You can translate the content of this page by selecting a language in the select box.
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
- You get from them a PGP identity (public key). How you do that is entirely up to you.
- Your PGP program uses that identity to perform a single public key encryption of a message key.
- Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
- Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
- Hash the message.
- Do a public key signature operation on the hash and attach the result to the message.
- Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
- Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
- A Signal session requires the storage and maintenance of a lot of state information.
- Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
- How to Land a CNO Development Job?by /u/Any_Volume5771 (cybersecurity) on September 25, 2023 at 5:52 pm
Hi Everyone, I'm interested in becoming a CNO developer, and want to know the best way for me to land a job with no work experience in the field. The problem is, as with a lot of cybersecurity jobs, companies require many years of experience in addition to a multitude of skills. This is a catch 22 because I can't get experience if I'm not hired for a job, but I won't be hired for a job unless I have experience. My questions are as follows: 1) What is the best way for me to compensate for lack of work experience, so I can land a CNO development job? 2) In addition to learning the requisite skills on my own, how much will certs (perhaps OSCP, GREM, etc.) help? I already have Security+. 3)What about ideas for real-world personal projects I can complete on my own to demonstrate to employers that I have the knowledge necessary for the job? 4) What about internships? Thank you all in advance for the help. submitted by /u/Any_Volume5771 [link] [comments]
- How Do You Handle Clicks on Phish Links?by /u/SecurityCocktail (cybersecurity) on September 25, 2023 at 5:51 pm
It's not uncommon that through either URL Rewriting or someone reporting a phishing attack, I find an individual who clicked on a link in a phishing email, which took them to a phishing form, typically trying to steal their username and password. When the user has NOT entered any credentials, how do you handle these? Do you force a password reset anyway? Reset login tokens? Wipe computer? Force the end user into a phishing training program? Again, this is not for incidents where the user entered login creds; this if for those who clicked but DID NOT enter creds. I have my own small playbook I use, but I am interested in hearing what others in the community do. Thanks in advance! submitted by /u/SecurityCocktail [link] [comments]
- Physical security for officesby /u/BuildingKey85 (cybersecurity) on September 25, 2023 at 5:28 pm
Hey /r/cybersecurity, We're a cloud-only environment with several offices across the United States and Asia. All of our non-public data is stored in the cloud, but employees can use these offices to work/collaborate if they so choose. We'd like to improve our physical security by upgrading our badging system. Desired qualities: SaaS-based platform for centralized management Users should be able to badge in with an app using their phones Information Technology/Security must be able to remotely lock/open doors Information Technology/Security must be able to provision/deprovision user access Access logs should be collected and retained for at least 90 days Are there any providers that this sub highly recommends? I'm happy to provide more information if needed. Thanks! submitted by /u/BuildingKey85 [link] [comments]
- Are your end-users' passwords compromised? Here's how to check.by /u/z3nch4n (cybersecurity) on September 25, 2023 at 5:28 pm
submitted by /u/z3nch4n [link] [comments]
- Is it a good time to switch ?by /u/Anonymoussharma17 (cybersecurity) on September 25, 2023 at 4:50 pm
Not sure if I should continue with my current job or should I look forward to change! Should I wait because of layoffs in majority of organisations? submitted by /u/Anonymoussharma17 [link] [comments]
- Day 94 — Unveiling Security Secrets with Penetration Testing and IAMby Sushrita Swain (Cybersecurity on Medium) on September 25, 2023 at 3:50 pm
Welcome to the 94th day of our cybersecurity journey! Today, we embark on an exciting exploration into the world of Penetration Testing, a…Continue reading on Medium »
- Cyber Briefing: 2023.09.25by CyberMaterial (Cybersecurity on Medium) on September 25, 2023 at 3:50 pm
👉 What’s happening in cybersecurity today?Continue reading on Medium »
- Single Asset Vulnerability Counyby /u/XToEveryEnemyX (cybersecurity) on September 25, 2023 at 3:49 pm
I'm pretty sure we've all seen and/or performed vulnerability scans before. So I'm curious what was a discovery that made you guys go "fuck no kill it with fire" I've seen assets with maybe 5 or 10 max vulnerabilities that needed to be looked at but NEVER have I seen one with over 400 vulnerabilities until today. Missing years of security patches submitted by /u/XToEveryEnemyX [link] [comments]
- How Could a Self-XSS end with $$$$by Mahmoud Hamed (Cybersecurity on Medium) on September 25, 2023 at 3:45 pm
In this write-up, I will explain two cases of Self-XSS where I managed to escalate them into something impactful.Continue reading on Medium »
- Scammers mimic “Blast Royale” — Target Web3 Gamers!by Cyber Strategy Institute (Cybersecurity on Medium) on September 25, 2023 at 3:44 pm
Well the gaming community is being targeted, who may wonder why? Well Web3 gaming has received more VC funding in the last 2-years than…Continue reading on Medium »
- 5 Best Platforms to learn Cyber Security in 2024by javinpaul (Cybersecurity on Medium) on September 25, 2023 at 3:36 pm
My favorite websites and online places to learn CyberSecurity in 2024Continue reading on Javarevisited »
- 5 Best Platforms to learn Cyber Security in 2024by javinpaul (Security on Medium) on September 25, 2023 at 3:36 pm
My favorite websites and online places to learn CyberSecurity in 2024Continue reading on Javarevisited »
- Does everyone hate their job?by /u/bearboyjd (cybersecurity) on September 25, 2023 at 3:35 pm
I don't get it, I'm in IT right now, went to school for cyber security and everyone seems to hate their job. Working with other people you have to recognize they are going to ask "dumb questions" and it's my job to help them parse that question to something that makes sense. Not everyone has the same background you do. I dont understand why everyone gets so mad over it. I have a guy I work with, if you ask a dumb question he just stops responding to them until someone else deals with it (we do things mostly over teams) And everyone seems to complain about dumb questions, seems silly to get so upset over it. Is this a constant throughout working in the field or is it just the people I work with? submitted by /u/bearboyjd [link] [comments]
- Hacking Proxmox VE via the admin panelby 0xlildouou (Cybersecurity on Medium) on September 25, 2023 at 3:28 pm
Proxmox VE is a hypervisor based on the debian GNU/Linux distribution and KVM. Unlike its competitors such as VMware (HyperV being crap)…Continue reading on Medium »
- Looking for Ressources on SSDLC (Secure Software Development Life Cycle)by /u/Sea-Eggplant480 (cybersecurity) on September 25, 2023 at 3:26 pm
Hey Guys, I’m a former software developer who just transition into project management and my new company gave me the task to manage the proper implementation of the SSDLC. Since I‘m not a security expert (and to be honest never heard of this topic before) I‘m looking for some resources that help me catch up. I already found the course guide for the CSSLP (Certified Secure Software Lifecycle Professional) by Paul Mano but it was published in 2013 so I‘m not sure if it’s up to date. Anyways, I do not intend to take a certification. I just need some current book / online-course, so that I can grasp the scope of the project and keep up in a conversation with the project team (which still isn’t defined yet). Thanks! submitted by /u/Sea-Eggplant480 [link] [comments]
- AI in Cybersecurity Threat Detection: Navigating the Digital Battlegroundby BluShark Media (Cybersecurity on Medium) on September 25, 2023 at 3:20 pm
In the sprawling metropolis of the digital world, the specter of cyber threats looms large. Just when we think our ramparts are…Continue reading on Medium »
- Unlocking Time Travel: The Quantum Encryption Connectionby El Dawton (Cybersecurity on Medium) on September 25, 2023 at 3:17 pm
When it comes to technology, few things have captured our imagination quite like quantum technology and the mind-bending concept of time…Continue reading on Medium »
- EASY GUIDE TO INTEGRATING NYM WITH YOUR PRODUCTSby Seunafo (Security on Medium) on September 25, 2023 at 3:16 pm
This guide provides instructions on how to smoothly integrate NYM into your tech products. NYM is a decentralized architecture for digital…Continue reading on Medium »
- SCAP Security and Compliance Scanning of Docker Images in GitHub Actions and GitLab CIby /u/candrewswpi (cybersecurity) on September 25, 2023 at 3:15 pm
SCAP scans are required in many cases, such as STIGs for US government work and PCI compliance for e-commerce. When not required, they're a great way to improve security hardening. These scans report issues such as world-writable files, insecurely configured services, and more. Performing SCAP scans has traditionally been a manual process involving obscure tools, complex output requiring security specialists to interpret, and non-repeatable techniques. However, I improved that process, making it automated and easy to understand. I provide copy-and-paste ready-to-go GitHub Actions and GitLab CI code that you can drop into your projects to automatically and effortlessly scan docker images for compliance with benchmarks from CIS, PCI, STIG, and more. Check out https://candrews.integralblue.com/2023/09/scap-security-and-compliance-scanning-of-docker-images-in-github-actions-and-gitlab-ci/ for the code and more information about SCAP scans and my work to make them easier to perform. submitted by /u/candrewswpi [link] [comments]
- Who is responsible for protecting data in the cloud?by Apriorit (Cybersecurity on Medium) on September 25, 2023 at 3:01 pm
Vendors and users share responsibility for data security in the cloud. Everyone knows this, but everyone understands it differently.Continue reading on Apriorit — Specialized Software Development Company »
- UK Government Enacts Transformative Online Safety Billby Consulting24.co Medium (Security on Medium) on September 25, 2023 at 2:54 pm
In response to the escalating online interactions and the concurrent rise in online harms and hate crimes, the UK government has taken a…Continue reading on Medium »
- Not Just for Criminals: 10 Legitimate Purposes for Using the Dark Webby Hoody.com (Cybersecurity on Medium) on September 25, 2023 at 2:54 pm
Shrouded in mystery, the dark web has gained a reputation.Continue reading on Medium »
- Not Just for Criminals: 10 Legitimate Purposes for Using the Dark Webby Hoody.com (Security on Medium) on September 25, 2023 at 2:54 pm
Shrouded in mystery, the dark web has gained a reputation.Continue reading on Medium »
- The Unsung Heroes of Cybersecurity in Government Contractingby Gabriel Mahia (Security on Medium) on September 25, 2023 at 2:18 pm
In the rapidly evolving landscape of cybersecurity, there exists a group of professionals often overlooked yet vital to the integrity of…Continue reading on Medium »
- What are you guys working on this week?by /u/Who_Da_Fuck (cybersecurity) on September 25, 2023 at 1:58 pm
I'm getting a few ISO audits out the door, and some HITRUST testing submitted by /u/Who_Da_Fuck [link] [comments]
- A lesson from the 90’s for protecting privacyby Rebecca Balebako, PhD (Security on Medium) on September 25, 2023 at 1:57 pm
Define, document, and debug using technical privacy tests.Continue reading on Medium »
- The War on Terror: Last Phase (2011–2021)by Spacebound (Security on Medium) on September 25, 2023 at 1:45 pm
From Arab spring to the American withdrawal from Afghanistan.Continue reading on The Geopolitical Economist »
- 7 Tips To Enhance Your Securityby Anabel kelson (Security on Medium) on September 25, 2023 at 1:03 pm
Investing in robust security measures is crucial to protect your digital assets and mitigate cyber risks. Here are some steps you can take…Continue reading on Medium »
- Anyone who went the route of Network Engineer to Cyber security?by /u/Honest_Bank8890 (cybersecurity) on September 25, 2023 at 12:59 pm
If there is anyone who went the route of Network engineer to Cyber security, I am wondering how you were able to do it, how long were you a network engineer for, before deciding to head into Cyber security and if so what were the steps you took, did you have a CCNA then went to get another certification to then going on the job hunt, what advice would you give someone trying to do this submitted by /u/Honest_Bank8890 [link] [comments]
- OpenSea API Key Security Breach Sparks Concernby Crypto Navigator (Security on Medium) on September 25, 2023 at 12:58 pm
Continue reading on Medium »
- Types of web application attacks with examplesby SAMIN BIN HUMAYUN (Security on Medium) on September 25, 2023 at 12:45 pm
In today’s digitally connected world, web applications have become integral to our daily lives. From online shopping to social media, we…Continue reading on Medium »
- Underrated tools & practicesby /u/Happy-Matter-3140 (cybersecurity) on September 25, 2023 at 12:27 pm
What are some underrated cybersecurity tools or practices that more people in the industry (and outside of it) should know about? submitted by /u/Happy-Matter-3140 [link] [comments]
- Suggestion for OT securityby /u/Nice-Estimate2311 (cybersecurity) on September 25, 2023 at 9:47 am
Hello all, I'm looking for what could be done to ICS (Industrial Control System) security, at least to have insight of all devices and vulnerabilities they exposed. Can you suggest any tool for passive discovery, device inventory or something like that...? For further improvement, the design and architecture would be reviewed as well. Is there any good reference to ICS security framework, architecture or best practices that I may learn from? submitted by /u/Nice-Estimate2311 [link] [comments]
- Soc Analyst vs Engineer. What to choose?by /u/danievident (cybersecurity) on September 25, 2023 at 9:47 am
Hello, I know the title is vague, everyone would probably choose engineer, but maybe someone had a similar situation. Asking for some perspective. I work as a SOC Analyst in shifts and I have on the table a position as a SIEM Engineer. Now the catch is that the engineer position is paid around 35% less than the soc one because of missing shifts. It would be a 9-5 position, but the thing is that I actually like the shifts especially with my curent life style. I love having free days in the middle of the week and to not work 5 days in a row. Also the soc position is quite stress free and chill and I already know that for the engineer position would involve a lot of learning and stress (especially because I wouldn't have a training, nor a colleague/trainer nothing). The only good thing I find about the engineer position is for the future jobs. So what would you choose? Remain a Soc Analyst with good pay and relax clients + free time or choose engineer with a downgrade payment of 35% and considerably more work needed but the chance to learn new things that may help you in the future + XP on engineering side and on CV? Thank you! submitted by /u/danievident [link] [comments]
- New stealthy and modular Deadglyph malware used in govt attacksby /u/Odd_Strength2984 (cybersecurity) on September 25, 2023 at 8:57 am
submitted by /u/Odd_Strength2984 [link] [comments]
- Certs for a CISOby /u/CircumlocutiousLorre (cybersecurity) on September 25, 2023 at 8:31 am
I am currently a CISO in a rather small Org, interesting work since we are a cyber company so I am able to do internal work and consult clients at the same time. I am a certified ISO Lead auditor and implementer, some project management certs and an MBA. Where should I spent my yearly budget on now, given that I want to grow as CISO. submitted by /u/CircumlocutiousLorre [link] [comments]
- Top 3 Data Breaches This Weekby /u/zolakrystie (cybersecurity) on September 25, 2023 at 8:24 am
24 September 2023 - National Student Clearinghouse Data Breach Impacted Approximately 900 U.S. Schools The National Student Clearinghouse (NSC) is a nonprofit organization based in the United States that provides educational verification and reporting services to educational institutions, employers, and other organizations The organization has disclosed a data breach that impacted approximately 900 US schools using its services. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- Read more: https://securityaffairs.com/151281/data-breach/national-student-clearinghouse-data-breach.html 22 September 2023 - Head of Hong Kong consumer watchdog apologises for potential data leak The head of Hong Kong’s consumer watchdog apologised on Friday over a potential leak of personal data involving more than 8,000 people following a cyberattack. Unknown hackers had threatened to leak the data by Saturday night if a US$500,000 ransom was not paid, Consumer Council chairman Clement Chan Kam-wing said, addressing the public over an incident that had shut down 80 per cent of the watchdog’s computer systems. Read more: https://www.scmp.com/news/hong-kong/law-and-crime/article/3235438/head-hong-kong-consumer-watchdog-apologises-potential-data-leak-affecting-over-8000-people-us500000 20 September 2023 - Pizza Hut Australia hack: data breach exposes customer information and order details The data obtained includes customer details and online order details from Pizza Hut’s customer database, including names, delivery address and instructions, email addresses and contact numbers. For registered accounts, it would also include encrypted credit card numbers and encrypted passwords. Read more: https://www.theguardian.com/australia-news/2023/sep/20/pizza-hut-hack-australia-data-breach-passwords-information-leak submitted by /u/zolakrystie [link] [comments]
- Introduction to cloud security - Episode 2 - IAMby /u/Early_Psychology_220 (cybersecurity) on September 25, 2023 at 7:22 am
🔥 Introduction to Cloud Security Episode 2 IAM 🔥 https://youtu.be/3-SbnrdpvoA submitted by /u/Early_Psychology_220 [link] [comments]
- Is there a firewall product that has has an open API for capturing intrusion data?by /u/InfiniteHalf22 (cybersecurity) on September 25, 2023 at 5:19 am
I've been searching my entire weekend, but it looks like all the products I found, PANW NGFW, Cloudflare WAF, Azure Firewall, etc., all have APIs that allows me to get Firewall policies and its settings, but not the actual intrusions, URLs, that the firewall captured. Is there a product that provides an API for this use case? submitted by /u/InfiniteHalf22 [link] [comments]
- Have any of you experienced brand impersonation?by /u/berke7689012 (cybersecurity) on September 25, 2023 at 3:35 am
I came upon an article discussing Brand Impersonation, where cybercriminals mimic trusted brands to deceive users and take advantage of another’s reputation in order to steal information. It's alarming how advanced these tactics have become in the cybersecurity landscape. You can check out the article here. Has anyone here fallen for such impersonations or came across them professionally? Would love to hear your experiences and insights. submitted by /u/berke7689012 [link] [comments]
- How to effectively defend against Password Spraying Attacks for Companiesby /u/fried20melon (cybersecurity) on September 25, 2023 at 2:14 am
Recently I was wondering why even the biggest companies are prone to such simple attacks like the Password Spraying Attack. As the name suggests, it seems like a simple enough attack where they would guess passwords via computer algorithms to try and force the right one. Through some research I found that that Password Spraying is: - A brute force attack where the attacker attempts variations of passwords repeatedly in a short amount of time. (Varnois) It also mentions that hackers aren’t repeatedly trying to log in to same accounts so they avoid getting locked out due to excessive number of login attempts like brute-force attacks do. The most common practice seems to be to educate your employees to change their passwords periodically. However, what are some more effective ways to defend against Password Spraying Attacks, what can the company actually impose, other than changing passwords in their security system from stopping such attacks? submitted by /u/fried20melon [link] [comments]
- National Student Clearinghouse data breach impacts 890 schoolsby /u/talentSA112200 (cybersecurity) on September 25, 2023 at 1:48 am
submitted by /u/talentSA112200 [link] [comments]
- Soc analyst how do you guys do it?by /u/General-Example-3837 (cybersecurity) on September 25, 2023 at 12:45 am
It’s almost been a year working as SOC and I feel burn out. It’s not the work load but the hours I work that take a toll in my body. Recently got my MS in cybersecurity so plan to look further but for the current Soc peeps how do you guys do it? Edit: thank you guys for your input and advice. I do appreciate it, somethings I’ll mention. My hours is not 40 but it’s around 48 (days, nights) I do get long breaks from work (3-5 days off) so I take full advantage, but I try to keep away from studying just because of my mental health. I do plan on focusing on my career path which I will do more hands on lab and cert studying. One thing I want to tell everyone who’s already soc or interested in, you got to start somewhere. If you get the opportunity use it to the max. Chances are you won’t be where you are now within a year but somewhere better. Stay safe cyberfolks and mental health is important! submitted by /u/General-Example-3837 [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on September 25, 2023 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
- Maximising IT Security on a Tight Budgetby /u/Fantastic_Ice1107 (cybersecurity) on September 24, 2023 at 6:55 pm
I'm in IT Security at a small company with a tight budget. Unfortunately, we can't afford a pen test right now. So, I'm looking for advice on any tools and methods to use to identify and shore up any potential vulnerabilities or gaps. Has anyone been in a similar situation and can share their insights? Thanks! submitted by /u/Fantastic_Ice1107 [link] [comments]
- People who work in hiring cybersecurity employees, do you really hire people based on their certificates (in the case of having no experience)?by /u/No_Sandwich1231 (cybersecurity) on September 24, 2023 at 11:03 am
When I take courses to learn something I find myself learn nothing because I don't find where is it useful or why would I need that? But when I've a goal to answer the questions in my mind and start searching in Google and other resources, I find myself learning tons of things compared to what I learned in the courses Currently I am forcing myself to watch professor Messer sec+ just to take the certificate but everything for me is just a garbage and torture, the same when I took the Google cybersecurity certificate submitted by /u/No_Sandwich1231 [link] [comments]