British Airways Hacked : Why It Happened & What Can You Learn?
11 Jul
Posted in Cyber Security Breach No comments

British Airways Hacked : Why It Happened & What Can You Learn?

$230m fine proposed as penalty to British Airways from the Information Commissioner’s Office for the data breach that is believed to have affected thousands of their customers between April and June 2018. The breach was disclosed in September.  (Free Demo) Discover Your Attack Surface Now Why It Happened ? This attack involved user traffic from British AirwaysRead more about British Airways Hacked : Why It Happened & What Can You Learn?[…]

NASA Hacked : Why It Happened & What Can You Learn?
03 Jul
Posted in Cyber Security Breach No comments

NASA Hacked : Why It Happened & What Can You Learn?

(NASA Hacked) On 21 June, 2019 major news channels disclosed a major hack on NASA. Hackers were able to gain unauthorized access using Raspberry Pi and stole ‘Mars Mission Data’ and breached ‘NASA’s satellite dish network’. This happened around April 2018 and went unnoticed for for almost a year. It is advisable to do anRead more about NASA Hacked : Why It Happened & What Can You Learn?[…]

Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more
28 Jun
Posted in Cyber Security Breach No comments

Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more

In recent past there have been some major breaches and some key reasons responsible for the breach were Shadow IT, Leaked Credentials, 3rd Party/Vendor Risks. Major breaches like American Express, Uber, Dropbox, Dunkin Donuts, British Airways & many more. This research was in line with this to continuosly monitor the web (surface,deep,dark) to understand the leaked credentials,Read more about Shocking Results From Hidden Internet – Exposed Database,Leaked Passwords, Code Leaks & more[…]

Free 3rd Party Information Security Assessment Guideline
27 Jun
Posted in Third Party Risk No comments

Free 3rd Party Information Security Assessment Guideline

This free document is on Free 3rd Party Information Security Assessment Guideline (Courtesy Cybersecurity Malaysia). Cybersecurity Malaysia has made this great document with authors Nor’azuwa Muhamad Pahri and Noor Aida Idris Third Party Information Assessment Guideline Includes –  Pre-Assessment Roles & Responsibilities for Organisations Develop Assessment Requirements Plan and Allocate Resources Evaluate 3rd Party AssessorRead more about Free 3rd Party Information Security Assessment Guideline[…]

Free Supplier Security Assessment Questionnaire
27 Jun
Posted in Third Party Risk Management No comments

Free Supplier Security Assessment Questionnaire

This document is on Supplier Security Assessment Questionnaire (SSAQ) (Security self-Assessment and Reporting) (Courtesy Halkyn Consulting).  This includes the following sections –  Document Control Supplier Name & Address Assessment Completed by Date of assessment Additional Documents ProvidedRelevant Network Diagram Relevant Security Diagram Relevant System Architecture Technical Interface Design Relevant 3rd Party Security Assessment(s) (e.g. SASRead more about Free Supplier Security Assessment Questionnaire[…]

Free Third Party Data Security Assurance Questionnaire
27 Jun
Posted in Third Party Risk Management No comments

Free Third Party Data Security Assurance Questionnaire

This free document is on 3rd party data security assurance (Courtesy UCF,  Information Security Office, VR Program).  The document is made in a way such that vendors must answer the questions in a yes/no. Third Party/ Vendor Data Security Assurance Questionnaire (SAQ)Document covers questions from various sections –  Policies & Procedures  Disaster Recovery & Business Continuity  PhysicalRead more about Free Third Party Data Security Assurance Questionnaire[…]

Free 3rd Party Outsourcing Information Security Assessment Questionnaire
27 Jun
Posted in Third Party Risk Management No comments

Free 3rd Party Outsourcing Information Security Assessment Questionnaire

This free document is on 3rd party Outsourcing Information Security Assessment Questionnaire (Courtesy UBC IT). This questionnaire document has various information section on :  Company Information Policies, Standards and Procedures Architecture Configurations Product Design Compliance Access Controls Monitoring Physical Security Contingency Vendor’s Business Associates Download Document The document can be viewed below and downloaded fromRead more about Free 3rd Party Outsourcing Information Security Assessment Questionnaire[…]

( Free ) Third Party Risk Management Checklists And Frameworks From The Web
22 Jun
Posted in Third Party Risk Management No comments

( Free ) Third Party Risk Management Checklists And Frameworks From The Web

FireCompass content and research team has curated some top checklists and frameworks on third party risk management that were available on the web for free. You will find these frameworks and guidelines simple and ready to use. Free 3rdParty Outsourcing Information Security Assessment Questionnaire V1.4 This checklist has 2 parts to it with all segment wiseRead more about ( Free ) Third Party Risk Management Checklists And Frameworks From The Web[…]

RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”
16 May
Posted in Cyber Security Breach No comments

RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”

Microsoft has issued an warning that another ransomware outbreak similar to Wannacry can shut down the internet. There is a critical vulnerability (CVE-2019-0708) in its RDP/Remote Desktop Services that can be exploited remotely, via RDP, without authentication and can be used to run arbitrary code. An attacker could then install programs, view, change, or delete data; or createRead more about RDP:Remote, ‘Wormable’ Pre-Authentication Windows Vulnerability”[…]