Let’s dive into all the aspects of a Detection & Response engineering interview.Continue reading on Medium »

Software vendors of all kinds, big and small, are in the habit of not updating their open source software. For example:Continue reading on Medium »

Can you tell me real stories about identity theft in cyber space? I would be really interested in what’s the purpose of this kind of frauds. I study as a cyber crime investigator and it would be useful to hear how perpetrators steal social media profiles and personal data from regular users and how they are using those informations. (I know that there are methods like hacking, phishing, oversharing but I would like to hear life stories) For Instance: I heard about an influencer whose Facebook profile was copied. The person who copied a profile somehow sent friend requiest to people who was no longer friend to the real profile on Facebook. The perpetrator wrote to different acquaintances that it is the influencer’s new profile and after a long chat they realised that the conversation seems to be created with artificial intelligence. The main question are these: “Was the profile made with artificial intelligence?” “Was the perpetrator using artificial intelligence to chatting and cover his real self?” “Was he using artificial intelligence to find those old friends?” I hope you can spoil me with stories like that if something similar happened to somebody. Thank you in advance! submitted by /u/Vanillashaken [link] [comments]

Introduction:Continue reading on Medium »

In today’s digital age, email security is crucial, especially for students who rely on their email accounts for academic communications…Continue reading on TechWorldTimes »

Phishing, sahte e-postalar, siteler ve mesajlar aracılığıyla kişisel bilgilerinizi çalmaya çalışan bir dolandırıcılık taktiğidir. Bu…Continue reading on Medium »

Merhaba, hazırlamış olduğum belge, brbbot.exe adlı dosyanın statik ve dinamik analizini içermektedir. Analiz kapsamında dosyanın yapısı…Continue reading on Medium »

Learn how a CSRF vulnerability works and methods to exploit and defend against CSRF vulnerabilities.Continue reading on Medium »

Hello, a server being used by the company I work for had ~35k events of event ID 4625. If I am understanding this correctly, it looks like someone was trying to use common passwords for common usernames to brute force a login into the server. The workstation Name and Source Network Address were unique every time. The Account names attempted were not even on the server and I would be the only person who should be logging into it. Since then, I have disconnected the server from the internet and it will not be reconnected until we get our Fortigate back. My main question is, should I check anything else to make sure everything is good before reconnected the server to the internet with the Fortigate and how common is an attack like this? submitted by /u/Aerovox7 [link] [comments]

Welcome to this week’s roundup of some of the most interesting cybersecurity updates. Subscribe for a concise and informed perspective on…Continue reading on Medium »

Continue reading on Medium »

The era of connected manufacturing, also known as Industry 4.0 or the Industrial Internet of Things (IIoT), comes with many cybersecurity…Continue reading on Medium »

Ağ temelleri konusunda hazırladığım yazımı sizlerle paylaşmak istedim. Bu makalede, ağların nasıl çalıştığına dair temel bilgilere yer…Continue reading on Medium »

Introduction:Continue reading on Medium »

WhatsApp has warned the Indian government that it may have to exit the Indian market if it is forced to break its end-to-end message…Continue reading on Medium »

IntroduçãoContinue reading on Medium »

As more people shop online, keeping payment information safe is a big focus for companies. They’re working harder to make sure that when…Continue reading on 888 TE.CH »

What’s next? Dive in!Continue reading on BabylonChain.io »

✎ Customer Support (+1) 8O5 3O1 7541 Trust Wallet Contact NumberContinue reading on Medium »

My runbook for enumerating Linux machines in the OSCP once I have RCE! use it for your own CTF/OSCP practiceContinue reading on Medium »

If the powerful countries of the world would unite and make a peace agreement for the next 100 years, then the common people would get…Continue reading on Medium »

Hello everyone, I've designed a reconnaissance tool to make bug bounty hunting and penetration testing a bit easier and save time. It's also been a way for me to improve my skills in Python. Reconic currently has the following features: ​ WHOIS Lookup DNS Resolution SSL/TLS Certificate Inspection HTTP Header Analysis Port Scanning Subdomain Discovery Directory Traversal JavaScript File Enumeration With a simple one-liner command, it provides all this information about the target URL in both a visually appealing console output and an HTML output. However, there can be issues due to the technology, hosting service, or security firewall of the target URL. Moreover, the features listed above operate on very basic algorithms. For instance, considering the Subdomain Discovery feature, Sublist3r is much more effective and powerful. I'm aware that each feature has much stronger alternatives in its respective field, and frankly, I've spent days reading and taking notes on the source codes of many of them to improve my coding skills. In short, my aim is to achieve maximum efficiency with a single command during reconnaissance. Additionally, having these outputs readily available is very helpful both when writing reports and taking notes. I need your support to enhance Reconic's performance, resolve technical issues, and further develop it. I would greatly appreciate your support in this regard because I've already learned a lot, and I'm sure this project will continue to be very helpful in my ongoing learning journey. ​ Reconic Github Page --> https://github.com/fkkarakurt/reconic Cheers. submitted by /u/Most-Let-5792 [link] [comments]

Just trying to ping the community on what some of the things they subscribe to for getting updates and notifications on security alerts and vulnerabilities that worth signing up for? Just looking to keep informed and ready. Thanks! submitted by /u/ISSOhhhNO [link] [comments]

In the present high speed world, guaranteeing the wellbeing and security of your friends and family and property is central. With the…Continue reading on Medium »

submitted by /u/TheRecord_Media [link] [comments]

We're looking to replace our MSSP, and recently got pitched Barracuda. They seemed pretty good, but I'm finding very little about their offerings in the security space. They seem green, but maybe I'm missing something. submitted by /u/TheRealGamerCow [link] [comments]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines. If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Christina Shannon, CIO, KIK Consumer Products. To get involved you can watch live and participate in the discussion on YouTube Live https://youtube.com/live/yT2qG8DtzLY or you can subscribe to the Cyber Security Headlines podcast and get it into your feed. Here are the stories we plan to cover, time permitting: GitHub comments abused to push malware via Microsoft repo URLs The Redline stealer story brings to light the issue of the GitHub flaw that was abused by the threat actors behind RedLine. According to BleepingComputer, the use of the Microsoft GitHub repository makes the files appear trustworthy and the flaw itself “could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.” Their research shows that the malware zip files are uploaded as part of a comment left on a commit or issue in the project. “When leaving a comment, a GitHub user can attach a file. Instead of generating the URL after a comment is posted, GitHub automatically generates the download link which allows threat actors to attach their malware to any repository without them knowing.” (BleepingComputer) The art of penetrating a business without touching the endpoint Experts from Push Security are presenting detailed information in The Hacker News about the practice of “networkless” attack techniques targeting cloud apps and identities. Describing them as the new perimeter, the article describes techniques such as Adversary-in-the-Middle AiTM phishing, Instant Messaging IM phishing, SAMLjacking is where an attacker makes use of SAML SSO (Security Assertion Markup Language), and Oktajacking, in which an attacker can set-up their own Okta tenant to be used in highly convincing phishing attacks. A link to the report is available in the show notes to this episode. (The Hacker News) Cops may soon use AI to generate reports from body cams Taser maker and police contractor, Axon, has announced a new product called “Draft One,” which leverages OpenAI’s GPT-4 large language model to generate police reports from body cam audio. Critics are quick to point out that this use of AI could potentially lead to baseless accusations due to “hallucination” and further institutional ills like racial bias. Further, because police aren’t AI experts, they may not be well positioned to spot issues with AI outputs. Axon asserts that it has adjusted the AI model to ensure it can’t go off the rails. Axon’s CEO, Rick Smith, points out, “If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25 percent of an officer’s time to be back out policing.” (MSN and Futurism) Russian hackers claim cyberattack on Indiana water plant Over the weekend, the threat actor known as the Cyber Army of Russia posted a video on its Telegram channel showing how they hacked systems of the Tipton Wastewater Treatment Plant. Tipton provides the city of Tipton and surrounding areas with electric power, water, and wastewater collection and treatment. An Indiana official confirmed that the plant suffered a cyberattack on Friday evening. Tipton’s general manager, Jim Ankrum, said, “TMU experienced minimal disruption and remained operational at all times.” Security research firm Mandiant recently reported that the Cyber Army of Russia has ties to the Russian state actor, Sandworm, which was responsible for a separate attack on a water facility in Muleshoe, Texas that caused a tank to overflow. (The Record) New research discovers vulnerability in archived Apache project A vulnerability has been uncovered in an archived Apache project called “Cordova App Harness,” that could lead to software supply chain attacks. Attackers could use techniques such as Typosquatting, RepoJacking, and dependency confusion to insert vulnerable dependencies in open-source software. Ultimately, the issue could lead to execution of arbitrary code on the host machine where the vulnerable application is deployed. Researchers highlight the risk associated with dependencies on archived open-source projects that may not receive regular security updates. They recommend conducting regular code security scans, avoiding use of deprecated projects, following best practices for configuring dependencies, and providing security education to developers. (Legit Security) Threat actors plant fake assassination story The Czech News Agency, CTK, reports that an unidentified threat actor accessed its website to publish a fake story. The story claimed that Slovakia’s Security Information Service prevented an assassination attempt against newly elected Slovak president Peter Pellegrini by Ukrainian nationals. The faked story was published in English and Czech but did not get distribution to CTK’s clients. Researchers at Mandiant previously tied similar spoofed new stories to the Belarusian-affiliated threat group Ghostwriter, but no indication so far of their involvement here. (The Record) Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud for typing predictions. This opens the door to potential spying on typed content. In a follow up, the researchers discovered that virtually all Chinese keyboard mobile apps had the same flaw. The researchers found a lack of TLS in apps from Baidu, Tencent, and iFlytek, as well as ones preinstalled on Android devices sold in China. The only device tested without the flaw was one preinstalled on a Huawei device. The researchers say the ease of exploiting this flaw likely means its been exploited at scale in the wild. The researchers contracted the app developers, with the majority fixing the issue before publication, although its unclear if preinstalled Android apps would receive an update. (MIT Technology Review, Citizen Lab) Sandworm targets critical Ukrainian orgs The Ukrainian Computer Emergency Response Team, or CERT-UA, released a report on activity by the Russian affiliated threat group Sandworm, believed to be associated with Russia’s GRU military intelligence unit. The report claims that in March 2024, Sandworm disrupted IT systems at energy, water, and heating suppliers throughout 10 regions in the country. The group accessed these providers through a variety of vectors, including supply chain attacks, technical support, and novel malware. CERT-UA believes Sandworm coordinated the cyberattacks with missile strikes on infrastructure facilities. (Bleeping Computer) submitted by /u/CISO_Series_Producer [link] [comments]

Ya’ll I’m so bummed out and I’ve only started my career in cybersecurity. I was able to get some experience but at a huge cost: Working as a contractor for a global aviation company as an IAM Analyst but for only $15 an hour so I had to take a massive pay cut. I’m digging into my savings for this. But ✨EXPERIENCE ✨ They then cross trained me for their GRC team so I’ve conducting risk assessments like crazy on top of doing tickets. Oh, and even creating training documents lmao. Now I found out I’m taking on a direct’s job after she leaves in compliance on top of my own work but for no pay increase. She makes at least $50k!! Still way more than me. Many other contractors are leaving as well and I’ve started applying to jobs as soon as I found out. Unfortunately, I’m also only in my first term at WGU so I don’t have any of the Comptia certs yet. started in March and knocked out 5 classes but at a standstill now since I failed Core 1 of A+. My professor wants me to score an 88% on a Certmaster practice exam before he’ll approve a 2nd attempt despite me doing all the PBQs, quizzes and whatnot which is holding me back too since the practice exam seems harder than the exam itself lmao. Basically, I’m already burning out and I’ve only started. I’m so sick of making only a little above minimum wage and I’m 26! Is cybersecurity as a field even worth it when it’s been a joke so far in this job market?? Will my 6 months of experience in 2 domains count for something at least in this search along with my Google cybersecurity certificate?? 🙃 EDIT: did I mention NO pay increase despite piling responsibilities on me? They will also only be able to offer me full time work until August 31(I’d be cut down to 30 hours a week after) and I can’t afford to keep living off my savings. I will definitely need to find a new position soon. submitted by /u/incelexcorcist [link] [comments]

Hey everyone, I'm wondering what are the most painful things to deal with in the chemical industry when it comes to a secure IT infrastructure? What are the most vulnerable spots in your opinion? Where do you see issues at your company? Especially now regarding upcoming regulatory changes with NIS2 in Europe, I'm wondering where to start my talking points with clients, and how not to be a salesperson but be of ACTUAL VALUE to a companies IT security. submitted by /u/AdEducational2648 [link] [comments]

submitted by /u/saip007 [link] [comments]

Hello All, So currently I work as Security Analyst in Application Security and has been approached for the role of Reverse Engineer Specialist in Android Domain. Do you guys think it is a good idea to jump in this niche domain. Also how easy is to switch to other domain after working in Android reverse engg domain? Cheers submitted by /u/Puzzleheaded-Shop410 [link] [comments]

submitted by /u/iiiAlex1st [link] [comments]

Hey everyone, I have an interview coming up that requires a secure code review specifically in Java for OWASP Top 10 vulnerabilities (Web App Security). I would really appreciate it if anyone knew such resources to help me learn secure coding practices and could share those with me. Thanks in advance! submitted by /u/Maxxis8061 [link] [comments]

Hi! I have been in the industry for over 4 years now, working as an offensive security consultant. But lately I've been feeling that this is not enough. My aim really is to work as a solo consultant/contractor. So when I looked for such positions, rarely did I see anything related to pentesting or red teaming. Now, I understand there is a trust factor involved here and no one is stupid enough to give access of their internal networks to random guys off the internet. However, I did see many positions for stuff like audits, implementation of security tools etc. Due to this, I am considering developing a secondary skill set. My question is:- In your opinion, looking at the current scenario, what product/skill in cyber will you recommend for someone like me? Remember, I still want my primary thing to be red team and pentesting, I just want something to rely upon in case opportunities for it becomes scarcer than now. submitted by /u/PBBG12000 [link] [comments]

We're currently using esentire, and are up for renewal soon. Wanted to look at other options to see what else is out there. Esentire are great as they not only provide agents that sit on endpoints, but they also provide these port mirroring devices that analyse packets at the network layer. We are a global company, and don't have compute power in some offices, so these boxes come in handy as they are essentially plug and play. Are there any other companies out there that you can recommend that also offer a similar solution (must have 24/7 soc)? Rapid7 is an obvious choice, but looking for others. Thanks! submitted by /u/Professional-Cash897 [link] [comments]

I just recently got a new IT job and their internal security is awful. Two ways are that everybody had local admin rights (which I was able to convince them to change) and they are required to give us their password when we need to work on their laptop since the laptops are assigned to each person and we need to login to their account to make configurations on their account. I am trying to tell them we could just use the local administrator account and copy files to their user folder, but they don't listen. Any ideas on how I can convince my boss to not require users to give us their passwords? submitted by /u/TheRealTengri [link] [comments]

Hello People... Have a query regarding Key Rotation activity. As per the regulatory requirements, we are required to perform encryption key rotation on an annual basis. So just wanted to know few things about it - 1. How to manage historical data which was encrypted with an old key? 2. How to identify data which was encrypted with new keys post rotation? 3. Is it necessary that we have to decrypt and then re-encrypt all the old data with the new keys? 4. Is there any way one can achieve some kind of automation for this process? More importantly, would like to know what approach you people take if you are also performing key rotation every year. Also, let me know if I am missing out on any important steps/points as part of this process, since this is entirely new thing for me and curious to learn and know more about it. Thanks in advance!!! 🙏🏻 submitted by /u/ggbs890 [link] [comments]

submitted by /u/anynamewillbefine [link] [comments]

Hey everyone! Honestly I don’t know if this is the right place to ask something like this, but do any of you have imposter syndrome too? I’m a security analyst for 2 yrs now in NYC. I’ve been applying for new positions as I feel my current job is severely underpaying me around (60k). I get interviews but no matter how far I make it into the interview process, the hiring managers always choose a “more experienced candidate”. I fully understand this, but I just don’t think I will ever be that “more experienced candidate” myself as there will always be more educated and experienced people than myself. I spend all my time with in books and learning and sometimes going for certs. Not to mention this affects my ability to give interviews properly. No matter how much I practice I’m never able to properly convey my experience and expertise properly and end up sounding silly. I have an interview scheduled sometime in the next few days and am heavily considering canceling due to these experiences. Any advice/insight on anything I wrote would be appreciated. Thank you so much for reading all of this! submitted by /u/cakeistasty789 [link] [comments]

I’ve worked in security for seven years and have had certain elements really worn me down over time. I don’t know what happened, but over the past year the following have really made me feel dissatisfaction with this work: •The feeling of not really creating anything with my labor. •Being a cost center to the business and having budget constantly scrutinized/not getting enough to adequately cover a security program. •Having documented security risk constantly dismissed by leadership or stakeholders. Constantly occuring despite tangibly showing them in multiple ways and communication styles. •Generally being disliked by other parts of the parts of the organization and the typically antisocial nature of technical workers at my org makes the job very lonely. •Constant, reactive firefighting. Nobody cares about what security does unless something negative is happening. I think security is interesting and was able to shrug most of this stuff off early on. But with the market contracting and companies trying to outsource or downsize a cost center, it makes the field less attractive for the long run. Has anyone found skills they picked up in security transferred well to other industries? I was looking at industrial hygiene and safety a while back and it seems like it would be more personally meaningful since there’s a human safety element. Hoping to hear if anyone was able to make moves out of a seemingly niche field. submitted by /u/Longjumping-Pin5976 [link] [comments]

TL;DR Based off current market and technology trends it seems Tier I & II Analyst positions are becoming obsolete. Having trouble finding analyst work, even with 1.5yrs analyst exp, 3.5yrs total IT exp. Thinking of honing skills more in the engineering side of the house. What areas of security would y'all recommend to focus on developing skills/education in? I'm curious to know everyone's thought's on this, I certainly have my opinions based off my observations of the current climate of the job market. I am looking for a job and have been looking into analyst II position's, and recently have been looking at analyst 1 positions as well because I haven't had too much luck with the former. I should add that my current gig is a level 1 analyst, I can honestly say that I love the work I do, have been in the role for a year and a half now, and have been working IT for 3 and a half years now. It seems the way the market is trending, and with the direction the technology is heading, companies would rather just hire a few people as a one size fits all engineer/analyst, and maybe hire one or two Tier III analysts to catch anything that slips through the cracks. I guess I'm a little frustrated at this point because even the Tier I position's I don't seem to be qualified for even though I have 1.5yrs experience of Analyst & IR work, 3 total yrs of IT. Aside from that, besides having a degree, I've shown my willigness to continue my education, having obtained Net+, Sec+, and CySA+ all in the past couple years. Wondering if at this point I should just focus on a degree and maybe narrow down on skills related to SOAR and engineering. submitted by /u/sudochief [link] [comments]

What are your thoughts around the technicalities of banning a service such as Tiktok? Will the company be dissolved completely or will there be pressure put on Apple/Google app stores to remove the app, or even a DNS level block? Just using Tiktok as an example here but curious about the technicalities of blocking a website/service. submitted by /u/no_shit_dude2 [link] [comments]

Anyone in cyber security think they're being used just to fill a blank hole and mark off a checkbox that your org needs to show they have a ft cybersecurity employee on-hand? submitted by /u/I_said_watch_Clark_ [link] [comments]

I was wondering if this field is suitable for someone with adhd. submitted by /u/Itchy_Sherbet_9895 [link] [comments]

Hi, was told to post here, hope that's ok. The company I work for has a small IT team and they ask us all for passwords. If we change them, they ask us again for the updated password. This can't be right, can it? We are ISO 2701 and 9001 acredited which must mean something when it comes to security? I don't want to talk to IT for fear of recriminations, what can I do? Among some of the documents we work with are folks' medical records. submitted by /u/Freshwater_Salmon556 [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]