Hi, I’m looking for help. We have recently started using Microsoft Purview, and we began creating a retention policy that targets Viva Engage (Yammer) posts. The policy is designed to automatically delete posts and messages when they reach 12 months old. However, even with the policy set up, the posts or messages do not get deleted. We have waited for more than 7 days, but they are still there. Please take a look at the attached pictures. The policy that is set up and the Viva Engage posts that are older than 12 months are still showing. https://ibb.co/ykL0kdR https://ibb.co/f9HqYyn https://ibb.co/ScgF2yD Does anyone have any suggestions on why they are still showing, even with the retention policy in place? Thanks submitted by /u/acid2k1 [link] [comments]

submitted by /u/anynamewillbefine [link] [comments]

Team- I need some help. My CEO is presenting to me a use case that I’m not sure how a secure email gateway could handle. When the CEO receives the email digest, he wants to scan the digest for emails that he wants to Release or Allow. By not clicking on release or allow, he wants the system to then block all emails from that digest, such that he never sees an email from that sender again. Do we have the capability to configure the system in this way such that by not taking action on an item, it could automatically trigger a block? We are on Proofpoint Enterprise. As you know the industry well… does Mimecast, Microsoft or any other platform do this? I want to have a good understanding of capabilities/what competitors can/cannot do as I prepare a response. Any ideas on how to help achieve his goals? submitted by /u/RexfordITMGR [link] [comments]

submitted by /u/anynamewillbefine [link] [comments]

submitted by /u/atoponce [link] [comments]

submitted by /u/anynamewillbefine [link] [comments]

submitted by /u/KI_official [link] [comments]

How about building a solution like intelx ? where we can see Url : username and password that got leaked from infostealers ? what do you think...I have toughts on building a saas application. Logs from haveibeenpawed and other tools are boring and old. feedback would be highly appreciated! submitted by /u/Soft_Reflection3792 [link] [comments]

Hello Everyone, I am looking to set up a sandbox environment for me and a few fellow analysts to be able to analyze suspicious files, investigate potential phishing email links and attachments, and generally be able to click or download all the things we know are bad but need to know for sure. I wanted to get an understand on how best to have such an environment while also ensure that it will remain secure and not compromise the business environment. The analysts that we have are all remote workers, so I need something that is networked. Is there any reason to have an on prem sandbox these days or should I just be looking at cloud providers such as any.run? I was looking into setting up a Cukoo sandbox, but much of what I can find for that is 2 or more years old, and I am not sure if that is still a recommended solution or not. I am also concerned if I could truly keep the environment secure. Thank you in advance for any ideas! submitted by /u/frosss [link] [comments]

How do you conduct a security analysis of an application? We have an infrastructure on AWS, and in addition to auditing the infrastructure, I would like to audit our application. Specifically, I aim to comprehend its logic. Unfortunately, I lack expertise in the AppSec domain, but I am still interested in initiating this process and gaining a high-level overview. I would like to invite the main developers and conduct a brief interview to learn about their application. Essentially, I want to understand the application's functionality, identify potential security vulnerabilities, and ascertain how critical data is safeguarded. Additionally, I discovered that the application is related to the crypto exchange. I found this https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist, but this 4 years old and I'm not sure how this is relevant. submitted by /u/athanielx [link] [comments]

Received a text pointing me to alerts.dhlondemand.ca I went there directly and interestingly enough it magically “knew” my order number (of course it was wrong) Anyway, is there a way to report these? Is it pointless? Looking at the whois, it’s somewhere in the USA but is that even real info? submitted by /u/daredeviloper [link] [comments]

https://youtu.be/Q6ovtLdSbEA?si=x0AnjrolYoqzkoOC submitted by /u/jc_pi [link] [comments]

Hello everyone, I have a one month premium free on LinkedIn since I studied for CC exam. Now that I've passed, I'd like to use the opportunity to study more about CyberSecurity. For a little background: I'm still in uni and have no experience on CyberSecurity aside from my studies. So I'm want to study more on any beginner or intermediate courses Do you have any courses or instructors that provides certificates on LinkedIn? Thank you! submitted by /u/Actual_Resource_947 [link] [comments]

I feel like I see a lot of perspectives from those of you who work in the corporate world, but I’m curious about the folks who work cybersecurity in a government or military setting. Do you feel similarly that cybersecurity is undervalued in government? Do you get the budget you need to accomplish your security goals? Do you feel like your career is progressing? Not looking for state secrets or anything, just some different perspectives! submitted by /u/AwkwardVoicemail [link] [comments]

Let’s dive into all the aspects of a Detection & Response engineering interview.Continue reading on Medium »

Software vendors of all kinds, big and small, are in the habit of not updating their open source software. For example:Continue reading on Medium »

Introduction:Continue reading on Medium »

In today’s digital age, email security is crucial, especially for students who rely on their email accounts for academic communications…Continue reading on TechWorldTimes »

Phishing, sahte e-postalar, siteler ve mesajlar aracılığıyla kişisel bilgilerinizi çalmaya çalışan bir dolandırıcılık taktiğidir. Bu…Continue reading on Medium »

Merhaba, hazırlamış olduğum belge, brbbot.exe adlı dosyanın statik ve dinamik analizini içermektedir. Analiz kapsamında dosyanın yapısı…Continue reading on Medium »

Learn how a CSRF vulnerability works and methods to exploit and defend against CSRF vulnerabilities.Continue reading on Medium »

Hello, a server being used by the company I work for had ~35k events of event ID 4625. If I am understanding this correctly, it looks like someone was trying to use common passwords for common usernames to brute force a login into the server. The workstation Name and Source Network Address were unique every time. The Account names attempted were not even on the server and I would be the only person who should be logging into it. Since then, I have disconnected the server from the internet and it will not be reconnected until we get our Fortigate back. My main question is, should I check anything else to make sure everything is good before reconnecting the server to the internet with the Fortigate and how common is an attack like this? submitted by /u/Aerovox7 [link] [comments]

Welcome to this week’s roundup of some of the most interesting cybersecurity updates. Subscribe for a concise and informed perspective on…Continue reading on Medium »

Continue reading on Medium »

The era of connected manufacturing, also known as Industry 4.0 or the Industrial Internet of Things (IIoT), comes with many cybersecurity…Continue reading on Medium »

Ağ temelleri konusunda hazırladığım yazımı sizlerle paylaşmak istedim. Bu makalede, ağların nasıl çalıştığına dair temel bilgilere yer…Continue reading on Medium »

Introduction:Continue reading on Medium »

WhatsApp has warned the Indian government that it may have to exit the Indian market if it is forced to break its end-to-end message…Continue reading on Medium »

IntroduçãoContinue reading on Medium »

As more people shop online, keeping payment information safe is a big focus for companies. They’re working harder to make sure that when…Continue reading on 888 TE.CH »

What’s next? Dive in!Continue reading on BabylonChain.io »

✎ Customer Support (+1) 8O5 3O1 7541 Trust Wallet Contact NumberContinue reading on Medium »

My runbook for enumerating Linux machines in the OSCP once I have RCE! use it for your own CTF/OSCP practiceContinue reading on Medium »

If the powerful countries of the world would unite and make a peace agreement for the next 100 years, then the common people would get…Continue reading on Medium »

In the present high speed world, guaranteeing the wellbeing and security of your friends and family and property is central. With the…Continue reading on Medium »

submitted by /u/TheRecord_Media [link] [comments]

We're looking to replace our MSSP, and recently got pitched Barracuda. They seemed pretty good, but I'm finding very little about their offerings in the security space. They seem green, but maybe I'm missing something. submitted by /u/TheRealGamerCow [link] [comments]

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines. If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Christina Shannon, CIO, KIK Consumer Products. To get involved you can watch live and participate in the discussion on YouTube Live https://youtube.com/live/yT2qG8DtzLY or you can subscribe to the Cyber Security Headlines podcast and get it into your feed. Here are the stories we plan to cover, time permitting: GitHub comments abused to push malware via Microsoft repo URLs The Redline stealer story brings to light the issue of the GitHub flaw that was abused by the threat actors behind RedLine. According to BleepingComputer, the use of the Microsoft GitHub repository makes the files appear trustworthy and the flaw itself “could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.” Their research shows that the malware zip files are uploaded as part of a comment left on a commit or issue in the project. “When leaving a comment, a GitHub user can attach a file. Instead of generating the URL after a comment is posted, GitHub automatically generates the download link which allows threat actors to attach their malware to any repository without them knowing.” (BleepingComputer) The art of penetrating a business without touching the endpoint Experts from Push Security are presenting detailed information in The Hacker News about the practice of “networkless” attack techniques targeting cloud apps and identities. Describing them as the new perimeter, the article describes techniques such as Adversary-in-the-Middle AiTM phishing, Instant Messaging IM phishing, SAMLjacking is where an attacker makes use of SAML SSO (Security Assertion Markup Language), and Oktajacking, in which an attacker can set-up their own Okta tenant to be used in highly convincing phishing attacks. A link to the report is available in the show notes to this episode. (The Hacker News) Cops may soon use AI to generate reports from body cams Taser maker and police contractor, Axon, has announced a new product called “Draft One,” which leverages OpenAI’s GPT-4 large language model to generate police reports from body cam audio. Critics are quick to point out that this use of AI could potentially lead to baseless accusations due to “hallucination” and further institutional ills like racial bias. Further, because police aren’t AI experts, they may not be well positioned to spot issues with AI outputs. Axon asserts that it has adjusted the AI model to ensure it can’t go off the rails. Axon’s CEO, Rick Smith, points out, “If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25 percent of an officer’s time to be back out policing.” (MSN and Futurism) Russian hackers claim cyberattack on Indiana water plant Over the weekend, the threat actor known as the Cyber Army of Russia posted a video on its Telegram channel showing how they hacked systems of the Tipton Wastewater Treatment Plant. Tipton provides the city of Tipton and surrounding areas with electric power, water, and wastewater collection and treatment. An Indiana official confirmed that the plant suffered a cyberattack on Friday evening. Tipton’s general manager, Jim Ankrum, said, “TMU experienced minimal disruption and remained operational at all times.” Security research firm Mandiant recently reported that the Cyber Army of Russia has ties to the Russian state actor, Sandworm, which was responsible for a separate attack on a water facility in Muleshoe, Texas that caused a tank to overflow. (The Record) New research discovers vulnerability in archived Apache project A vulnerability has been uncovered in an archived Apache project called “Cordova App Harness,” that could lead to software supply chain attacks. Attackers could use techniques such as Typosquatting, RepoJacking, and dependency confusion to insert vulnerable dependencies in open-source software. Ultimately, the issue could lead to execution of arbitrary code on the host machine where the vulnerable application is deployed. Researchers highlight the risk associated with dependencies on archived open-source projects that may not receive regular security updates. They recommend conducting regular code security scans, avoiding use of deprecated projects, following best practices for configuring dependencies, and providing security education to developers. (Legit Security) Threat actors plant fake assassination story The Czech News Agency, CTK, reports that an unidentified threat actor accessed its website to publish a fake story. The story claimed that Slovakia’s Security Information Service prevented an assassination attempt against newly elected Slovak president Peter Pellegrini by Ukrainian nationals. The faked story was published in English and Czech but did not get distribution to CTK’s clients. Researchers at Mandiant previously tied similar spoofed new stories to the Belarusian-affiliated threat group Ghostwriter, but no indication so far of their involvement here. (The Record) Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud for typing predictions. This opens the door to potential spying on typed content. In a follow up, the researchers discovered that virtually all Chinese keyboard mobile apps had the same flaw. The researchers found a lack of TLS in apps from Baidu, Tencent, and iFlytek, as well as ones preinstalled on Android devices sold in China. The only device tested without the flaw was one preinstalled on a Huawei device. The researchers say the ease of exploiting this flaw likely means its been exploited at scale in the wild. The researchers contracted the app developers, with the majority fixing the issue before publication, although its unclear if preinstalled Android apps would receive an update. (MIT Technology Review, Citizen Lab) Sandworm targets critical Ukrainian orgs The Ukrainian Computer Emergency Response Team, or CERT-UA, released a report on activity by the Russian affiliated threat group Sandworm, believed to be associated with Russia’s GRU military intelligence unit. The report claims that in March 2024, Sandworm disrupted IT systems at energy, water, and heating suppliers throughout 10 regions in the country. The group accessed these providers through a variety of vectors, including supply chain attacks, technical support, and novel malware. CERT-UA believes Sandworm coordinated the cyberattacks with missile strikes on infrastructure facilities. (Bleeping Computer) submitted by /u/CISO_Series_Producer [link] [comments]

Hey everyone, I'm wondering what are the most painful things to deal with in the chemical industry when it comes to a secure IT infrastructure? What are the most vulnerable spots in your opinion? Where do you see issues at your company? Especially now regarding upcoming regulatory changes with NIS2 in Europe, I'm wondering where to start my talking points with clients, and how not to be a salesperson but be of ACTUAL VALUE to a companies IT security. submitted by /u/AdEducational2648 [link] [comments]

submitted by /u/saip007 [link] [comments]

Hi! I have been in the industry for over 4 years now, working as an offensive security consultant. But lately I've been feeling that this is not enough. My aim really is to work as a solo consultant/contractor. So when I looked for such positions, rarely did I see anything related to pentesting or red teaming. Now, I understand there is a trust factor involved here and no one is stupid enough to give access of their internal networks to random guys off the internet. However, I did see many positions for stuff like audits, implementation of security tools etc. Due to this, I am considering developing a secondary skill set. My question is:- In your opinion, looking at the current scenario, what product/skill in cyber will you recommend for someone like me? Remember, I still want my primary thing to be red team and pentesting, I just want something to rely upon in case opportunities for it becomes scarcer than now. submitted by /u/PBBG12000 [link] [comments]

I just recently got a new IT job and their internal security is awful. Two ways are that everybody had local admin rights (which I was able to convince them to change) and they are required to give us their password when we need to work on their laptop since the laptops are assigned to each person and we need to login to their account to make configurations on their account. I am trying to tell them we could just use the local administrator account and copy files to their user folder, but they don't listen. Any ideas on how I can convince my boss to not require users to give us their passwords? submitted by /u/TheRealTengri [link] [comments]

submitted by /u/anynamewillbefine [link] [comments]

I’ve worked in security for seven years and have had certain elements really worn me down over time. I don’t know what happened, but over the past year the following have really made me feel dissatisfaction with this work: •The feeling of not really creating anything with my labor. •Being a cost center to the business and having budget constantly scrutinized/not getting enough to adequately cover a security program. •Having documented security risk constantly dismissed by leadership or stakeholders. Constantly occuring despite tangibly showing them in multiple ways and communication styles. •Generally being disliked by other parts of the parts of the organization and the typically antisocial nature of technical workers at my org makes the job very lonely. •Constant, reactive firefighting. Nobody cares about what security does unless something negative is happening. I think security is interesting and was able to shrug most of this stuff off early on. But with the market contracting and companies trying to outsource or downsize a cost center, it makes the field less attractive for the long run. Has anyone found skills they picked up in security transferred well to other industries? I was looking at industrial hygiene and safety a while back and it seems like it would be more personally meaningful since there’s a human safety element. Hoping to hear if anyone was able to make moves out of a seemingly niche field. submitted by /u/Longjumping-Pin5976 [link] [comments]

Hi, was told to post here, hope that's ok. The company I work for has a small IT team and they ask us all for passwords. If we change them, they ask us again for the updated password. This can't be right, can it? We are ISO 2701 and 9001 acredited which must mean something when it comes to security? I don't want to talk to IT for fear of recriminations, what can I do? Among some of the documents we work with are folks' medical records. submitted by /u/Freshwater_Salmon556 [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]