Elevate Your Career with AI & Machine Learning For Dummies PRO and Start mastering the technologies shaping the future—download now and take the next step in your professional journey!
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
1- PGP
PGP is a Form of Minimalism
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
- You get from them a PGP identity (public key). How you do that is entirely up to you.
- Your PGP program uses that identity to perform a single public key encryption of a message key.
- Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
- Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
- Hash the message.
- Do a public key signature operation on the hash and attach the result to the message.
- Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
- Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
- A Signal session requires the storage and maintenance of a lot of state information.
- Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
- Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
- Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
Set yourself up for promotion or get a better job by Acing the AWS Certified Data Engineer Associate Exam (DEA-C01) with the eBook or App below (Data and AI)
Download the Ace AWS DEA-C01 Exam App:
iOS - Android
AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
8-Biometric Authentication.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
9- Zoom.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
<Rant>
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
</Rant>
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
To conclude:
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
source: r/cybersecurity
Source: r/cybersecurity
- Analysis of IP proxy application cases to enhance network securityby 98IP (Security on Medium) on January 16, 2025 at 1:38 am
In today’s digital age, network security has become a major issue that cannot be ignored by enterprises and individuals. With the…Continue reading on Medium »
- Embracing AI in Audit, Risk, and Compliance: My Learning Journeyby Rachel Mileon-Chung (Cybersecurity on Medium) on January 16, 2025 at 1:33 am
As someone passionate about technology and governance, I’ve been diving into how AI is reshaping the fields of audit, risk, and compliance…Continue reading on Medium »
- 2025 Tech Trends: The Five Must-Have Skills for a Competitive Edgeby Devendra Parmar (Cybersecurity on Medium) on January 16, 2025 at 1:32 am
Explore the top tech skills of 2025 to boost your career, stay competitive, and thrive in the ever-evolving digital landscape.Continue reading on Medium »
- Capturing of Network Traffic Using Wireshark Toolby Mohammed Muneef (Cybersecurity on Medium) on January 16, 2025 at 1:32 am
This article outlines the fundamental usage of Wireshark, a tool employed for capturing network communication.Continue reading on Medium »
- CTF Walkthrough 2024by Melanie Gonzalez (Cybersecurity on Medium) on January 16, 2025 at 12:44 am
The following are challenges I completed from a 2024 TryHackMe CTF. The challenges include digital forensics, privilege escalation, AI…Continue reading on Medium »
- Firewall Membantu Melindungi Jaringan Anda dari Seranganby Indobot Academy (Cybersecurity on Medium) on January 16, 2025 at 12:41 am
Di era digital, keamanan jaringan menjadi prioritas utama untuk melindungi data dan sistem Anda. Tanpa perlindungan yang tepat, jaringan…Continue reading on Medium »
- Implementing MSI Installer Code Signing in Azure DevOps Pipelineby Maksim Vialykh (Cybersecurity on Medium) on January 16, 2025 at 12:25 am
Code signing is a crucial step in software development, ensuring the authenticity and integrity of the distributed code. For Windows…Continue reading on Medium »
- 10-Days of learning — Day 7 — Anti-Analysis and Anti-Debugging Techniquesby Khalani Prot (Cybersecurity on Medium) on January 16, 2025 at 12:14 am
Anti-analysis and anti-debugging techniques aim to make it challenging or even impossible for attackers to examine or debug a program’s or…Continue reading on Medium »
- Exploring Ethereum: The Backbone of Decentralized Innovationby Satyam Patel (Cybersecurity on Medium) on January 16, 2025 at 12:12 am
Introduction to EthereumContinue reading on The Capital »
- Mastering Cybersecurity Architecture: Prevention, Detection, and Responseby Nitin Lalwani (Cybersecurity on Medium) on January 16, 2025 at 12:12 am
Cybersecurity is a constantly evolving field that hinges on three core pillars: prevention, detection, and response. These form the…Continue reading on Classy Endeavors »
- 10-Days of learning — Day 6 — Persistence MalwarePersistence Malware:by Khalani Prot (Cybersecurity on Medium) on January 16, 2025 at 12:09 am
Persistence malware is a type of malware that attempts to remain undetected on a target system after initial execution and it’s designed…Continue reading on Medium »
- Conquering the AWS Security Specialist SCS-C02 Exam: My Study Tips and Resourcesby Jelle (Security on Medium) on January 15, 2025 at 10:45 pm
The AWS Security Specialist SCS-C02 Certification is a challenging exam that tests your knowledge across data management, AI, and cloud…Continue reading on Medium »
- ISACA: Serious breach, or just terrible change control?by /u/Useless_or_inept (cybersecurity) on January 15, 2025 at 10:38 pm
I noticed a very suspicious email from ISACA, poorly worded, pointing me to a third-party website. It was sent to a single-use email address that I set up for CISM. It smelt like phishing. Lots of other people on social media commented that they got the same. Then ISACA's twitter account replied to a few other people to say there's no breach and that the email was just a mistake. Presumably the crappy 3rd-party URL is an early step in some site migration, testing, or whatever? But ISACA haven't replied to me directly. Well, in this timezone it's time for me to go to bed, maybe in the morning all this will make sense, maybe ISACA will explained what happened, maybe not. Did any of you clever people get it? Are there better answers? submitted by /u/Useless_or_inept [link] [comments]
- SAP fixes critical vulnerabilities in NetWeaver application serversby /u/arqf_ (cybersecurity) on January 15, 2025 at 10:30 pm
submitted by /u/arqf_ [link] [comments]
- Solving Phishing Attacks with the SLAM Method: A Comprehensive Guide | The DefendOps Diariesby /u/tuzzmaniandevil (cybersecurity) on January 15, 2025 at 10:28 pm
submitted by /u/tuzzmaniandevil [link] [comments]
- WordPress Security Plugin Recommendationsby Ashley Walker (Security on Medium) on January 15, 2025 at 9:35 pm
Continue reading on Medium »
- NordVPN Reviews Complaintsby ALI ABDI (Security on Medium) on January 15, 2025 at 9:28 pm
NordVPN flaunts dependable and cutthroat paces, as per CNET’s active VPN testing, bringing about the least web speed corruption of any…Continue reading on Medium »
- DORA (Digital Operational Resilience Act)by /u/No_excuses0101 (cybersecurity) on January 15, 2025 at 9:21 pm
Has anyone come across a mapping of DORA (Digital operational resilience act) to frameworks like NIST, ISO2700, ISF SoGP, CIS etc please? Or any websites / resources that explains / de-mystifies what each of the requirements in the DORA articles is looking for please? submitted by /u/No_excuses0101 [link] [comments]
- Understand how to use Cilium and Istio together for security in Kubernetesby Paris Nakita Kejser (Security on Medium) on January 15, 2025 at 9:05 pm
There is sometimes a big battle between Cilium and Istio because people do not understand how the two software can help together for…Continue reading on Medium »
- What is the one thing that you are determined to accomplish in 2025?by /u/NudgeSecurity (cybersecurity) on January 15, 2025 at 8:48 pm
With the new year already in full swing as we reach the halfway point of January we wanted to know - when it comes to your job, what's the most important thing you hope to accomplish in 2025? What steps are you taking/planning to help ensure you can make it happen? submitted by /u/NudgeSecurity [link] [comments]
- Ansible ile Şifre Saklama: Güvenli Otomasyonun Basit Yoluby Şahin Bölükbaşı (Security on Medium) on January 15, 2025 at 8:21 pm
Günümüz dijital dünyasında, yazılım geliştirme ve sistem yönetimi süreçleri giderek daha otomatikleşiyor. Bu otomasyonun en popüler…Continue reading on Medium »
- A New Era of Cross-Border Travel: Enhancing Security with SU Group’s Advanced Solutionsby SU Group Holdings Limited (SUGP) (Security on Medium) on January 15, 2025 at 8:00 pm
As Shenzhen residents gain access to multiple-entry visas for Hong Kong, a new chapter in cross-border travel begins, secured by SU Group.Continue reading on Medium »
- Android App Security Checklist for Developersby Anand Gaur (Security on Medium) on January 15, 2025 at 7:55 pm
Ensuring your Android app is secure is a critical part of the development process. Mobile apps often deal with sensitive user information…Continue reading on Medium »
- Label giant Avery says website hacked to steal credit cardsby /u/arqf_ (cybersecurity) on January 15, 2025 at 7:53 pm
submitted by /u/arqf_ [link] [comments]
- Hackers use Google Search ads to steal Google Ads accountsby /u/arqf_ (cybersecurity) on January 15, 2025 at 7:51 pm
submitted by /u/arqf_ [link] [comments]
- Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99by /u/arqf_ (cybersecurity) on January 15, 2025 at 7:49 pm
submitted by /u/arqf_ [link] [comments]
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Toolby /u/arqf_ (cybersecurity) on January 15, 2025 at 7:48 pm
submitted by /u/arqf_ [link] [comments]
- CISSP Holders: Did this cert change your career trajectory?by /u/CrewGlittering5406 (cybersecurity) on January 15, 2025 at 7:14 pm
Hello All, I wanted to get confirmation on people's experiences with obtaining the CISSP and your personal career trajectory post passing the exam. Did you stay where you're at in your position you held before, or did you get promoted or leave your organization for a better opportunity and higher salary? I keep seeing some people say that the CISSP isn't necessary, but in this tight job market and lack of IT jobs, I would say that the CISSP for security professionals to advance is needed going forward. Especially with the influx of h1b visa holders replacing US citizen jobs. This is one area where I would see having the CISSP wouldn't be impacted by foreigner visa holders to bypass a US worker for employment, especially in the security and defense fields were they need US citizens for classified work. submitted by /u/CrewGlittering5406 [link] [comments]
- Looking for a Framework to Framework Control mapping document (CRI FSP 2.0 to HKMA C-RAF 2.0)by /u/BackseatBenji15 (cybersecurity) on January 15, 2025 at 6:59 pm
Hey all, I am looking for a document, preferably an excel, that maps the CRI FSP 2.0 to HKMA C-RAF v2.0. I have scoured the internet looking for this and have been unsuccessful. CRI released a letter at the end of 2021 saying that they planned to map HKMA in 2022 but it looks like it never came to fruition. Appreciate any help locating something like this! submitted by /u/BackseatBenji15 [link] [comments]
- Security for TinyMLby /u/Scared-King-3826 (cybersecurity) on January 15, 2025 at 6:23 pm
Hi everyone, I am a newbie in this topic. I want to look at some papers about this topic but there are not many papers researching this problem. Can you help me find which problems are related to it? submitted by /u/Scared-King-3826 [link] [comments]
- Germany to shoot down drones near military sitesby Chaudhary (Security on Medium) on January 15, 2025 at 5:37 pm
Germany to Shoot Down Drones Near Military SitesContinue reading on Medium »
- Ransomware attacks on education declined in 2024, report showsby /u/thinkB4WeSpeak (cybersecurity) on January 15, 2025 at 5:26 pm
submitted by /u/thinkB4WeSpeak [link] [comments]
- North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domainsby /u/N07-2-L33T (cybersecurity) on January 15, 2025 at 5:24 pm
submitted by /u/N07-2-L33T [link] [comments]
- Rsync vulnerabilities allow remote code execution on servers, patch quickly!by /u/tekz (cybersecurity) on January 15, 2025 at 2:36 pm
submitted by /u/tekz [link] [comments]
- For those who started learning cybersecurity through the cybersecurity learning platforms tryhackme and/or HacktheBox academy , how much of your level of competency and level of knowledge in the field of cybersecurity has gone up?by /u/Historical_Donut6758 (cybersecurity) on January 15, 2025 at 1:48 pm
I think mine has gone up quite a bit given the fact that both platforms promotes a lot of practical learning and practical learning is the best way I learn submitted by /u/Historical_Donut6758 [link] [comments]
- What do you expect from ransomware in 2025?by /u/MartinZugec (cybersecurity) on January 15, 2025 at 12:06 pm
I started reading various prediction pieces this year, and oh boy, it's an orgy of AI-infused buzzwords. Tried to put together something more realistic: Ransomware will continue to grow, doh. More data exfils than data encryptions. Ransomware will continue shifting to opportunistic attacks using vulnerabilities in enterprise software (less than 24 hours to fix after PoC). Elite ransomware groups will focus more on opsec and vetted memberships, mid-range groups (based on leaked matured code like LockBit/Babuk) will aggressively fight to attract affiliates, leading to relaxed rules of engagement. Healthcare industry should brace for impact. Lone wolves model will continue growing, but flying completely under radar. Lone wolves are ransomware threat actors that don't operate under RaaS model - e.g. ShrinkLocker research about attacking whole network without using malware (BitLocker and lolbins). Rust/Go will continue gaining popularity, combined with intermittent and quantum-resilient (e.g. NTRU) encryption. That's mostly game over for decryptors unfortunately. Business processes that are not deepfake-proofed will be targeted - typically financial institutions or cryptomarkets that use photo/video as a verification factor. An example of this was already seen in Brazil (500+ bank accounts opened for money laundering purposes). AI will continue fueling BEC attacks, mostly flying under the radar. BEC caused about 60x higher losses than ransomware in 2022/2023 (according to FBI) and are directly benefiting from LLMs. AI-infused supermalware remains a thought leadership gimmick. AI used for programming assistance will become a significant threat, because it will allow threat actors to target unusual targets such as ICS/SCADA and critical infrastructure (e.g. FrostyGoop manipulating ModbusTCP protocol). Hacktivism could make a big comeback, equipped with RaaS ransomware than DDoS tools. We are already seeing some indicators of this, after hacktivism almost disappeared in the last decade (compared to financially motivated attacks). As hacktivists start blending with ransomware threat actors, so will APTs. It's expensive to finance special operations and nuclear programs, and this blurring allows state-sponsored actors to generate significant profits while maintaining plausible deniability. GenZ cybercriminals will start making news - 16-25y old from the Western countries, collaborating with Russian-speaking groups, trying to gain notoriety. Frequently arrested, but with large membership base (1K+ for Scattered Spider), there is enough cannon fodder for a while. Quantum computers - while they are years away, companies will start with early assessments and data classification. Some threat actors (APTs) will start harvesting data now, with a plan to decrypt them years later. Since NIST finalized three key PQC standards already, early adopters can start taking first steps. I am curious about your thoughts - I feel this year is harder to predict than others, because it can go both ways (repeat of 2024 or dramatic shift with hacktivists/APTs/lone wolves). I see AI as tool for social engineering, mostly a boon for defenders rather than attackers. More details: https://www.bitdefender.com/en-us/blog/businessinsights/cybersecurity-predictions-2025-hype-vs-reality submitted by /u/MartinZugec [link] [comments]
- UK to ban ransomware payments in critical sectors.by /u/Novel_Negotiation224 (cybersecurity) on January 15, 2025 at 11:43 am
submitted by /u/Novel_Negotiation224 [link] [comments]
- Trusting cybersecurity statsby /u/Latter-Site-9121 (cybersecurity) on January 15, 2025 at 11:13 am
I’ve been reflecting on how much weight we give to statistics in cybersecurity. Personally, I find stats valuable when they’re backed by credible details like methodology, sample size, and the context in which they were gathered. But lately, it feels like stats are being used more for marketing than for real insights. For example, I recently came across a bold claim about the ‘death of Breach and Attack Simulation,’ supported by numbers. But those numbers lacked key details: no clarity on where the data came from, who contributed, or how the conclusions were reached. Without transparency, how can we truly rely on these figures? What’s your take? submitted by /u/Latter-Site-9121 [link] [comments]
- Here’s how hucksters are manipulating Google to promote shady Chrome extensionsby /u/Party_Wolf6604 (cybersecurity) on January 15, 2025 at 10:57 am
submitted by /u/Party_Wolf6604 [link] [comments]
- I’m the founder of Pomerium. Ask Me Anything about context-aware access control.by /u/Oscar_Geare (cybersecurity) on January 15, 2025 at 10:56 am
Hi everyone. We're grateful for all the individuals who reach out and offer to do AMAs. This subreddit serves as one of the first locations that people come to when they want to get knowledge about our industry. The discussions we have here are archived and might be things that our children could reference in the future. The way we improve as an industry is by sharing what we know so that we can inspire others. You, as a cybersecurity professional, stand on the shoulders of greats who discovered all the things you do in your day to day. In ten/fifteen years, someone will be standing on your shoulders. Don't horde your knowledge. If you want to do an AMA, please reach out to the mod team. Today we're joined by Bobby DeSimone ( u/PeopleCallMeBob ), the founder of Pomerium and Surelock (acquired by BeyondTrust). He's here to answer questions on access control. This AMA will be starting at 2024-01-15 0930 GMT-8 (US Pacific Time). ----- Hi, I'm Bobby! After my first startup Surelock was acquired by BeyondTrust, I worked several years in the PAM space for BeyondTrust. This gave me some insight into the pain points of access control I believe aren't being adequately addressed by any of the tools on the market. In the end, I left BeyondTrust to found Pomerium, an open-source reverse proxy to address each of the problems I saw in the access control space. It's currently used by multiple Fortune 100 companies, other cybersecurity companies like ExtraHop, and by ex-Googlers to replace Uberproxy for their new organizations. Here are some of my observations below about the space: Zero-trust is real but has been co-opted by marketing. "Trust nothing, verify everything" now applies to the tools and solutions you're adding to your stack. Perimeter-based security is nebulous and doesn't reflect the current reality of remote work and globally distributed teams. We have a blog post discussing the Perimeter Problem. *Tunneling solutions utilizing connection-based approaches are less secure than continuous verification approaches. Access should flow from identity, posture, and context. The point of security is to inspect traffic and stop bad things before they happen. Hosted solutions lack institutionally-relevant context while adding bandwidth costs, latency & vendor lock-in. They also drastically expand your data boundary. Everyone wants to be your single pane of glass and that's alarming — who watches the watchers? Any provider can deprioritize cybersecurity investments. Cybersecurity teams should be familiarizing themselves with why layer 4 and layer 7 differences matter for their specific use cases. Organizations are overly reliant on solutions running on the OSI layer 4 (transport layer). These solutions are architecturally not designed for per-action/request-based authorization and verification, leaving them unable to address the evolving threat landscape. Layer 4 tools are best for layer 4 traffic and layer 7 tools are best for layer 7 traffic. I believe that there doesn't need to be a tradeoff between usability and security. If security gets in the way of productivity and workflow, even the most technically sound security system will erode over time as the human element seeks to navigate around the system or even take it down. We discuss this internally all the time at Pomerium and seek to make the user experience seamless without friction — users don't even know they're going through Pomerium with our clientless access! I'm happy to talk about anything access control! submitted by /u/Oscar_Geare [link] [comments]
- DOJ deletes China-linked PlugX malware off more than 4,200 US computersby /u/anynamewillbegood (cybersecurity) on January 15, 2025 at 10:17 am
submitted by /u/anynamewillbegood [link] [comments]
- Min requirements for cyber security - PC Personal useby /u/r3vhead_ (cybersecurity) on January 15, 2025 at 8:43 am
What do you consider the minimum requirements for a secure PC? Here’s how I use mine: • Mainly office work, with occasional use for personal activities like browsing less secure websites (e.g., adult sites) and torrenting. • I use MFA (multi-factor authentication) for sensitive accounts like banking and social media. • I have a password manager (LastPass – yes, I know it has its issues). • I used to rely on Norton Antivirus but have since uninstalled it. My main concerns are protecting against keyloggers, viruses, and other threats. Right now, I’m only using Windows Defender, as I’ve seen many people say that’s sufficient. Is that enough, or should I add extra layers of protection? Any advice is appreciated! submitted by /u/r3vhead_ [link] [comments]
- The market seems to be picking back up.by /u/RemainInBliss (cybersecurity) on January 15, 2025 at 5:27 am
Been getting a lot more call backs this past week after not having much success last year. Hoping things continue to improve. Keep studying and applying guys, things are definitely heating up. For reference: I have about 5 years of IT experience, 6 months in the SOC as of now in a contract role and have been applying to jr./mid tier SOC analyst roles- on site, hybrid, & remote. Certs I have are sec+, Cysa+, BTL1, Splunk Core/Power User, and AWS Cloud Practitioner. submitted by /u/RemainInBliss [link] [comments]
- ‘Codefinger’ hackers encrypting Amazon cloud storage bucketsby /u/anynamewillbegood (cybersecurity) on January 15, 2025 at 12:10 am
submitted by /u/anynamewillbegood [link] [comments]
- FBI wipes Chinese PlugX malware from over 4,000 US computersby /u/arqf_ (cybersecurity) on January 14, 2025 at 7:56 pm
submitted by /u/arqf_ [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on January 13, 2025 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
What is Google Workspace?
Google Workspace is a cloud-based productivity suite that helps teams communicate, collaborate and get things done from anywhere and on any device. It's simple to set up, use and manage, so your business can focus on what really matters.
Watch a video or find out more here.
Here are some highlights:
Business email for your domain
Look professional and communicate as you@yourcompany.com. Gmail's simple features help you build your brand while getting more done.
Access from any location or device
Check emails, share files, edit documents, hold video meetings and more, whether you're at work, at home or on the move. You can pick up where you left off from a computer, tablet or phone.
Enterprise-level management tools
Robust admin settings give you total command over users, devices, security and more.
Sign up using my link https://referworkspace.app.goo.gl/Q371 and get a 14-day trial, and message me to get an exclusive discount when you try Google Workspace for your business.
Google Workspace Business Standard Promotion code for the Americas
63F733CLLY7R7MM
63F7D7CPD9XXUVT
63FLKQHWV3AEEE6
63JGLWWK36CP7WM
Email me for more promo codes
Active Hydrating Toner, Anti-Aging Replenishing Advanced Face Moisturizer, with Vitamins A, C, E & Natural Botanicals to Promote Skin Balance & Collagen Production, 6.7 Fl Oz
Age Defying 0.3% Retinol Serum, Anti-Aging Dark Spot Remover for Face, Fine Lines & Wrinkle Pore Minimizer, with Vitamin E & Natural Botanicals
Firming Moisturizer, Advanced Hydrating Facial Replenishing Cream, with Hyaluronic Acid, Resveratrol & Natural Botanicals to Restore Skin's Strength, Radiance, and Resilience, 1.75 Oz
Skin Stem Cell Serum
Smartphone 101 - Pick a smartphone for me - android or iOS - Apple iPhone or Samsung Galaxy or Huawei or Xaomi or Google Pixel
Can AI Really Predict Lottery Results? We Asked an Expert.
Djamgatech
Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6(Email us for more)
FREE 10000+ Quiz Trivia and and Brain Teasers for All Topics including Cloud Computing, General Knowledge, History, Television, Music, Art, Science, Movies, Films, US History, Soccer Football, World Cup, Data Science, Machine Learning, Geography, etc....
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- JavaScript - The Good Parts
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action
#BlackOwned #BlackEntrepreneurs #BlackBuniness #AWSCertified #AWSCloudPractitioner #AWSCertification #AWSCLFC02 #CloudComputing #AWSStudyGuide #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AWSBasics #AWSCertified #AWSMachineLearning #AWSCertification #AWSSpecialty #MachineLearning #AWSStudyGuide #CloudComputing #DataScience #AWSCertified #AWSSolutionsArchitect #AWSArchitectAssociate #AWSCertification #AWSStudyGuide #CloudComputing #AWSArchitecture #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AzureFundamentals #AZ900 #MicrosoftAzure #ITCertification #CertificationPrep #StudyMaterials #TechLearning #MicrosoftCertified #AzureCertification #TechBooks
Top 1000 Canada Quiz and trivia: CANADA CITIZENSHIP TEST- HISTORY - GEOGRAPHY - GOVERNMENT- CULTURE - PEOPLE - LANGUAGES - TRAVEL - WILDLIFE - HOCKEY - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
Top 1000 Africa Quiz and trivia: HISTORY - GEOGRAPHY - WILDLIFE - CULTURE - PEOPLE - LANGUAGES - TRAVEL - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
Exploring the Pros and Cons of Visiting All Provinces and Territories in Canada.
Exploring the Advantages and Disadvantages of Visiting All 50 States in the USA
Health Health, a science-based community to discuss human health
- Nature: Nanocarrier imaging at single-cell resolution across entire mouse bodies with deep learning - SARS-CoV-2 mRNA affecting multiple organsby /u/Hi_its_GOD on January 15, 2025 at 10:09 pm
submitted by /u/Hi_its_GOD [link] [comments]
- Biden administration allocates $306m in its final days for bird flu responseby /u/peterst28 on January 15, 2025 at 9:13 pm
submitted by /u/peterst28 [link] [comments]
- What Happens When a Plastic City Burnsby /u/theatlantic on January 15, 2025 at 7:12 pm
submitted by /u/theatlantic [link] [comments]
- Americans spent $175 million on elderberry products last year. Do they actually work?by /u/theindependentonline on January 15, 2025 at 6:37 pm
submitted by /u/theindependentonline [link] [comments]
- The Second Trump White House Could Drastically Reshape Infectious Disease Research. Here’s What’s at Stake.by /u/Well_Socialized on January 15, 2025 at 5:49 pm
submitted by /u/Well_Socialized [link] [comments]
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
- TIL the average volume of blood in an erection is close to equal or more than the volume of blood in the brainby /u/L_knight316 on January 16, 2025 at 1:19 am
submitted by /u/L_knight316 [link] [comments]
- TIL that the scientific term for "brain freeze" is sphenopalatine ganglioneuralgia. It occurs when something cold touches the roof of your mouth, causing blood vessels in the area to constrict and then rapidly dilate, triggering pain.by /u/___7arb___ on January 16, 2025 at 12:58 am
submitted by /u/___7arb___ [link] [comments]
- TIL that when the Lorraine Hotel (where MLK was killed) was converted to a Museum in 1988, one of its long-term residents refused to leave, claiming that MLK wouldn't've wanted millions of dollars spent on a memorial to him. After being evicted, she began living in front of the museum in protest.by /u/Hazmat-Asscastle on January 16, 2025 at 12:56 am
submitted by /u/Hazmat-Asscastle [link] [comments]
- TIL that there is a chemical that is so unstable, it explodes on contact with sharp edgesby /u/WestWestBankBank on January 16, 2025 at 12:24 am
submitted by /u/WestWestBankBank [link] [comments]
- TIL in 1897 when British railway pioneer Magnus Volk wanted to extend his railway line to Rottingdean, he created the "Daddy Long Legs", a unique electric tram atop four 23' tall legs that ran on tracks submerged in the ocean. At high tide it moved at "a very slow walking pace."by /u/ssAskcuSzepS on January 15, 2025 at 11:54 pm
submitted by /u/ssAskcuSzepS [link] [comments]
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.
- Disability often neglected in medical school curricula, study finds: Disability is often neglected in medical education curricula, being framed as a “problem” within an individual, according to participants surveyedby /u/FunnyGamer97 on January 16, 2025 at 12:34 am
submitted by /u/FunnyGamer97 [link] [comments]
- The partisanship of mayors in the US has no detectable effect on police spending, police employment, crime, or arrests – This conflicts with a common narrative on the right that Democrat-run cities are rampant with crime and characterized by “soft-on-crime” policies.by /u/smurfyjenkins on January 16, 2025 at 12:32 am
submitted by /u/smurfyjenkins [link] [comments]
- A new study suggests that Russian attacks on Ukrainian medical facilities in Mariupol are not random but instead may have been the result of intentional targeting. 77% of medical facilities in Mariupol sustained damage during Russia’s siege and facility size was not associated with damage.by /u/mvea on January 16, 2025 at 12:12 am
submitted by /u/mvea [link] [comments]
- UK needs a national strategy to tackle harms of alcohol, research finds: Deaths from alcohol specific causes in England rose by 42% between 2019 and 2023, the highest number on record, most of them from alcohol related liver disease.by /u/FunnyGamer97 on January 15, 2025 at 11:57 pm
submitted by /u/FunnyGamer97 [link] [comments]
- Fossil fuel industries tweeting together for ‘climate obstruction’ - Fossil fuel energy, plastics, and agrichemical companies are networking on social media for ‘climate delay and denial.’ Their tweets presented environmental ‘solutions’ and highlighted the ‘unbearable weight of regulatory burdens’.by /u/mvea on January 15, 2025 at 9:05 pm
submitted by /u/mvea [link] [comments]
Reddit Sports Sports News and Highlights from the NFL, NBA, NHL, MLB, MLS, and leagues around the world.
- UFC Fighter Victoria Dudakova Issues Apology For Slapping Husband After UFC Vegas 101 Lossby /u/Forward-Answer-4407 on January 15, 2025 at 11:59 pm
submitted by /u/Forward-Answer-4407 [link] [comments]
- Suns acquire Hornets' Nick Richards for Josh Okogie, 3 second round picksby /u/Oldtimer_2 on January 15, 2025 at 10:28 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Vita Vea knows what a goat sounds like: "I own my own farm of goats, bruh."by /u/nfl on January 15, 2025 at 10:10 pm
submitted by /u/nfl [link] [comments]
- Conor McGregor sued again over alleged assault of woman in 2023by /u/Oldtimer_2 on January 15, 2025 at 10:05 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Bill to award 1980 ‘Miracle On Ice’ US hockey team with Congressional Gold Medals is reintroducedby /u/Oldtimer_2 on January 15, 2025 at 9:47 pm
submitted by /u/Oldtimer_2 [link] [comments]