Cyber Threat Intelligence Lifecycle Overview

 

Types of Cyber Attacks

 

How Advanced Persistent Threat (APT) Attack Works

 

CISSP Domain 8 - Software Development Security

 

10 Step Security Checklist

 

Compromise of MS Exchange Server - MITRE ATT&CK Framework

Microsoft Exchange Server Remote Code Execution Vulnerability. CVE-2021-26857

Joint FBI-CISA Cybersecurity Advisory AA21-069A: Compromise of Microsoft Exchange Server

• On March 2, 2021, Microsoft released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server products.
• On March 3, 2021, after CISA and partners observed active exploitation of vulnerabilities, CISA issued Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities and Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.
• On March 31, 2021, CISA issued ED 21-02 Supplemental Direction V1, which directs federal departments and agencies to run newly developed tools—Microsoft’s Test-ProxyLogon.ps1 scriptand Safety Scanner MSERTto investigate whether their Microsoft Exchange Servers have been compromised.
• On April 13, 2021, CISA issued ED 21-02 Supplemental Direction V2, which directs federal departments and agencies to apply Microsoft's April 2021 Security Updatethat newly discloses and mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.

SolarWinds Cyberattack & Response Efforts

 

Features of AI

 

Steps to prevent Advanced Targeted Attacks

 

Gartner Top Security & Risk Management 2021

 

Establish Privacy Program using NIST Framework

 

Cyber Security AwarenessTips

 

Rise of Cyber Crime

 

How Does AI Work?

 

The InfoSec Wheel

In the conventional realm of information security, there tend to be two main groups:

1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.

2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.

While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.

Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.

Red, Blue and Yellow are our Primary Colours. Combine two of them and you get Secondary Colors

Refer to the article here - https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700 

Cyber Security Post Covid

Security Awareness Infographich

 

Risk Management Frameworks

One of the key elements for effective Threat Mitigation through appropriate Control Implementation is to correctly identify the Risk associated, without which the ability to Detect & Protect Security Gaps, Operating Costs and Strategic Roadmaps would get affected.

Effective Red Teaming or Adversary Emulation

The Colored Teams -

Red Teaming landscape -

Red Teaming approach -

The Attack Kill Chain -

Purple team stands for collaborative workflows -

Red Team focus areas -

A quick snapshot of an Cyber Security Domains

This is a brief & conceptual map of all the major focus areas of Cyber Security. This is more of a quick snapshot of the Cyber Security Domains that requires proper planning and strategies carved out to improve an Organization's overall Security posture.    

Further, to deep dive into each of these sub areas, you may dissect it further to get a more granular picture of what all sub areas require more attention and focus.

Note: In no way this is a limited to or an exhaustive list at all, rather a POV representation.