Meisam Eslahi, Ph.D.

According to a report by Kaspersky Lab, Indonesia leads in online financial fraud among several surveyed countries. Innovations such as AI and deepfakes have given scammers new tools to create more convincing lies, making it crucial to stay informed and vigilant​! 1. Marketplace Scams This is a growing concern on e-commerce platforms in Indonesia. They exploit the vast reach and anonymity by the internet, allowing scammers to pose as sellers. They prey on the trust and eagerness of buyers looking for good deals. Common Types: - Payment Outside the Protected System: Scammers ask buyers to make payments through direct bank transfers or other unsecured methods instead of the platform's secured payment system. They promise lower prices or faster delivery to tempt buyers. Once the payment is made, they'd disappear or provide invalid tracking numbers. - Non-Existent Products: Scammers set up fake listings for high-demand items at attractive prices. Once an order is placed, they might stall with excuses until they can withdraw the funds received, then vanish.  - Counterfeit Goods: Sellers advertise branded items at significantly reduced prices but deliver counterfeit items. Protect Yourself: - Make Payments through The Marketplace: The system is designed to protect your money until you confirm receipt of the correct item. - Check Ratings & Reviews: Before purchasing, review the seller’s ratings and customer feedback.  - Be Skeptical: Extreme discounts on high-demand items may be a lure. - Report Suspicious Activity: If you encounter a scam, report it immediately to the platform. 2. Cryptocurrency Scams This scam is one of the most damaging financial threats, especially as digital currencies gain popularity. They exploit the complexity of blockchain technology, which many everyday users fail to understand. Common Types: - Fake Initial Coin Offerings: Scammers create fictitious projects promising breakthrough financial returns. They lure investors during the initial offering phase, then disappear once they collect enough funds. - Ponzi & Pyramid Schemes: Promising high returns from investments and rely on new investors' money to pay earlier investors. Once new investments stop, the scheme collapses. - Phishing Attacks: Scammers use fake emails or sites to trick victims into divulging their wallet keys or credentials. They send urgent security alerts, convincing users to enter details on platforms that mimic legitimate exchanges or wallet providers. How to Avoid: - Research Thoroughly: Always investigate. Check reviews, the experience of the team behind the project, and any legal documentation. - Secure Your Wallet: Use wallets from reputable sources and never share your private keys or seed phrases. - Unrealistic Promises: If an investment seems too good to be true, it probably is! High returns with little or no risk are a classic sign. Read more at: https://lnkd.in/gi5vWrhr

11

What is DAI (Dynamic ARP Inspection)? | How to configure Dynamic ARP Inspection DAI? | cyber-attack prevention | ARP Poisoning prevention. Dynamic ARP Inspection ARP (Address Resolution Protocol) is a communication protocol. Networking devices are used for discovering MAC (media access control) addresses, associating with an IPv4 address (internet layer address), and mapping the MAC addresses to IPv4 addresses, this mapping is done dynamically and stored in the ARP cache. ARP works between layer 2 and layer 3 of the OSI because the MAC address exists on the data link layer and the IP address exists on the network layer. In other words, Address Resolution Protocol (ARP) is a Layer 2 protocol that maps an IP address (Layer 3) to a MAC address (Layer 2). #cisco #ciscogateway #cisconetworking #ciscosecure #ciscosecurity #ciscocertification #ciscopartners #ciscocert #ccna #ccnacertification #ccnatraining #networksecurity #bgproducts #networkengineer #ccie #ccna #ccnp #networkinfrastructure #internetprotocol https://lnkd.in/daf-N-Ze

1

ISO27k ISMS 6.1.2 information risk Checklist catalogue 2023 The document is an information risk checklist to support the risk identification phase of an ISO/IEC 27001 Information Security Management System (ISMS). It covers various categories of information risks, including: Confidentiality risks - Such as unauthorized access, disclosure, or theft of sensitive information. Integrity risks - Such as inaccurate data, falsification, malware, and design flaws. Availability risks - Such as system failures, cyberattacks, and natural disasters. Other information security risks - Such as advanced persistent threats, crypto-ransomware, and ineffective security controls. Other general information risks - Such as contract breaches, supply chain issues, and knowledge gaps. The checklist is intended as a starting point to identify risks and should be adapted to the specific organization's context. It encourages users to "think outside the box" and be creative in the risk identification process. The document is covered by a Creative Commons license, allowing users to use, adapt, and build upon it for non-commercial purposes related to information risk management.

19

ISO 42001 is similar to ISO 27001 in many ways and the best part is that it can co-exist with #ISO27001 without any additional requirements. #ISMS, as we know, gives robust governance and same goes with AIMS. I had opportunity to conduct session on 42001 for a group of professionals and they could easily relate with the concepts. Artificial Intelligence Management Systems (AIMS), follows the standard Plan-Do-Check-Act (PDCA), just like other management system standards,  to ensure continuous improvement and effective management. Clauses 4-7 focus on planning aspect to ensure business context is clearly established. Clause 4 - Establishes the foundation by understanding the organization’s context, identifying internal and external issues Clause 5 - Requires top management to demonstrate leadership and commitment, establish an AI policy, and assign R &R . Clause 6 - Involves identifying risks and opportunities related to AI systems Clause 7 - Focuses on providing the necessary resources, ensuring competence, raising awareness, and establishing communication processes Clause 8 - This phase involves implementing the plans by establishing and managing the processes necessary to meet AI management system requirements. Clause 9 - Involves monitoring, measurement, analysis, and evaluation of the AI management system’s performance. Clause 10 - Focuses on taking corrective actions based on the findings from the Check phase. If you are looking for 42001 advisory, consulting or training – Do reach out to me or CYTAD. We can make the entire process easy and seamless. Do share below AIMS workflow with anyone who may benefit from it. #ISO42001 #aisecurity #Informationsecurityinsights #databreach #compliance Rivedix

174

15 Komen

Post#4 #DFIR - Digital Forensics & Incident Response Windows Forensics - File/Folder Activity - Most Recently Used (MRU) - Windows Shortcut files or link files - Shell Bags, Prefetch, Jump Lists, MS Office Recent Files.

4

1 Komen

Singapore launches new Skills Pathway for cybersecurity training - SecurityBrief Asia: Singapore launches new Skills Pathway for cybersecurity training  SecurityBrief Asia #CyberSecurity #InfoSec #SecurityInsights

2

When approaching cyber security in an #Operational #Technology (OT) or ICS environment these factors must be taken into account: - Understanding the applicable IEC 62443 standards - Identifying Target security level (SL-T), Capability security level (SL-C) and the Achieved security level (SL-A) - Aligning the strength of security measures with the risk exposure An IEC 62443-based approach to cyber security in an OT environment requires the integration of robust security measures at various Purdue levels. This ranges from improving the security of the hardware to ensuring secure configuration of software and networks. Several simple measures can be adopted to secure ICS systems and to harden them against potential exploitation by bad actors these include: - Periodic risk assessments based on IEC 62443 to identify and address gaps - Keeping systems patched/updated - Clearly assigning security-related responsibilities at all levels - Test and deploy an incident response strategy and tactics - Conduct Security Acceptance Testing for new devices - Request OEMs to share information on their security practices With a proven portfolio of solutions, threat intelligence, and managed services, Alliance Pro can help you elevate your IEC 62443 Achieved security level (SL-A) in a few easy steps.   #ICS #otsecurity #CYBERSECURITY #threatmanagement #risk #riskmanagement

20

Capture memory in ad1 and process with forensic toolkit Register now : https://lnkd.in/gHVVpBik #forensic #liveforensic #digitalforensic #cyberforensics

5

1 Komen

ASTIL Cybersecurity Awareness Scoring System (ACASS) -------------------------------------------------------------- Features: 1) An online-based self learning short course to remain aware on cybersecurity. 2) After completing the course, cybersecurity rating will be provided (e.g., 70/100 to remain within the rating). 3) Automated Phishing Simulation Solution. Phishing email will be sent time to time to everyone to remain cybersafe 4) An individual will have to maintain 70% all the time to remain aware on cybersecurity all the time. 5) Software based scoring system. 6) New lesson(s) will be provided if an individual fall prey to phishing attack 7) Customization options to create phishing simulations that mimic real-world threats. 8) Training sessions for administrators and end-users on utilizing the solution effectively and recognizing phishing attempts. 9) 24/7 technical support, maintenance, and software updates. 10) Regular reporting and analytics to monitor participant awareness and measure the impact of phishing simulations. Contact: +8801796806579, 01713494440 Email: info@aidan-stil.org #Cybersecurity #cybersecurityscoringsystem #acass #followers

3

Date: May 13, 2024 Industry: Government Relations Country: Indonesia Threat Actor: RansomHub Category: Ransomware Group claims to have access to more than 15TB of organization data and to publish it within the next 16–17 days. Sample screenshots are provided in the Dark Web portal. #WaspadaRansomware #ThreatIntelligence #SecurityAnalyst #CyberSecurity #RansomwareAttack

5

Hacktivists turn to ransomware in attacks on Philippines government. Why it matters: 1. Hacktivist operations, using leaked ransomware builders like LockBit and Vice Society, are increasingly targeting the Philippines' critical infrastructure, aiming more to sow disruption and grab attention than to negotiate ransom, reports cybersecurity firm SentinelOne. 2. The Southeast Asian nation, a key player in China’s maritime expansion, saw a significant surge in malicious cyber activity in Q1 2021 with a 325% spike observed. Hacktivist groups and misinformation tactics nearly tripled during the period, potentially destabilizing the country's critical infrastructure. 3. The line between hacktivism and official state-backed activity remains blurred in the Philippines, with reports of the China-linked group Mustang Panda launching information warfare campaigns. Using hacktivist monikers helps threat actors evade attribution while stoking perceptions of homegrown social conflict. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/eXbAdrrS

9

🚨📰𝗡𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝗖𝗘𝗥𝗧'𝘀 𝗚𝗥𝗖 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝗮𝘁𝗲 𝗥𝗼𝗹𝗹𝘀 𝗢𝘂𝘁 𝗮 𝗖𝗼𝗺𝗽𝗿𝗲𝗵𝗲𝗻𝘀𝗶𝘃𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝗺𝗲𝗻𝘁 𝗣𝗹𝗮𝗻 𝗳𝗼𝗿 𝗜𝘁𝘀 𝗖𝗼𝗻𝘀𝘁𝗶𝘁𝘂𝗲𝗻𝗰𝗶𝗲𝘀 – 𝗠𝗶𝗻𝗶𝘀𝘁𝗿𝗶𝗲𝘀, 𝗗𝗶𝘃𝗶𝘀𝗶𝗼𝗻𝘀, 𝗙𝗲𝗱𝗲𝗿𝗮𝗹 𝗚𝗼𝘃𝗲𝗿𝗻𝗺𝗲𝗻𝘁 𝗗𝗲𝗽𝗮𝗿𝘁𝗺𝗲𝗻𝘁𝘀 & 𝗦𝗲𝗰𝘁𝗼𝗿𝘀 𝗜𝘀𝗹𝗮𝗺𝗮𝗯𝗮𝗱, 𝗣𝗮𝗸𝗶𝘀𝘁𝗮𝗻 – The Governance, Risks, and Compliance (GRC) Directorate of the National Computer Emergency Response Team (nCERT) has rolled out a meticulously crafted guideline aimed at fortifying cybersecurity defenses across government and critical national infrastructure sectors. The guideline encompasses domains like Asset & Risk Management; System & Communications Protection; Data Protection & Privacy; Identity & Access Management; Security Training; Incident Response & Supply Chain Risk Management (SCRM). Endorsed by the Director General of nCERT, this guideline marks a significant step towards a unified and robust cybersecurity posture for the nation. The plan features a phase-wise implementation strategy tailored for various government organizations and sectors. This strategic approach involves a comprehensive cybersecurity risk management, ensuring adherence to policies, and conducting thorough security audits within nCERT’s constituencies. The initiative is set to be complemented by extensive capacity-building efforts to empower personnel and organizations to adopt best practices and mitigate emerging cyber threats effectively. The overarching objective of this initiative is to bolster cybersecurity defenses, ensuring that government entities and critical infrastructure sectors are well-equipped to tackle national-level cyber threats. The phased rollout will facilitate a systematic and structured adoption of enhanced cybersecurity measures, contributing to a resilient and secure digital landscape across the nation. This initiative reflects nCERT's commitment to enhancing the country's cybersecurity framework, aligning with global standards and best practices to safeguard national interests.

39

2 Komen