Computer viruses, Trojans and worms Books

Book SynopsisReal-World Bug Hunting is a field guide to finding software bugs. Ethical hacker Peter Yaworski breaks down common types of bugs, then contextualises them with real bug bounty reports released by hackers on companies like Twitter, Facebook, Google, Uber, and Starbucks. As you read each report, you'll gain deeper insight into how the vulnerabilities work and how you might find similar ones.Trade Review"I am quite sure that [this book is] going to be one of the most recommended books for web app pen-testing. If it is not already."—Sudo Realm"A brilliant resource for anyone who aspires to be a professional bug hunter." —Dana Epp, Security Boulevard

Read more less

Book SynopsisStop dangerous threats and secure your vulnerabilities without slowing down delivery. This practical book is a one-stop guide to implementing a robust application security program.Application Security Program Handbook teaches you to implement a robust program of security throughout your development process. It goes well beyond the basics, detailing a flexible approach that can adapt and evolve to new and emerging threats. Follow the expert advice in this guide and you'll reliably deliver software that is free from security defects and critical vulnerabilities. As a developer, you must build security into your software throughout its development lifecycle. This book addresses all the practices, tools, technology, people, and processes you need to reduce the risk of attacks and vulnerabilities in your software. Application Security Program Handbook is full of strategies for setting up and maturing a security program for your development process. Its realistic recommendations take a service-oriented approach to application security that's perfectly suited to the fast-pace of modern development. Focused on the realities of software development, it shows you how to avoid making security a gated exercise.Inside, you'll learn to assess the current state of your app's security, identify key risks to your organization, and measure the success of any defensive programs you deploy. You'll master common methodologies and practices that help safeguard your software, along with defensive tools you can use to keep your apps safe. With this handy reference guide by your side, you'll be able to implement reliable security in a way that doesn't impact your delivery speed. RETAIL SELLING POINTS Application security tools you can use throughout the development lifecycle Creating threat models Mitigating web app vulnerabilities Creating a DevSecOps pipeline Application security as a service model Reporting structures that highlight the value of application security Creating a software security ecosystem that benefits development AUDIENCE For software developers, architects, team leaders, and project managers looking to implement security in their pipelines.Trade Review'It's impossible not to learn something from this.'George Onofrei 'Do you want to get your hold back on the concepts of Application Security, then this is a fantastic book for you. Get it now!'Krishna Anipindi 'A book like this should be a must to start your career or to understand you are doing things right.'Nikolaos AlexiouTable of Contentstable of contents detailed TOC PART 1: DEFINING APPLICATION SECURITY READ IN LIVEBOOK 1WHY DO WE NEED APPLICATION SECURITY READ IN LIVEBOOK 2DEFINING THE PROBLEM READ IN LIVEBOOK 3COMPONENTS OF APPLICATION SECURITY PART 2 DEVELOPING THE APPLICATION SECURITY PROGRAM READ IN LIVEBOOK 4RELEASING SECURE CODE READ IN LIVEBOOK 5SECURITY BELONGS TO EVERYONE READ IN LIVEBOOK 6SERVICE-ORIENTED APPLICATION SECURITY PART 3: DELIVER AND MEASURE READ IN LIVEBOOK 7BUILDING A ROADMAP READ IN LIVEBOOK 8MEASURING SUCCESS 9 CONTINUOUS IMPROVEMENT

Read more less

Book SynopsisPractical Binary Analysis is the first book of its kind to present advanced binary analysis topics in an accessible way. After an introduction on the basics of binary formats, disassembly, and code injection, you'll dive into more complex topics such as binary instrumentation, dynamic taint analysis, and symbolic execution. By the end of the book, you'll be able to build your own binary analysis tools on Linux by following hands-on and practical examples.Trade Review"Dennis Andriesse has put together a book that combines the necessary knowledge and tools enabling the reader to grasp not only the fundamentals of binary analysis, but also to put the newfound knowledge to the test in practical and illustrative examples of binary analysis."—Sven Dietrich, Cipher: the newsletter of the IEEE Computer Society's Technical Committee on Security and Privacy"This book is...one that deserves the title of deep dive. There is no waste anywhere—just lean, mean, information."—Full Circle Magazine"If you want to reverse engineer some code, learn to be a white hat hacker or a black hat hacker then it's well worth reading."—I Programmer"Explains the subject in a straightforward and concise way! The author is a very knowledgeable security researcher and his work is state of the art!"—Nucu Labs“This book reads like a workshop that teaches readers what tools exist for both Linux and Windows and how to string them together to write tools for reverse engineering binaries . . . if you are well versed in programming, this book will still teach you a good approach at tackling many problems with binary analysis.”—John Skandalakis, Software Engineer, Tripwire

Read more less

Book SynopsisA cybersecurity expert and former FBI “ghost” tells the thrilling story of how he helped take down notorious FBI mole Robert Hanssen, the first Russian cyber spy.“Both a real-life, tension-packed thriller and a persuasive argument for traditional intelligence work in the information age.”—Bruce Schneier, New York Times bestselling author of Data and Goliath and Click Here to Kill EverybodyEric O’Neill was only twenty-six when he was tapped for the case of a lifetime: a one-on-one undercover investigation of the FBI’s top target, a man suspected of spying for the Russians for nearly two decades, giving up nuclear secrets, compromising intelligence, and betraying US assets. With zero training in face-to-face investigation, O’Neill found himself in a windowless, high-security office in the newly formed Information Assurance Section, tasked officially with helping the FBI secure its outdated

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisTable of ContentsAbout the Author v Acknowledgments vii Introduction xv Part I: the Attacker Mindset 1 Chapter 1: What Is the Attacker Mindset? 3 Using the Mindset 6 The Attacker and the Mindset 9 AMs Is a Needed Set of Skills 11 A Quick Note on Scope 13 Summary 16 Key Message 16 Chapter 2: Offensive vs. Defensive Attacker Mindset 17 The Offensive Attacker Mindset 20 Comfort and Risk 22 Planning Pressure and Mental Agility 23 Emergency Conditioning 26 Defensive Attacker Mindset 31 Consistency and Regulation 31 Anxiety Control 32 Recovery, Distraction, and Maintenance 34 OAMs and DAMs Come Together 35 Summary 35 Key Message 36 Chapter 3: The Attacker Mindset Framework 37 Development 39 Phase 1 43 Phase 2 47 Application 48 Preloading 51 “Right Time, Right Place” Preload 51 Ethics 52 Intellectual Ethics 53 Reactionary Ethics 53 Social Engineering and Security 57 Social Engineering vs. AMs 59 Summary 60 Key Message 60 Part II: the Laws and Skills 63 Chapter 4: The Laws 65 Law 1: Start with the End in Mind 65 End to Start Questions 66 Robbing a Bank 68 Bringing It All together 70 The Start of the End 71 Clarity 71 Efficiency 72 The Objective 72 How to Begin with the End in Mind 73 Law 2: Gather, Weaponize, and Leverage Information 75 Law 3: Never Break Pretext 77 Law 4: Every Move Made Benefits the Objective 80 Summary 81 Key Message 82 Chapter 5: Curiosity, Persistence, and Agility 83 Curiosity 86 The Exercise: Part 1 87 The Exercise: Part 2 89 Persistence 92 Skills and Common Sense 95 Professional Common Sense 95 Summary 98 Key Message 98 Chapter 6: Information Processing: Observation and Thinking Techniques 99 Your Brain vs. Your Observation 102 Observation vs. Heuristics 107 Heuristics 107 Behold Linda 108 Observation vs. Intuition 109 Using Reasoning and Logic 112 Observing People 114 Observation Exercise 116 AMs and Observation 122 Tying It All Together 123 Critical and Nonlinear Thinking 124 Vector vs. Arc 127 Education and Critical Thinking 128 Workplace Critical Thinking 128 Critical Thinking and Other Psychological Constructs 129 Critical Thinking Skills 130 Nonlinear Thinking 131 Tying Them Together 132 Summary 133 Key Message 134 Chapter 7: Information Processing in Practice 135 Reconnaissance 136 Recon: Passive 145 Recon: Active 149 Osint 150 OSINT Over the Years 150 Intel Types 153 Alternative Data in OSINT 154 Signal vs. Noise 155 Weaponizing of Information 158 Tying Back to the Objective 160 Summary 170 Key Message 170 Part III: Tools and Anatomy 171 Chapter 8: Attack Strategy 173 Attacks in Action 175 Strategic Environment 177 The Necessity of Engagement and Winning 179 The Attack Surface 183 Vulnerabilities 183 AMs Applied to the Attack Vectors 184 Phishing 184 Mass Phish 185 Spearphish 186 Whaling 187 Vishing 190 Smishing/Smshing 195 Impersonation 196 Physical 199 Back to the Manhattan Bank 200 Summary 203 Key Message 203 Chapter 9: Psychology in Attacks 205 Setting The Scene: Why Psychology Matters 205 Ego Suspension, Humility & Asking for Help 210 Humility 215 Asking for Help 216 Introducing the Target- Attacker Window Model 217 Four TAWM Regions 218 Target Psychology 221 Optimism Bias 225 Confirmation Bias and Motivated Reasoning 228 Framing Effect 231 Thin- Slice Assessments 233 Default to Truth 236 Summary 239 Key Message 239 Part IV: AFTER AMs 241 Chapter 10: Staying Protected— The Individual 243 Attacker Mindset for Ordinary People 243 Behavioral Security 246 Amygdala Hijacking 250 Analyze Your Attack Surface 252 Summary 256 Key Message 256 Chapter 11: Staying Protected— The Business 257 Indicators of Attack 258 Nontechnical Measures 258 Testing and Red Teams 261 Survivorship Bias 261 The Complex Policy 263 Protection 264 Antifragile 264 The Full Spectrum of Crises 266 AMs on the Spectrum 268 Final Thoughts 269 Summary 270 Key Message 271 Index 273

Read more less

Book SynopsisAvoid becoming the next ransomware victim by taking practical steps today Colonial Pipeline. CWT Global. Brenntag. Travelex. The list of ransomware victims is long, distinguished, and sophisticated. And it's growing longer every day. In Ransomware Protection Playbook, computer security veteran and expert penetration tester Roger A. Grimes delivers an actionable blueprint for organizations seeking a robust defense against one of the most insidious and destructive IT threats currently in the wild. You'll learn about concrete steps you can take now to protect yourself or your organization from ransomware attacks. In addition to walking you through the necessary technical preventative measures, this critical book will show you how to: Quickly detect an attack, limit the damage, and decide whether to pay the ransomImplement a pre-set game plan in the event of a game-changing security breach to help limit the reputational and financial damageLay down a secure foundation of cybersecuritTable of ContentsAcknowledgments xi Introduction xxi Part I: Introduction 1 Chapter 1: Introduction to Ransomware 3 How Bad is the Problem? 4 Variability of Ransomware Data 5 True Costs of Ransomware 7 Types of Ransomware 9 Fake Ransomware 10 Immediate Action vs. Delayed 14 Automatic or Human-Directed 17 Single Device Impacts or More 18 Ransomware Root Exploit 19 File Encrypting vs. Boot Infecting 21 Good vs. Bad Encryption 22 Encryption vs. More Payloads 23 Ransomware as a Service 30 Typical Ransomware Process and Components 32 Infiltrate 32 After Initial Execution 34 Dial-Home 34 Auto-Update 37 Check for Location 38 Initial Automatic Payloads 39 Waiting 40 Hacker Checks C&C 40 More Tools Used 40 Reconnaissance 41 Readying Encryption 42 Data Exfiltration 43 Encryption 44 Extortion Demand 45 Negotiations 46 Provide Decryption Keys 47 Ransomware Goes Conglomerate 48 Ransomware Industry Components 52 Summary 55 Chapter 2: Preventing Ransomware 57 Nineteen Minutes to Takeover 57 Good General Computer Defense Strategy 59 Understanding How Ransomware Attacks 61 The Nine Exploit Methods All Hackers and Malware Use 62 Top Root-Cause Exploit Methods of All Hackers and Malware 63 Top Root-Cause Exploit Methods of Ransomware 64 Preventing Ransomware 67 Primary Defenses 67 Everything Else 70 Use Application Control 70 Antivirus Prevention 73 Secure Configurations 74 Privileged Account Management 74 Security Boundary Segmentation 75 Data Protection 76 Block USB Keys 76 Implement a Foreign Russian Language 77 Beyond Self-Defense 78 Geopolitical Solutions 79 International Cooperation and Law Enforcement 79 Coordinated Technical Defense 80 Disrupt Money Supply 81 Fix the Internet 81 Summary 84 Chapter 3: Cybersecurity Insurance 85 Cybersecurity Insurance Shakeout 85 Did Cybersecurity Insurance Make Ransomware Worse? 90 Cybersecurity Insurance Policies 92 What’s Covered by Most Cybersecurity Policies 93 Recovery Costs 93 Ransom 94 Root-Cause Analysis 95 Business Interruption Costs 95 Customer/Stakeholder Notifications and Protection 96 Fines and Legal Investigations 96 Example Cyber Insurance Policy Structure 97 Costs Covered and Not Covered by Insurance 98 The Insurance Process 101 Getting Insurance 101 Cybersecurity Risk Determination 102 Underwriting and Approval 103 Incident Claim Process 104 Initial Technical Help 105 What to Watch Out For 106 Social Engineering Outs 107 Make Sure Your Policy Covers Ransomware 107 Employee’s Mistake Involved 107 Work-from-Home Scenarios 108 War Exclusion Clauses 108 Future of Cybersecurity Insurance 109 Summary 111 Chapter 4: Legal Considerations 113 Bitcoin and Cryptocurrencies 114 Can You Be in Legal Jeopardy for Paying a Ransom? 123 Consult with a Lawyer 127 Try to Follow the Money 127 Get Law Enforcement Involved 128 Get an OFAC License to Pay the Ransom 129 Do Your Due Diligence 129 Is It an Official Data Breach? 129 Preserve Evidence 130 Legal Defense Summary 130 Summary 131 Part II: Detection and Recovery 133 Chapter 5: Ransomware Response Plan 135 Why Do Response Planning? 135 When Should a Response Plan Be Made? 136 What Should a Response Plan Include? 136 Small Response vs. Large Response Threshold 137 Key People 137 Communications Plan 138 Public Relations Plan 141 Reliable Backup 142 Ransom Payment Planning 144 Cybersecurity Insurance Plan 146 What It Takes to Declare an Official Data Breach 147 Internal vs. External Consultants 148 Cryptocurrency Wallet 149 Response 151 Checklist 151 Definitions 153 Practice Makes Perfect 153 Summary 154 Chapter 6: Detecting Ransomware 155 Why is Ransomware So Hard to Detect? 155 Detection Methods 158 Security Awareness Training 158 AV/EDR Adjunct Detections 159 Detect New Processes 160 Anomalous Network Connections 164 New, Unexplained Things 166 Unexplained Stoppages 167 Aggressive Monitoring 169 Example Detection Solution 169 Summary 175 Chapter 7: Minimizing Damage 177 Basic Outline for Initial Ransomware Response 177 Stop the Spread 179 Power Down or Isolate Exploited Devices 180 Disconnecting the Network 181 Disconnect at the Network Access Points 182 Suppose You Can’t Disconnect the Network 183 Initial Damage Assessment 184 What is Impacted? 185 Ensure Your Backups Are Still Good 186 Check for Signs of Data and Credential Exfiltration 186 Check for Rogue Email Rules 187 What Do You Know About the Ransomware? 187 First Team Meeting 188 Determine Next Steps 189 Pay the Ransom or Not? 190 Recover or Rebuild? 190 Summary 193 Chapter 8: Early Responses 195 What Do You Know? 195 A Few Things to Remember 197 Encryption is Likely Not Your Only Problem 198 Reputational Harm May Occur 199 Firings May Happen 200 It Could Get Worse 201 Major Decisions 202 Business Impact Analysis 202 Determine Business Interruption Workarounds 203 Did Data Exfiltration Happen? 204 Can You Decrypt the Data Without Paying? 204 Ransomware is Buggy 205 Ransomware Decryption Websites 205 Ransomware Gang Publishes Decryption Keys 206 Sniff a Ransomware Key Off the Network? 206 Recovery Companies Who Lie About Decryption Key Use 207 If You Get the Decryption Keys 207 Save Encrypted Data Just in Case 208 Determine Whether the Ransom Should Be Paid 209 Not Paying the Ransom 209 Paying the Ransom 210 Recover or Rebuild Involved Systems? 212 Determine Dwell Time 212 Determine Root Cause 213 Point Fix or Time to Get Serious? 214 Early Actions 215 Preserve the Evidence 215 Remove the Malware 215 Change All Passwords 217 Summary 217 Chapter 9: Environment Recovery 219 Big Decisions 219 Recover vs. Rebuild 220 In What Order 221 Restoring Network 221 Restore IT Security Services 223 Restore Virtual Machines and/or Cloud Services 223 Restore Backup Systems 224 Restore Clients, Servers, Applications, Services 224 Conduct Unit Testing 225 Rebuild Process Summary 225 Recovery Process Summary 228 Recovering a Windows Computer 229 Recovering/Restoring Microsoft Active Directory 231 Summary 233 Chapter 10: Next Steps 235 Paradigm Shifts 235 Implement a Data-Driven Defense 236 Focus on Root Causes 238 Rank Everything! 239 Get and Use Good Data 240 Heed Growing Threats More 241 Row the Same Direction 241 Focus on Social Engineering Mitigation 242 Track Processes and Network Traffic 243 Improve Overall Cybersecurity Hygiene 243 Use Multifactor Authentication 243 Use a Strong Password Policy 244 Secure Elevated Group Memberships 246 Improve Security Monitoring 247 Secure PowerShell 247 Secure Data 248 Secure Backups 249 Summary 250 Chapter 11: What Not to Do 251 Assume You Can’t Be a Victim 251 Think That One Super-Tool Can Prevent an Attack 252 Assume Too Quickly Your Backup is Good 252 Use Inexperienced Responders 253 Give Inadequate Considerations to Paying Ransom 254 Lie to Attackers 255 Insult the Gang by Suggesting Tiny Ransom 255 Pay the Whole Amount Right Away 256 Argue with the Ransomware Gang 257 Apply Decryption Keys to Your Only Copy 257 Not Care About Root Cause 257 Keep Your Ransomware Response Plan Online Only 258 Allow a Team Member to Go Rogue 258 Accept a Social Engineering Exclusion in Your Cyber-Insurance Policy 259 Summary 259 Chapter 12: Future of Ransomware 261 Future of Ransomware 261 Attacks Beyond Traditional Computers 262 IoT Ransoms 264 Mixed-Purpose Hacking Gangs 265 Future of Ransomware Defense 267 Future Technical Defenses 267 Ransomware Countermeasure Apps and Features 267 AI Defense and Bots 268 Strategic Defenses 269 Focus on Mitigating Root Causes 269 Geopolitical Improvements 269 Systematic Improvements 270 Use Cyber Insurance as a Tool 270 Improve Internet Security Overall 271 Summary 271 Parting Words 272 Index 273

Read more less

Book Synopsis

Read more less

Book SynopsisThe Cult of the Dead Cow is the story of the oldest, most respected and most famous hacking group of all time. Its members invented the the concept of hacktivism, released both the top tool for cracking passwords and the reigning technique for controlling computers from afar, and spurred development of Snowden's anonymity tool of choice. With its origins in the earliest days of the Internet, the cDc is full of oddball characters--spies, activists, musicians, and politicians--who are now woven into the top ranks of the American establishment. Today, this small group and their followers represent the best hope for making technology a force for good instead of for surveillance and oppression. Like a modern (and real) illuminati, cDc members have had the ears of presidents, secretaries of defense, and the CEO of Google. The Cult of the Dead Cow shows how we got into the mess we find ourselves in today, where governments and corporations hold immense power over individuals, and and how we are finally fighting back.

Read more less

Book SynopsisExploring computer security as both a social and technical problemTrade Review"Johnston presents the ways antivirus workers think in fascinating detail. She is very astute and effective in analyzing and explicating the underlying assumptions of their logic. Technological Turf Wars is insightful, interesting, and it unfolds in ways that are quite surprising. Johnston demonstrates that this industry is as much a social world as it is a technical world."—John L. Caughey, Professor of American Studies, University of Maryland, College ParkTable of ContentsAcknowledgements Introduction 1. Naming the Threat 2. Security Transformations 3. Trust, Networks, and the Transformation of Organizational Power 4. IT Corporate Customers as End Users 5. Marketing Services 6. Situated Exclusions and Reinforced Power Works Cited Index

Read more less

Book SynopsisExploring computer security as both a social and technical problemTrade Review"Johnston presents the ways antivirus workers think in fascinating detail. She is very astute and effective in analyzing and explicating the underlying assumptions of their logic. Technological Turf Wars is insightful, interesting, and it unfolds in ways that are quite surprising. Johnston demonstrates that this industry is as much a social world as it is a technical world."—John L. Caughey, Professor of American Studies, University of Maryland, College ParkTable of ContentsAcknowledgements Introduction 1. Naming the Threat 2. Security Transformations 3. Trust, Networks, and the Transformation of Organizational Power 4. IT Corporate Customers as End Users 5. Marketing Services 6. Situated Exclusions and Reinforced Power Works Cited Index

Read more less

Book SynopsisSecurity experts Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge they've gained over years of professional research to help you counter threats. We're talking hard stuff - attacks buried deep in a machine's boot process or UEFI firmware that keep malware analysts up late at night. With these field notes, you'll trace malware evolution from rootkits like TDL3 to present day UEFI implants and examine how these malware infect the system, persist through reboot, and evade security software. The game is not lost.Trade Review“This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.” —Ben Rothke, Security Management“Alex Matrosov, Eugene Rodionov, and Sergey Bratus are experts in their field that have delivered a solid hands-on technical book. While enthralled with the stories from the trenches, I got flashbacks of my days of analyzing rootkits on SunOS and Solaris workstations about 20 years ago. It was a fun book to read.” —Sven Dietrich, Cipher: the newsletter of the IEEE Computer Society's Technical Committee on Security and Privacy"I enjoyed reading the book and learning about the malware, even if it was not particularly relevant to me, as 'I don’t do Windows.' Still, there’s more than enough here that’s relevant to Linux users, as malware writers are now turning their attention to Linux servers." —Rik Farrow, USENIX ;login: magazine"[A] seminal book that explains how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware." —Business Wire

Read more less

Book SynopsisSecurity has become a 'big data' problem. The growth rate of malware has accelerated to tens of millions of new files per year while our networks generate an ever-larger flood of security-relevant data each day. In order to defend against these advanced attacks, you'll need to know how to think like a data scientist. In Malware Data Science, security data scientist Joshua Saxe introduces machine learning, statistics, social network analysis, and data visualisation, and shows you how to apply these methods to malware detection and analysis.Trade Review"For those looking to become a security data scientist, or just want to get a comprehensive understanding of how to use data science to deal with malicious software, Malware Data Science is a superb reference." —Ben Rothke, RSA Conference"If you are new to data science or machine learning, this book provides an excellent introduction to these topics." —DMFR Security

Read more less

Book SynopsisFrom Exposed To Secure reveals the everyday threats that are putting your company in danger and where to focus your resources to eliminate exposure and minimize risk. Top cybersecurity and compliance professionals from around the world share their decades of experience in utilizing data protection regulations and complete security measures to protect your company from fines, lawsuits, loss of revenue, operation disruption or destruction, intellectual property theft, and reputational damage.   From Exposed To Secure delivers the crucial, smart steps every business must take to protect itself against the increasingly prevalent and sophisticated cyberthreats that can destroy your company - including phishing, the Internet of Things, insider threats, ransomware, supply chain, and zero-day. 

Read more less

Book SynopsisWritten by leading macOS threat analyst Patrick Wardle, The Art of Mac Malware Analysis covers the knowledge and hands-on skills required to analyze Mac malware. Using real-world examples and references to original research, Part 1 surveys the malware's various infection methods, persistence mechanisms, and capabilities. In Part 2, you'll learn about the static and dynamic analysis tools and techniques needed to examine malware you may find in the wild. Finally, you'll put these lessons into practice by walking through a comprehensive analysis of a complex Mac malware specimen (Part 3).Trade Review"[The Art of Mac Malware] serves as a valuable resource for anyone looking to level up their skills to stay on top of the latest macOS threats. Patrick's approachable, educating writing style and extensive knowledge in this field made him the ideal author to write this book."—Maria Markstedter, @Fox0x01, Forbes Person Of The Year In Cybersecurity"Mac doesn’t face the same level of malware threat that Windows users experience. However, it is possible to create malware for macOS and the excellent book, The Art of Mac Malware, goes into a lot of detail."—Security Boulevard"Awesome job keeping readers hooked."—Tony Lambert, @ForensicITGuy"An awesome researcher writing for my favorite publisher . . . If you’re interested in Mac malware, I highly recommend!"—Francisco Donoso, @Francisckrs

Read more less

Book SynopsisCyber security has never been more essential than it is today, it’s not a case of if an attack will happen, but when. This brand new edition covers the various types of cyber threats and explains what you can do to mitigate these risks and keep your data secure. Cyber Security explains the fundamentals of information security, how to shape good organisational security practice, and how to recover effectively should the worst happen. Written in an accessible manner, Cyber Security provides practical guidance and actionable steps to better prepare your workplace and your home alike. This second edition has been updated to reflect the latest threats and vulnerabilities in the IT security landscape, and updates to standards, good practice guides and legislation. • A valuable guide to both current professionals at all levels and those wishing to embark on a cyber security profession • Offers practical guidance and actionable steps for individuals and businesses to protect themselves • Highly accessible and terminology is clearly explained and supported with current, real-world examplesTrade ReviewDavid Sutton's books provides well researched, comprehensive guide to the multifaceted, rapidly growing cyber domain. It serves as a valuable guide to both current professionals and those wishing to embark on a Cyber Security profession. An excellent read. -- Colonel John S Doody FBCS FCMI CITP ACISP MIOD, Director, Interlocutor Services LimitedA very comprehensive primer on cyber security covering issues, solutions and suggestions for further action. After reading this book anyone that worries about cyber security without necessarily wanting to become an expert will find themself much better informed and quite probably much more interested. -- Susan Perriam MBA MSc CMgr MBCS CISSP, Cyber Security ConsultantThis book manages to strike a perfect balance between technical breadth and depth. It includes enough detail to understand the broad range of concepts and techniques found in a complex industry, along with practical and real-life examples. This latest revision is packed with recent examples, scenarios, tools, and techniques that make it a fascinating read for both industry veterans and recent joiners alike. Highly recommended. -- Martin King FBCS CITP CISSP, Chief Technology Officer, IT TransformedThis book describes the eco system of cyber security and provides excellent go-to guides and considerations for people/teams dealing with both technical and non-technical security. Awareness and training are at the very heart of the book, successfully paralleled by descriptions of how our day-to-day information sharing and protection should take place safely. A useful and insightful read and highly recommended. -- Lesley-Anne Turner, Cyber Compliance, CDDO, Cabinet OfficeThe style and structure makes it an ideal book for students as it covers all the important topics, from the fundamentals of information security such as the CIA model, through to organisational issues (policies and disaster recovery), legal requirements and security standards. Terminology is clearly explained and supported with current, real-world examples. It is a most valuable resource. -- Richard Hind MSc MBCS FHEA, Tutor of Digital Technologies, York CollegeThis book gives a good insight into cyber security, with modern day examples and practical guidance on how to proactively mitigate against risks. This will definitely be a book I refer to frequently. -- Bianca Christian, Business Analyst, Young Business Analysts (YBA)On first reading this book, the biggest impression that greets the reader is that it’s NOT a technical reference book and is widely focused on the wider impact of cyber security on society as a whole. It is not just for technologists and treats a complex subject with just the right level of both technical and socioeconomic balance. Highly recommended. -- Adrian Winckles MBCS CITP CEng, Chair of BCS Cybercrime Forensics SG and OWASP Education CommitteeCyber Security 2e is a rich technical guide on cyber threats. Leaving no stone unturned, the first half touches on key examples and paints a clear picture of the current threat landscape that both individuals and organisations face, and the second half contains solutions. Sutton aptly spotlights a number of actions that anyone could be encouraged to practice for good personal and corporate security. -- Ester Masoapatali MBCS, Information Security Specialist, Partnerships Manager, CybSafeThis book is a fantastic resource for those breaking into the industry, or for non-security leaders who want to know more about the risks faced by their business. Written in an accessible manner, this second edition gives readers updated information and current examples showing the changing trends and tactics of attackers. -- Jim Wright, Managing Director, Principle DefenceThis book is for anyone who wants to understand and learn more about cybersecurity. It provides a foundation of cybersecurity knowledge as well as essential practical skills and techniques for entry and junior-level cybersecurity roles. It is also designed to help learners in building a promising and rewarding career pathway in the cybersecurity field. -- Dr Sherif El-Gendy FBCS, Information Security ExpertThis highly accessible second edition provides a thorough update to the world of cyber security in a non-technical manner; firstly clarifying cyber security issues and then focusing on cyber security solutions. If you are looking for a go-to reference that explains cyber security in plain language, this book is for you. -- Tim Clements FBCS CITP FIP CIPP/E CIPM CIPT, Purpose and MeansThis book demystifies what can, to many, be a rather bewildering topic, and it sets clear context and eloquently describes the landscape of threats and issues, and provides clear, actionable advice across key topics. A handy and well-written reference guide, and highly recommended reading! -- Paul Watts MBCS CITP FCIIS CISSP CISM, former CISO and Distinguished Analyst, Information Security ForumA thought-provoking and excellent read. Essential for cybersecurity practitioners working across numerous specialisations and at all levels of management. This blended use of theory and practical applications sets this book apart, complements industry-leading certifications and make it a must-read for anyone working within cyber. -- Gary Cocklin CITP CISSP, Senior Cyber Security Practitioner, UK Royal Air Force (RAF)This book is not just for cyber professionals, it’s for everyone. This book is easy to follow and clearly articulates what cyber is and why it matters. It provides insights into why cyber-attacks occur and offers practical and technical guidance for individuals and businesses to protect themselves. This will be my go-to resource for cyber security. -- Thando Jacobs, Business Analyst, Senior Leadership Team, Young Business Analysts (YBA)This book delivers a comprehensive overview of cyber security and is packed with numerous interesting, relevant examples to illustrate key points. Readers will gain insights on why they might be attacked and measures to protect against ever increasing cyber threats. Therefore I highly recommend this publication for individuals and organisations alike. -- Olu Odeniyi, Cyber Security, Information Security and Digital Transformation Advisor, Thought Leader and SpeakerEasy to follow, digestible and highly relevant for the world we live in today. Not just for cybersecurity professionals, business continuity practitioners will gain valuable insight as well as hints and tips on what cybersecurity aspects to consider when developing business continuity plans and response arrangements. -- Hilary Estall MBCI, IRCA BCMS Principal Auditor, Business Continuity Practitioner, Director Perpetual SolutionsTable of ContentsPreface 1. Introduction 2. The big issues 3. Cyber targets 4. Cyber vulnerabilities and impacts 5. Cyber threats 6. Risk management overview 7. Business continuity & disaster recovery 8. Basic cyber security steps 9. Organisational security steps 10. Awareness and training 11. Information sharing Bibliography Appendix A - Standards Appendix B - Good practice guidelines Appendix C - Cyber security law Appendix D - Cyber security training Appendix E - Links to other useful organisations

Read more less

Book SynopsisCovering all aspects of the framework from installation, configuration, and vulnerability hunting to advanced client side attacks and anti-forensics, this book carries out penetration testing in highly-secured environments with Metasploit. It helps you learn to bypass different defenses to gain access into different systems.

Read more less

Book Synopsis

Read more less