Shadow Brokers and Cisco Systems [Advisory]
Body:A mysterious group named "The Shadow Brokers" compromised a group named "Equation Group", a hacking group believed to be a NSA offshoot for a long time. They have publicly released exploits developed by them. Some of the exploits have been made available free as a Proof and the others believed to be of high value are available on an auction. One of the multiple vendors that has been impacted by this disclosure is Cisco, which is globally deployed on a large scale. 1 The following advisory is aimed to study how Cisco was affected by "The Shadow Brokers". Two main products were targeted, Cisco ASA and legacy Cisco PIX firewalls.
OpenSSL Security Advisory [DROWN]
Body:DROWN is a vulnerability that affects HTTPS, and associated services like browsing the internet, mail, Instant messages that rely on SSL/TLS.
DROWN allows attackers to decrypt the communication and steal sensitive information like passwords, financial data, emails, Instant messages, and credit card numbers.
Guidelines for Securing Social Media Accounts v1.0
Social networks / media is an organization’s identity in the virtual world. This social identity is very much linked to its corporate public image and needs to be protected as much in the virtual world as in the real world. The social media account if not secured may open a floodgate to compromising and maligning your corporate public image. This document provides mitigation advice and security controls to help reduce threats such as unauthorized access as well as steps to follow in order to retrieve a stolen account.
National Cyber Security Drill STAR-3
After the resounding success of STAR -1 and STAR-2, ictQATAR Cyber Security /Q-CERT is organizing STAR -3, the 3rd National Cyber Security Drill. The event is a Cyber security simulation in a controlled environment designed to train and assess organization’s capabilities in responding to incidents, managing crisis, ability to have holistic business view on security and fostering communication within the sector and regulators.
It is an Invitation Only event and invitees are requested to send their completed forms ASAP