Nov 18, 2019
Posted in blog, Featured, Information Security, News, security awareness, social engineering, The Internet Of Things, Uncategorised
National Cybersecurity Awareness Month 2019
So, I ended up posting this much later than I anticipated. I originally had it ready for October. However, I had to make some final edits and had to delay it. None the less, here it is a month later!
Cyber security awareness month is coming up real soon. In
October, it is nationally known as cyber security month. Many security leaders
present important security topics. This is also a time where many companies,
government units and various organizations educate their members on cyber
security. Many hold training workshops, lectures and send out updates to their
workers.
I’d like to highlight some key points that readers should
try to implement and incorporate in their personal lives and at work.
The US Cert organization has built some excellent cyber
security training.
There detailed reports and educational training can be found all for free à https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019
Read more About This Post
Nov 9, 2018
Posted in blog, Information Security
Cybersecurity for Small Businesses
The FTC (Federal Trade Commission) has recently created a whole section on cybersecurity awareness for small businesses. It can be viewed here –> https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity.
Best of all, the resources are all free to read and use within your own organization. When I first heard of the FTC doing this, I was glad because many smaller businesses find it difficult to obtain free security resources and expertise. There are a lot of small businesses that either state they have no resources, or they lack the funds for information security and awareness. Well, the posted information by the FTC is a great way for businesses to measure their current security practises.
What will I learn ?
Some of the topics discussed are:
- ransomware
- phishing emails
- cyber insurance
- physical security
- information regarding the NIST framework
- email security
Read The Full Post
Apr 2, 2018
Posted in blog, Information Security, Tools, Tutorial
DNSTwist – A Look at Domain Phishing Enumeration
A few weeks ago, I happened to stumble upon a tool called DNSTwist. And, like every tool I ever encounter, I always like investigate more into a tools capabilities and what it can offer. After reading more about the tool through another blog I was reading at that time. I was pointed towards the official Github page for DNSTwist. The tool itself is great and something every company should at least look at on a yearly basis. Phishing attacks are on a rise, and the expectation is that they will continue to increase over time. So, I’ve decided to create a very quick tutorial on how to use DNSTwist, and what it can offer for anyone that wants to make use of it. This is a great tool for Pen Testers and Security Analysts!
What can DNSTwist do for me?
I found using this tool gave me great insight into major phishing attacks that could be conducted against users or companies. Now how is this a good thing? Well, if you know the type of attacks that can take place, or how a certain attack can take place. Then, you are better able to find ways to defend against this type of attack. At the minimum, you can at least detect this specific type of attack. In my experience there are more stats revealing that there is now a rise in phishing attacks against companies and users.
So how does this tool help me? (more…)
My name is Harry Taheem - CISA, GSEC, GWAPT
I am a Security Analyst & Engineer.
My aim is to post things I learn or find interesting and allow others to hopefully gain some more insight. I also plan on posting general IT related issues, as I’d like 