 2) Netronome for its SSL Visibility Appliance to intercept SSL traffic, and 3) Crossbeam Systems for its X-Series solution to provide scalability. The document discusses how these acquisitions will enhance Blue Coat's offerings in security analytics, SSL inspection, and consolidation/scalability. It also outlines Blue Coat's solutions in web security, traffic control, cloud caching, and key customer initiatives in mobility, guest WiFi, and web threat protection.
Splunk Discovery Dusseldorf: September 2017 - Security Session
The Splunk experience came to Dusseldorf on September 20th 2017! Attendees learnt how to bring together all their different systems to help achieve their security goals.
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
For several years now, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been monitoring more than 60 threat actors responsible for cyber-attacks worldwide. By closely observing these organizations, which appear to be fluent in many languages, including Russian, Chinese, German, Spanish, Arabic and Persian, we have put together a list of what seem to be the emerging threats in the APT world. We think these will play an important role in 2015 and deserve special attention. As a participant of the webinar, you will be the first to hear our detailed analysis of the trends.
The webinar was hosted by Costin Raiu, Director of GReAT at Kaspersky Lab, on December 11.
“If we can call 2014‘sophisticated’, then the word for 2015 will be ‘elusive’. We believe that APT groups will evolve to become stealthier and sneakier, in order to better avoid exposure. This year we’ve already discovered APT players using several zero-days, and we’ve observed new persistence and stealth techniques. We have used this to develop and deploy several new defense mechanisms for our users,” comments Costin Raiu.
Listen to the presentation https://kas.pr/aptwebinar
Read the full report https://kas.pr/ksb
Cross Border Cyber Attacks: Impact on Digital Sovereignty
This document summarizes Saumil Shah's presentation on cross-border cyber attacks and their impact on digital sovereignty. The presentation discusses major cyber attacks since 2010, how cyber defense remains reactive, and the evolving global cyber landscape. It notes India's growing digital presence and vulnerabilities to mass-scale financial theft, sabotage, and psychological manipulation via cross-border cyber attacks. The presentation calls for realigning India's digital posture through developing an "IndigenOS" based on open standards, strengthening the role of CERT-IN, implementing stronger protections for Aadhaar data privacy, and establishing indigenous cryptography standards to bolster India's digital sovereignty.
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business.
Meeting plan:
1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses.
2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget?
About the speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
About BSG
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
Preparing for the inevitable: The mobile incident response playbook
The document discusses mobile incident response and provides guidance on preparing for and handling mobile security incidents. It covers assessing mobile threats, building an incident response toolkit, common mobile incident types and response strategies. Specific response playbooks are provided for incidents like a lost phone, a device acting suspiciously, and malware appearing in an app store. The conclusion emphasizes that mobile incident response requires a different approach than traditional IT due to limitations of mobile devices and the need for historical device data when responding to incidents.
VIRTUAL CISO AND OTHER KEY CYBER ROLES
A look at what is a Virtual CISO and which cyber security roles you may want to consider setting up in your organisation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
The document discusses preparing for cyber incidents involving industrial automation and control systems (IACS). It defines a cyber incident and outlines the PICERL framework for incident response involving preparation, identification, containment, eradication, remediation, and lessons learned. The document also provides statistics on IACS cyber incidents in 2014, including the top targeted industries and main attack vectors, and recommends establishing an incident response team, network documentation, and security controls.
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
CrowdStrike Falcon with next-gen AV protects your Mac-based organization
If your organization has moved to a Mac-based platform, or are considering it, you may be aware that threats targeting Mac devices are on the rise. A new webcast from CrowdStrike, "Defending Against Threats Targeting the Mac Platform" discusses how the increase in Mac adoptions has given rise to a new class of targeted threats and explains why standard security solutions can't protect you.
In this CrowdCast, Peter Ingebrigtsen, as discussed why more companies are switching to the Mac platform, the new threats targeting Macs, and what you can do to better protect your organization.
Download the slides to learn:
Why more IT departments are switching to the Mac platform
How new threats targeting Macs are able to bypass standard security measures
How CrowdStrike's next-gen AV employs machine learning and behavioral analytics to defend against threats aimed at the Mac platform
On-Demand CrowdCast Link: https://www.crowdstrike.com/resources/crowdcasts/defending-threats-targeting-mac-platform/
A Day in the Life of a GDPR Breach
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organization has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?
Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.
What you will learn:
- What breach response will look like under the GDPR
- What tools and processes a data privacy officer will rely on in case of a breach
- What departments and entities will be involved beyond IT
- What activities are currently happening within organizations to prepare for the GDPR
- What the consequences of the breach could be
Watch the webinar: http://explore.splunk.com/GDPR_Webinar_EN
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Webinar slides presented by Shailendra Sadh – CISSP, MS(InfoSec) | Senior Sales Engineer - March 2018.
GDPR Complaince: Don't Let SIEM BE Your Downfall
Whatever SIEM solution you operate, it is highly likely that personal information is captured in the log data such as phone numbers, email addresses, cookies, RFID’s, geolocation and more. If it can identify an individual in combination with other data, you must ensure that you’re not in breach of the GDPR. To help give guidance on this, we have conducted detailed analysis on how you should treat your SIEM solution and log data under the GDPR.
•Learn the most relevant aspects of GDPR, to understand its impact on log management
•Understand the risk of processing and storing log data in the context of GDPR
•Discover your obligations and the precautions you can take to comply and maintain visibility
•Observe specific compliance guidance and relevant use cases for network and information security logs
The Seven Axioms of Security - ITWeb 2017
It is time to transition defense from being reactive to proactive. This talk discusses seven axioms for implementing proactive defense strategy and measures for the future, concluding with a blueprint of the next evolution of pro-active defense architecture.
How to Replace Your Legacy Antivirus Solution with CrowdStrike
This document summarizes CrowdStrike's endpoint security product Falcon and argues that it provides more effective protection than legacy antivirus solutions. It notes that antivirus has an efficacy rate of only 45% against modern threats and is ineffective at stopping sophisticated attacks. CrowdStrike's Falcon uses techniques like machine learning, IOAs, and threat intelligence to prevent a wider range of attacks while having a smaller system footprint than antivirus. It also provides detection capabilities like endpoint detection and response to eliminate attack dwell time. The document aims to convince readers to replace their legacy antivirus with CrowdStrike's Falcon.
Evolving Cybersecurity Threats
Drawing from CrowdStrike's work, Cayce Beames will present evolving cybersecurity threats, discussed her thoughts on why traditional security is failing and shared a bit on what this "next generation endpoint protection" is about.
Cayce has been working in technology for over 25 years. From IT Systems Administration to Network Engineering and Internet Security, Risk Management and Compliance Auditing, Cayce has consulted with many Global corporations and traveled extensively. Cayce is currently a governance, risk and compliance analyst at CrowdStrike and founder of the not for profit, public benefit, education for kids organization called "The Computer Club" where she works to inspire kids and adults to address their fear of the unknown and make something awesome with technology.
A Day in the Life of a GDPR Breach - September 2017: France
You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next? Splunk's own Mathieu Dessus and Elizabeth Davies explore the future scenario.
What's hot (20)
Splunk Discovery Dusseldorf: September 2017 - Security Session
Splunk Discovery Dusseldorf: September 2017 - Security Session
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Kaspersky Lab’s Webinar ‘Emerging Threats in the APT World: Predictions for 2...
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Preparing for the inevitable: The mobile incident response playbook
Preparing for the inevitable: The mobile incident response playbook
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
Using Machine Learning and Analytics to Hunt for Security Threats - Webinar
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
Similar to SOCIAL MEDIA AS A CYBER WEAPON
LinkedIn to Your Network - The Social Engineering Threat
By nature, humans are inclined to trust. Unfortunately, attackers are often successful in breaching large enterprises by targeting specific individuals and utilizing social engineering to obtain confidential information. Once an adversary is able to gain enough data through social media or other channels, they can pose as an authentic user with valid credentials, bypassing traditional security measures.
Join Lancope’s Joey Muniz, aka The Security Blogger, to hear about his successful, real-life experiments in using social engineering to easily compromise high-profile targets.
Learn about:
· The dangers of insider threats
·How attackers are leveraging social media to compromise targets
· Best practices for defending network interiors from attackers with authentic credentials
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Mobile devices and applications have taken the world by storm. Millions of consumers are using these devices for everything from conducting financial transactions, accessing health care information and sharing personal experiences over social media. Unfortunately there is still little regard or concern with how mobile platforms and major social networks collect, transmit and store personal and corporate information. This exacerbates existing privacy concerns and the need for new regulations in the age of big data. In this presentation we discuss the latest privacy concerns with this new technology. Topics will include:
• All new privacy concerns with mobile application data, geolocation, address book harvesting , third party information sharing and the latest mobile technology such as NFC (Near Field Communication)
• A close look at the top 20 mobile applications and how they transmit, store and reuse personal or private information
• Comparison of current privacy policies of the major social networks, what they tell you and what they don't
• Ramifications of international and US privacy regulations and how this impacts mobile devices, social networks, you and your business
CSUN - Youth Driven Information Privacy Education Campaign
The goal of this project was to develop an educational social media marketing campaigns designed to educate middle school youth on the complex issue of digital literacy and responsible online behavior.
Cybersecurity for the non-technical
A set of security awareness raising slides you are free to use in your efforts to increase general public understanding of the subject.
5 BS Facts About Data Privacy Everyone Thinks Are True
The document summarizes a presentation on common misconceptions about data privacy. It identifies 5 myths ("BS Facts") that are widely believed but untrue. These myths claim that privacy policies only apply to data, a single policy can cover all data, anonymized data protects privacy, and privacy is dead. The presentation provides corrections to these myths and outlines a 5-step action plan for consumers, private sector, constituents, and public sector to improve data privacy practices.
Protecting Yourself and Your Brand On Social Media | SPOKE Communications, LLC
Protecting Yourself and Your Brand On Social Media | SPOKE Communications, LLCSPOKE Communications, LLC
Protecting your personal and professional brand through Social Media is a hot topic these days. SPOKE Communications provides the following presentation as a brief guide to setting up accounts securely as well as business best practices for social media marketing.
Additional information on business best practices for digital marketing, go to our Web site: www.SPOKEcom.comInsight Presentation: "What Wearables Mean For Marketers"
The document discusses wearable technology and what it means for marketers. It dispels three myths about wearables: 1) They are not yet mainstream, 2) They are useful for more than just health tracking, and 3) Smartwatches are overhyped. Wearables have struggled due to aesthetics, battery life, and "chart fatigue". Their adoption will grow as these issues are addressed. The document suggests wearables will expand to new form factors, use cases, and integration with other apps. For marketers, wearables mean opportunities for data collection but also responsibility, as consumers want utility over advertising. Marketers should educate themselves, experiment, and partner with wearable companies.
Your e image presentation
The document provides information on establishing a positive digital footprint. It discusses how students and teachers should understand proper online behavior and internet safety. It provides guidelines on computer ethics and summarizes various resources for teaching digital citizenship. Some key tips include using social media to market yourself in a positive light, establishing online profiles on sites like LinkedIn and Google to be found by potential employers or colleges, and being aware that anything posted online can last forever and affect one's reputation.
Cyber Security for 5th and 6th Graders
This document provides an agenda and overview for a cyber security workshop for 5th and 6th graders. The agenda includes introductions to cyber security, secure passwords, social engineering, privacy practices, and an interactive cyber security jeopardy game. Key topics covered are defining cyber security and the risks of networked computers, creating strong passwords with length and complexity, protecting personal information, and being mindful of what you post and share online.
Cyber Security for 5th and 6th Graders
This document provides an agenda and overview for a cyber security workshop for 5th and 6th graders. The agenda includes introductions to cyber security, secure passwords, social engineering, privacy practices, and an interactive cyber security jeopardy game. Key topics covered are defining cyber security and common threats, creating strong and unique passwords, protecting personal information when online, and practicing safe internet usage. A discussion of specific security and privacy strategies helps students learn how to protect themselves in the digital world.
Technology to Improve Your (Business) Life
Presentation outlines general state of technology today along with how to think like a CIO. Includes a list of popular apps, touches on social media, and wraps with a few fun future looking items. Presentation created for NYLE on 5/7/15.
Progscon cybercrime and the developer
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
The #BigData Dilemna
From Obama Data Campaign to NSA Data Scandal, how Brands and marketers can learn about this #BigData Dilemna to avoid Data Backlash
Big Data Analytics - The New Cold War
Big data refers to the massive amounts of structured and unstructured data being generated every day from various sources. This data when analyzed can provide valuable insights but also raises privacy, security, and ethical concerns. While big data analytics can power improvements in areas like healthcare and disaster response, there is also a risk it could be used to manipulate populations through micro-targeting of political messages or discriminatory practices. Proper oversight and regulations are needed to ensure big data is used responsibly for the benefit of humanity.
I-Spy: How Social networking is impacting claims investigations
This document discusses how social networking is impacting claims investigations. It provides a history of social networking and its growth. Examples are given of claimants whose social media activities contradict the injuries or limitations they claim. Investigators can use social media to verify application information, check alibis, and monitor activity levels. However, legal concerns around privacy and evidence must be considered. Case studies show claimants photographed actively participating in sports or hosting visitors despite claimed disabilities. Social networking is a valuable investigative tool when used properly.
Pod camp boston 2011 locking up yourself online
Lane Sutton discusses privacy concerns related to social media and online activity. 92% of toddlers have an online presence established by their parents. Our online actions are tracked through various means like social networks, loyalty programs, and online shopping. While some privacy controls exist, many users agree to extensive privacy policies without understanding what data they are sharing. New social media features like Facebook Timelines make more information publicly visible. Users should be aware of privacy risks and tools available to better control their digital footprint and online privacy.
2600 v21 n3 (autumn 2004)
The author provides a brief overview of some basic security measures at AOL based on their past experience as a low-level employee. They describe the Merlin customer database system and restricted access to workflows. Desktop workstations run Windows 2000 with unique login IDs and minimal password complexity rules. Management can monitor desktop activity and globally change desktop images.
Cyber Security Extortion: Defending Against Digital Shakedowns
Real world lessons from CrowdStrike Services experts investigating complex cyber extortion attacks
The criminal act of theft is as old as civilization itself, but in the cyber realm new ways to steal your organization's data or profit by holding it hostage, continue to evolve. With each advancement in security technology, adversaries work tirelessly on new techniques to bypass your defenses. This webcast, "Cyber Extortion: Digital Shakedowns and How to Stop Them" examines the evolution of cyber extortion techniques, including the latest "datanapping" exploits. Whether it's an attack on a major movie studio, a massive healthcare system, or a global entertainment platform, recent extortion attempts demonstrate how critical it is to understand today's threat landscape so you can ensure that your organization mounts the best defense possible.
Download this presentation to learn what security experts from the cyber defense frontlines are discussing. Learn about:
•The range of extortion techniques being used today, including commonalities and differences in approaches
•Commodity type ransomware/datanapping vs. hands-on attacks — how are they alike and what are their differences?
•Potential outcomes of paying vs. not paying when attempting to recover data after an attack
•Real world examples of successful attacks and those that were thwarted or mitigated
•Strategies for keeping your organization from being targeted and what to do if you become the victim of a cyber shakedown
Parent workshop - Social Networks
Social networking sites like Facebook have become an important part of how teenagers interact and develop their identity. While these sites allow for connecting with friends, sharing information publicly also poses privacy and reputational risks. It is important for parents to educate themselves about the sites their children use, understand the privacy and sharing settings, and have open discussions about appropriate and safe online behavior.
Digital Footprints Presentation
A session by Jennifer Wagner, Sean Williams, and Dennis Grice on 11/30/10 at St. John's Lutheran in Orange, CA
Similar to SOCIAL MEDIA AS A CYBER WEAPON (20)
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering Threat
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
CSUN - Youth Driven Information Privacy Education Campaign
CSUN - Youth Driven Information Privacy Education Campaign
5 BS Facts About Data Privacy Everyone Thinks Are True
5 BS Facts About Data Privacy Everyone Thinks Are True
Protecting Yourself and Your Brand On Social Media | SPOKE Communications, LLC
Protecting Yourself and Your Brand On Social Media | SPOKE Communications, LLC
Insight Presentation: "What Wearables Mean For Marketers"
Insight Presentation: "What Wearables Mean For Marketers"
I-Spy: How Social networking is impacting claims investigations
I-Spy: How Social networking is impacting claims investigations
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
More from Sylvain Martinez
PROGRAMMING AND CYBER SECURITY
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
INTRODUCTION TO CRYPTOGRAPHY
This document provides an introduction to cryptography. It defines cryptography as the science of hiding information to provide confidentiality, integrity, authentication, and non-repudiation. The document then summarizes the history of cryptography, the main types of cryptography including encryption, decryption, hashing, and steganography. It also describes symmetric and asymmetric cryptographic algorithms like AES, RSA, and hash functions like MD5 and SHA-1/2. The document concludes by emphasizing the safe use of standard algorithms and protection of private keys.
INCIDENT RESPONSE NIST IMPLEMENTATION
The document provides an overview of an incident response concept and framework. It discusses the benefits of incident response, common incident response structures and lifecycles. It also outlines the key steps in an incident response process including preparation, detection, analysis, containment, eradication, recovery, reporting and lessons learned. Specific approaches and activities at each step are also described for a company's incident response implementation.
DATA LOSS PREVENTION OVERVIEW
This document provides an overview of data loss prevention (DLP). It discusses cyber security risks and increasing data breach statistics and costs. It defines DLP and the lifecycle of data protection. Key aspects of a DLP implementation are outlined, including defining objectives and scope, policy setup, data discovery and classification, monitoring and tuning, and reporting. The benefits of visibility, monitoring, and improved protection are highlighted.
2019 CYBER SECURITY TRENDS REPORT REVIEW
This document summarizes 10 cyber security trend reports for 2019. Common trends identified across the reports include rises in crypto mining, state-sponsored attacks, security skills shortages, Internet of Things risks, cloud provider attacks, supply chain attacks, phishing as the primary attack vector, and increased regulations. The reports also highlight the importance of user awareness, basic IT hygiene, incident response readiness, and having adequate security resources.
PHISHING PROTECTION
Looking at the different components an organisation should consider to fight Phishing attacks and build a successful Phishing protection program
INCIDENT RESPONSE OVERVIEW
This document provides an overview of incident response procedures, including the incident response life cycle of detection, categorization, containment, investigation, remediation, reporting, and learnings. It outlines roles and responsibilities, communication processes, and generic response playbooks. Resources for incident response frameworks and standards are also referenced.
IOT Security
A look at the main security risks and impact related to IOT devices as well as what are the key steps to improve IOT security.
ARE YOU RED TEAM READY?
A look at what makes a Red Team special versus more traditional security services such as Vulnerability Assessment and Penetration Testing. Use case will also be provided to illustrate the points made in the presentation.
GDPR SECURITY ISSUES
A presentation given by Dr Kaleem Usmani from the MAURITIUS CERT on GDPR from the information security perspective
Risk on Crypto Currencies
This document discusses security concerns related to cryptocurrencies. It begins by defining cryptocurrency as a digital currency created through mathematical algorithms that aims to be open, anonymous, secure and bypass traditional financial systems. It then outlines some key advantages of cryptocurrency over traditional money, such as maintaining user anonymity. However, it also identifies several security concerns with cryptocurrencies, such as selfish mining that allows miners to gain more revenue than their share of computing power, double spending of coins, and attacks on wallet software or acquiring over 50% of a cryptocurrency's computing power.
INTRODUCTION TO CYBER FORENSICS
This document provides an introduction to cyber forensics. It defines key terms like forensics science, digital forensics, and cyber forensics. It also discusses cyber attack and malware trends, GDPR requirements, core principles of cyber forensics investigations, and presents an overview of the goals, actions, and scope of activities in a cyber forensics investigation. Finally, it provides a case study example of a client database leak investigation.
Talk1 esc7 muscl-gdpr_debate_v1_2
This document discusses the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It will apply to all companies and gives individuals new rights around accessing and deleting their personal data. It also requires companies to implement privacy by design and notify authorities within 72 hours of a data breach. The document also outlines debates around whether previous policies were sufficient, concerns about spam and data breaches, and arguments that individuals will just click through privacy notices as well as whether the EU can enforce fines. However, supporters argue that the GDPR will push companies to improve security, be more transparent about what data they hold, demand more from third parties, and give individuals better control over their personal information.
Ethical Hacking
Ethical hacking involves performing authorized security testing and vulnerability assessments to evaluate an organization's security posture and help protect against cyber threats. It generally follows steps of reconnaissance, scanning systems to identify vulnerabilities, gaining access if possible, maintaining or escalating that access, and covering tracks. Ethical hackers have permission and work within legal bounds, using their skills to strengthen security rather than enable harm. The document discusses definitions, common techniques, tools used at each step, and how ethical hackers differ from malicious hackers by operating openly to help rather than secretly to enable illegal acts.
INCIDENT HANDLING IN ORGANISATIONS
In this presentation we look at how organisations conduct incident handling with a focus on how it applies to businesses in Mauritius
Talk2 esc4 muscl-ids_v1_2
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
Talk2 esc2 muscl-wifi_v1_2b
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Talk1 muscl club_v1_2
This document outlines a proposal for a cyber security club in Mauritius. The club aims to share information and build a cyber security community through free monthly meetings. Meetings would last 2 hours and include technical and non-technical talks on topics like password handling and penetration testing. The club seeks attendees with some IT knowledge, speakers with cyber security experience, and a few organizers to coordinate talks and venues. Future goals include expanding the number of talks per meeting, inviting external speakers, and gaining sponsors.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
More from Sylvain Martinez (19)
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Recently uploaded
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfarePapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
AI & Electronic Warfare“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
AppSec PNW: Android and iOS Application Security with MobSF
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Tomaz Bratanic
Graph ML and GenAI Expert - Neo4j
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Recently uploaded (20)
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
SOCIAL MEDIA AS A CYBER WEAPON
- 1. {elysiumsecurity} SOCIAL MEDIA AS A CYBER WEAPON Version: 1.1a Date: 25/04/2018 Author: Sylvain Martinez Reference: ESC5-MUSCL Classification: Public cyber protection & response
- 2. {elysiumsecurity} cyber protection & response 2 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT • Your Data; • Data Gathering Tools; • LinkedIn Data; • Facebook Data; • Twitter Data; • Other Data Source; • What Can you do about it? CONTENTS Public • Data Growth; • Data Leakage; • Data Control; • Cyber Attacks; • Personal Attacks; • Corporate Attacks; • Marketing Attacks;
- 3. {elysiumsecurity} cyber protection & response 3 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT DATA GROWTH Public Statistics from Microfocus, 2017 Yesterday Tomorrow 100% 0% TIME GROWTH 3.8 Billion Internet Users 840 new Social Media users / day 455,00 Tweets / minutes 46,740 Instagram posts / minutes Facebook data per minutes: 3.5 Million Google searches / minutes 3 Million posts; 510,000 comments; 293 Statuses updates; 136,000 photos uploaded 4 Million likes;
- 4. {elysiumsecurity} cyber protection & response 4 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT DATA LEAKAGE Public 9 7 2 7 9 6 7 9 8 8, ,, EVERY DAY 5,014,416 RECORDS EVERY HOUR 208,934 RECORDS EVERY MINUTE 3,482 RECORDS EVERY SECONDS 58 RECORDS DATA RECORDS ARE LOST OR STOLEN AT THE FOLLOWING FREQUENCY DATA RECORDS LOST OR STOLEN SINCE 2013 Source: Breach Level Index - April 2018
- 5. {elysiumsecurity} cyber protection & response 5 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT DATA CONTROL Public Icons from the noun project otherwise specified YOUR CONTROL YOUR INFLUENCE NO CONTROL
- 6. {elysiumsecurity} cyber protection & response 6 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT YOUR DATA Public WORK FAMILY FRIENDSPERSONAL
- 7. {elysiumsecurity} cyber protection & response 7 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT DATA GATHERING TOOLS Public
- 8. {elysiumsecurity} cyber protection & response 8 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT LINKEDIN DATA Public - What you do; - Where do you work; - Who do you know; - What you like; - What interests you; - Birthday; - Work Colleague; - Potential Friends; - Potential Family; - Work History: - Former Colleague; - Where you lived; - School History: - Where you are from; - Where you lived; - Your age; - Where to find your birth certificate - Conferences: - Where you were; - Where you will be!
- 9. {elysiumsecurity} cyber protection & response 9 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT FACEBOOK DATA Public - Friends; - Family members; - Kids name and age; - Where you live; - Date of Birth; - Place of Birth; - Romantic status; - Photos: - What you look like; - What others look like; - Other information - Names of your pets; - Favorite Colors; - What you know you like: - Music; - Films; - Books; - What you don’t know you like: - Profiling - Where you were; - Where you will be; - What you have done; - What you will be doing.
- 10. {elysiumsecurity} cyber protection & response 10 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT TWITTER DATA Public - What you do; - What you like; - What you don’t like; - What are your interests; - Who do you follow; - Who are your friends; - Who is your family; - Photos: - What you look like; - What others look like; - Other information - What are your political views; - Where you are; - Where you will be; - What you have done; - What you will be doing.
- 11. {elysiumsecurity} cyber protection & response 11 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT OTHER DATA SOURCE Public - What you bought; - What you want to buy; - What you like; - What you dislike; - Photos; - What you are listening to right now; - Where you are; - Your future DIY projects; - If you are going to have a kid: - A boy - Or a Girl!
- 12. {elysiumsecurity} cyber protection & response 12 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT CYBER ATTACKS Public
- 13. {elysiumsecurity} cyber protection & response 13 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT PERSONAL ATTACKS Public
- 14. {elysiumsecurity} cyber protection & response 14 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT CORPORATE ATTACKS Public
- 15. {elysiumsecurity} cyber protection & response 15 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT MARKETING ATTACKS Public
- 16. {elysiumsecurity} cyber protection & response 16 REMEDIATIONDATA EXPLOITDATA GATHERINGCONTEXT WHAT CAN YOU DO ABOUT IT? Public
- 17. {elysiumsecurity} cyber protection & response © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ElysiumSecurity provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ElysiumSecurity provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ElysiumSecurity provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. Operating in Mauritius and in the United Kingdom, our boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.