Greetings! If you haven’t read the into to this series, I suggest you do so here:Continue reading on Medium »

The 19th issue of Cybersecurity Weekly, which curates the latest cybersecurity industry news.Continue reading on Cybersecurity Weekly »

The 19th issue of Cybersecurity Weekly, which curates the latest cybersecurity industry news.Continue reading on Cybersecurity Weekly »

Web applications play a pivotal role in today’s digital landscape. They store and manage vast amounts of sensitive user data, ranging from…Continue reading on Medium »

Continue reading on Medium »

IntroductionContinue reading on Medium »

IntroductionContinue reading on Medium »

Continue reading on Medium »

AI systems are used increasingly in various applications, including autonomous vehicles, medical diagnostics, and biometric authentication…Continue reading on Medium »

Find Who Tried Login To Your Laptop In Your Absence Continue reading on Medium »

Digital Certificate -X.509 standardContinue reading on Cloudnloud Tech Community »

A Royal source has confirmed that a cyber attack, the denial of service attack (DDoS) has targated the royal website. A DDoS is when an…Continue reading on Medium »

IntroductionContinue reading on Medium »

What Is Ransomware?Continue reading on Medium »

Continue reading on Medium »

Continue reading on Medium »

As a penetration tester or bug bounty hunter, you know the importance of having the right tools at your disposal. ChatGPT is a powerful AI…Continue reading on Medium »

Continue reading on Medium »

Continue reading on Medium »

Continue reading on Medium »

So I’m getting into threat intelligence and focusing on strategic and operational intelligence. What analysis method would you recommend? Thinking about hTMM or quantitative TMM but I have no clue. I’ve tried to look in cysa + but it’s kinda basic with no deeper explanation on the analysis methodology except for stride. submitted by /u/Final_Value3643 [link] [comments]

submitted by /u/oilcupsap [link] [comments]

Hello, At my Job we're Monitoring different Data 3 web applications. So every month we're getting Security Reports from those applications but i want to Set those Data in context to the 2 previous months to Show the trending course in several charts. I dont want to manually Paste in those Data every month but thought about automating the process since the applications have working APIs. First of all - is there a Default way or Tool in the Security sector that offers this functionality? What Tools are you using ? Otherwise which Software should i use to get the Data from the APIs and can Automate charts and calculations ? Many thanks submitted by /u/sw4gyJ0hnson [link] [comments]

Hello everyone, I have a cybersecurity internship interview at TikTok scheduled for this week, and I'm quite unsure about the process. If anyone has any insights or previous experience with TikTok interviews, I would greatly appreciate it. Thank you in advance! submitted by /u/Status_Friendship_23 [link] [comments]

submitted by /u/tweedge [link] [comments]

I see these levels referred to a lot in cybersecurity jobs listings but they typically don’t list the salary ranges that come with them. They are consistent with experience/education required to fit within those levels but when doing some research on the salaries of those levels, there are inconsistencies. This is understandable because they’re different companies but I am wondering: what should these salaries look like? I ask because l’ll have a bachelors and 6 years experience which would place me in Level 2. Getting my master’s would put me in Level 3 and I’m wondering how much money I am leaving on the table without the masters degree, or if these salary ranges have overlap. Thanks. submitted by /u/variedlength [link] [comments]

Will aws inspector pick up on the new libwebp zero day ? Thanks. submitted by /u/Constant-Luck-3588 [link] [comments]

submitted by /u/wewewawa [link] [comments]

submitted by /u/wewewawa [link] [comments]

I have an upcoming interview for a CyberSecurity Customer Success role and need to do the following: “ As a part of our interview process, we require candidates to deliver a simulated threat briefing. This simulation will mimic briefings that our team is required to deliver to customers as a part of their normal duties. · Topic: An overview of SCATTERED SPIDER’s targeting profile and TTPs” It needs to be between 4-7 slides and I have all the materials from sources, script, context, and etc. Agenda: Who is SCATTERED SPIDER? SCATTERED SPIDER targeting Overview Most Recent Event and Impact Recommendations and Mitigation Key Takeaways and Q&A From what you guys can see in my agenda, do you believe I cover a good overview of what they are requesting me? If not, any recommendations and tips? submitted by /u/TomTravelingThings [link] [comments]

After about 2 months of studying I managed to earn my CySA...now what? Not really a question about career paths thats obv for me I want to go into pen testing the main reason I got the CySA is because it covers the most 8570 requirements and I want to use it to get an entry level cyber job. But the question I have is what should I do now to get closer to my goal of pen testing/ethical hacking should I go for Pen+, CEH, or go balls to the wall and go for OSCP? submitted by /u/Ok-Prune3223 [link] [comments]

Hi all, New to SOC 2 and ISO 27001. I am trying to understand where and when SOC 2 and ISO 27001 fits in to building a SaaS product. Does SOC 2 and ISO 27001 framework need to get built in on the front end/back end (software coding development) for a SaaS product or can front and backend coding be completed and then can prep for SOC 2 and ISO 27001? Or does SOC 2 and ISO 27001 just get integrated with policies, procedure's and AWS security's enhancements after software development coding? ​ Does the Software Developer have to do anything to prep for SOC 2 and ISO 27001? or can SOC 2 and ISO 27001 implementation be done post software development coding? submitted by /u/Ok-Pen-8450 [link] [comments]

I am having a hard time to choose a specialization in offensive security field. . I am already confident with the traditional pentest with few years of exp and some practical cert like eCPPT, eWPT and OSCP. . But as of now, I want to specialize in a specific subfield in offensive security world that is not so very common. I am thinking of this because I want to take a path where theres fewer competitions especially in hiring and I also want to contribute to subfields that there are very few free community resources as of now. . Here are what I am thinking but please feel free to add more and correct some: - MacOs PenTest - Cloud PenTest - Exploit and Malware Devlopment/Research - Hardware Hacking (Cars? Embedded?) - Aerospace (Satellite Hacking?) - And maybe you have more ideas? . Can you help me choose a subfield to focus on? Thank u so much! submitted by /u/d4rk_hunt3r [link] [comments]

Do you have an API inventory in your company for security purposes? If yes, what are you using? Backstage.io? An excel file? ​ What approach do you recommend? submitted by /u/tristankalos [link] [comments]

Everything that I know and have learned about UPnP makes it seem like a lazy and short sited feature that can only cause insecurity. From a security perspective, it seems like there is literally no good reason for UPnP to even exist, and I should at the very least have the option to turn it off. Am I wrong in believing that? submitted by /u/3mbly [link] [comments]

Hi all, I work in IR, been doing it for the last 5.5 years. Was curious and wanted to hear how you automated things within your current environment. What was the reasoning behind it, did you see improvements in incident resolution, efficiency, etc. Any input is appreciated. Thanks! submitted by /u/Chalupaboi23 [link] [comments]

Hello everyone. I hope you are doing well. I am preparing a presentation on vulnerabilities and have been researching the topic extensively. However, I've found a lot of inconsistencies across different websites and books - each source seems to define and categorize vulnerabilities differently. This has left me feeling quite confused about what information is accurate. Do any of you have recommendations for authoritative books, articles, or other reliable sources I could reference to learn more about vulnerabilities? I would greatly appreciate any suggestions you can offer. Please let me know if you know of some comprehensive yet understandable resources that could help clarify this topic for my presentation. submitted by /u/Park-Helen [link] [comments]

Dear cybersecurity hiring managers of reddit, are there worldwide remote positions? I am wondering if i should widen my soc analyst job search. In Europe i can rarely find any position that allow real remote working. I can also say the same about American postings, if a position is remote, they will most likely want you to work from a given state of the US. submitted by /u/existo25 [link] [comments]

Hey guys! I recently got hired as an Information Security Manager for a state department of transportation district. I have 6 years of experience in the field and some on and off experience leading security efforts in organizations. Even still, I have some concerns about how to approach the first 90 days. Can any fellow managers give some tips and advice on how to navigate this important time period? What questions should I ask to gain deep understanding of processes and practices? Additionally, can any junior or mid-level analysts/engineers give some insight into what they wish their new manager did in the first 90 days? Please and thank you! EDIT: I was told that I need to be a little more specific. In this role, I will be in charge of security operations, which include managing security controls and software, managing security of the data center, refreshing tools and technologies, vulnerability and patch management, policies and procedures, and other security requirements. There are a few more specifics but I don’t want to give out too many details. The systems being secured are Intelligent Transportation Systems, so dynamic message signs, traffic cameras, dispatch solutions for roadside assistance services, and traffic management systems. submitted by /u/Atlanta_Alchemist [link] [comments]

I've 3 years of experience in penetration testing, specialising in web, mobile, API and game pentesting. I've also worked on smart contract auditing and blockchain based apps pentesting in my last experience. However, after 1.5 years, I was laid off. I've been resting for a while, and I'll until November. The idea of shifting my career to a smart contract auditor role has always occupied my mind, and I've been improving my skills as I decided to shift. I'm learning JS, improving my blockchain and Solidity knowledge, and security vulnerabilities. However, I'm not sure if it's worth that much time and effort. Because, I'm sacrificing my pentesting skills when focusing solely on blockchain security, and getting a job is not guaranteed. I may participate in contests, but I can do bug bounty as well. But running both is truly overwhelming, and I do not want to lose my focus and dedication. What are your opinions for this case, and your recommendations for me? submitted by /u/MuhafiZ48 [link] [comments]

submitted by /u/KI_official [link] [comments]

What's your thoughts on a CISO's decision to give all users admin privileges on their workstations? But other hand having security controls in place like EDR, DLP, Device management, MFA, conditional access, etc... submitted by /u/Sweet_Peanut_5611 [link] [comments]

submitted by /u/wewewawa [link] [comments]

I am in a pretty messed up situation, I started a new position two weeks ago and the new company doesn't have a web application firewall for their applications, they are relying on b2c for protection as the application redirects. In the logging I can see tons of probing attacks, it doesn't look like any of them are particularly successful but sooner or later I'm sure they're going to find something. the infrastructure is housed in AWS, the attacks are coming from AWS too. This company just hand waves all kinds of security issues, they have no vulnerability management tools or ingestion systems, and it doesn't look like they want to have them. Lol is it time in three four months to look for something else? Thanks submitted by /u/jorel43 [link] [comments]

Inspired by the Azure MFA post. When I was an implementation consultant and still new to SQL, I was writing a statement to delete records per client request, our ISE allowed you to test code by highlighting and it would only run what was highlighted, of course I ran the select and the not the where, and deleted millions of records in production, during busy season. Luckily we were running Oracle 11g at the time and had just gotten flashback functionality. After that we stuck to test enviroments. submitted by /u/Who_Da_Fuck [link] [comments]

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]