https://bit.ly/3RmzLDN - 🔒 Microsoft Threat Intelligence reports that threat actors are increasingly misusing OAuth applications in financially driven attacks. OAuth, a standard for authentication and authorization, is being exploited to gain access to data and maintain persistent access to applications, even after losing initial account access. This misuse of OAuth poses significant risks in terms of data privacy and security. #MicrosoftThreatIntelligence #Cybersecurity 🐍 Attackers use phishing or password spraying to compromise user accounts, especially those lacking strong authentication. They then create or modify OAuth applications with high privileges for various malicious activities, including deploying VMs for cryptocurrency mining, executing business email compromise (BEC), and launching spamming activities using the organization's resources. #PhishingAttacks #PasswordSecurity 💰 One specific threat actor, known as Storm-1283, deployed VMs for cryptomining using compromised accounts. They incurred significant costs for the targeted organizations, ranging from $10,000 to $1.5 million. Microsoft's proactive measures, including the blocking of malicious OAuth applications and notification to affected organizations, have been crucial in mitigating these attacks. #CryptoMining #DigitalSecurity 📧 Another observed attack involved BEC and phishing via compromised user accounts and creation of OAuth applications. Attackers used these applications to maintain persistence and launch phishing emails, sending over 927,000 messages. Microsoft responded by taking down all related malicious OAuth applications. #BEC #EmailPhishing 🌐 For spamming, attackers like Storm-1286 used compromised accounts to create new OAuth applications for large-scale spam attacks. These attacks highlight the importance of multifactor authentication (MFA) as a key defense strategy. Microsoft’s detection capabilities in their various Defender products played a crucial role in identifying and mitigating these threats. #SpamAttacks #MFADefense ⚠️ Microsoft recommends several mitigation steps to combat these threats. These include enabling MFA, implementing conditional access policies, ensuring continuous access evaluation, enabling Microsoft Defender automatic attack disruption, auditing apps and consented permissions, and securing Azure cloud resources. These steps are essential for organizations to protect against OAuth application misuse. #CybersecurityBestPractices #MicrosoftDefender 🕵️‍♂️ Hunting guidance for Microsoft 365 Defender users includes monitoring OAuth application interactions, identifying password spray attempts, and investigating suspicious application creation and email events. These proactive measures help organizations detect and respond to potential threats in their networks.

Securing Your Business’s Digital Assets

https://supedium.com/cyber-security-tips/securing-your-businesss-digital-assets/ #complianceregulations #Cybersecuritybestpractices #dataprotection #digitalsecurity #RiskManagement #threatassessment Securing Your Business’s Digital Assets https://supedium.com/cyber-security-tips/securing-your-businesss-digital-assets/

Cybersecurity Best Practices

Report suspicious activities

As the saying goes “Prevention is better than cure”, constant monitoring of the system and reporting any suspicious activity might help the organization to prevent any sort of attacks and help them to save millions.

Some suspicious activities include

Stranger in the workplace

Signs of forced entry, tampering with security or safety systems

Links/mails from unknown source

Know more about cybersecurity best practices

Top 10 Cybersecurity Courses In India: Ranking 2020

Indian enterprises — be it larger companies or smaller enterprises — are always on the hunt for skilled cybersecurity professionals to augment their digital infrastructure and safeguard their data from unwanted intrusions. Although there are several job vacancies in the country, recruiters are still facing a big challenge to find the right resources for the positions.  According to a report, the increasing cyber-attacks and data protection laws are expected to create 1 million jobs and $35 billion opportunities for India by 2025. So, this could be an opportunity for individuals interested in cybersecurity as a career option.  As the country is creating massive opportunities, enterprises are desperate to hire people for a lucrative pay scale; however, a significant amount of upskilling is required. Here’s our first-ever ranking of Cybersecurity courses in India. A primary survey which was conducted a few months back was taken into consideration to understand the preferences of candidates, based on their experience. The survey helped to invalidate the data and providing a rationale for the ranking, wherever required. Students feedback and expert advice were also accounted for the overall ranking process. The courses that have not been mentioned in the ranking either did not participate or did not make it to the top ten.  1. Master Certificate in Cyber Security (Red Team) - Jigsaw Academy

Jigsaw Academy is an award-winning online analytics and big data training provider headquartered in Bengaluru, India. Founded by the duo of Gaurav Vohra and Sarita Digumarti, Jigsaw Academy has been instrumental in shaping the careers of over 50,000 learners in 30+ countries by helping them build a successful career in emerging technologies with specialised industry oriented courses. Jigsaw Academy trains professionals in the areas of analytics, data science, big data, machine learning, business analytics, and more recently, cyber security and cloud computing.  Flagship Cybersecurity Program: Jigsaw Academy’s Master Certificate in Cyber Security (Red Team) Duration Of The Program: 600 Hours (20 Hours of Live Online Instructor-Led, and 40 Hours of In-person Classroom - Basic and Fundamental Program + 4 Months-Main Program) Cost Of The Program: ₹2,80,000 + Taxes (Scholarships available up to ₹70,000) Cities Of Operation: Bengaluru Course Content And USP Of The Program: Jigsaw Academy’s Master Certificate in Cyber Security (Red Team), is the only program on offensive technology in India. The program is intensive in delivery and extensive in technology coverage and is delivered in collaboration with/by HackerU, Israel’s premier cybersecurity training institute. HackerU has more than 20 years of experience in providing cybersecurity solutions and training in the US, Singapore, Russia, Australia, and other geographies in the US and European market. The course covers more than 14 modules in 3 different phases focusing on network fundamentals, Windows, Linux Administration, applicative hacking and penetration testing on emerging technologies like IoT.  2. Stanford Advanced Computer Security Program - Great Learning

Great Learning is a technology-enabled online and blended-model learning organization that offers high-quality, impactful and industry-relevant learning programs to working professionals. The programs help learners master ‘hard’ competencies such as business analytics, data science, big data, machine learning, artificial intelligence, cloud computing, cybersecurity, digital marketing and digital business. Great Learning’s analytics programs have been ranked #1 in India for five years in a row, and its professional learning programs have delivered over 6 million hours of impactful learning to over 10,000 learners. Flagship Cybersecurity Program: Stanford Advanced Computer Security Program Duration Of The Program: 6 Months Cost Of The Program: $2,495 or ₹1,74,650 (approximately) Cities Of Operation: Online for India, UK, South East Asia, Australia and other international locations Course Content And USP Of The Program: Advanced Computer Security Program is created by Stanford University, and is taught by distinguished faculty from Stanford’s Computer Science and Engineering departments. The comprehensive program covers all the essential areas in cybersecurity from a practitioner’s perspective. Some of the salient features of the program are: A certificate of achievement from Stanford EngineeringRegular mentorship from industry experts in cybersecurityHands-on practice through a series of labs and projects that allows participants to put what they learned to practice. This program is aimed at aspiring security and system architects and provides a holistic understanding of the various moving parts within cybersecurity. The range of topics covered in the program includes web applications security, network security, mobile security, cryptography, writing secure code, and other emerging threats and defences.  3. PGP in Cybersecurity - Praxis Business School

Praxis Business School is committed to playing a significant role in creating a strong pool of resources who understand the interplay among data, technology and business and can contribute significantly to the exciting Digital Future. Praxis is well known for the quality of the faculty team that it has been able to build. Faculty members with impeccable academic pedigree and enormous industry experience design and deliver programs that are relevant and effective. Thus, Praxis programs have been well received by the industry and the Data Science program has been consistently ranked as one of the top 3 programs in data science in India by prominent publications. Flagship Cybersecurity Program: PGP in Cybersecurity  Duration Of The Program: 9 months and 525 Hours (It does not include self-study, group discussion, R&D, practice, seminar/workshop, etc.) Cost of the program: ₹3,00,000 Cities of Operation: Kolkata, India Course Content And USP Of The Program: On successful completion of the course, the students will learn how to detect a cyber attack and respond during an attacked scenario, identify, assess and mitigate cyber risk, assess the cybersecurity posture of the any enterprise, find technical vulnerabilities of any ICT infrastructure, be a strategist in cybersecurity roadmap creation, identify legal, regulatory and statutory requirements impacting cybersecurity, build a cyber safe IT and OT (Operation Technology) environment, become a digital forensics investigator, conduct cybersecurity audit, and become a compliance manager. All the programs can be done by any individual who has completed their graduation (both three years and four years duration) in engineering, science or any other stream and wants to pursue his/her career in the field of cybersecurity.  4. Certified Ethical Hacker and Certified Information System Security Professional - Simplilearn

Simplilearn enables professionals and enterprises to succeed in this fast-changing digital economy. The company provides outcome-based online training across digital technologies and applications such as big data, machine learning, AI, cloud computing, cybersecurity, digital marketing and other emerging technologies. Based out of San Francisco, CA, Raleigh, NC and Bengaluru, India, Simplilearn has helped more than one million professionals and 1,000 companies across 150 countries in getting trained, acquiring certifications, and reaching their business and career goals. The training industry-recognized Simplilearn as a Top 20 IT Training Company for 2017-2019. Flagship Cybersecurity Program: Certified Ethical Hacker (CEH), and Certified Information System Security Professional (CISSP) Duration Of The Program: 40 hrs for CEH program, and 32 hrs for CISSP program Cost Of The Program: ₹35,999 for CEH and ₹24,999 for CISSP. Cities Of Operation: Bengaluru, Hyderabad, Pune, Mumbai, Gurugram, Noida, Singapore and the US Course Content And USP Of The Program: The EC-Council Certified Ethical Hacker course verifies your advanced security skill-sets to thrive in the worldwide information security domain. Many IT departments have made CEH certification a compulsory qualification for security-related posts, making it a go-to certification for security professionals. This certification provides learners with the tools and techniques used by hackers and information security professionals alike to break into any computer system. This course will immerse the learner into a "hacker mindset" to teach how to think like a hacker, and better defend against future attacks. It also offers a hands-on training environment employing a systematic ethical hacking process. The course covers five phases of ethical hacking, diving into reconnaissance, gaining access, enumeration, maintaining access, and covering your tracks. Simplilearn's CISSP certification training is aligned to the (ISC)² CBK latest requirements. The course trains you in the industry's most recent best practices which will help you pass the exam in the first attempt. The certification helps you develop expertise in defining the architecture and in designing, building, and maintaining a secure business environment for your organization using globally approved Information Security standards. 5. PG Diploma/M.Tech in Cybersecurity - Reva University

REVA Academy for Corporate Excellence (RACE), is an initiative of REVA University, which offers a range of specialised, techno-functional programs in emerging technology areas, custom-designed to suit the needs of working professionals to enhance their careers. These programs bring in the latest tools, techniques and skill sets which are in sync with the futuristic demands of the industry. All our programs have a blended learning model with flexible contact classes and a robust online learning management system with 24/7 support. Flagship Cybersecurity program: PG Diploma/M.Tech in Cybersecurity (Powered by AforeCybersec and in association with IBM). Duration Of The Program: 12 months PG Diploma and 24 months M.Tech Program Cost of the program: 12 months PG Diploma is ₹3,50,000 and 24 months M Tech program in ₹4,50,000 lakhs. Cities Of Operation: Bengaluru Course content and USP of the program: PG Diploma/M. Tech in cybersecurity is a 12/24 months program in cybersecurity for working professionals that provides in-depth knowledge and skillsets in cybersecurity to monitor, prepare, predict, detect and respond to cyber-attacks and manage enterprise security. This program is designed and delivered by industry experts. It focuses on providing in-depth knowledge and skills on information security, application security, cloud security, identity and access management, vulnerability and penetration testing, incident management, and SOC operations. This program extensively runs on the virtual environment provided by Cyber Range incorporating hyper-realistic emulators, including traffic generators. To enhance the real-time learning, a state-of-the-art, futuristic Security Operations Centre is built at REVA University with the capabilities of Security Analytics and Security Orchestration, Automation and Response (SOAR). The SOC is a 12- seater with four visual displays and has LogRhythm as the SIEM is Python and Spark-based indigenously developed, security analytics platform. 6. Post Graduate Diploma in Cybersecurity - Amity Online 

Amity University is India's leading research and innovation-driven university. It is recognized by UGC - a statutory body of higher education in India and accredited by National Assessment and Accreditation Council (NAAC ) with "A+" Grade. Careers of Tomorrow is an initiative by globally accredited Amity Education Group to offer high-end niche programmes to upskill students and working professionals for future and emerging industry requirements in the Technology space. Flagship Cybersecurity Program: Post Graduate Diploma in Cybersecurity  Duration Of The Program: 11 months Cost of the program: ₹1,55,000 (with flexible EMI options) Cities of Operation: Online - They have students from Bengaluru, Noida, Hyderabad, Chennai, Pune Course Content And USP Of The Program: Enterprises across the globe are increasingly realizing the vitality of cybersecurity. Amity’s Post Graduate Diploma in Cybersecurity will equip you with the skills needed to become an expert in this rapidly growing domain. You will learn a comprehensive approach of securing your IT Infrastructure, building intelligence for threat detection, executing cybersecurity operations, understanding ICS Security, architecting cloud-based security and achieving compliance. Not only will you learn the interdependence of Blockchain, Machine Learning and IoT with Cybersecurity but also you get real-world insights from our leading industry experts. The best-in-class Diploma fosters practical experience by learning in group projects and assignments to help you become a Cybersecurity expert. 7. Cybersecurity Certification Course - Edureka

Edureka is a global e-learning platform for live, instructor-led training in trending technologies such as AI, data science, big data, cloud computing, blockchain, and cybersecurity. They offer short term courses supported by online resources, along with 24x7 lifetime support. Edureka has an unwavering commitment to helping working professionals keep up with changing technologies. With an existing learner community of 750,000 in 100+ countries, Edureka’s vision is to make learning easy, enjoyable, affordable and accessible to millions of learners across the globe. Flagship Cybersecurity Program: Cybersecurity Certification Course Duration Of The Program: 4 weeks (weekend batch) Cost of the program: ₹14,995 Cities of Operation: Online Course content and USP of the program: Edureka’s Cybersecurity Certification Course will help learners master the basic concepts of cybersecurity along with the methodologies that must be practised to ensure information security of an organization. Starting from the Ground level security essentials, this course will lead one through cryptography, computer networks and security, application security, data and endpoint security, idAM (Identity and Access Management), cloud security, cyber-attacks and various security practices for businesses. This course is designed to cover a holistic and a wide variety of foundation topics in cybersecurity which will prepare freshers as well as IT professionals for the next level of choice such as ethical hacking/ audit and compliance / GRC/ Security Architecture and so on. This course is designed as a first step towards learning Cybersecurity. 8. Post-Graduation Program in Cybersecurity - IIDT

International Institute of Digital Technologies (IIDT) is an Institute set up under APEITA (Andhra Pradesh Electronics and IT Agency), an autonomous society of the Government of Andhra Pradesh to promote Information Technology and Electronics industry registered under the Andhra Pradesh Societies Registration Act, 2001. The purpose of this unique initiative is to ensure that the student community across India/Globe is empowered with the niche emerging technologies as well as to make the state of Andhra Pradesh a leader in India in establishing this prestigious Institution. Flagship Cybersecurity Program: Post-Graduation Program in Cybersecurity (PGP) Duration Of The Program: 11 Months Cost Of The Program: ₹5,25,000 Cities of Operation: Tirupati and Andhra Pradesh Course content And USP Of The Program: IIDT has three differentiators:  The pedagogy, which is based on academic and industry collaborations for the course content creation as well as deliveryThe advanced Cyber Range Lab with the creation of Centers of Excellence (CoE), to give deep-digital exposure, through real-life use-cases and projectsGlobal mentor-network, to strengthen the industry exposure to the students The Govt. of Andhra Pradesh has chosen Gujarat Forensic Sciences University (GFSU) as the Academic Partner to deliver the one-year full-time postgraduate program in cybersecurity at IIDT. GFSU, with expertise in conducting widely acclaimed Cybersecurity program for the past six years, has designed the curriculum, is delivering the program and collaborating with IIDT for placements. IIDT is setting up Cyber Range Lab operational along with 3 Centers of Excellence (COE)’s in collaboration with CISCO, Kii Corporation, T4U. 9. Cyber Pro Track - PurpleSynapz

PurpleSynapz is a hyper-realistic research and training lab designed to pave the way for the next-gen cybersecurity professionals. It aims at building the pipeline of cybersecurity talent to dent the shortage of required professionals in India. PurpleSynapz features Modern Curriculum crafted by India’s leading infosec practitioners and consultants, Cyber Range, and Innovation Sandbox that focuses on promoting the next-gen cybersecurity entrepreneurs.  Flagship Cybersecurity Program: Cyber Pro Track Duration Of The Program: 6 Months Classroom-Based Program (Including 2 Months of Hands-on Internship) Cost Of The Program: ₹3,00,000 + GST Cities Of Operation: Bengaluru Course Content And USP Of The Program: Cyber Pro Track is a six-month full-time certification course designed by one of the Industry's leading Infosec practitioners and consultants. The program features a modern curriculum spread in 14+ different modules and a hyper-realistic simulation lab (Cyber Range) that allows participants to fight real-life cyber attacks in a controlled environment. The range offers a catalogue of training scenarios, including incident response, pen-testing, OT security, and individual skill-building.  Program Overview includes 14+ modules covering networking, checkpoint, deep packet inspection, firewalls, SIEM, incident response, cyber range and many other latest technologies, along with two months internship, and free access to Cyber Range. 10. Certified Information Security Consultant - Institute of Information Security

The Institute of Information Security is one of the most trusted sources of hands-on training in information security, providing excellent unmatched practical training to individuals and corporates around the globe for over a decade. With the backing of our brilliant technical team providing consulting services for the past 18 years under the brand name of Network Intelligence, they are here to train, mentor and support your career in cybersecurity. Keeping in mind the requirements of the industry, our training programs are designed to prepare the candidates/professionals attending our training to meet the challenges they will be facing in real-life situations. Flagship Cybersecurity Program: Certified Information Security Consultant Duration Of The Program: 6 months Cost of the program: ₹1,30,000 + tax for weekday batches, and ₹1,45,000 for weekend batches Cities Of Operation: Dubai, Mumbai, Pune, Bengaluru, Chandigarh, Delhi, HyderabadCourse Content And USP Of The Program: Course content includes fundamentals, network security, coding, server security, web application security, mobile security, digital forensics, and compliance. The CISC training is designed to make you an expert in the domain of cybersecurity. While most certification programs are geared towards purely technical know-how, the CISC also arms you with the necessary consulting skills to help you make your mark in this exciting field. CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards, and even forensics and cybercrime investigations. CISC includes over 45+ sessions, including the fundamentals as well as advanced concepts. These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months. Each session will be further broken down into 15-20 modules. Read the full article

Want to save your patient’s data?

Then you should adopt new technologies to better enhance your patient experience. Besides all the latest technologies you must also be aware of common cyber-attacks and the best practices to prevent cyber attacks. Let’s dive deep into this article.

https://bit.ly/3RikaGt - 🚨 High-Severity Vulnerability in Dell Command Configure: A significant vulnerability has been identified in Dell Command Configure, a tool used for BIOS configuration on Dell client systems. This vulnerability, tagged as CVE-2023-43086, holds a CVSS base score of 7.3, indicating a high level of severity. It allows local malicious users to modify files during application upgrades, potentially leading to escalated privileges and system compromise. Immediate attention is required to mitigate this risk. #CyberSecurityAlert #DellVulnerability 🔧 Details of the Vulnerability: Dell Command | Configure, utilized for BIOS settings adjustments through its UI or CLI, faces an "improper access control vulnerability." This flaw can lead to unauthorized resource access, including files and directories, potentially compromising the affected system. The vulnerability arises from weak access controls and insufficient authorization checks. #SystemSecurity #AccessControlVulnerability 💻 Versions Affected and Remediation Steps: Versions of Dell Command | Configure prior to 4.11.0 are susceptible to this vulnerability. Dell has released remediated versions to address this issue. Users are advised to update to the latest software version and apply security patches promptly to ensure protection against potential exploits.

https://bit.ly/3SDOVXl - 🕵️ Deep Instinct's Threat Research team has uncovered a new Command and Control (C2) framework, dubbed MuddyC2Go, believed to be used by the Iranian APT group MuddyWater. This C2 framework, written in Go, has possibly been active since 2020, replacing the group's earlier framework, PhonyC2. The discovery of MuddyC2Go highlights the evolving tactics of cyber threat actors. #MuddyC2Go #CyberSecurity #APT #IranianCyberThreats 🔍 The shift from PhonyC2 to MuddyC2Go was identified through anomalies in IP addresses previously associated with MuddyWater, revealing new behaviors and tactics. Deep Instinct's findings suggest a strategic evolution in MuddyWater's operations, highlighting the need for continuous monitoring and analysis of cyber threat actors' methodologies. #CyberThreatIntelligence #DeepInstinct #CyberAttackTrends 💻 Recent MuddyWater activities using MuddyC2Go involve spear-phishing emails with password-protected archives containing executables. These executables run embedded PowerShell scripts that connect to MuddyC2Go servers, indicating a move towards more sophisticated and automated attack methods. #SpearPhishing #Malware #CyberDefense 🌍 Deep Instinct's research has linked attacks using MuddyC2Go to various geographic locations, including a Jordanian company, an Iraqi telecommunications provider, and potential targets in Israel during the recent conflict. This geographical spread underscores the global reach and potential impact of MuddyWater's cyber operations. #GlobalCyberThreats #InfoSec #GeopoliticalCyberRisks 📡 In their investigation, Deep Instinct traced the MuddyC2Go framework back to 2020 and identified multiple IP addresses linked to MuddyWater's operations. These findings are supported by reports from other security firms, further validating the ongoing and evolving threat posed by this APT group. #CyberThreatResearch #IPAnalysis #CyberSecurityAwareness 🔗 The MuddyC2Go framework is challenging to fingerprint due to its generic appearance, similar to other web applications written in Go. However, unique URL patterns generated by the framework have helped Deep Instinct identify past attacks. This demonstrates the importance of detailed analysis in cybersecurity threat identification. #CyberForensics #ThreatHunting #CyberAnalysis 🛡️ Deep Instinct recommends disabling PowerShell if it's not needed or closely monitoring its activity if enabled, as PowerShell is a key component of MuddyWater's operations. The team's ongoing research and monitoring of MuddyC2Go servers provide vital insights for the cybersecurity community in combatting such threats.