What’s your best and worst experiences onboarding a SIEM solution for a client? submitted by /u/AverageAdmin [link] [comments]

I periodically look for various information about new training courses or educational material. I've been in cybersecurity for many years, but I'm still curious about what's on the market now. I worked as a SOC Engineer-Analyst, then moved to SecOps and this training material had a high impact on me and my career: networkdefense.io: Investigation theory Practical threat hunting Also, Network Security Monitoring book by Chris Sanders Active Countermeasures: Practical Network Threat Hunting Antisyphon: SOC core skills Offensive Countermeasures book by John Strand submitted by /u/athanielx [link] [comments]

Are companies adopting passkeys for work settings and what is your personal take on this mess? ​ From my perspective FIDO let the floodgates open too soon which led ecosystems (apple, google, and microsoft) to make their own custom flavor and UI that doesn't interact well in a enterprise setting. I'll give it a thumbs up so far for consumers now that it's safe, syncable and recoverable now but I'd like to hear more from fellow redditors. Especially if your organization has tried to adopt passkeys but come across blockers or even success stories. submitted by /u/bespoke_redditor [link] [comments]

How do you use source code analysis tools in your company? Do you use separate products for SAST, IaC, Secrets Scanning? How do you deal with false positives? What would you wish was different (tools, workflows, eng teams collaboration, etc.) I'm on the engineering side, but am interested in rolling out a code analysis tool for our team. We don't have a dedicated AppSec team yet. What are the chances that we (as an eng team) can run any of the code scanner tools on our own? I'd appreciate your ideas! submitted by /u/Hoselam-sar-rafteh [link] [comments]

I’ve been dumbfounded by the rise of “malwares” as a plural to malware. Obviously malware is a portmanteau of malicious and software, and the plural of software is software. At first I just thought it was some people being wrong and they’d learn. But is this becoming a new normal? Like how cracker technically means malicious and hacker does not but everyone just uses hacker instead. submitted by /u/rootxploit [link] [comments]

submitted by /u/CYRISMA_Buddy [link] [comments]

submitted by /u/CYRISMA_Buddy [link] [comments]

Is there anything I can do to make it so they, and attackers by extension, wouldn’t be able to do this? submitted by /u/AppearanceAgile2575 [link] [comments]

submitted by /u/SCI_Rusher [link] [comments]

Hello all, here is a survey that I need responses for, for a college course in technical and report writing. The assignment related to this survey has to be related to whatever we are majoring in, and I am major in cyber security. So this survey is on the subject of phishing. The survey consists of 10 questions mostly yes or no questions. Any responses will be greatly appreciated Link: https://www.surveymonkey.com/r/VV755VN submitted by /u/Black_Space5000 [link] [comments]

submitted by /u/TheRecord_Media [link] [comments]

I have a feeling the answer to this is going to be "depends on the company" as is always the case, but I thought I'd gather input anyway. I'm curious to know how common it is for an infosec/secops team to be auditing/verifying changes to infrastructure themselves. With the recent palo-alto vuln for example, we talked to the team that manages those devices about whether or not we're vulnerable. They checked and said we are not... and I figured that's good enough for us. But my boss said we need to be verifying patch levels and exposure ourselves. Now to be clear, I don't think my boss is just being randomly mistrustful. Other teams we work with (granted w/more complex systems like fleets of linux hosts) have told us before some change or other was made to close vulnerabilities that weren't in fact done. But a lot of those types of systems are also easier to verify (due to agents or cloud-based tools that just require a glance at a dashboard for verification). It seems to me that having to log into production devices to double-check what the responsible team said is true is not only extra work but kinda showing an extra level of mistrust + taking responsibility for something that we don't need to. (i.e. if something bad did happen and it's because that team said they were on version X but weren't really, is it really the infosec teams fault?) The need for production access to all our firewalls/LBs/etc. also seems a bit concerning, though obviously we only need read-only, but I'm new enough to this field I just want to better understand typical best practices. Anyhow, just curious to know what people think. submitted by /u/techaspirant [link] [comments]

Exactly as the title says. One of my higher-ups tasked me to look into a recent vulnerability that could affect our org. I have all the information I need to write the report so that's all set. This would be my first time writing an attestation to present to 3rd parties, C-suite, etc., even though I've written reports in the past. Those reports were performing research on existing security tools/products to introduce into our environment. Since this is a new endeavor for me, what are some things that I should look out for? I understand that bias should be kept out of report due to how dangerous it could be, and also to be clear and concise in my writings so there isn't any room for misinterpretation. I'm more concerned about structuring the report in a way that readers/listeners can follow along without difficulty. Any help is appreciated, I have about a week to get this completed but the sooner the better(thank god). Love this sub, thank you guys. submitted by /u/squidJG [link] [comments]

In today’s modern world safety and security of our houses have become so important.Continue reading on Medium »

Second part series to cover Elastic SIEM Security Fundamentals labs using Elastichsearch and Kabana.Continue reading on Medium »

Overview:Continue reading on Medium »

Hey there! It’s cyberpro151 back with another PoC writeup for y’all.Continue reading on Medium »

The Cybersecurity Vault episode #31 w/guest Donna KidwellContinue reading on Medium »

A lot of professionals often get confused about these terms. Sometimes, privacy can be mistaken for anonymity, or pseudonymity can be…Continue reading on Medium »

Hellooooo hakurzzzz,Continue reading on Medium »

Cybersecs Experts by Dr. Alvin AngContinue reading on DataFrens.sg »

Cyber Security NewsContinue reading on Medium »

Router ConfigurationContinue reading on Medium »

Learn about the recent AT&T data breach, its impact, and steps to safeguard your information. Stay informed! 🛡️🔍Continue reading on Medium »

Learn about the recent AT&T data breach, its impact, and steps to safeguard your information. Stay informed! 🛡️🔍Continue reading on Medium »

With all these YouTube videos I’m getting option fatigue. I’m about to finish up with my WGU degree and feel like the labs they give you are cool but put in the real world I don’t think they translate much. I still feel as much as a newbie as I did when I started school Aug 2022. And youtube has so many fluff tutorials that it’s hard to finish one that’ll really help gain that hands on experience Suggestions? submitted by /u/eoverthink [link] [comments]

Getting a smart security camera to keep your home safe !Continue reading on Medium »

Hello everyone, like many out there my company has many different software solutions that all like to use different query languages for their searches. I am attempting to find better ways of learning these different languages for myself and for teaching my coworkers. This is more of a "learning how to learn" question. I have thought about making standard naming convention charts (hostname is called x in this platform, y in this one), as well as other documents with "key" features used across platforms, stats/join/etc. I know that the main advice is just "do it more, get more hours in the platform" but I am also a believer in there being better ways that others have come up with other than brute force. The other issue is that while some languages like Splunk have a million tutorials, many solutions have just vendor documentation and nothing deeper outside of paid vendor stuff. How do you personally learn languages like this? submitted by /u/Munkky [link] [comments]

Security is an important factor when creating frontend applications, as they are often the starting point for attacks.Continue reading on Medium »

https://nico-autonoma.medium.com/beyond-the-prompt-a81fc9081091 submitted by /u/nicomarcan [link] [comments]

Securing your property requires careful consideration when selecting a fencing supplier. Clearview fencing has gained popularity among…Continue reading on Medium »

In our ever-changing world, where chaos and uncertainty seem to lurk around every corner, the quest for safe havens has become a paramount…Continue reading on Medium »

VCPG Security is a premier security company in Australia, dedicated to providing top-tier protection services. Based in Melbourne, they…Continue reading on Medium »

Understanding Injection Threats in GenAI AppsContinue reading on Medium »

This article will explain the essential security configurations for containers running in the AWS cloud.Continue reading on AWS in Plain English »

Security Companies Melbourne: Trust 247 Security Group for top-tier protection, cutting-edge technology, and tailored service.Continue reading on Medium »

Hello all, Thought to post here to see if any of you knew about any relevant info like open-source (or very low cost) security controls that can be used in place of the traditional big brands found in our everyday enterprise. Alternatively if you can point me in the right direction to someone or source that I can connect with to get such info. A dozen high-fives ladies and gentlemen for potential suggestions, comments, or tips. submitted by /u/CyberGrizzly360 [link] [comments]

Every day we see more and more data breaches and it seems like the chances of experiencing a data breach, no matter who you are, is practically one. Why has it become so easy? Source: https://x.com/H4ckManac/status/1780547955381895172 submitted by /u/RansomBook [link] [comments]

There are a lot of services that now claim to monitor the dark web for leaked information. I was recently looking at a Norton product and it involves inputting a lot of sensitive information such as address, drivers licence number, credit card number and so on. It got me thinking, could people be inadvertently putting themselves at risk by using these services? Firstly there's the integrity of the database which holds all this personal information to be used for crosschecking. Then there's the act of crosschecking also, so how can the client be sure that the information they provide remains secure in the process of these constant dark web checks? submitted by /u/ckarkui [link] [comments]

Obvious aspects aside like to satisfy regulatory compliance, and also putting cost aside as SIEMs can be quite expensive, how would you gauge how effective or useful your SIEM is compared to all other security/alerting tools in your organizations? The reason I ask is because my team manages a large SIEM in a very large organization. Because it's so large, duties are silo'd. A different team leverages the SIEM to create alerts which get fed into a SOAR product (managed by another team) before being presented to SOC. I am certain that other security tools are feeding alerts into the SOAR tool but I don't have any sense of that scope. We are so far removed from SOC that it really makes it difficult to assess the value of the work we do. Execs also don't seem to be very interested in improving processes or expanding capabilities, which makes me further question how important our SIEM is compared to the other security products in our landscape. Curious to hear perspectives of others. (I sometimes wish my role was broader so I could have a hand in the full chain, from identifying valuable data sources to ingest through to investigation/resolution.) submitted by /u/Threezeley [link] [comments]

If we want to dispose of a server, how can we ensure that any areas that may contain passwords or sensitive data (BIOS, etc) are sanitized/purged without physically shredding all electronic components? It’d be environmentally unfriendly to shred an entire motherboard, which would reduce its recyclability. I think some vendors my publish instructions but others may not, particularly for older equipment. Is there any reliable resource, even a paid one, that gathers this info? I understand that with some classifications of data, physical destruction is the only acceptable disposal method, but that does not apply to my industry. What do you folks normally do? Do you require that the disposal company shred SSDs/HDDs and all circuit boards? I did some research before and there's a lot of info on SSD/HDD disposal but I didn't see much about chips such as the BIOS. submitted by /u/Adventurous-Dog-6158 [link] [comments]

For those of you who previously applied mitigations (disabling telemetry), this was not effective. Devices may have still been exploited with mitigations in place. Content signatures updated to theoretically block newly discovered exploit paths. The only real fix is to put the hotfix, however these are not released yet for all affected versions. Details: https://security.paloaltonetworks.com/CVE-2024-3400 ​ submitted by /u/maceinjar [link] [comments]

submitted by /u/DerBootsMann [link] [comments]

I have heard that lot of hackers in the early 2000s learnt hacking from forums. Some met others from forums and stuffs like that? Are forums still a thing or are the sites like reddit, discord the new "forums"? submitted by /u/Standard-Art-1967 [link] [comments]

And that's why more and more countries are looking to Germany as 'a pilot project' which is seriously taking careful and steady steps to ditch Windows for Linux. submitted by /u/B-HDR [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]