Category Archives: Training

Five Things Security and Development Teams Should Focus on in 2021

As we say goodbye to 2020 and spend time reflecting on the industry changes, reassess our workflows and procedures in order to identify where 2021 will bring us, it’s a brilliant time to also address our security practices and ways we can bring improvement to those, as well. After considering the top challenges I saw […]… Read More

The post Five Things Security and Development Teams Should Focus on in 2021 appeared first on The State of Security.

More Lessons Learned About Trying Harder and Passing the Offensive Security Certified Professional Exam (OSCP)

On February 11, 2020, Offensive Security introduced a major overhaul and update to their already fantastic course: Penetration Testing with Kali Linux. Those changes included updates to their lab environment. The study materials were substantially updated, with additional material including entire new sections on Bash Scripting, Active Directory Attacks, and PowerShell Empire. The training videos […]… Read More

The post More Lessons Learned About Trying Harder and Passing the Offensive Security Certified Professional Exam (OSCP) appeared first on The State of Security.

Payment Security in India: 2020 India Forum


As Associate Director for India, Nitin Bhatnagar is responsible for driving awareness and adoption of PCI Security Standards in the country. Bhatnagar works closely with merchants, acquirers, financial institutions, security practitioners, law enforcement and other key stakeholders across the Indian payment ecosystem. Here he discusses payment security challenges and opportunities in India and the second annual PCI SSC India Forum  planned for 9 December online

Check, Please! Adding up the Costs of a Financial Data Breach

Guest article by Andrea Babbs, UK General Manager at VIPRE

Reliance on email as a fundamental function of business communication has been in place for some time. But as remote working has become a key factor for the majority of business during 2020, it’s arguably more important than ever as a communication tool. The fact that roughly 206.4 billion emails are sent and received each day means we’re all very familiar with that dreaded feeling of sending an email with typos, with the wrong attachment, or to the wrong contact. But this can be more than just an embarrassing mistake – the ramifications could, in fact, be catastrophic. 
Check Please! Within the financial services, layered cybersecurity strategy is essential to keep sensitive information secure
In particular, for the financial services industry that deals with highly sensitive information including monetary transactions and financial data, the consequences of this information falling into the wrong hands could mean the loss of significant sums of money. Emails of this nature are the Holy Grail for cybercriminals. So how can financial services organisations keep their confidential information secure to safeguard their data and reputation? 

How much?
According to research from Ponemon Institute in its Cost of a Data Breach Report 2020, organisations spend an average of $3.85 million recovering from security incidents, with the usual time to identify and contain a breach being 280 days. Accenture’s 2019 Ninth Annual Cost of Cybercrime found that financial services incurred the highest cybercrime costs of all industries. And while examples of external threats seem to make the headlines, such the Capital One cyber incident, unintentional or insider breaches don’t always garner as much attention. Yet they are both as dangerous as each other. In fact, human errors (including misdeliveries via email) are almost twice as likely to result in confirmed data disclosure.

Costs will be wide-ranging depending on the scale of each breach, but at a minimum, there will be financial penalties, costs for audits to understand why the incident happened and what additional protocols and solutions need to be implemented to prevent it from happening in the future. There could also be huge costs involved for reimbursing customers who may have been affected by the breach in turn.

Priceless damage
The fallout from data breaches goes far beyond that of financial penalties and costs. Financial services businesses have reputations to uphold in order to maintain a loyal customer base. Those that fail to protect their customers’ sensitive information will have to manage the negative press and mistrust from existing and potential customers that could seriously impede the organisation as a whole. Within such a highly competitive market, it doesn’t take much for customers to take their money elsewhere – customer service and reputation is everything.

Check, please!
Within the financial services sector, the stakes are high, so an effective, layered cybersecurity strategy is essential to mitigate risk and keep sensitive information secure. With this, there are three critical components that must be considered: 
  1. Authentication and encryption: Hackers may try to attack systems directly or intercept emails via an insecure transport link. Security protocols are designed to prevent most instances of unauthorised interception, content modification and email spoofing. Adding a dedicated email to email encryption service to your email security arsenal increases your protection in this area. Encryption and authentication, however, do not safeguard you against human errors and misdeliveries. 
  2. Policies and training: Security guidelines and rules regarding the circulation and storage of sensitive financial information are essential, as well as clear steps to follow when a security incident happens. Employees must undergo cybersecurity awareness training when they join the organisation and then be enrolled in an ongoing programme with quarterly or monthly short, informative sessions. This training should also incorporate ongoing phishing simulations, as well as simulated phishing attacks to demonstrate to users how these incidents can appear, and educate them on how to spot and flag them accordingly. Moreover, automated phishing simulations can also provide key metrics and reports on how users are improving in their training. This reinforcement of the secure messaging, working in tandem with simulated phishing attacks ensures that everyone is capable of spotting a phishing scam or knows how to handle sensitive information as they are aware and reminded regularly of the risks involved. 
  3. Data loss prevention (DLP): DLP solutions enable the firm to implement security measures for the detection, control and prevention of risky email sending behaviours. Fully technical solutions such as machine learning can go so far to prevent breaches, but it is only the human element that can truly decipher between what is safe to send, and what is not. In practice, machine learning will either stop everything from being sent – becoming more of a nuisance than support to users – or it will stop nothing. Rather than disabling time-saving features such as autocomplete to prevent employees from becoming complacent when it comes to selecting the right email recipient, DLP solutions do not impede the working practices of users but instead give them a critical second chance to double-check.
It is this double-check that can be the critical factor in an organisation’s cybersecurity efforts. Users can be prompted based on several parameters that can be specified. For example, colleagues in different departments exchanging confidential documents with each other and external suppliers means that the TO and CC fields are likely to have multiple recipients in them. A simple incorrect email address or a cleverly disguised spoofed email cropping up with emails going back and forth is likely to be missed without a tool in place to highlight this to the user, to give them a chance to double-check the accuracy of email recipients and the contents of attachments.

Conclusion
Email remains a risky, yet essential tool for every business. But with a layered security strategy in place consisting of training, authentication tools and DLP solutions, organisations can minimise the risks involved and take a proactive approach to their cyber defences.

Given the nature of the industry, financial services organisations are a prime target for cybercriminals. The temptation of personal information and financial transactions for hackers is never going to dwindle, so financial institutions must prioritise cybersecurity, regularly assessing risks, deploying innovative, human-led solutions and educating workforces to provide the best defence possible.

How to Successfully Transition Software from PA-DSS to the PCI Secure Software Standard


On 28 October 2022, the Payment Application Data Security Standard (PA-DSS) program will officially close. In this blog, Jake Marcinko, PCI SSC Senior Manager, Emerging Standards, shares how PA-DSS compares to its successor, the PCI Secure Software Standard, a standard within the PCI Software Security Framework (SSF); and Tracey Harrington, PCI SSC Manager, Certification Programs, offers key timelines and suggestions on how to prepare your organization to make the transition.

What are the best cyber security training courses?

There has never been a better time to start a career in cyber security. Organisations’ reliance on technical solutions has only increased with the global switch to remote working, creating a huge demand for qualified personnel.

But it can be tricky knowing where to begin. Cyber security is a complex, multidisciplinary field, with varied opportunities depending on your skills and interests.

In this blog, we explain the best cyber security qualifications to help you get started.


Start with the basics and learn your trade

Those in the early stage of their careers should get as much practical experience as possible and look to achieve industry-standard qualifications.

A good place to start is the Certified GDPR Foundation Training Course or the Certified ISO 27001 ISMS Foundation Training Course.

Data protection and data privacy are at the core of cyber security, so it’s worth gaining a solid understanding of these issues.

The GDPR (General Data Protection Regulation) contains a detailed list of requirements that are designed to better protect the personal data of EU residents and give them more control over the ways their personal data is used.

No matter what area of cyber security you move into, you will almost certainly run into GDPR compliance at some point – whether that’s because you handle EU residents’ personal data or because you design or use systems intended to uphold its requirements.

ISO 27001, meanwhile, is the international standard for information security. Its best-practice approach enables organisations to address their security needs through an ISMS (information security management system).

This centralised approach can help organisations achieve GDPR compliance and streamline their data protection processes as a whole.

Many organisations across the globe either certify to ISO 27001 or use the framework to inform their information security practices, so anyone interested in work that involves handling sensitive information must be to be familiar with the Standard.


Do you need the technical stuff?

To advance in any cyber security field, you’ll need some technical expertise – but you don’t necessarily need a comprehensive understanding of programming or hacking.

You can become an IT specialist or manager if you’re familiar hardware, software, networks and applications – as well as the security threats associated with them.

For those who are interested in technical work, there are plenty of options. The easiest one to get into is ethical hacking.

This involves identifying and exploiting vulnerabilities in an organisation’s systems using the same techniques as a criminal hacker – except you don’t perform malicious actions.

Rather, an organisation hires ethical hackers to find out where its weaknesses are and how they could be exploited. Armed with this knowledge, the organisation can apply the necessary controls to mitigate the risk.

The demand for ethical hackers has skyrocketed in the past few years, as businesses realise the need for practical assessments of their systems.

If this sounds like the sort of career you’re interested in, you can develop the skills you need on our Certified Ethical Hacker (CEH) Training Course.


If you’d prefer to work in the risk management and legal aspects of cyber security, a CISMP (Certificate in Information Security Management Principles) qualification would be more suitable.

CISMP is widely regarded as the ‘qualification of choice’ for IT professionals and is recognised across the UK as an essential first rung on the ladder to a successful career.

The framework is ideal for those getting started in the industry and for professionals who require a deeper understanding of the subject to develop their overall business skills.

It’s particularly valuable to those working in the public sector, as it is part of the CESG Certified Professional (CCP) scheme, which is the government’s approved standard of competence for cyber security.


Don’t leave management qualifications until later

Most cyber security careers eventually lead towards a management position, which means that you might be leading a group of specialists in an area in which you’re not an expert.

That is normal for most industries; what’s important is that you know enough about the work they do to manage them appropriately.

As such, anyone interested in becoming a manager should consider gaining appropriate qualifications as soon as possible.

If your background is in ISO 27001, you should take the lead implementer training course, whereas if you want to develop your GDPR skills, you should take the practitioner training course or learn how to become a DPO (data protection officer).

Those with several years’ experience in cyber security may also consider becoming a CISM (Certified Information Security Manager) or CISSP (Certified Information Security Systems Professional).

Get started with our free guide

You can find out more about getting started in the industry with our Cyber Security Careers Guide.

We look a wide variety of cyber security professions and explain the skills and experience you need to get started.

You’ll also discover which training courses can help you advance in each career and how IT Governance can help.

Our training courses offer a structured learning path from Foundation to Advanced level, helping IT, privacy and security practitioners develop the skills needed to deliver best practice and compliance in organisations of all sizes.

The post What are the best cyber security training courses? appeared first on IT Governance UK Blog.

zynamics VxClass and memory analysis

First, let me start by saying thanks to our users for the more than 10,000 unique downloads of Memoryze and Audit Viewer in 2010. Peter and I have been working with a lot of different people over the past couple of months to bring you this new release. You can download version 1.4.4200 of Memoryze and Audit Viewer now. I will just touch on a few things of most interest. You can read the User Guides for the rest.

zynamics VxClass Integration

If you have not checked out VxClass from zynamics, now is a good time. For those at MIRcon, you got to see Thomas Dullien's presentation. VxClass automatically classifies malware into families. This allows the incident responder to leverage intelligence from prior investigations and focus on the most important threats. Since it is fast and automated, VxClass is a great addition to your arsenal whether you have a malware team or not. VxClass can also generate private byte signatures (in ClamAV format) for a whole family of malware samples. Imagine finding 160 pieces of malware that VxClass automatically classifies as a single family and generates one byte pattern that you can use to find every variant. It is now possible, and you can take that byte signature and scan all the physical memory in your enterprise with MANDIANT Intelligent Response or a host at a time with Memoryze and Audit Viewer.

Thomas has a great write-up of how this process works here. I will not attempt to explain the article, but below is a glimpse.

Two pieces of malware and how they overlap

Report Generation

Our users have really liked the wealth of information and the detailed analysis and scoring Memoryze and Audit Viewer provides, but sometimes you need all that data in a format you can rearrange. Audit Viewer has attempted to address this in different ways over time including the ability to cut-n-paste and comment almost every row of data. If you have not tried the comment feature, I encourage you to today. But how do you get all that information out of Audit Viewer as you work the incident? Well, Audit Viewer now includes the ability to automatically generate a report in text or Microsoft Word format with MRI results, case comments, handles, sections, ports, etc. Simply click on Operations->Generate Report.

Here is a brief example of the lsass.exe process that was infected. Note: if you are using this feature across every process with all the options turned on, it can generate large documents that Word and most editors may take a long time to process.

Searching Process Address Space

If you do not have access to zynamics VxClass, I encourage you pursue that; however, you can still search every process' address space. Memoryze will only return the processes that match your search criteria. Memoryze can also search for more than one pattern. It will look for the patterns and return the process if any pattern was a match. There are many applications of this technology. You could search for email addresses, partial domain names, URLs, Social Security numbers, credit card numbers, arbitrary byte patterns, etc.

Currently, Audit Viewer is customized for VxClass so if you want to use this feature you must edit ProcessAuditMemory.Batch.xml and run Memoryze from the command-line.

Memoryze.exe -o -script ProcessAuditMemory.Batch.xml -encoding none

You can also use the batch files included with Memoryze.

Process.bat -handles true -sections true -ports true -injected true -digsig true -content conficker

Training at CanSecWest

If you would like to sharpen your memory forensics skills, Peter and I will be teaching at CanSecWest.

zynamics VxClass and memory analysis

First, let me start by saying thanks to our users for the more than 10,000 unique downloads of Memoryze and Audit Viewer in 2010. Peter and I have been working with a lot of different people over the past couple of months to bring you this new release. You can download version 1.4.4200 of Memoryze and Audit Viewer now. I will just touch on a few things of most interest. You can read the User Guides for the rest.

zynamics VxClass Integration

If you have not checked out VxClass from zynamics, now is a good time. For those at MIRcon, you got to see Thomas Dullien's presentation. VxClass automatically classifies malware into families. This allows the incident responder to leverage intelligence from prior investigations and focus on the most important threats. Since it is fast and automated, VxClass is a great addition to your arsenal whether you have a malware team or not. VxClass can also generate private byte signatures (in ClamAV format) for a whole family of malware samples. Imagine finding 160 pieces of malware that VxClass automatically classifies as a single family and generates one byte pattern that you can use to find every variant. It is now possible, and you can take that byte signature and scan all the physical memory in your enterprise with MANDIANT Intelligent Response or a host at a time with Memoryze and Audit Viewer.

Thomas has a great write-up of how this process works here. I will not attempt to explain the article, but below is a glimpse.

Two pieces of malware and how they overlap

Report Generation

Our users have really liked the wealth of information and the detailed analysis and scoring Memoryze and Audit Viewer provides, but sometimes you need all that data in a format you can rearrange. Audit Viewer has attempted to address this in different ways over time including the ability to cut-n-paste and comment almost every row of data. If you have not tried the comment feature, I encourage you to today. But how do you get all that information out of Audit Viewer as you work the incident? Well, Audit Viewer now includes the ability to automatically generate a report in text or Microsoft Word format with MRI results, case comments, handles, sections, ports, etc. Simply click on Operations->Generate Report.

Here is a brief example of the lsass.exe process that was infected. Note: if you are using this feature across every process with all the options turned on, it can generate large documents that Word and most editors may take a long time to process.

Searching Process Address Space

If you do not have access to zynamics VxClass, I encourage you pursue that; however, you can still search every process' address space. Memoryze will only return the processes that match your search criteria. Memoryze can also search for more than one pattern. It will look for the patterns and return the process if any pattern was a match. There are many applications of this technology. You could search for email addresses, partial domain names, URLs, Social Security numbers, credit card numbers, arbitrary byte patterns, etc.

Currently, Audit Viewer is customized for VxClass so if you want to use this feature you must edit ProcessAuditMemory.Batch.xml and run Memoryze from the command-line.

Memoryze.exe -o -script ProcessAuditMemory.Batch.xml -encoding none

You can also use the batch files included with Memoryze.

Process.bat -handles true -sections true -ports true -injected true -digsig true -content conficker

Training at CanSecWest

If you would like to sharpen your memory forensics skills, Peter and I will be teaching at CanSecWest.