Cyber Security Awareness month – SANS Resources
- 2017 Security Awareness report: It’s time to communicate – “Learn the latest trends and lessons learned in building mature awareness programs from over 1,000 security awareness professionals.”
- Selected issues from SANS OUCH!
- Lessons from wannacry
Vulnerabilities in Dnsmasq – update now
- “Dnsmasq provides functionality for serving DNS, DHCP, router advertisements and network boot… Dnsmasq is widely used both on the open internet and internally in private networks.” [*BSD / Linux / Android]
Cloud (In)Security Surprise
- see opening note by Alan on the considerations and responsibilities. So, who wants to be a “CAO” :-#
Encrypted Web (HTTPS) traffic interception
- consider the implications…
How I hacked hundreds of companies through their helpdesk
- (/support portal/Yammer/Slack/others)
The easy way to analyze huge amounts of PCAP data – using Moloch and ElasticSearch
- “When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture.” Read on for how to analyse it…
- Do you have/need these addresses and who monitors?
- What about the necessary processes, etc.?
ref: www.ietf.org/rfc/rfc2142.txt – [Page 2]
ref: www.ietf.org/id/draft-foudil-securitytxt-00.txt (A Method for Web Security Policies – draft)
7 in 10 smartphone apps share your data with third-party services
- An interesting read and nice tool to track what PII is being shared from your own device
54BD 783A 27D2 85C1 C46D 5A02 3651 ADE3 E402 9FC2