Showing posts with label Infographics. Show all posts
Showing posts with label Infographics. Show all posts
Sunday 30 May 2021
Sunday 23 May 2021
Sunday 2 May 2021
Compromise of MS Exchange Server - MITRE ATT&CK Framework
Microsoft Exchange Server Remote Code Execution Vulnerability. CVE-2021- 26857
Joint FBI-CISA Cybersecurity Advisory AA21-069A: Compromise of Microsoft Exchange Server - On March 2, 2021, Microsoft released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server products.
- On March 3, 2021, after CISA and partners observed active exploitation of vulnerabilities, CISA issued Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities and Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities.
- On March 31, 2021, CISA issued ED 21-02 Supplemental Direction V1, which directs federal departments and agencies to run newly developed tools—Microsoft’s Test-ProxyLogon.ps1 scriptand Safety Scanner MSERTto investigate whether their Microsoft Exchange Servers have been compromised.
- On April 13, 2021, CISA issued ED 21-02 Supplemental Direction V2, which directs federal departments and agencies to apply Microsoft's April 2021 Security Updatethat newly discloses and mitigates significant vulnerabilities affecting on-premises Exchange Server 2013, 2016, and 2019.
Saturday 24 April 2021
Sunday 18 April 2021
Saturday 10 April 2021
Wednesday 7 April 2021
The InfoSec Wheel
In the conventional realm of information security, there tend to be two main groups:
1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.
2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.
While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.
Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.
1) The Red Team, employees or contractors hired to be Attackers, ethical hackers that work for an Organization finding security holes that a malicious individual could exploit.
2) The Blue Team, the Organization’s Defenders, who are responsible for protective measures within an Organization.
While it is good to have people dedicated to secure an Organization through defense or attack methods, Organizations and their systems do not stay static. Additional processes, automations, products and being built constantly — with the potential attack surface area growing with each new change or integration.
Only having Red and Blue Security Teams is not enough. The people building what must be defended need to be included.
Saturday 3 April 2021
Tuesday 30 March 2021
Risk Management Frameworks
One of the key elements for effective Threat Mitigation through appropriate Control Implementation is to correctly identify the Risk associated, without which the ability to Detect & Protect Security Gaps, Operating Costs and Strategic Roadmaps would get affected.
Monday 29 March 2021
Saturday 20 March 2021
A quick snapshot of an Cyber Security Domains
This is a brief & conceptual map of all the major focus areas of Cyber Security. This is more of a quick snapshot of the Cyber Security Domains that requires proper planning and strategies carved out to improve an Organization's overall Security posture.
Further, to deep dive into each of these sub areas, you may dissect it further to get a more granular picture of what all sub areas require more attention and focus.
Subscribe to:
Posts (Atom)