From tldrsec.com: tl;dr: This paper by academics from the University of Warwick and the University of Kent, UK, lays out a framework for how organizations should communicate after a security incident. The post has some very good flowcharts and diagrams to follow while navigating an incident. https://tldrsec.com/blog/a-framework-for-effective-corporate-communication-after-cyber-security-incidents/
Zachary Crocket over at The Hustle wrote a very good article about phoney-pressure scams where: A person is called out of the blue by a scammer Scammer asserts authority and immediately pressures the victim about some emergency Claims “bad stuff” will happen unless person stays on the phone Scammer pressures person into buying gift cards […]
In our Getting Started series, the LA Times has published the backstory of well-known malware researcher Amanda Rousseau. Rousseau started as a tinkerer and artist and was going to go into web design, until she took a computer science class with her brother. “I found it so much more interesting than what I was doing […]
USB sticks can have more than bad stuff on the flash portion of the drive, the firmware can be tweaked to emulate a keyboard as a Hardware Input Device (HID). Wonderhowto.com has a walkthrough showing how easy it is. Hackaday has a great explanation of why plugging random USB devices into your computer can lead […]
Via Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps: In this tutorial you’ll learn: Where to start when implementing a phishing awareness training program Which aspects of phishing warrant user training How to conduct phishing simulation tests What an ongoing training program looks like How to baseline and measure training […]
Christian Hamer is CISO at Harvard University. Michael, Paul, and Christian talk skills, climbing the career ladder, and being a good person.
Full details at: https://www.kitploit.com/2017/12/ghostinthenet-ultimate-network.html How it works The basic and primary network protocol is ARP for IPv4 and NDP (ICMPv6) for IPv6, located in the link and network layer, provides main connectivity in a LAN. Despite its utility and simplicity, it has numerous vulnerabilities that can lead to a MITM attack and leak of confidentiality. Patching of such […]
Richard Bejtlich mapped out a ton of subjects and areas of study in cybersecurity. If you’re interested but don’t know what you want to do (or want to do something different), look around the map for interesting subjects and go from there. http://taosecurity.blogspot.com/2017/03/cybersecurity-domains-mind-map.html
Some good tips here that I’ll be implementing in my own .vimrc: https://dougblack.io/words/a-good-vimrc.html
Funfact: Microsoft doesn’t call it “advertising,” they call it “Show sync provider notifications.”
nerdherd.com 