Abnormal Security’s Post

Update to the new Information Security Act - Lexology: Update to the new Information Security Act  Lexology #CyberSecurity #InfoSec #SecurityInsights

[THS23] 🔻OopsSec -The bad, the worst and the ugly of APT’s operations security 🔻Tomer Bar Advanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns. We started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks. We analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers. We found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication' and crypto wallet and NFT stealing methods. We were able to join the attackers' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign. We will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we've encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack. We will conclude by explaining how organizations can better defend themselves. 🔗https://lnkd.in/gaAhtUMx

I would like to share with you that I obtained the information security and protection certificate and that I have benefited a lot and gained a lot of information❤️

How to prepare for Physical Security Audit How to ensure Zero NC during Security Audit Kindly watch this Video Subscribe Like Comment Share https://lnkd.in/gGqJvUzM

YouAttest #AuditTuesday:    Security Audits - What’s Missing? Given the amazing rash of hacks and ransomware attacks over the years - many enterprises are now either considering or beefing up their security audits.   But are we getting full value out of these audits - what are we missing?    https://lnkd.in/g7GEnPyt Lending his expertise is Dmitriy Sokolovskiy, CISSP, QTE Automate your identity reviews w/ YouAttest, contact us:  https://lnkd.in/g96pUae #ITSecurity #governance #cybersecurity  #compliance

Basic Security Rules which must be followed by everyone.👇

Thanks GGI , I have passed on the information Security Faundation exam

IS3167 Most interesting chapter of Ebusiness Chapter 10 Security threats The chapter summarises that there is an increased realisation that the greatest threat to organisation come from people, both within and outside the organisation themselves. Privacy is also threatened by legal electronic exchange of people's personal information Security threats related to personal data of customers and employees. How organisation deals with this issue?

10 Routine Security Gaffes the Feds Are Begging You to Fix https://lnkd.in/eWXHVs65