InfoSec Institute Resources

Syndikovat obsah
IT Security Training & Resources by InfoSec Institute
Aktualizace: 3 min 48 sek zpět

How Secure Wire Transfer Procedures Can Prevent Business Email Compromise

12 Duben, 2018 - 21:49

Introduction Formerly known as the “man in the email attack,” business email compromise (BEC) is a scam that takes control of a senior employee’s email account with the goal to command unauthorized financial transfers. This type of attack is different from classic phishing campaigns because it targets one specific individual and is highly personalized in […]

The post How Secure Wire Transfer Procedures Can Prevent Business Email Compromise appeared first on InfoSec Resources.

How Secure Wire Transfer Procedures Can Prevent Business Email Compromise was first posted on April 12, 2018 at 2:49 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Prevent Business Email Compromise With Mail Visual Indicators

12 Duben, 2018 - 21:28

Business email compromise (BEC) is a nefarious scam that ensnares companies around the globe at an alarming rate. The FBI notes BEC scams have increased 1,300% since 2015 to the tune of $5.7 billion worldwide. A BEC scam involves duping someone into believing they are a coworker, CEO or trusted partner and often begins with […]

The post How to Prevent Business Email Compromise With Mail Visual Indicators appeared first on InfoSec Resources.

How to Prevent Business Email Compromise With Mail Visual Indicators was first posted on April 12, 2018 at 2:28 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How to Detect BEC: 5 Signs Your Company is Vulnerable to Attack

12 Duben, 2018 - 20:55

Business email compromise (BEC) is a specialized type of phishing and social engineering attack resulting in losses of $5.3 billion worldwide. In this article, we’ll show you how to detect BEC and outline five signs your company is vulnerable to attack. How to Detect Business Email Compromise (BEC) Business email compromise is a type of […]

The post How to Detect BEC: 5 Signs Your Company is Vulnerable to Attack appeared first on InfoSec Resources.

How to Detect BEC: 5 Signs Your Company is Vulnerable to Attack was first posted on April 12, 2018 at 1:55 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

How Business Email Compromise Attacks Work: A Detailed Case Study

12 Duben, 2018 - 19:06

  Business email compromise (BEC) attacks are widespread and growing in frequency. Due to their simplicity and effectiveness, BEC will continue to be one of the most popular attacks in 2018, with an expected growth to over $9 billion in losses in 2018. According to an FBI report, BEC attacks have become a $5.3 billion […]

The post How Business Email Compromise Attacks Work: A Detailed Case Study appeared first on InfoSec Resources.

How Business Email Compromise Attacks Work: A Detailed Case Study was first posted on April 12, 2018 at 12:06 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

5 Real-World Examples of Business Email Compromise

12 Duben, 2018 - 18:56

  Business email compromise (BEC) is a type of phishing scheme where the cyber attacker impersonates a high-level executive (CIO, CEO, CFO, etc.) and attempts to get an employee or customer to transfer money and/or sensitive data. BEC is essentially an attack where the cyber attacker accesses corporate email accounts and spoofs the owner’s identity. […]

The post 5 Real-World Examples of Business Email Compromise appeared first on InfoSec Resources.

5 Real-World Examples of Business Email Compromise was first posted on April 12, 2018 at 11:56 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android vs. iOS Mobile App Penetration Testing

12 Duben, 2018 - 18:50

  The adoption rate of smartphones has exploded in recent years. The two dominant smartphone operating systems (OS) of today are the Android OS developed by Google and the iOS from Apple. Ease of use, smooth operation and data security, as well as an extended team for app development, allowed Android and Apple to lead […]

The post Android vs. iOS Mobile App Penetration Testing appeared first on InfoSec Resources.

Android vs. iOS Mobile App Penetration Testing was first posted on April 12, 2018 at 11:50 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Pentesting for PCI DSS Compliance: 6 Key Requirements

12 Duben, 2018 - 15:00

For any organization that processes, stores or transmits credit card data, penetration testing has been an obligation since 2013. That’s when the compliance requirements put together by the Payment Card Industry Security Standards Council (PCI SSC) were updated to reflect the growing threat adversaries pose to the credibility of the credit card industry. The changes […]

The post Pentesting for PCI DSS Compliance: 6 Key Requirements appeared first on InfoSec Resources.

Pentesting for PCI DSS Compliance: 6 Key Requirements was first posted on April 12, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

9 Free Risk Management Tools for IT & Security Pros

12 Duben, 2018 - 15:00

Selecting and following the appropriate risk assessment methodology is key to creating a safe computing environment. However, the reality is that assessing risk and recognizing the rate of return is a time-consuming task to accomplish Thus, it often does not become a priority for many businesses and corporations. Determining risk can be a complicated task […]

The post 9 Free Risk Management Tools for IT & Security Pros appeared first on InfoSec Resources.

9 Free Risk Management Tools for IT & Security Pros was first posted on April 12, 2018 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A3 Update: Sensitive Data Exposure

12 Duben, 2018 - 14:39

Introduction Si vis pacem, para bellum! This classic Latin quote by Vegetius translates to “If you want peace, prepare for war.” As far as aphorisms goes, this is probably one of the best known amongst military strategists, and — even after a couple millennia — it’s a perfect fit for the war against cybercrime. There […]

The post 2017 OWASP A3 Update: Sensitive Data Exposure appeared first on InfoSec Resources.

2017 OWASP A3 Update: Sensitive Data Exposure was first posted on April 12, 2018 at 7:39 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali

12 Duben, 2018 - 01:14

In this article, we will be focusing on the Android penetration testing tools such as Dex2Jar, JD-GUI, and Baksmali to work with reverse engineering Android APK files. Introduction Dex2Jar Dex2Jar is a freely available tool to work with Android “.dex” and Java “.class” files. As you may aware that “.dex” files are compiled Android application […]

The post Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series Dex2Jar, JD-GUI, and Baksmali was first posted on April 11, 2018 at 6:14 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A2 Update: Broken Authentication

11 Duben, 2018 - 14:33

Introduction Broken authentication is a significant security issue and should be fixed as soon as possible. Despite being widely documented for years, it still holds the second position in OWASP’s 2017 list of the top 10 most critical web application security risks. The OWASP (Open Web Application Security Project) is an open community dedicated to […]

The post 2017 OWASP A2 Update: Broken Authentication appeared first on InfoSec Resources.

2017 OWASP A2 Update: Broken Authentication was first posted on April 11, 2018 at 7:33 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series: Apktool

11 Duben, 2018 - 12:14

In this article, we will look at the step by step procedure to setup utility called “Apktool” and its usage in android application penetration testing. Introduction Apktool is a utility that can be used for reverse engineering Android applications resources (APK). With the help of Apktool, we can decode APK resources to almost original form; […]

The post Android Penetration Tools Walkthrough Series: Apktool appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series: Apktool was first posted on April 11, 2018 at 5:14 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Preventing Business Email Compromise (BEC) With Strong Security Policies

10 Duben, 2018 - 22:27

Introduction Business email compromise (BEC) is a phishing and social engineering scam threatening every organization in every sector on every continent. Even if you have some anti-phishing policies in place, you may not be protected from this growing threat. In this article, we will break down the BEC threat and explain how ineffective security policies […]

The post Preventing Business Email Compromise (BEC) With Strong Security Policies appeared first on InfoSec Resources.

Preventing Business Email Compromise (BEC) With Strong Security Policies was first posted on April 10, 2018 at 3:27 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

2017 OWASP A10 Update: Insufficient Logging & Monitoring

10 Duben, 2018 - 18:58

Introduction Many critics of the Open Web Application Security Project (OWASP) Top Ten list view insufficient logging and monitoring, new on the list in 2017, as more of a best practice guide for defending a web application than an actual vulnerability. The argument goes logging and monitoring are basic pillars of a modern secure system. […]

The post 2017 OWASP A10 Update: Insufficient Logging & Monitoring appeared first on InfoSec Resources.

2017 OWASP A10 Update: Insufficient Logging & Monitoring was first posted on April 10, 2018 at 11:58 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Introduction to the Mobile Application Penetration Testing Methodology

10 Duben, 2018 - 18:38

Introduction The Mobile Application Penetration Testing Methodology (MAPTM), as described by author Vijay Kumar Velu in his ebook, is the procedure that should be followed while conducting mobile application penetration testing. It is based on application security methodology and shifts the focus of traditional application security, which considers the primary threat as originating from the […]

The post Introduction to the Mobile Application Penetration Testing Methodology appeared first on InfoSec Resources.

Introduction to the Mobile Application Penetration Testing Methodology was first posted on April 10, 2018 at 11:38 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

CASP Domain 5: Technical Integration of Enterprise Components

9 Duben, 2018 - 23:35

Introduction Technical integration of enterprise components falls under the fifth and final domain of the CompTIA advanced security practitioner (CASP) exam, CAS-002, and constitutes 16% of the overall percentage of the exam. As a CASP, you must be able to undertake the responsibility of integrating enterprise components securely. Doing so requires you to understand the […]

The post CASP Domain 5: Technical Integration of Enterprise Components appeared first on InfoSec Resources.

CASP Domain 5: Technical Integration of Enterprise Components was first posted on April 9, 2018 at 4:35 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

XML Vulnerabilities Are Still Attractive Targets for Attackers

9 Duben, 2018 - 22:58

–> Click the link to the right to download the associated configuration files for this lab article Introduction XML is widely used in software systems for persistent data, exchanging data between a web service and client, and in configuration files. A misconfigured XML parser can leave a critical flaw in an application. Processing of untrusted […]

The post XML Vulnerabilities Are Still Attractive Targets for Attackers appeared first on InfoSec Resources.

XML Vulnerabilities Are Still Attractive Targets for Attackers was first posted on April 9, 2018 at 3:58 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Introduction to the Paros Proxy Lightweight Web Application Tool

9 Duben, 2018 - 21:50

Introduction The Paros Proxy Lightweight Web Application tool is one of the most popular penetration testing tools for web applications. Web app developers and security experts use it to test their web applications for security vulnerabilities. Paros is built on Java, meaning it can run on multiple operating systems. In this article, we shall take […]

The post Introduction to the Paros Proxy Lightweight Web Application Tool appeared first on InfoSec Resources.

Introduction to the Paros Proxy Lightweight Web Application Tool was first posted on April 9, 2018 at 2:50 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II

9 Duben, 2018 - 21:27

In the previous article “Advanced Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I,” we discussed the advanced threat and common strategies that security professionals practice during targeted attacks in a windows infrastructure, using legitimate binaries. We also learned about the techniques to identify Spawned Processes with the help of the windows […]

The post Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II appeared first on InfoSec Resources.

Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part II was first posted on April 9, 2018 at 2:27 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Android Penetration Tools Walkthrough Series: MobSF

9 Duben, 2018 - 21:02

Introduction This article reviews the step by step procedures for deploying a Pen Testing tool called “MobSF,” which is utilized primarily on the Android OS. MobSF is an open source and intelligent tool that can be used to perform both static and dynamic analyses on Android and iOS platforms. It can also assist with Web […]

The post Android Penetration Tools Walkthrough Series: MobSF appeared first on InfoSec Resources.

Android Penetration Tools Walkthrough Series: MobSF was first posted on April 9, 2018 at 2:02 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security