After a massive response from security community at NullCon Goa, India event shows offline participation of security researchers has been increased immensely in cyber security events. Here is the list few of upcoming events that every security researcher in the community should know:

1. Texas Cyber Summit | September 22-24 | Austin, Texas

Texas cyber summit conference is with vision to increase the number of persons of all demographics entering the cybersecurity field, particularly those of the underserved and women communities. Facilitate a place where attendees can build a social network that brings mentors and inspiration to them in a positive and re-enforcing manner.

To get more details visit https://texascyber.com/

2. RomHack 2022 | September 23 | Rome, Italy

The event is organized by Cyber Saiyan and gives to anyone the opportunity to meet and exchange ideas in three days of learning, entertainment, knowledge sharing through cutting-edge talks, workshops and interactive labs.

To get more details visit https://romhack.camp/

3. International Cyber Expo | September 27-28 | London, UK

International Cyber Expo will be perfect meeting place for CISOs, CTOs, Managing Directors, business owners, cyber security specialists, government officials and end-users to connect and source products from the thriving cyber security market.

To get more details visit https://www.internationalcyberexpo.com/

4. VB2022 Prague | September 28-30 | Prague, Czech Republic

Virus Bulletin, the venerable malware-focused publication, has been running its annual conference for more than 30 years, and returns to an in-person format after two years online.

To get more details visit https://www.virusbulletin.com/conference/vb2022/

5. (ISC)² Security Congress 2022 | October 08-12 | Las Vegas and online

Dozens of sessions around professional development, with topics including cloud security; Deepfakes; Effective Cybersecurity Board Reporting Zero Trust for Cloud; governance, risk, and compliance (GRC); and career development.

To get more details visit https://congress.isc2.org/event/ddd188c4-b9cd-4eb0-bd9a-2c7810df496e/summary

6. Authenticate 2022 | October 17-19 | Seattle, US

Hosted by the FIDO Alliance, the event is dedicated to the who, what, why and how of user authentication – with a focus on the FIDO standards-based approach.

To get more details visit  https://authenticatecon.com/event/authenticate-2022-conference/

7. Web Summit 2022 | November 1-4 | Lisbon, Portugal

Web Summit is “where the future goes to be born” . Web Summit 2022 will bring together 70,000+ people, and the companies redefining the tech industry.

To get more details visit https://websummit.com/

8. 2022 FIRST Cyber Threat Intelligence Symposium | November 2-4 | Berlin, Germany

FIRST (Forum of Incident Response and Security Teams) runs technical colloquia for discussing vulnerabilities, incidents, and tools impacting security/incident response teams, plus less technical, sometimes more hands-on, regional symposia.

To get more details visit https://www.first.org/events/colloquia/

9. HITB + CyberWeek | 17th – 21st April 2023 | TBC, Amsterdam

HITBSecConf – short for Hack In The Box Security Conference – has multiple events featuring trainings, multi-track conferences, and CTFs throughout 2022.

To get more details visit https://conference.hitb.org/

10. Black Hat Europe 2022 | December 5-8 | London, UK and online

Black Hat’s final major event of the year will as usual feature a stellar range of speakers speaking about hacking tools and techniques, security vulnerabilities, and cybercrime trends.

To get more details visit https://www.blackhat.com/upcoming.html#europe

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The Indian Govt on Wednesday 3rd Aug 2022 withdrew the long-awaited Personal Data Protection (PDP) Bill, 2019. Centre told the members of the Joint Parliamentary Committee that it will bring a set of new legislation for a comprehensive legal framework for the digital economy.

The withdrawn Bill had proposed restrictions on the use of personal data without the explicit consent of citizens. It had also sought to provide the government with powers to give exemptions to its probe agencies from the provisions of the Act. The bill was criticized by privacy experts as it was seen as being more in favor of the government rather than protecting privacy, which the Supreme Court held as a fundamental right in 2017.

Looking forward, this is also a great opportunity to look into certain key issues relating to lack of independence of data protection authority, restrictive cross border data flow and state exemption. The new framework should foster growth and innovation, help the start-up ecosystem and enable ease of doing business while ensuring that the data rights of citizens are at the heart of the legislation.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The backbone of the web has received a major upgrade. The HTTP/3 protocol has received RFC 9114 standardization – a boost for internet security, but not one without hurdles for web developers.

This week, the Internet Engineering Task Force (IETF) released HTTP/3, published as RFC 9114.

The Hypertext Transfer Protocol (HTTP) acts as an application layer for facilitating communication between servers and browsers, fetching resources, and transferring data. HTTPS is HTTP with additional security via encryption.

HTTP/3 is the latest revision of the HTTP protocol, taking over from 2015’s HTTP/2. HTTP/3 is designed to address some of the performance issues inherent in HTTP/2, improving the user experience, decreasing the impact of packet loss without head-of-line blocking, speeding up handshake requirements, and enabling encryption by default.

The protocol utilizes space congestion control over User Datagram Protocol (UDP).One of the major differences in HTTP/3 is QUIC. Developed by Google, Quick UDP Internet Connections (QUIC) was adopted by the IETF, and a tailored version provides a cornerstone of HTTP/3.

Cloudflare predicts that 8% of internet traffic is HTTP/1-based, followed by HTTP/2 at 67%, and HTTP/3 at 25%.

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

The Centre for Threat Informed Defence releases mappings between MITRE ATT&CK® and NIST Special Publication 800-53 with supporting documentation and resources.

These mappings provide a critically important resource for organizations to assess their security control coverage against real-world threats as described in the ATT&CK knowledge base and provide a foundation for integrating ATT&CK-based threat information into the risk management process.

With over 6,300 individual mappings between NIST 800-53 and ATT&CK, this resource greatly reduces the burden on the community to do their own baseline mappings– allowing organizations to focus their limited time and resources on understanding how controls map to threats in their specific environment.

For more details NIST 800-53 Control Mappings – CTID (mitre-engenuity.org

Industry’s first comprehensive cybersecurity skilling program to empower India’s workforce for a career in security. This initiative aims to skill 1 lakh learners by 2022.

As digital adoption continue to rise, the need of cybersecurity landscape has evolved significantly, and huge demand for skilled security professionals. To address this skills gap and empower India’s workforce for a career in cybersecurity, Microsoft launched a first of its kind cybersecurity skilling program that aims to skill over 1 lakh learners by 2022.

The program is designed to give learners hands-on experience in the fundamentals of security, compliance, and identity. Microsoft will conduct these courses along with its strategic consortium of partners including Cloudthat, Koenig, RPS, and Synergetics Learning. The course modules are designed to support all levels of learners, regardless of where they are in their cybersecurity journey.

Microsoft has introduced four new security, compliance, and identity certifications, of which the accredited certification for Fundamentals will be offered at zero-cost for any individual who attends the associated training through this initiative. Additionally, in collaboration with its partners, Microsoft, offers learners deeply discounted offers on the rest of the advanced role-based certifications to drive deep skills for addressing cybersecurity challenges.

Learners can apply for the course: https://www.microsoft.com/en-in/campaign/MS-IndiaSkillingInitiative/SecuritySkilling.aspx

Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Type of cyber Attack

1. Malware: in which malicious software is used to attack information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block access to files, disrupt system operations or make systems inoperable.
2. Phishing: in which hackers socially engineer email messages to entice recipients to open them. The recipients are tricked into downloading the malware contained within the email by either opening an attached file or embedded link.
3. Man-in-the-middle: or MitM, where attackers secretly insert themselves between two parties, such as individual computer users and their financial institution. Depending on the details of the actual attack, this type of attack may be more specifically classified as a man-in-the-browser attack, monster-in-the-middle attack or machine-in-the-middle attack. It is also sometimes called an eavesdropping attack.
4. DDoS: in which hackers bombard an organization’s servers with large volumes of simultaneous data requests, thereby making the servers unable to handle any legitimate requests.
5. SQL injection: where hackers insert malicious code into servers using the Structured Query Language programming language to get the server to reveal sensitive data.
6. Zero-day exploit: which happens when a newly identified vulnerability in IT infrastructure is first exploited by hackers.
7. Domain name system (DNS) tunneling: a sophisticated attack in which attackers establish and then use persistently available access — or a tunnel — into their targets’ systems.
8. Drive-by: or drive-by download, occurs when an individual visits a website that, in turn, infects the unsuspecting individual’s computer with malware.

Credential-based attacks happen when hackers steal the credentials that IT workers use to access and manage systems and then use that information to illegally access computers to steal sensitive data or otherwise disrupt an organization and its operations.

How Can You Prevent A Cyber Attack?

There is no guaranteed way for any organization to prevent a cyber attack, but there are numerous cybersecurity best practices that organizations can follow to reduce the risk. Reducing the risk of a cyber attack relies on using a combination of skilled security professionals, processes and technology. Reducing risk also involves three broad categories of defensive action:

• preventing attempted attacks from actually entering the organization’s IT systems;
• detecting intrusions; and
• disrupting attacks already in motion — ideally, at the earliest possible time.

Best practices include the following:

• implementing perimeter defenses, such as firewalls, to help block attack attempts and to block access to known malicious domains;
  • using software to protect against malware, namely antivirus software, thereby adding another layer of protection against cyber attacks;
  • having a patch management program to address known software vulnerabilities that could be exploited by hackers;
  • setting appropriate security configurations, password policies and user access controls;
  • maintaining a monitoring and detection program to identify and alert to suspicious activity;
  • creating incident response plans to guide reaction to a breach; and
  • training and educating individual users about attack scenarios and how they as individuals have a role to play in protecting the organization.

India Rank’s Among Top 10 In Global Cybersecurity Index 2020.

GCI-Global Cybersecurity Index is a yearly survey carried out by ITU (International telecommunication union) the united nations specialized agency for ICT’s. GCI was first launch in 2015. For year 2020 the index maps 82 questions on 194 members state cybersecurity commitments. And the ranking was measured on basis of five pillars:

• Legal measures
• Technical measures
• Organizational measures
• Capacity development measures
• Co-operation measures

India rank’s in 10th position with score of 97.5.The list is topped by USA with score 100 followed by United Kingdom and Saudi Arabia in second position with score 99.54. India has also secured the fourth position in the Asia Pacific region underlining its commitments to cybersecurity.

Estonia ranked third with score 99.48. while Korea(Rep of),Singapore, Spain spotted at fourth with score 98.52 also fifth was secured by Russian Federation, United Arab Emirates, Malaysia with score 98.06.

Lithuania holds sixth position with score 97.93, Japan secured seventh with score 97.82.Eight and ninth would be Canada and France with score 97.67 and 97.6.

The goal of GCI is to help countries in identifying areas for improvement in the field of cybersecurity. As well as encourage them to take action towards those areas.

Cybersecurity is multidisciplinary field and its application involves all sector, industries and stakeholders both vertically and horizontally. In order to increase development of national capabilities efforts have to be made by political, economical, by law of enforcement, justice department, educational institutes, private sectors, Public-Private partnership, developers of technology and intra-state cooperation. 

Finally India has worked relentlessly  on all the five pillars over the last few years, resulting in significant improvement in its ranking. We hope GCI will also help in address the gap between developed and developing countries by encouraging knowledge, upskilling, and building competencies.