Spo1 r35
•
0 likes•113 views
The document discusses key and certificate management threats, noting that attackers have stolen private keys from companies to sign malicious code, compromised certificate authorities to issue fake certificates, and exploited weaknesses in algorithms like MD5. It also reports that over half of large organizations do not know how many keys and certificates they have in use and that failures in managing these assets could result in losses of $398 million on average.
Report
Share
Report
Share
Download to read offline
Recommended
Defend Your Data Now with the MITRE ATT&CK Framework
MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.”
This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface.
Takeaways include how to:
-Make the most out of their threat intelligence feeds
-Report on progress and compliance
-Negotiate trust relationships in the intelligence sharing cycle
-Improve their organization’s overall security posture
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
The document provides an overview of ransomware, including its history, key stages, and examples. It discusses how ransomware has evolved from misleading applications and rogue antivirus software in the 2000s to modern crypto-ransomware. The five stages of crypto-ransomware are described as installation, contacting command and control servers, establishing encryption keys, encrypting files, and displaying an extortion message. Several examples of ransomware families are outlined, including Cryptowall, Zepto, KeRanger, Reveton, CryptoLocker, and WannaCry.
3. APTs Presentation
This document discusses advanced persistent threats (APTs) and strategies for cyber defense. It describes APTs as advanced, persistent, and threatening adversaries that are formally tasked to accomplish missions. The document outlines the lifecycle of APT attacks, including establishing backdoors in networks, maintaining long-term control, and exfiltrating data using encryption. It provides examples of APT groups and tools they use, such as exploiting vulnerabilities to escalate privileges and dump cached credentials from Windows networks. The overall summary is that APTs are dangerous, organized adversaries requiring persistent cyber defense strategies.
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
The document discusses the CryptoLocker ransomware threat and strategies to defend against it. CryptoLocker infects systems by tricking users into executing malicious files, then encrypts files using a randomly generated key. It threatens to delete the encryption key unless a ransom is paid. The best defenses include application whitelisting, limiting administrator privileges, firewalls, intrusion detection systems and keeping systems patched and backed up. In the event of infection, the affected machine should be isolated while restoring data from backups. Ongoing user education and security policies are also important to mitigate the ransomware risk.
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Cyphort Labs has discovered an extensive data theft campaign that we have named NightHunter. The campaign, active since 2009, is designed to steal login credentials of users. Targeted applications include Google, Yahoo, Facebook, Dropbox and Skype. Attackers have many options to leverage the credentials and the potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks.
Hunting for Cyber Threats Using Threat Modeling & Frameworks
With threat models, an organization can slice its infrastructure into smaller components, making it easier to secure assets and minimize the attack surface. Learn how to make the most out of threat intelligence feeds, report on progress, and negotiate trust relationships in the intelligence sharing cycle, while improving their organization's overall security posture.
Dissecting Cryptowall
Nick Bilogorskiy presentation on Ransomware, Cryptolocker and Cryptowall at Rochester Security Summit 2015.
Fake Antivirus
History of Ransomware
Cryptolocker
Cryptowall
Conclusions
MMW April 2016 Ransomware Resurgence
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Recommended
Defend Your Data Now with the MITRE ATT&CK Framework
MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.”
This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface.
Takeaways include how to:
-Make the most out of their threat intelligence feeds
-Report on progress and compliance
-Negotiate trust relationships in the intelligence sharing cycle
-Improve their organization’s overall security posture
CSF18 - The Digital Threat of the Decade (Century) - Sasha Kranjac
The document provides an overview of ransomware, including its history, key stages, and examples. It discusses how ransomware has evolved from misleading applications and rogue antivirus software in the 2000s to modern crypto-ransomware. The five stages of crypto-ransomware are described as installation, contacting command and control servers, establishing encryption keys, encrypting files, and displaying an extortion message. Several examples of ransomware families are outlined, including Cryptowall, Zepto, KeRanger, Reveton, CryptoLocker, and WannaCry.
3. APTs Presentation
This document discusses advanced persistent threats (APTs) and strategies for cyber defense. It describes APTs as advanced, persistent, and threatening adversaries that are formally tasked to accomplish missions. The document outlines the lifecycle of APT attacks, including establishing backdoors in networks, maintaining long-term control, and exfiltrating data using encryption. It provides examples of APT groups and tools they use, such as exploiting vulnerabilities to escalate privileges and dump cached credentials from Windows networks. The overall summary is that APTs are dangerous, organized adversaries requiring persistent cyber defense strategies.
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
The document discusses the CryptoLocker ransomware threat and strategies to defend against it. CryptoLocker infects systems by tricking users into executing malicious files, then encrypts files using a randomly generated key. It threatens to delete the encryption key unless a ransom is paid. The best defenses include application whitelisting, limiting administrator privileges, firewalls, intrusion detection systems and keeping systems patched and backed up. In the event of infection, the affected machine should be isolated while restoring data from backups. Ongoing user education and security policies are also important to mitigate the ransomware risk.
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Cyphort Labs has discovered an extensive data theft campaign that we have named NightHunter. The campaign, active since 2009, is designed to steal login credentials of users. Targeted applications include Google, Yahoo, Facebook, Dropbox and Skype. Attackers have many options to leverage the credentials and the potential for analyzing and correlating the stolen data to mount highly targeted, damaging attacks.
Hunting for Cyber Threats Using Threat Modeling & Frameworks
With threat models, an organization can slice its infrastructure into smaller components, making it easier to secure assets and minimize the attack surface. Learn how to make the most out of threat intelligence feeds, report on progress, and negotiate trust relationships in the intelligence sharing cycle, while improving their organization's overall security posture.
Dissecting Cryptowall
Nick Bilogorskiy presentation on Ransomware, Cryptolocker and Cryptowall at Rochester Security Summit 2015.
Fake Antivirus
History of Ransomware
Cryptolocker
Cryptowall
Conclusions
MMW April 2016 Ransomware Resurgence
Cyphort Labs presents "Malware's Most Wanted: Ransomware Resurgence: Locky and Other “New Cryptolockers”
Like many viruses, botnets and malware families that we’ve seen over the past decade, hackers continue to find new ways of reinventing old threats. And this is no different for Ransomware.
Ransomware has come a long way from non-encrypting lockscreen FBI scare warnings like Reveton. In 2016 alone, there have been new ransomware families popping up and we expect that to only pick up steam over the summer.
In this edition of MMW, Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, will discuss:
Locky, the new “it” ransomware and how it works
A deep dive into a new family of ransom locker discovered by Cyphort Labs in March, that uses TOR Hidden Service
Other new ransomware families and why it’s becoming the preferred monetization method for attackers
Windows Forensic 101
The document discusses Windows forensic analysis fundamentals. It covers forensic artifacts including volatile artifacts like memory and process information, and non-volatile artifacts like the Windows file system, registry hives, and event logs. It discusses Windows process genealogy, the Windows registry including important hive locations, and common Windows artifacts related to program execution, deleted files, network activity, file access, account usage, external devices, browsing history, and file downloads. The presentation aims to provide an overview of Windows forensic analysis and correlating artifact information to build timelines and answer questions about system activity.
Dissecting ZeuS malware
Zeus, one of the stealthiest advanced malware has ruled the world of botnets and still posses a significant security risk. In the US alone, Zeus is estimated to have control over 4 million devices. Banks, social networks and email accounts, all have fallen prey to its might and despite of its years in service, no anti virus vendor can claim to detect it reliably. Join Cyphort research team as we explain the inner working of Zeus.
www.cyphort.com for more information
Advanced Threats In The Enterprise
What will you Learn:
1.How to gain endpoint visibility and detection capabilities to expose malware and respond with precision to stop attackers.
2.How to use actionable intelligence for rapid breach detection across all endpoints that may have already been infected but not identified as active participants
3.How to Increase Security Operations Center (SOC) efficiency by providing a method to gauge the magnitude of an intrusion and reduce incident response time.
Zeus Dissected
Zeus is a Trojan horse malware that has infected tens of millions of computers worldwide. It functions by using a dropper to install a Zeus bot that communicates with a command and control server to steal banking credentials. Zeus has evolved over many versions since 2007 and employs techniques like steganography, rootkits, anti-debugging, and domain generation algorithms to avoid detection. Notable Zeus variants include Gameover Zeus attributed to Evgeniy Bogachev and JabberZeus linked to a criminal group in Ukraine.
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
ATT&CK is valuable for those of us who are heads down in security day in and day out. But what about using ATT&CK to each college interns about security?
This presentation details how Tripwire used ATT&CK to build- out a new training regimen for summer interns. By going through and finding quick wins, Tripwire’s interns were actively engaged in learning about security. The detailed break downs of ATT&CK were greatly beneficial in helping teach security concepts to those who were not yet familiar with them. This session shows the program details and how you might be able to adapt it to your requirements.
Windows Live Forensics 101
Talk on Windows Live Forensics @ Null Bangalore January Meetup. About basics of live forensics on Windows hosts.
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
Passwordless and SSO solutions have become extremely popular, mostly due to their ability to balance convenience and security. But are they bulletproof? Join us to learn how these technologies have changed the attack surface. Using Windows Hello and Browser SSO in Hybrid Azure environments, the presenter will demonstrate successful attack methods and provide actionable mitigation techniques.
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.Ht w25
This document discusses firmware threats and solutions. It begins with a presentation on firmware threats, implications, and UEFI Secure Boot. It then discusses how UEFI Secure Boot and Windows 8 Trusted Boot work to secure the boot process. Finally, it covers secure firmware updates and concludes that securing firmware is foundational to system security.
Png f41
The panel discussion focused on cyber security priorities for federal information systems. Key panelists included experts from the National Institute of Standards and Technology, National Security Staff, General Services Administration, and Department of Homeland Security. They discussed the Administration's goals to strengthen the security and resiliency of critical infrastructure against evolving cybersecurity threats and ensure the timely sharing of cyber threat information.
Практический опыт реализации собственной антифрод системы
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Шумский Лев Станиславович, начальник Управления информационной безопасности, Связной Банк
Источник: http://ural.ib-bank.ru/materials_2015
Mbs r35 a
Mobile applications are vulnerable to security threats due to tectonic shifts in mobile technology. A study of 55 mobile apps found many security issues, with unencrypted data in 99% of apps and SQL injection vulnerabilities in 35% of apps. The study also analyzed 55 backend servers and found vulnerabilities in all servers, including unencrypted data in 99% and unrestricted passwords in 74%. One app in particular was found to have over 200 code flaws and 40 backend vulnerabilities. The app stores do not conduct security analysis of apps and only check requested permissions. Automated static analysis of apps and backends is recommended to identify issues before deployment.
Mbs w25 a
This document discusses security risks for computing devices when traveling internationally and provides recommendations to safely cross borders. It outlines threats from intellectual property theft and ongoing access enabled by device compromise from nation states like China and Russia. The document reviews examples of past device tampering and presents countermeasures against various attacks from software exploits to physical tampering. It considers potential solutions to the challenge of preventing hardware tampering, such as remote attestation of hardware states, but notes the difficulty of fully protecting devices. The recommendation is to minimize devices taken and use dedicated systems with precautions against both software and physical attacks.
Prof m01-2013 global information security workforce study - final
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
Grc r33
This document discusses privacy compliance and oversight at the National Security Agency. It provides an overview of the NSA's compliance program, including external and internal oversight. It also covers key concepts like minimization procedures, the four phases of compliance, and different models for the interaction of compliance rules, technology, and operations. The document advocates for building conduits among legal, policy, operations, and technology teams. It also recommends taking a functional approach to compliance and utilizing tagged data and rules architecture to facilitate compliance even as technology changes.
Mash w26 a
Keren Elazari is a cyber security expert who discusses how cyberpunk fiction from the 1980s and 1990s anticipated modern hacking culture and technology. The presentation traces elements from films such as Blade Runner, Neuromancer, and The Matrix that depicted hackers, embedded devices, and mind reading machines, and shows how those concepts have become reality. It also profiles real-world hackers and cybersecurity pioneers, as well as how hacking has become a new form of power in the 21st century, demonstrating how fiction influenced and inspired present-day hacking culture.
Png w23
The document discusses various standards and frameworks for evaluating organizational processes and certifying products, including:
- CMMI and ISO standards for quality management and information security management.
- Cryptographic standards like FIPS 140-2 and Common Criteria for evaluating security properties.
- Industry-specific standards like PCI for payment security and ISO standards for mitigating counterfeiting.
- National and agency-specific assurance programs like CPA-UK and DoD APL.
It notes the tradeoffs between accrediting organizations based on their processes versus certifying individual products, with the former providing longer-term but less detailed assurance and the latter providing more rigorous evaluations but only for specific versions.
Iam f42 b
The document discusses enabling single sign-on (SSO) for native mobile applications. Currently, users must authenticate separately with each native app. The document proposes introducing a native "authorization agent" that would allow users to authenticate once to obtain tokens, which could then be used by other native apps for SSO. This would reduce the authentication burden on users and allow enterprises more centralized control over app access. Standards are needed to define the interactions between the authorization agent, apps, and authorization servers.
Prof m04
This document outlines an agenda and presentation on security leadership. The presentation discusses how security professionals can enhance their authority and influence through positive leadership techniques. It emphasizes developing confidence, maintaining a positive attitude, building strong relationships, educating and influencing others, and serving one's team. Specific tips are provided, such as using empathy to understand others, persuading through compromise, and solving problems through methods like the 5 Whys technique. The overall message is that leadership skills are the "secret weapon" for security professionals to overcome frustrations and better achieve their goals.
Mash f42
This document discusses emerging cyber threats and targets in today's world. It notes that attribution of cyber attacks is now difficult due to the asymmetric nature of cyber space, where offense is cheap but defense is expensive. Many adversaries now exist with varying motivations, from wanting valuable information for money to conducting government-sponsored attacks. Lessons from the document indicate that both technology and user training are needed to protect users, as people will always take risks and make mistakes, and technology enables both beneficial use and malicious attacks.
More Related Content
What's hot
Windows Forensic 101
The document discusses Windows forensic analysis fundamentals. It covers forensic artifacts including volatile artifacts like memory and process information, and non-volatile artifacts like the Windows file system, registry hives, and event logs. It discusses Windows process genealogy, the Windows registry including important hive locations, and common Windows artifacts related to program execution, deleted files, network activity, file access, account usage, external devices, browsing history, and file downloads. The presentation aims to provide an overview of Windows forensic analysis and correlating artifact information to build timelines and answer questions about system activity.
Dissecting ZeuS malware
Zeus, one of the stealthiest advanced malware has ruled the world of botnets and still posses a significant security risk. In the US alone, Zeus is estimated to have control over 4 million devices. Banks, social networks and email accounts, all have fallen prey to its might and despite of its years in service, no anti virus vendor can claim to detect it reliably. Join Cyphort research team as we explain the inner working of Zeus.
www.cyphort.com for more information
Advanced Threats In The Enterprise
What will you Learn:
1.How to gain endpoint visibility and detection capabilities to expose malware and respond with precision to stop attackers.
2.How to use actionable intelligence for rapid breach detection across all endpoints that may have already been infected but not identified as active participants
3.How to Increase Security Operations Center (SOC) efficiency by providing a method to gauge the magnitude of an intrusion and reduce incident response time.
Zeus Dissected
Zeus is a Trojan horse malware that has infected tens of millions of computers worldwide. It functions by using a dropper to install a Zeus bot that communicates with a command and control server to steal banking credentials. Zeus has evolved over many versions since 2007 and employs techniques like steganography, rootkits, anti-debugging, and domain generation algorithms to avoid detection. Notable Zeus variants include Gameover Zeus attributed to Evgeniy Bogachev and JabberZeus linked to a criminal group in Ukraine.
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
ATT&CK is valuable for those of us who are heads down in security day in and day out. But what about using ATT&CK to each college interns about security?
This presentation details how Tripwire used ATT&CK to build- out a new training regimen for summer interns. By going through and finding quick wins, Tripwire’s interns were actively engaged in learning about security. The detailed break downs of ATT&CK were greatly beneficial in helping teach security concepts to those who were not yet familiar with them. This session shows the program details and how you might be able to adapt it to your requirements.
Windows Live Forensics 101
Talk on Windows Live Forensics @ Null Bangalore January Meetup. About basics of live forensics on Windows hosts.
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
Passwordless and SSO solutions have become extremely popular, mostly due to their ability to balance convenience and security. But are they bulletproof? Join us to learn how these technologies have changed the attack surface. Using Windows Hello and Browser SSO in Hybrid Azure environments, the presenter will demonstrate successful attack methods and provide actionable mitigation techniques.
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...BlueHat Security Conference
Jagadeesh Parameswaran, Microsoft
Rahul Sachan, Microsoft
Windows Defender Advanced Threat Protection (WDATP) gives defenders unparalleled visibility into the enterprise. And Azure Advanced Threat Protection (AATP) gives the power to monitor attacks on the Domain Controllers and user identities. Come spend an hour with us as we pull back the covers and go through detailed examples of real attacks that we saw as we defended the Microsoft corporate environment using WDATP & AATP.What's hot (8)
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
The Hacker's Guide to the Passwordless Galaxy - Webinar 23.6.21 by Asaf Hecht
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
BlueHat v18 || Tales from the soc - real-world attacks seen through azure atp...
Viewers also liked
Ht w25
This document discusses firmware threats and solutions. It begins with a presentation on firmware threats, implications, and UEFI Secure Boot. It then discusses how UEFI Secure Boot and Windows 8 Trusted Boot work to secure the boot process. Finally, it covers secure firmware updates and concludes that securing firmware is foundational to system security.
Png f41
The panel discussion focused on cyber security priorities for federal information systems. Key panelists included experts from the National Institute of Standards and Technology, National Security Staff, General Services Administration, and Department of Homeland Security. They discussed the Administration's goals to strengthen the security and resiliency of critical infrastructure against evolving cybersecurity threats and ensure the timely sharing of cyber threat information.
Практический опыт реализации собственной антифрод системы
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Шумский Лев Станиславович, начальник Управления информационной безопасности, Связной Банк
Источник: http://ural.ib-bank.ru/materials_2015
Mbs r35 a
Mobile applications are vulnerable to security threats due to tectonic shifts in mobile technology. A study of 55 mobile apps found many security issues, with unencrypted data in 99% of apps and SQL injection vulnerabilities in 35% of apps. The study also analyzed 55 backend servers and found vulnerabilities in all servers, including unencrypted data in 99% and unrestricted passwords in 74%. One app in particular was found to have over 200 code flaws and 40 backend vulnerabilities. The app stores do not conduct security analysis of apps and only check requested permissions. Automated static analysis of apps and backends is recommended to identify issues before deployment.
Mbs w25 a
This document discusses security risks for computing devices when traveling internationally and provides recommendations to safely cross borders. It outlines threats from intellectual property theft and ongoing access enabled by device compromise from nation states like China and Russia. The document reviews examples of past device tampering and presents countermeasures against various attacks from software exploits to physical tampering. It considers potential solutions to the challenge of preventing hardware tampering, such as remote attestation of hardware states, but notes the difficulty of fully protecting devices. The recommendation is to minimize devices taken and use dedicated systems with precautions against both software and physical attacks.
Prof m01-2013 global information security workforce study - final
The document summarizes key findings from a survey of over 12,000 information security professionals conducted in 2012. Some of the main findings include:
1) Application vulnerabilities, malware, and mobile devices were the top security concerns. Concern over cloud-based services also increased significantly since the previous survey in 2011.
2) Information security is seen as a stable career path, but workforce shortages persist. Knowledge and certification are important for career success and advancement.
3) While attack remediation is believed to be rapid, preparedness for security incidents showed signs of strain, with twice as many respondents saying preparedness had worsened compared to 2011.
Grc r33
This document discusses privacy compliance and oversight at the National Security Agency. It provides an overview of the NSA's compliance program, including external and internal oversight. It also covers key concepts like minimization procedures, the four phases of compliance, and different models for the interaction of compliance rules, technology, and operations. The document advocates for building conduits among legal, policy, operations, and technology teams. It also recommends taking a functional approach to compliance and utilizing tagged data and rules architecture to facilitate compliance even as technology changes.
Mash w26 a
Keren Elazari is a cyber security expert who discusses how cyberpunk fiction from the 1980s and 1990s anticipated modern hacking culture and technology. The presentation traces elements from films such as Blade Runner, Neuromancer, and The Matrix that depicted hackers, embedded devices, and mind reading machines, and shows how those concepts have become reality. It also profiles real-world hackers and cybersecurity pioneers, as well as how hacking has become a new form of power in the 21st century, demonstrating how fiction influenced and inspired present-day hacking culture.
Png w23
The document discusses various standards and frameworks for evaluating organizational processes and certifying products, including:
- CMMI and ISO standards for quality management and information security management.
- Cryptographic standards like FIPS 140-2 and Common Criteria for evaluating security properties.
- Industry-specific standards like PCI for payment security and ISO standards for mitigating counterfeiting.
- National and agency-specific assurance programs like CPA-UK and DoD APL.
It notes the tradeoffs between accrediting organizations based on their processes versus certifying individual products, with the former providing longer-term but less detailed assurance and the latter providing more rigorous evaluations but only for specific versions.
Iam f42 b
The document discusses enabling single sign-on (SSO) for native mobile applications. Currently, users must authenticate separately with each native app. The document proposes introducing a native "authorization agent" that would allow users to authenticate once to obtain tokens, which could then be used by other native apps for SSO. This would reduce the authentication burden on users and allow enterprises more centralized control over app access. Standards are needed to define the interactions between the authorization agent, apps, and authorization servers.
Prof m04
This document outlines an agenda and presentation on security leadership. The presentation discusses how security professionals can enhance their authority and influence through positive leadership techniques. It emphasizes developing confidence, maintaining a positive attitude, building strong relationships, educating and influencing others, and serving one's team. Specific tips are provided, such as using empathy to understand others, persuading through compromise, and solving problems through methods like the 5 Whys technique. The overall message is that leadership skills are the "secret weapon" for security professionals to overcome frustrations and better achieve their goals.
Mash f42
This document discusses emerging cyber threats and targets in today's world. It notes that attribution of cyber attacks is now difficult due to the asymmetric nature of cyber space, where offense is cheap but defense is expensive. Many adversaries now exist with varying motivations, from wanting valuable information for money to conducting government-sponsored attacks. Lessons from the document indicate that both technology and user training are needed to protect users, as people will always take risks and make mistakes, and technology enables both beneficial use and malicious attacks.
Hta f43
This document discusses security issues with OAuth 2 implementations and provides recommendations. It summarizes two cases where incomplete OAuth 2 implementations led to security compromises: Facebook used the implicit flow, allowing access tokens to be passed in URLs and accessed by any site; foursquare's native app passed access tokens to its backend API, allowing impersonation. The document recommends using OpenID Connect for OAuth SSO to add audience restrictions and protecting against token swapping, and using the OAuth assertion flow to authenticate native apps securely.
Hum t19 hum-t19
The document discusses doxing, which is the process of gathering and revealing personal information about an individual through online searches. It describes how doxing works, including collecting basic info, location data, age and employment details, network information, email addresses and accounts, and public records. Tools used for doxing are also outlined. The document then discusses why people engage in doxing and the potential consequences. Examples of famous doxing incidents are provided before the document concludes with recommendations for mitigating doxing, such as using anonymous registrations and securing personal information online, as well as steps that can be taken once information has already been exposed.
Практический опыт реализации системы антифрода промышленного производства – о...
Практический опыт реализации системы антифрода промышленного производства – о...SelectedPresentations
VII Уральский форум
Информационная безопасность банков
ТЕМАТИЧЕСКОЕ ЗАСЕДАНИЕ № 1
Банковский фрод
Окулесский Василий Андреевич, начальник управления информационной безопасности, Банк Москвы
Источник: http://ural.ib-bank.ru/materials_2015Mash f41 a
The document discusses using semantic web technologies like Resource Description Framework (RDF) and SPARQL to build "thin slices" or concise queries of network traffic data that can help identify security threats. It notes that current security tools analyze too much data without fully understanding it, and proposes an alternative model using RDF to replicate how the human mind finds patterns. An example shows constructing SPARQL queries to analyze source and destination IP addresses in network packets. The document concludes that techniques are needed to minimize technical debt and detect intrusions amidst unknown threats.
Viewers also liked (19)
Практический опыт реализации собственной антифрод системы
Практический опыт реализации собственной антифрод системы
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
Практический опыт реализации системы антифрода промышленного производства – о...
Практический опыт реализации системы антифрода промышленного производства – о...
Similar to Spo1 r35
Alternatives to Certificate Authorities for a Secure Web
The document summarizes alternatives and enhancements to traditional certification authorities for a more secure web. It discusses DANE, which uses DNSSEC to authenticate domain certificates; Certificate Transparency to provide public logs of issued certificates; CAA to allow domains to specify authorized CAs; and public key pinning to bind domains to specific certificates. While these approaches aim to strengthen security, challenges include deploying new technologies and integrating existing practices. The panel discussed trends that may impact SSL/TLS in the next 5 years.
What is-flame-miniflame
The document discusses the Flame malware attack which exploited vulnerabilities in the MD5 digital signature algorithm. Flame creators were able to generate forged certificates with the same MD5 signature as a legitimate Microsoft certificate, allowing Flame to appear trusted. This gave Flame access to internal networks. The document then discusses how the same technique could be used against any system still using vulnerable MD5 certificates. It introduces the Venafi MD5 Certificate Assessor tool which can scan networks to detect and report on any remaining MD5 certificates to help users address this risk.
Module 4 (enumeration)
Enumeration belongs to the first phase of Ethical Hacking, i.e., “Information Gathering”. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further.
Cybersecurity Awareness Training
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Tech t18
The document discusses certification authorities (CAs) and alternatives to the current CA model. It provides background on what a CA is and how the current system works. It then discusses recent security issues with CAs and the responses to those issues. Finally, it explores some potential alternatives and enhancements to CAs, including DANE, Certificate Transparency, CAA, and public key pinning. The presentation aims to provide context around CAs while also outlining new approaches that could further improve security and trust.
Awareness Security 123.pptx
This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats such as viruses, worms, and social engineering, best practices to avoid threats such as using strong passwords and antivirus software, and what to do if a cybersecurity incident is suspected. Key points covered include the risks of identity theft and data loss if security is not followed, common vectors for vulnerabilities exploited by cyber criminals, and the need to protect systems in the same way doors are secured at home.
USG_Security_Awareness_Primer.pptx
This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats such as viruses, worms, and social engineering, best practices to avoid threats such as using strong passwords and antivirus software, and what to do if a cybersecurity incident is suspected. Key points covered include the risks of identity theft and data loss if security is not followed, common vectors for vulnerabilities exploited by cyber criminals, and the need to protect systems using multiple layers of defense.
USG_Security_Awareness_Primer (1).pptx
Cybersecurity is important to protect individuals and organizations from threats on the internet. The top threats include viruses, worms, Trojan horses, social engineering, rootkits, and botnets. To avoid these threats, best practices include using strong passwords, keeping systems updated, using firewalls and antivirus software, avoiding suspicious emails and downloads, and practicing cybersecurity awareness. Following guidelines for passwords, software updates, and caution with emails and downloads can help reduce cybersecurity risks.
USG_Security_Awareness_Primer.pptx
This document provides an overview of cybersecurity topics including the importance of cybersecurity, leading threats such as viruses, worms, and social engineering, best practices to avoid threats such as using strong passwords and antivirus software, and what to do if a cybersecurity incident is suspected. Key points covered include the risks of identity theft and data loss if security is not followed, common vectors for vulnerabilities exploited by cyber criminals, and the need to protect systems in the same way doors are secured at home.
The Best Practice with Code Signing Certificates - CodeSignCert.com
Thawte Code Signing Certificate - Guide to do the best practice with Code Signing Certificate from CodeSignCert.com
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
This document provides a summary of various types of evasive malware. It begins with an introduction to malware and how criminals follow their own software development process to test malware and ensure it evades detection. It then discusses several specific types of malware in more detail, including point of sale malware used for financial attacks, Carbanak malware targeting banks, Citadel malware that can spy on browsing and collect keystrokes, CryptoLocker ransomware, TorRAT malware, and ATM malware like Tyupkin. It also covers topics like malware analysis techniques and defensive strategies using advanced malware analysis systems.
Information & cyber security, Winter training ,bsnl. online
This document provides an overview of information and cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from attacks, vulnerabilities, damages, and unauthorized access. It discusses why cyber security is important by explaining the principles of confidentiality, integrity, and availability. It also covers common cyber security threats like viruses, malware, hacking, phishing, and denial of service attacks. The document provides tips on cyber security best practices for passwords, mobile devices, banking, and more. It introduces tools used in cyber security like Profession Look at Net and F-RAT.
Information cyber security
This document provides an overview of information and cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from attacks, vulnerabilities, damages, and unauthorized access. It discusses why cyber security is important by explaining the principles of confidentiality, integrity, and availability. It also covers common cyber security threats like viruses, malware, hacking, phishing, and denial of service attacks. The document provides tips on cyber security best practices for passwords, mobile devices, banking, and more. It introduces tools used in cyber security like Network Pro and F-RAT and concludes by emphasizing the importance of vigilance in maintaining security.
Introduction to Software Security and Best Practices
Introduction to Software Security and Best Practices — Top Software Security flaws — Quick Wins for Practical Software Security
Security_Awareness_Primer.pptx
This document discusses the importance of cybersecurity and provides best practices to protect against common cyber threats. It begins by outlining the risks of identity theft, monetary theft, and legal ramifications from poor cybersecurity practices. It then describes common vectors for vulnerabilities like web browsers and excess user rights. The document summarizes several leading cyber threats like viruses, worms, Trojan horses, and social engineering. It provides examples of these threats and recommends practices like using antivirus software, firewalls, strong passwords, and regular backups to help avoid security compromises. The summary emphasizes implementing multiple layers of defense to address technical, personnel, and operational cybersecurity issues.
Information security awareness
The document discusses various cybersecurity risks and best practices for protection. It notes that the internet allows attackers to strike from anywhere in the world. Poor security practices can enable identity theft, monetary theft, and legal issues. According to SANS.org, the top vulnerabilities are web browsers, IM clients, web applications, and excessive user rights. The document provides tips for protecting computers and data, such as using secure passwords, updating software, and practicing safe online behaviors. It also outlines common cyber attacks like viruses, worms, trojans, and social engineering and recommends defenses such as antivirus software, firewalls, and regular software updates.
How to hack or what is ethical hacking
This document discusses ethical hacking. It begins by defining hacking and distinguishing between black hat, white hat, and grey hat hackers. White hat hackers, also known as ethical hackers, hack systems with permission to identify vulnerabilities. The document outlines the different phases of ethical hacking including footprinting, scanning, enumeration, gaining access, and maintaining access. It provides examples of tools used in each phase and types of attacks like social engineering and SQL injection. The document emphasizes that for hacking to be ethical, hackers must have permission and respect privacy. It concludes by discussing how organizations can prevent hacking by closing vulnerabilities identified through ethical hacking activities.
Computer hacking
You all can infer what would be in the PPT from the title itself. In this PPT it is not told directly how to hack. Just a brief info of hacking and cyber security is given. How can one save himself/herself from becoming a victim of cybercrime? How to hack is given in my next PPT?
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The “cyber kill chain” is a sequence of stages required for an
attacker to successfully infiltrate a network and exfiltrate data
from it. Each stage demonstrates a specific goal along the attacker’s
path. Designing your monitoring and response plan around the cyber kill chain model is an effective method because it focuses on
how actual attacks happen.
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant MaliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
Ransomware cyber crime is there any solution or prevention is better than cure.
Cyber criminals have made lucrative business and even 100$ ransom gets collected via bitcoin.Similar to Spo1 r35 (20)
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
The Best Practice with Code Signing Certificates - CodeSignCert.com
The Best Practice with Code Signing Certificates - CodeSignCert.com
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Shah Sheikh / ISACA UAE - Deep Dive on Evasive Malware
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
Introduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
Ransomware : A cyber crime without solution ? by Prashant Mali
Ransomware : A cyber crime without solution ? by Prashant Mali
More from SelectedPresentations
Длительное архивное хранение ЭД: правовые аспекты и технологические решения
Кирюшкин Сергей Анатольевич, советник генерального директора ООО «Газинформсервис»
Трансграничное пространство доверия. Доверенная третья сторона.
Харахордин Юрий Вадимович, заместитель директора ДИТ ЕАЭК
Варианты реализации атак через мобильные устройства
Чайкин Артем, руководитель отдела безопасности мобильных приложений, Positive Technologies
Новые технологические возможности и безопасность мобильных решений
Гайко Андрей, ведущий аудитор, Digital Security
Управление безопасностью мобильных устройств
Лунгу Максим Аурелович, начальник отдела решений по контролю и защите контента, ОАО «ЭЛВИС-ПЛЮС»
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...SelectedPresentations
Глебов Олег Андреевич, менеджер по сопровождению корпоративных продаж, Лаборатория КасперскогоКадровое агентство отрасли информационной безопасности
Крутов Сергей Викторович, руководитель Департамента кадрового консалтинга, ЦИБИТ
Основное содержание профессионального стандарта «Специалист по безопасности и...
Основное содержание профессионального стандарта «Специалист по безопасности и...SelectedPresentations
Хорев Анатолий Анатольевич, председатель УМК «ТЗИ», заведующий кафедрой «Информационная безопасность», МИЭТОсновное содержание профессионального стандарта «Специалист по безопасности а...
Основное содержание профессионального стандарта «Специалист по безопасности а...SelectedPresentations
Хорев Анатолий Анатольевич, председатель УМК «ТЗИ», заведующий кафедрой «Информационная безопасность», МИЭТОсновное содержание профессионального стандарта «Специалист по технической за...
Основное содержание профессионального стандарта «Специалист по технической за...SelectedPresentations
Хорев Анатолий Анатольевич, председатель УМК «ТЗИ», заведующий кафедрой «Информационная безопасность», МИЭТОсновное содержание профессионального стандарта «Специалист по безопасности т...
Основное содержание профессионального стандарта «Специалист по безопасности т...SelectedPresentations
Шалимов Игорь Анатольевич, председатель УМС по специальности «ИБТКС», УМО ИБО профессиональных стандартах по группе занятий (профессий) «Специалисты в об...
О профессиональных стандартах по группе занятий (профессий) «Специалисты в об...SelectedPresentations
Белов Евгений Борисович, заместитель председателя Совета УМО ИБЗапись активности пользователей с интеллектуальным анализом данных
Креймер Марк, региональный директор по продажам, компания ObserveIT
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...SelectedPresentations
Глухов Михаил Александрович, руководитель направления «Информационная безопасность» ISBCОбеспечение защиты информации на стадиях жизненного цикла ИС
Горбачев Евгений Васильевич, заместитель начальника УИБ — начальник отдела защиты ИС
ОАО «Банк Москвы»
Документ, как средство защиты: ОРД как основа обеспечения ИБ
Семенов Роман Александрович, заместитель руководителя отдела консалтинга и аудита, ARinteg
Чего не хватает в современных ids для защиты банковских приложений
Власов Михаил Евгеньевич, начальник Службы информационной безопасности, АКБ «ЕВРОМЕТ»
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...SelectedPresentations
Емельянов Геннадий Васильевич, президент МОО «АЗИ»Оценка состояния, меры формирования индустрии информационной безопасности Рос...
Оценка состояния, меры формирования индустрии информационной безопасности Рос...SelectedPresentations
Чутов Олег Викторович, эксперт МОО «АЗИ»Об угрозах информационной безопасности, актуальных для разработчика СЗИ
Качалин Алексей Игоревич, эксперт МОО «АЗИ»
IV Форум АЗИ
«Актуальные вопросы информационной безопасности России»
г. Москва, Конгресс-Центр МТУСИ, 14 апреля 2015 года
More from SelectedPresentations (20)
Длительное архивное хранение ЭД: правовые аспекты и технологические решения
Длительное архивное хранение ЭД: правовые аспекты и технологические решения
Трансграничное пространство доверия. Доверенная третья сторона.
Трансграничное пространство доверия. Доверенная третья сторона.
Варианты реализации атак через мобильные устройства
Варианты реализации атак через мобильные устройства
Новые технологические возможности и безопасность мобильных решений
Новые технологические возможности и безопасность мобильных решений
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...
Современные технологии контроля и защиты мобильных устройств, тенденции рынка...
Кадровое агентство отрасли информационной безопасности
Кадровое агентство отрасли информационной безопасности
Основное содержание профессионального стандарта «Специалист по безопасности и...
Основное содержание профессионального стандарта «Специалист по безопасности и...
Основное содержание профессионального стандарта «Специалист по безопасности а...
Основное содержание профессионального стандарта «Специалист по безопасности а...
Основное содержание профессионального стандарта «Специалист по технической за...
Основное содержание профессионального стандарта «Специалист по технической за...
Основное содержание профессионального стандарта «Специалист по безопасности т...
Основное содержание профессионального стандарта «Специалист по безопасности т...
О профессиональных стандартах по группе занятий (профессий) «Специалисты в об...
О профессиональных стандартах по группе занятий (профессий) «Специалисты в об...
Запись активности пользователей с интеллектуальным анализом данных
Запись активности пользователей с интеллектуальным анализом данных
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...
Импортозамещение в системах ИБ банков. Практические аспекты перехода на росси...
Обеспечение защиты информации на стадиях жизненного цикла ИС
Обеспечение защиты информации на стадиях жизненного цикла ИС
Документ, как средство защиты: ОРД как основа обеспечения ИБ
Документ, как средство защиты: ОРД как основа обеспечения ИБ
Чего не хватает в современных ids для защиты банковских приложений
Чего не хватает в современных ids для защиты банковских приложений
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...
Об участии МОО «АЗИ» в разработке профессиональных стандартов в области инфор...
Оценка состояния, меры формирования индустрии информационной безопасности Рос...
Оценка состояния, меры формирования индустрии информационной безопасности Рос...
Об угрозах информационной безопасности, актуальных для разработчика СЗИ
Об угрозах информационной безопасности, актуальных для разработчика СЗИ
Spo1 r35
- 3. • o o o o •
- 5. • o o o o
- 6. • • o o ► ►
- 9. • • • •
- 10. • o o • o • •
- 11. • •
- 12. ► ► ► ► ► ► ►
- 13. ► ► ►
- 16. • o o o o o o Relies on implementation of DNSSEC o o Multiple notaries reach a consensus regarding authenticity • o
- 19. ► ►
- 20. CA Compromises Duqu Flame Stuxnet Adobe Buster Attackers stole private keys from two Taiwanese companies and Adobe to sign code. Attackers compromise or dupe certificate authorities to issue fraudulent certificates for further attacks. Attackers exploited MD5 to create a face Microsoft CA certificate and then sign code.
- 22. Average number of server keys and certificates in a Global 2000 organization 17,807
- 23. Don’t know how many keys and certificates are in use by their organization 51%
- 24. “Failing to manage keys and certificates means losing control over the trust my organization relies upon to operate.” 45%
- 25. Losses facing every Global 2000 organization from attacks on trust $398M
- 27. Trust exploits and attacks from key & certificate management failures in every organization over last 2 years 1 or more
- 28. Getting key and certificate management right first, solves security, operations, and compliance problems of using encryption 59%
- 29. #1 Most Alarming Key & Certificate Management Threat SSH
- 30. ► ► ► ►