Commmon Cyber Security Terms

Real life example of Cyber risk response.  This might help you to understand some key concept in cyber world. After all, Cyber Security don't have to be boring, right. Then read on, this might help you smile.   Threat Actors = someone who wants to punch you in the face.  Threat = the punch being thrown. Severity = whether you fall down after the punch, and how long it might take for you to stand up again.Vulnerability = your inability to defend against the punch Risk = the likelihood of getting punched in the face  Acceptable Risk = your willingness to be punched in the face  Attack Surface = the...

Read More

Windows Hardening

 Windows Desktop / Endpoint Hardening Tips-raise UAC-services.msc-msconfig/startup folder-windows update-IE Smart Screen Filter and other settings-user account permissions - compmgmt.msc-shares/file permissions-update misc apps-remove unecessary programs-local security policy (secpol.msc, gpedit.msc)-action center-disable ipv6-firewall used advanced sec options. Block inbound and outbound connections-gpedit.msc/secpol.mscGPEDIT/SECPOL.msc configsComputer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length = 15Computer Configuration\Windows Settings\Security Settings\Local Policies\Security...

Read More

HTTP and FTP status code

HTTP/1.1 Status CodesCode Name and Notes100 Continue101 Switching ProtocolsSuccessful200 OK Everything is normal201 Created202 Accepted203 Non-Authoritative Information204 No Content205 Reset Content206 Partial ContentRedirection300 Multiple Choices301 Moved Permanently Update your URL, this has moved for good.302 Found303 See Other304 Not Modified305 Use Proxy306 Unused307 Temporary Redirect This is temporarly moved, don't update your bookmarks.Client Error400 Bad Request Server didn't understand the URL you gave it.401 Unauthorized Must be authenticated402 Payment Required Not used really403 Forbidden Server refuses to give you a file, authentication...

Read More

SIEM successful deployment to deliver visibility into your cyber security health

 The following are (3) three critical factors for any SIEM successful deployment to deliver visibility into your cyber security health in real time;Log sources selection – the data from log sources plays a vital part to give you the visibility of your whole IT real-estate in a single pane of glass.Use cases or correlation rules – these are the rules to identify threats using information from you log sources and correlating them threat intelligence.; Example Threats; IoC (Indicators of Compromise), TTP (Tactics , Techniques Procures), MD5, Filenames, IPs, Domains, C2, URLs,  ATPs, Registry keys, file hashes,Email addresses, email subject,...

Read More

ATO Scam Alert 2022

SCAM ALERT! Beware of a new email scam about your 2022 tax lodgment. These fake emails claim to be from the ATO and ask you to open an attachment. The attachment takes you to a fake Microsoft login page designed to steal your password.Entering your details could allow scammers to steal your login information and use it to access other accounts, like your online shopping and banking.If you receive an email like this, don’t open any attachments. Instead, report the email to ATO and then delete it. Remember to warn your networks to stay scam alert. To report an email that doesn’t seem right, go to https://www.ato.gov.au/General/Online-services/Identity-security-and-scams/Verify-or-report-a-scam/Phone...

Read More

False Positive / Negative in Software Testing

 False Positive / Negative in Software TestingAutomated tests in software testing are responsible for verification of the software under test and for catching bugs. In this context, positive means that at least one test found a bug or a misfunction feature. Moreover, negative means that no test found a bug or misfunction feature in code.Ideally, all automated tests should give negative signals. However, in reality, some tests show False Positive or False Negative signals.False Positive in Software TestingIn the context of automated software testing, a False Positive means that a test case fails while the software under test does not have the bug in which the test tries to catch. As a result of a false positive, test engineers spend time hunting...

Read More

zero-day vulnerability CVE-2022-26134 in atlassian Confluence

 A critical zero-day vulnerability (CVE-2022-26134) in #atlassian  #Confluence Data Center and Server is under active exploitation, install web shells, 🤔 What do you need to know:  The vulnerability has been detected in the wild by Volexity, which means attackers are actively exploiting it ☹️ All supported versions of #Confluence Server and Data Center are affected (these are on-premise) US government's CISA urges administrators "to block all internet traffic to and from those devices until an update is available and successfully applied."  Atlassian-hosted instances of Confluence are not affected. 🙌 What You Need to...

Read More

Follina MSDT zero day code execution CVE-2022-30190

#Follina It’s a zero day allowing code execution in Office products. Historically, when there’s easy ways to execute code directly from Office, people use it to do bad things. This breaks the boundary of having macros disabled. Vendor detection is poor. It uses Word's external link to load the #HTML and then uses the "ms-msdt" scheme to execute #PowerShell code.How does it work?Very loosely speaking, the exploit works like this:You open a booby-trapped DOC file, perhaps received via email.The document references a regular-looking https: URL that gets downloaded.This https: URL references an HTML file that contains...

Read More