cissp

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Whitepaper Malware analysis The EV Code Signature Market for eCrime 2024. The EV Code Signature Market for eCrime: • Code Signing Technology allows developers to digitally sign their programs, ensuring authenticity and integrity. • This can be exploited by malicious actors to bypass security measures, gain privileges, and deceive users with seemingly legitimate certificates. • The cybercrime market for EV certificates offers a wide range of services, including various certificate authorities and delivery methods. • To obtain code signing certificates, resellers can register new companies, impersonate existing ones, or acquire then through theft. Introduction Code signing is a technology that allows software developers to attach a digital signature to their programs, proving that the code is authentic and has not been tampered with. Malicious actors exploit code signing to bypass security measures, gain administrative privileges, and enhance user trust by using legitimate-seeming certificates. The cybercrime market for code signing certificates mainly focuses on EV certificates, with prices ranging from $2000 to $6000. The resellers can either register a new company or impersonate an existing company to get a valid certificate from a certificate authority. Malware campaigns, such as QakBot and Grandoreiro, have used valid EV code signing certificates obtained through company impersonation or exploiting closed companies. Code signing certificates can also be obtained through theft, as seen in incidents like the theft of NVIDIA's code signing certificates by the Lapsus$ extortion group in early 2022. Special Thanks❤️😇👍🏽🙏 Intrinsec -Secure Business Continuity- 2024.09.17 —————————————————— #CyberSecurity #ThreatIntelligence #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_cyber-threat-intelligence-2024-activity-7241890551652925441-8nGV?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) 🔐 Introducing Diyako Secure Bow: At DSB Co, we provide specialized and advanced cybersecurity services, helping businesses protect themselves against emerging and complex cyber threats. 💡Our Main Service: VCISO (CISO as a Service) DSB Co is a leader in cybersecurity, offering VCISO (Chief Information Security Officer as a Service).This service provides organizations with an efficient solution to manage and optimize their cybersecurity strategies without the need to hire a full-time CISO. 🔧 VCISO Sub-services: 1. Cybersecurity Strategy Development and Implementation: We design and implement tailored cybersecurity strategies to meet the unique needs of your organization. 2. Risk Assessment and Management: Identifying and assessing security risks, and offering solutions to mitigate these threats. 3. Continuous Cybersecurity Monitoring and Improvement: Ongoing monitoring of activities and systems to ensure security measures are updated and optimized. 4. Employee Training and Awareness: Providing cybersecurity training to staff to reduce human-related risks. 5. Consulting on Security Technology Selection and Implementation: Guidance and support in selecting and implementing the best security tools. 🌐 Why Diyako Secure Bow With our team of experienced professionals and consultants, we guarantee the highest level of information security and provide practical, effective solutions for managing your organization's cybersecurity. +😇With nearly two decades of experience, a team of professionals holding internationally recognized certifications, and proven expertise in enterprise-level projects🙏❤️ -Secure Business Continuity- 2024.09.15 —————————————————— #vCISO #CISO #CyberSecurity #InformationSecurity #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_diyako-secure-bow-en-resume-activity-7240967137840840704-In_X?utm_source=share&utm_medium=member_ios

Tech book Ethical Password Cracking: Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking 2024. -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService ‎2024.09.09

Research Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC 2024. https://github.com/guluisacat/MySlides/tree/main/BlackHatUSA2024_KCon2024 -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService ‎2024.09.09

Tech book API Security for White Hat Hackers: Uncover offensive defense strategies and get up to speed with secure API implementation 2024. -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService ‎2024.09.01

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Why national cybersecurity authorities would request the information in the proposed Cyber Incident Reporting Form: In defining which entities should be covered by a reporting mandate, NCAs may wish to consider a variety of factors. Whether an entity is part of critical infrastructure, as defined by national cybersecurity strategies or other foundational policy documents, should be a primary area of consideration. Additionally, NCAs should consider the size of the entity and their ability to access and implement cybersecurity best practices. Determination of the scope of reporting mandates should be done in consultation with relevant industry leaders and sector-specific government regulators; governments may also benefit from broad public consultation to best scope the mandate. Governments should also send clear signals that they welcome voluntary reporting from non-covered entities and indicate how to make such voluntary reports. Consistent with this approach, we offer one possible definition of a covered entity: A covered entity is an entity that owns or operates an information technology (IT), operational technology (OT), other digital system, or social media account in one or more of the critical sectors defined by the published national cybersecurity strategy and has: ● “More than 50 employees, ● More than 1,000 customers, or ● Revenues greater than a nationally relevant threshold. Beyond the definition, ensuring that every organization knows whether or not it is a covered entity is a challenge. National cybersecurity authorities, ideally in collaboration with sector-specific government entities, should implement broad awareness campaigns among business leaders and relevant trade councils to inform as many organizations as possible about their reporting obligations. Further, some organizations may ask the government to provide them with guidance about whether they are a covered entity, so NCAs should be prepared to handle such inquiries. Special Thanks❤️😇👍🏽🙏 Cyber Threat Alliance Institute for Security and Technology (IST) Chainalysis @Ciphertrace CREST CYBERA Cybercrime Support Network CyberPeace Institute -Secure Business Continuity- 2024.08.31 —————————————————— #NSA #CISA #SANS #Incident #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_cyber-incident-reporting-activity-7235575598163648512-PlbE?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) CyberSentry Program: (Mission Need) Successful cyberattacks on our nation’s critical infrastructure can have severe consequences for our power and water supply, our bank accounts, our medical care, and other important National Critical Functions (NCFs) that underpin our national security, public safety, and economic prosperity. These kinds of attacks are becoming more common and more dangerous. Many organizations have deployed advanced cybersecurity capabilities to safeguard their enterprises against cyber threats. More can be done to help protect the nation’s most critical infrastructure from malicious activity, including threats originating from advanced cyber actors and highly sophisticated criminal organizations that could result in severe impacts to NCFs and, by extension, everyone in the United States.Through the CyberSentry program, CISA supports national efforts to defend U.S. critical infrastructure networks, thus protecting American interests, American people, and the American way of life. National Terrorism Advisory System The National Terrorism Advisory System (NTAS) is designed to communicate information about terrorist threats by providing timely, detailed information to the American public. All Americans share responsibility for the nation's security, and should always be aware of the heightened risk of terrorist attack in the United States and what they should do. contains current NTAS advisories (both Alerts and Bulletins), archived copies of expired advisories, and additional information on the NTAS system.DHS replaced the color-coded alerts of the Homeland Security Advisory System (HSAS) with the National Terrorism Advisory System (NTAS) in 2011. Special Thanks❤️😇👍🏽🙏 CISA Alumni Group Cybersecurity and Infrastructure Security Agency -Secure Business Continuity- 2024.08.26 —————————————————— #CISA #DOD #DHS #CyberSecurity #Vulnerability #NIST #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_cybersentry-program-2024-activity-7233794950046392320-qpw4?utm_source=share&utm_medium=member_ios

Techbook Sec code review Clean Code Fundamentals: Hands-on Guide to Understand the Fundamentals of Software Craftsmanship and Clean Code in Java 2024. -Cyber Security awareness- Up2date 4 Defence Today, Secure Tomorrow @CisoasaService ‎2024.08.26

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) OT Security: Operational technology (OT) is the hardware and software that monitors and controls devices, processes, and infrastructure, and is used in industrial settings. However, as OT itself becomes increasingly connected and hosts numerous critical physical processes, it becomes a tempting target for threat actors. Processes and systems can be hacked, and threats jeopardize data integrity and potentially endanger the safety and continuity of industrial operations OT systems control and monitor physical equipment and processes in industries like manufacturing and energy. They focus on real-time management to ensure efficiency and safety. IT systems, on the other hand, are designed to collect, process, and store data, assisting in business decision-making and communication. Special Thanks❤️😇👍🏽🙏 CISA Alumni Group Cybersecurity and Infrastructure Security Agency -Secure Business Continuity- 2024.08.24 —————————————————— #OTSecurity #OT #Operationaltechnology #Energy #NetworkSecurityDesign #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_diyakosecurebow-otsecurity-ot-activity-7233115193294168064-xmVb?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow ———————————— CISO as A Service (vCISO) Red Team Tactics Windows API for Red Team 2024. Special Thanks❤️😇👍🏽🙏 Joas A Santos -Secure Business Continuity- 2024.08.20 —————————————————— #CyberSecurity #APISecurity #WAF #Fortinet #SecureBusinessContinuity https://www.linkedin.com/posts/diyako-secure-bow_api-protection-2024-activity-7231495563672748033-lrDV?utm_source=share&utm_medium=member_ios