CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Proxy vs VPN

You can translate the content of this page by selecting a language in the select box.

CyberSecurity - What are some things that get a bad rap, but are actually quite secure?

CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.

There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.

1- PGP

PGP is a Form of Minimalism

As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:

  1. You get from them a PGP identity (public key). How you do that is entirely up to you.
  2. Your PGP program uses that identity to perform a single public key encryption of a message key.
  3. Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
  4. Your correspondent does the opposite operations to get the message.

If you want to sign your message then you:

Achieve AWS Solutions Architect Associate Certification with Confidence: Master SAA Exam with the Latest Practice Tests and Quizzes illustrated

  1. Hash the message.
  2. Do a public key signature operation on the hash and attach the result to the message.
  3. Your correspondent checks the signature from your PGP identity, which they have acquired somehow.

The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.

As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:

  • Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
  • A Signal session requires the storage and maintenance of a lot of state information.
  • Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
  • Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
  • Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.

The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.

I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.


Ace the AWS Certified Machine Learning Specialty Exam with Confidence: Get Your Hands on the Ultimate MLS-C01 Practice Exams!

2- Very long passwords that are actually a sentence

It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”

3- Writing passwords down.

I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.

We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.

Did I say passwords? I meant encryption keys.

4- Changing default ports for certain services like dbs

Most of the gangs out there use tools that don’t do a full search, so they go through the default port list

5- MFA in general.

Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book below.


If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.

If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.

"Become a Canada Expert: Ace the Citizenship Test and Impress Everyone with Your Knowledge of Canadian History, Geography, Government, Culture, People, Languages, Travel, Wildlife, Hockey, Tourism, Sceneries, Arts, and Data Visualization. Get the Top 1000 Canada Quiz Now!"


6- Oauth for 3rd party apps.

Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.

7- Two-step verification.

Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.

8-Biometric Authentication.

The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.

Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.

One example of this is https://passage.id/ which is about as secure as you can get.

Invest in your future today by enrolling in this Azure Fundamentals - Pass the Azure Fundamentals Exam with Ease: Master the AZ-900 Certification with the Comprehensive Exam Preparation Guide!

Microsoft Azure AZ900 Certification and Training

9- Zoom.

Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.

10- Unplugging the ethernet cable.

11- Browser password managers?

Rant moment: reasons cybersecurity fails

<Rant>

People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.

No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.


This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.

</Rant>

Why do cyber attackers commonly use social engineering attacks?

Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.

Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.

To conclude:

Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.

source: r/cybersecurity


We know you like your hobbies and especially coding, We do too, but you should find time to build the skills that’ll drive your career into Six Figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive. Start your cloud journey with these excellent books below:

Source: r/cybersecurity

  • Offensive Cybersecurity with Artificial Intelligence
    by bandinura (Cybersecurity on Medium) on February 2, 2023 at 1:38 pm

    The world of cybersecurity is constantly evolving, with new threats emerging every day. To keep up with these threats, organizations are…Continue reading on Medium »

  • Secure SDLC processes
    by Akshay Nanda (Security on Medium) on February 2, 2023 at 1:38 pm

    Incorporating security into the SDLC requires a proactive approach in every stage of the software development process. This means…Continue reading on Medium »

  • How Do I Stay Secure and Protected When Browsing Online?
    by Alex Lim (Cybersecurity on Medium) on February 2, 2023 at 1:38 pm

    Staying secure and protected when browsing online means taking certain steps to ensure your data and privacy are kept safe. This includes…Continue reading on Medium »

  • How Do I Stay Secure and Protected When Browsing Online?
    by Alex Lim (Security on Medium) on February 2, 2023 at 1:38 pm

    Staying secure and protected when browsing online means taking certain steps to ensure your data and privacy are kept safe. This includes…Continue reading on Medium »

  • Balance of Power is Experiencing a Shift in Power in the Indo-Pacific
    by Syed Reshma (Security on Medium) on February 2, 2023 at 1:32 pm

    The Interconnectedness of the Japan Indo-Pacific and Transatlantic RegionContinue reading on Medium »

  • GoodRx Leaked User Health Data to Facebook and Google, F.T.C. Says
    by /u/KolideKenny (cybersecurity) on February 2, 2023 at 1:30 pm

    submitted by /u/KolideKenny [link] [comments]

  • Who are you using for third-party risk management? Thoughts on it?
    by /u/BeerJunky (cybersecurity) on February 2, 2023 at 1:30 pm

    We use a combo of Venminder and SIG spreadsheet questionnaires. Looking for something a little better and that doesn’t require as much time investment for my team. submitted by /u/BeerJunky [link] [comments]

  • Pickle Rick
    by Vipul Chauhan (Cybersecurity on Medium) on February 2, 2023 at 1:29 pm

    First step of every attack is Enumeration. So we will start with the NMAP command to check the all open ports on the given IP.Continue reading on Medium »

  • Customer satisfaction surveys
    by /u/BadDentalWork (cybersecurity) on February 2, 2023 at 1:26 pm

    Hey everyone! Almost there….. I work for an MSSP and obviously without customers we would be out of business. To improve our own processes and thus the customer experience of onboarding and our service delivery I am going to draw up some surveys to present to my director. Wondering if any of you are doing this and if so, could you point me towards some resources that have been good for you? submitted by /u/BadDentalWork [link] [comments]

  • The Password Security Culture
    by Odiomonafe Jamal . A (Cybersecurity on Medium) on February 2, 2023 at 1:25 pm

    Passwords are not strange to us and though we are getting used to its application already, we’re still having difficulty flowing with it…Continue reading on Medium »

  • Blockchain Technology: Revolutionizing Industries and Increasing Security and Transparency
    by Digital Reading (Security on Medium) on February 2, 2023 at 1:24 pm

    Blockchain technology is a decentralized digital ledger that records transactions across a network of computers. It was originally created…Continue reading on Medium »

  • Open Source Vulnerability Databases
    by Luis Soares (Security on Medium) on February 2, 2023 at 1:21 pm

    Open source vulnerability databases are collections of information about known security vulnerabilities in open source software. They are…Continue reading on Medium »

  • Open Source Vulnerability Databases
    by Luis Soares (Cybersecurity on Medium) on February 2, 2023 at 1:21 pm

    Open source vulnerability databases are collections of information about known security vulnerabilities in open source software. They are…Continue reading on Medium »

  • Lunch Time Nibbles — 2023–02–02
    by Ash Moran (Cybersecurity on Medium) on February 2, 2023 at 1:15 pm

    Continue reading on Medium »

  • The Role of Artificial Intelligence in Cybersecurity
    by Muhammad Tabish Rashid (Security on Medium) on February 2, 2023 at 1:12 pm

    IntroductionContinue reading on Medium »

  • The Role of Artificial Intelligence in Cybersecurity
    by Muhammad Tabish Rashid (Cybersecurity on Medium) on February 2, 2023 at 1:12 pm

    IntroductionContinue reading on Medium »

  • Vulnerability Assessment Through the Lens
    by Roberto Raspatella (Cybersecurity on Medium) on February 2, 2023 at 1:11 pm

    Difference between Vulnerability Assessment and Penetration TestContinue reading on Medium »

  • Requirement to send all phishing emails as an attachment to CISA. How to automate?
    by /u/AverageAdmin (cybersecurity) on February 2, 2023 at 1:09 pm

    Hello, I just started working for an agency and have been tasked with fulfilling this requirement. Has anyone else been responsibly for this and how to automate? So EVERY suspected email needs to be forwarded to CISA as an attachment. submitted by /u/AverageAdmin [link] [comments]

  • Anyone have tips or good resources for incident post mortems?
    by /u/OutsideIsMyBestSide (cybersecurity) on February 2, 2023 at 1:07 pm

    Basically what the title says. I'd like to use actual, historical incidents for training my SecOps team and to contribute to risk calculation. I've had some trouble finding good services that capture a broad range of incidents and reasonably detailed information. Mostly I've come across databases focused solely on privacy breaches, or nation state attacks, etc. Maybe that's all there is but figured I'd ask this community to see if there are any hidden gems that you recommend. Thanks! submitted by /u/OutsideIsMyBestSide [link] [comments]

  • Building a Data Scraping Tool with Headless Chrome and Disguise Techniques
    by Porthos Fu (Cybersecurity on Medium) on February 2, 2023 at 1:03 pm

    Building a tool using Headless Chrome with convincing disguise is a complex task that requires a good understanding of web development and…Continue reading on Medium »

  • Protect Your Data: A Comprehensive Guide to Understanding the Benefits of Anti-Malware Software
    by Shomik Ghosh (Cybersecurity on Medium) on February 2, 2023 at 1:01 pm

    today’s digital world, we are constantly at risk of being exposed to malicious software and online threats. Staying safe online is no…Continue reading on Ofofo.io »

  • Obvious security pitfalls in Azure!!!
    by mohit sharma (Security on Medium) on February 2, 2023 at 1:00 pm

    I know everyone knows that Public IP on a VM is a bad idea but i still find them.Continue reading on Medium »

  • Almost all Organizations are Working with Recently Breached Vendors
    by /u/dlorenc (cybersecurity) on February 2, 2023 at 12:28 pm

    submitted by /u/dlorenc [link] [comments]

  • Simple Account Takeover
    by Foxy eye (Security on Medium) on February 2, 2023 at 12:13 pm

    Hello ;)Continue reading on Medium »

  • The importance of OKRs and KPIs in Achieving SaaS Security
    by Kashi.Ks (Security on Medium) on February 2, 2023 at 12:02 pm

    A data-Driven approach to measuring successContinue reading on Medium »

  • Smart Contract Vulnerabilities
    by Bartu bozkurt (Security on Medium) on February 2, 2023 at 12:01 pm

    Smart contracts have revolutionized the way transactions are executed and agreements are enforced on blockchain networks.Continue reading on Medium »

  • Limiting Personal Device Usage - Issues with Onelogin
    by /u/bountyChor (cybersecurity) on February 2, 2023 at 11:36 am

    Hi, I recently joined a small organization and I see people are using their personal computers because we use Onelogin as our identity provider and anyone can login with their personal devices and use Onelogin to SSO and access any services. We absolutely have no security monitoring on these Personal devices and if something goes wrong, we'll be screwed. How would I report a security concern here and what should be my proposal to restrict access from company owned devices? submitted by /u/bountyChor [link] [comments]

  • Encrypting/ Destroying files if saved on the wrong machine
    by /u/MarkorLP (cybersecurity) on February 2, 2023 at 9:58 am

    Hello, I am currently working on data loss prevention concepts and I was wondering if there was a solution to files being at the wrong spot. As an example, my company has sensitive information saved on a storage A. If the file with that information moves over to another storage B, it checks where it is located at and becomes unreadable since it is no longer on A. (Only considering data at rest, the transmissions are protected in other ways) I would be glad about any input or direction. Thank you in advance, Mark. submitted by /u/MarkorLP [link] [comments]

  • Recommended tool for testing big number (5000+) IP cameras for default credentials
    by /u/the3rm8t0r (cybersecurity) on February 2, 2023 at 9:17 am

    I am looking for tools (paid or free) that can automate checking a large number of IP cameras for default credentials. The tools I already found, but are unfortunately not sufficient (not all camera types supported) are: - https://github.com/InfosecMatter/default-http-login-hunter - https://github.com/julienblitte/UniversalScanner Any idea's are highly appreciated, thanks! submitted by /u/the3rm8t0r [link] [comments]

  • University Dissertation Project
    by /u/ServerDotJar (cybersecurity) on February 2, 2023 at 9:12 am

    Hello there I have a university Dissertation project where I shall be doing research on "What are VPN's and why do people use them" for my primary research task I have made a google questionnaire I would be very grateful if people would help in my project this should take around 15 minutes (to feel safe you can use where goes website to see where this link does only go to google questionnaire) Link: https://docs.google.com/forms/d/e/1FAIpQLSf_bX-2zZCgWRbYEJIAQ-6kCqdurOQuIUsExxZyBhnu4gqbPQ/viewform?usp=sf_link submitted by /u/ServerDotJar [link] [comments]

  • What would be your top 10 recommendations to protect children from cyber threats
    by /u/System_Unkown (cybersecurity) on February 2, 2023 at 8:09 am

    Hi all, I have often read peoples posts here but don't recall ever posting anything. I am interested to hear from cyber security professionals, there top 10 cautions to protect children from cyber threats say ages 9 - 16. I was thinking the list below, however given people working in this field would see typical things, what would you educate your children in order to prevent risks. also just to highlight the simple "don't let them use the device" is not the answer I am seeking for. ​ I was thinking: 1) update OS and software 2) Secure WIFI 3) parental supervision 4) install anti-virus / parental program 5) good password 6) Checking browser padlock when surfing internet for secure connections 7) not clicking unknown links 8) no sending personalised /sexual messages 9) Don't share online accounts with others 10) being careful who you interact with online / what information is posted online submitted by /u/System_Unkown [link] [comments]

  • LockBit ransomware goes 'Green,' uses new Conti-based encryptor
    by /u/CyberMasterV (cybersecurity) on February 2, 2023 at 7:12 am

    submitted by /u/CyberMasterV [link] [comments]

  • Open Office Hours for anyone interested in Cloud Security
    by /u/nunley (cybersecurity) on February 2, 2023 at 5:14 am

    I posted about this before. My company has approved the use of our corporate Zoom to hold these sessions, so now I am trying to collect some data to help decide exactly when to hold these sessions. https://forms.office.com/Pages/ResponsePage.aspx?id=QQg2GIc_pkSMmj_8aAYRoKv0SPptSLZBkoym0xtPCs9UNUVDNFBINkZPQkpGQlNBVEg4QlJLSVdYMi4u No answers apart from your email address are required (just so I can send the Zoom details privately and not on on public blast) For those who did not see the original post, this is intended to be an open forum for anybody interested in Cloud Security. No vendor pitch, no agenda. No dumb questions. If you're interested, fill out the survey! submitted by /u/nunley [link] [comments]

  • A question about SOC
    by /u/CuriousGrin (cybersecurity) on February 2, 2023 at 3:22 am

    I've read over several posts about where people (beginners) should start on their journey into cybersecurity. Bootcamps, degree, security+ etc.. My question is - if someone's goal is to start out working in a SOC, what would be the top things to become most familiar with? I'm a newbie, but do have a bit of IT, firewall, AD administration experience, though it's been quite some time. I've spent some time learning about SIEM, EDR, SOAR and of course Phishing, Malware etc.... I am starting to get a decent understanding of how the 3, when integrated, work together. Aside from those 3, would anyone have any advice? Thank you submitted by /u/CuriousGrin [link] [comments]

  • When It Comes to Cybersecurity, the Biden Administration Is About to Get Much More Aggressive
    by /u/kokainkuhjunge2 (cybersecurity) on February 2, 2023 at 12:57 am

    submitted by /u/kokainkuhjunge2 [link] [comments]

  • Threat campaign abuses Microsoft's verified publisher status to proliferate malicious OAuth apps
    by /u/dlorenc (cybersecurity) on February 1, 2023 at 11:30 pm

    submitted by /u/dlorenc [link] [comments]

  • Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware
    by /u/NISMO1968 (cybersecurity) on February 1, 2023 at 11:22 pm

    submitted by /u/NISMO1968 [link] [comments]

  • A GTA V online exploiting potentially allowing partial remote code execution appears to have been confirmed by the NIST. Anyone able to make sense of these findings?
    by /u/LaziestManAlive (cybersecurity) on February 1, 2023 at 10:38 pm

    submitted by /u/LaziestManAlive [link] [comments]

  • Good leadership books?
    by /u/Snoo_68846 (cybersecurity) on February 1, 2023 at 9:56 pm

    CISO is becoming more and more business role and less technological. What are some good books you would recommend to improve my leadership skills? submitted by /u/Snoo_68846 [link] [comments]

  • Some Mentorship Monday stats
    by /u/fabledparable (cybersecurity) on February 1, 2023 at 8:13 pm

    I spend a lot of time fielding Qs in the recurring Mentorship Monday threads and wanted to get an impression of how effective myself and the other veteran members have been at fielding questions. I composed a quick script here to do a little bit of scraping/evaluation (note: your private use of the script requires plugging in some Reddit API info). It uses PRAW to parse through the Mentorship Monday threads in the last X days (defaults to 30), performing a little comment analysis along the way. Here's what I got: In the last 30 days 247 users were helped (85.17%% overall), waiting an average of 4.97 hours for a Mentor Response The total number of mentors active in that time was: 199 The Most Active Mentors by Total Replies is: /u/fabledparable: 129 /u/Hmb556: 60 /u/NotAnNSAGuyPromise: 39 /u/sportsDude: 22 /u/mk3s: 21 /u/dahra8888: 18 /u/SecGRCGuy: 16 /u/_r00d: 15 /u/StayDecidable: 14 /u/eric16lee: 9 There's obviously plenty of room for error in the feedback above. Some considerations include: While most of the comments in the Mentorship Monday threads are questions, not all of them are. Some are general comments, expressions of frustration, suggestions or platitudes, etc. As such, they don't always warrant a reply. The average wait time doesn't reflect users who get no replies whatsoever. The statistic is meant to reflect that 85.17% of users who made a comment got a response and among those who got responses they received them on average within 4.97 hours. Determining what constitutes "help" is categorically difficult. The python script is light and doesn't leverage any NLP to assess whether the user might find a reply as "helpful". It also doesn't rely on upvotes/downvotes as a metric, since many replies go without feedback from the originating author (and there isn't a way to determine if an upvote granted was sourced from said author). Instead, it treats "help" as simply the existence of a reply; it's a crude metric, but it assumes if a comment author got a response someone was trying to be helpful. I don't necessarily know what should be done with this information (other than to give praise/recognition to the other 9 top responders). Perhaps it may be useful to the moderators for their own internal machinations. Maybe it can help encourage more folks to give back on the Mentorship Monday threads. FINAL PLUG: It's not too late to ask question in this week's (1 Feb 2023) Mentorship Monday thread if you've got something that needs asking! submitted by /u/fabledparable [link] [comments]

  • Researcher drops Lexmark RCE zero-day rather than sell vuln ‘for peanuts’ - Printer exploit chain could be weaponized to fully compromise more than 100 models
    by /u/speckz (cybersecurity) on February 1, 2023 at 5:21 pm

    submitted by /u/speckz [link] [comments]

  • Your Company's Bossware Could Get You in Legal Trouble
    by /u/KolideKenny (cybersecurity) on February 1, 2023 at 4:07 pm

    submitted by /u/KolideKenny [link] [comments]

  • Bypassing Administrative Control on Enterprise-Managed Chromebooks With SH1MMER Exploit
    by /u/Significant_Brick116 (cybersecurity) on February 1, 2023 at 3:43 pm

    A new exploit, SH1MMER, has been developed that can unenroll enterprise- or school-managed Chromebooks from administrative control. This exploit takes advantage of a modified Return Merchandise Authorization shim image to create a recovery media for the Chromebook and write it to a USB stick. By booting the Chromebook in developer mode with the drive image and plugging the USB stick containing the image into the device, an altered recovery menu is displayed that enables users to completely unenroll the machine. Additionally, the SH1MMER menu can be used to re-enroll the device, enable USB boot, open a bash shell, and even allow root-level access to the ChromeOS operating system. We have reached out to Google for comment and will update this post accordingly. #cybersecurity #TechNews #Google submitted by /u/Significant_Brick116 [link] [comments]

  • As a CISO, what do you do when switching companies?
    by /u/Username-Foobar (cybersecurity) on February 1, 2023 at 9:11 am

    In the first days and weeks after joining a new company, what do you do and focus on first? submitted by /u/Username-Foobar [link] [comments]

  • Boss told me I'm too dumb to get into cybersecurity and to not waste my time
    by /u/Lucky-Mixture-4787 (cybersecurity) on January 31, 2023 at 7:17 pm

    I have been working in construction (AV, Surveillance, networking) on/off with this guy for a couple years. We mostly just pull cables or hang TVs. I recently started getting enrolled in WGU's cybersecurity program. I am 27 and feel like it is time to get into something more "brain" oriented. I can't use my body forever and don't intend to. I have always viewed myself as a smart person but I did poorly in college because of severe depression. I attempted suicide twice in college and was on a mixture of medications throughout it. I eventually underwent transcranial magnetic stimulation and it made my depression go into remission. Anyway, my boss told me that I'm too dumb to get into cybersecurity and nobody would hire me. He said it's too competitive because everybody wants to get into it. He said that if I was meant to do something with my brain, I'd have done it by now. He said my depression was just an excuse (he doesn't know my full story with it). He also said that If i was so smart, my last IT service tech job would've taken me out of the field and put me into a remote desk position. He said I'm going to be competing with people who are actually smart and they're going to look at my resume and waste my time and never call me back. I told him that I don't have anything on my resume and that's why I can't get a spot. He said that it doesn't matter, and there are guys who walk into jobs and flex their intelligence, and get offered to move up into roles solely on the intelligence that they convey to others. He said I'm just not built for anything other than construction and to not waste my time and money, and to stay in a field where the competition is low and people are retarded so I can stick out. It was harsh but he is entitled to his opinion. I don't like to be surrounded by people who put me down so I'm considering not working with him anymore. The guy has never seen me do anything other than hammer a nail into a wall so I'm not entirely sure why he felt that way. But he did make me feel like cybersecurity is a job that is SO super competitive that I won't be able to even get an entry level spot with my degree at WGU. Even with AV/IT experience. He made it seem like I'm going to get my degree, and it's just going to sit there collecting dust, until I give up and go back into construction for the rest of my life. What the hell do I make of this, and is there anyone who has graduated WGU here? Also how competitive is an entry level spot, really? ​ Edit; Although I am not replying, I am reading all of your comments and I actually started crying during it. Thanks to everyone for sharing your stories and offering advice. I think there are a lot of commonalities between my rant and what others have gone through. Thank you all for these small shreds of humanity that make a big impact. submitted by /u/Lucky-Mixture-4787 [link] [comments]

  • Mentorship Monday - Post All Career, Education and Job questions here!
    by /u/AutoModerator (cybersecurity) on January 30, 2023 at 12:00 am

    This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

error: Content is protected !!