Cybersecurity Tool Kit

Check out our kit of sharable cybersecurity tips and tools below.

This cybersecurity tool kit is grouped into 4 sections:

  • Educate About Cybersecurity
    • Designed to help you inform your employees, customers, and suppliers about the latest methods cyber attackers are using . Share our short educational videos and guides with everyone that interacts with your infrastructure and help them improve their cybersecurity awareness.
  • Test Your Defenses
    • A clever human mind with strong motivation and determination can, and will, find a way to infiltrate your systems. Our tips and tools help you beat cyberattackers at their own game.
  • Adopt Proactive Cybersecurity
    • A proactive approach to cybersecurity helps businesses of all sizes preempt criminal intent and mitigate the risk of cyberattacks. Use our content to help shape your proactive cybersecurity approach.
  • Prioritize, Remediate, Report
    • Manage your security posture more efficiently with the right data for risk-based prioritization and effectively track and communicate the impact of your efforts across all levels of the organization.

Frontline PenTest

Digital Defense is offering 10% off your next Frontline Pen Test. Learn More.

 

Educate Key Personnel

Cybersecurity Tips, Blogs, & Guides to share with your Employees, Customers, & Suppliers

Malicious hackers are refining the tricks (social engineering) used to propagate malware attempts. Your best defense is keeping your staff and partners informed and diligent. Feel free to share these informative resources with your staff and end-users.

Security Spotlight Videos

Now is the time to remind your end-users and staff about password security, ransomware traps, and phishing scams with these 3 short videos. Scroll below to view each topic:

Security Spotlight – Phishing

Hackers are targeting your employees with phishing attacks due to the shift to remote working. In this short animated video, a distracted employee almost falls prey to a phishing scam, view now.

Security Spotlight – Ransomware

Organizations are generally inclined to pay a ransom rather than risk interrupting the flow of business and losing consumer trust. In this short animated video, an employee receives ransomware stating their files have been captured. What will happen next?

Security Spotlight – Passwords

Your employees are the first line of defense when it comes to protecting your business’ data. This short animated video will show why now is not a good time to get comfortable with your passwords, check it out.

GUIDE: Password Protocols

Poor security habits such as sharing or reusing passwords can put your organization at risk for breaches or compliance violations. Share this guide help improve your staff’s awareness of proper password protocol.

BLOG: Top Ten WFH Tips from our CIO

Share these 10 tips with your employees who are working remotely to help protect your information, your network, and your company assets.

GUIDE: Safer Social-Social Media Security Risks and Best Practices for Creating a Culture of Security

This guide identifies the tactics malicious actors use when exploiting social media for criminal purposes. We also provide best practices to protect your business that you can start using today. 

Test Your Defenses

A key component of any security program is ensuring that your organization has a clear understanding of where risk resides. Put your cyber defenses to the test before malicious actors beat you to it.

GUIDE: Penetration Testing, What You Need to Know Now

This guide addresses commonly asked questions and shares insight into the benefits of penetration testing/ethical hacking as a vehicle to better improve information security.

GUIDE: Penetration Pen Test Pitfalls to Avoid

As experienced pen testers we’ve seen common pitfalls that even experienced security teams fall victim to from time to time.

INFOGRAPHIC: 3 Signs it’s Time for a Penetration Test

If you are someone on your team needs help understanding when to pen test, this infographic can help.

3 Signs Pen Test infographic

Adopt Proactive Cybersecurity

A proactive approach to cybersecurity helps businesses of all sizes disrupt criminal behavior, preempt criminal intent, and mitigate risk of cyberattacks.

BLOG: The Top 3 Attack Vectors Ransomware Loves to Exploit

Cyber attackers choose to use ransomware because it can be very lucrative. Organizations are generally inclined to pay a ransom rather than risk interrupting the flow of business and losing consumer trust.

BLOG: 9 Vulnerability Management Pitfalls to Avoid

We’ve pulled together some of the common pitfalls organizations need to avoid when it comes to vulnerability management.

BLOG: 4 Strategies to Enhance Both your Security and Compliance Posture

Here are our top strategies for enhancing your security posture, reducing risk, and prioritizing assets and systems.

Prioritize, Remediate, Report

Manage your security posture more efficiently with the right data for risk-based prioritization and effectively track and communicate the impact of your efforts across all levels of your organization.

BLOG: Shining a Light on Truly Critical Vulnerabilities

Threat intelligence helps your team take the leap from awareness of the vulnerability risk in your infrastructure to establishing and tracking an effective remediation strategy so you work smarter rather than constantly working harder.

BLOG: Making the Grade with Risk-Based Prioritization

Make sure that the most important assets, those most critical to your operations are prioritized for your team to focus on first.

BLOG: 3 Ways Peer Comparison Illustrates Cybersecurity Performance

Peer comparisons support the establishment of performance benchmarks for your organization against your industry peers.

REPORT: Financial Sector Cybersecurity: How do you compare to your peers?

We ran Frontline Insight reports on our bank, credit union, and financial services clients to gain insight into the threat and vulnerability preparedness across the financial sector.

Recent Vulnerabilities

Microsoft Domain Controller “ZeroLogon” and RCE Vulnerabilities

Microsoft Domain Controller “ZeroLogon” Vulnerability A recent disclosure by Dutch security firm Secura B.V. has highlighted how dangerous a Netlogon vulnerability (CVE-2020-1472) included in the August 2020 Patch Tuesday release can be to a network.  To exploit this…

Slack Desktop Application Remote Code Execution (RCE) Vulnerability

Slack Desktop Application RCE A RCE flaw was disclosed on August 31st, 2020, which affects the users of the Windows, Mac OS, and Linux desktop application versions of Slack.  Users that click on an HTML injected image, will be redirected to an attacker’s server where…

“GlueBall” Microsoft Windows Spoofing

“GlueBall” CVE-2020-1464 As part of the Patch Tuesday release on August 11th, 2020, Microsoft included a zero day vulnerability that had gone unfixed for several years.  This vulnerability, CVE-2020-1464 and dubbed “GlueBall”, could allow an attacker to bypass…

“BootHole” GRUB2 Bootloader Secure Boot Bypass

“BootHole” GRUB2 Bootloader Secure Boot Bypass As of July 29th, a buffer overflow vulnerability has been disclosed in the way that GRUB2 parses its configuration file, grub.cfg that can lead to full control over an affected system before OS boot.  This bypass…

F5 Big-IP TMUI RCE

On June 30th 2020, F5 disclosed a Remote Code Execution (RCE) (CVE-2020-5902) vulnerability in their Traffic Management User Interface (TMUI), also referred to as the Configuration Utility.  The directory traversal vulnerability can allow execution of system commands,…

CVE-2020-2021 Palo Alto Networks PAN-OS: Authentication Bypass in SAML Authentication Vulnerability

CVE-2020-2021 Palo Alto Networks PAN-OS A critical severity authentication bypass vulnerability in certain configurations of Palo Alto Networks PAN-OS devices using Security Assertion Markup Language (SAML) authentication. On June 29, 2020, Palo Alto issued a security…

Ripple20

Ripple20 As of June 16th 2020, a total of 19 vulnerabilities, collectively called Ripple20, were found within an embedded TCP/IP stack software library. This library, developed by Treck, Inc. was used in the manufacturing chain across all industries and could affect…

SMBleed Remote Kernel Memory Information Leak

SMBleed (CVE-2020-1206) A Kernel Info Leak vulnerability has been discovered and dubbed SMBleed (CVE-2020-1206).  The vulnerability lies in the decompression function of SMBv3.1.1.  This vulnerability combined with SMBGhost (CVE-2020-0796) from March 2020 can lead to…

Saltstack Remote Code Execution (RCE) and vBulletin “incorrect access control” Vulnerabilities

Saltstack Remote Code Execution (RCE) Vulnerability For those that have implemented SaltStack in your cloud environment, please be aware of several vulnerabilities (CVE-2020-11651/CVE-2020-11652) that together allow a RCE condition, which could allow an attacker to…

SoftNAS Cloud® Zero-day Blog

Digital Defense, Inc. is disclosing a vulnerability identified in SoftNAS Cloud(R) data storage platform discovered by our Vulnerability Research Team (VRT).  The engineers at SoftNAS are to be commended for their prompt response to the identified flaw and their…

SoftNAS® Vulnerability Disclosed by Digital Defense, Inc. Researchers

San Antonio, TX – March 20, 2019 – Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in SoftNAS Cloud® data storage platform.​ If…

Analysis of NUUO NVRmini2 Stack Overflow Vulnerability

Exploiting CVE-2018-19864 – Samuel S., Senior Vulnerability Researcher During an audit of NUUO’s NVRmini2, a stack overflow vulnerability was discovered in a request handling function in the ‘lite_mv’ custom SIP service binary. The NUUO NVRmini2 runs a custom SIP…

NUUO Firmware Vulnerabilities Disclosed by Digital Defense, Inc.

San Antonio, TX – November 29, 2018 – Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) discovered a previously undisclosed vulnerability in NUUO NVRmini2 Network Video Recorder…

NUUO Firmware Disclosure

NUUO Zero-Day Blog Digital Defense, Inc. is disclosing a vulnerability identified in NUUO NVRmini2 Network Video Recorder devices discovered by our Vulnerability Research Team (VRT).  We commend NUUO for their prompt response to the identified flaws and their…

Multiple Arcserve Zero-Day Vulnerabilities Disclosed by Digital Defense, Inc. Researchers

San Antonio, TX – October 23, 2018 – Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) uncovered four previously undisclosed vulnerabilities within the Arcserve Unified Data…

Arcserve Zero-Day Disclosure

Digital Defense discloses four previously undisclosed vulnerabilities within the Arcserve Unified Data Protection platform. The vulnerabilities can open the door for potential compromise of sensitive data through access to credentials, phishing attacks and the ability…

ManageEngine Disclosure #3

Digital Defense is disclosing vulnerabilities identified in ManageEngine’s ADSelfService Plus application. ManageEngine was prompt in responding to the identified flaws and providing fixes for these security issues. A patched version of ADSelfService Plus can be…

ManageEngine Disclosure #2

Digital Defense is disclosing multiple additional vulnerabilities identified on various ManageEngine applications discovered by our Vulnerability Research Team (VRT).  We commend ManageEngine for their prompt response to the identified flaws and their engineering…

ManageEngine

Update March 21, 2018: Added additional vulnerabilities disclosed to ManageEngine that were excluded from the original blog post affecting several additional ManageEngine applications. Digital Defense is disclosing multiple vulnerabilities identified on various…

Avamar Zero-Day

Avamar Zero-Day Today Digital Defense is disclosing three vulnerabilities identified on Dell EMC Data Protection Suite Family products discovered by the Digital Defense Vulnerability Research Team (VRT). VRT would like to commend Dell EMC for their prompt handling and…

The post Cybersecurity Tool Kit appeared first on Digital Defense, Inc..


*** This is a Security Bloggers Network syndicated blog from Digital Defense, Inc. authored by Digital Defense Inc.. Read the original post at: https://www.digitaldefense.com/blog/cybersecurity-tool-kit/