Security.nl
Thu, 25 Apr 2024 16:32:13 +0200Burgerrechtenbeweging Bits of Freedom (BoF) hekelt de AI-verordening die door het Europees Parlement is aangenomen. Het gaat ...
https://www.security.nl/posting/839358/Bits+of+Freedom%3A+%27nationale+veiligheid%27+zorgt+voor+maas+in+Europese+AI-wet?channel=rss
GroenLinks-PvdA heeft Kamervragen gesteld over het strafrechtelijk vervolgen van Telegram of haar bestuurders, omdat de ...
https://www.security.nl/posting/839335/GroenLinks-PvdA+stelt+Kamervragen+over+strafrechtelijk+vervolgen+Telegram?channel=rss
Microsoft is al enige tijd bezig met een plan om kwetsbare Windows-bootmanagers in te trekken, om systemen zo tegen aanvallen ...
https://www.security.nl/posting/839325/Microsoft+komt+met+plan+voor+intrekken+kwetsbare+Windows-bootmanagers?channel=rss
WhatsApp-gebruikers op iOS kunnen voortaan ook met passkeys op hun account inloggen, zo laat de chatdienst via X weten. Zes ...
https://www.security.nl/posting/839320/WhatsApp+laat+iOS-gebruikers+inloggen+via+passkeys+in+plaats+van+sms-code?channel=rss
De Autoriteit Persoonsgegevens (AP) is kritisch over het gebruik van bodycams in de supermarkt zoals keten Dirk van den Broek ...
https://www.security.nl/posting/839316/Autoriteit+Persoonsgegevens+kritisch+over+bodycams+in+supermarkt?channel=rss
De Zweedse staatsslijterij Systembolaget heeft inwoners van het land gewaarschuwd voor mogelijk lege drankschappen als gevolg ...
https://www.security.nl/posting/839302/Zweedse+staatsslijterij+waarschuwt+voor+lege+drankschappen+door+ransomware?channel=rss
Supermarktketen Dirk van den Broek gaat personeel in tientallen winkels uitrusten met een bodycam. Dit moet volgens de ...
https://www.security.nl/posting/839287/Dirk+van+den+Broek+voorziet+supermarktpersoneel+van+bodycams?channel=rss
Het is voor de Belastingdienst op dit moment onrealistisch om voor alle applicaties logging en monitoring toe te passen, om zo ...
https://www.security.nl/posting/839281/Van+Rij%3A+logging+en+monitoring+voor+alle+applicaties+Belastingdienst+onrealistisch?channel=rss
Veel bedrijven die het slachtoffer van ransomware worden doen uit angst voor reputatieschade geen aangifte bij de politie, ...
https://www.security.nl/posting/839272/Politie%3A+angst+voor+reputatieschade+weerhoudt+aangifte+ransomware+te+doen?channel=rss
Microsoft gaat een technologie van Windows 11 die voor kleinere updates zorgt ook voor Windows 10 toepassen. Volgens het ...
https://www.security.nl/posting/839270/Microsoft+kondigt+kleinere+updates+aan+voor+Windows+10?channel=rss
Meer dan honderdtwintig bedrijven wereldwijd, waaronder minimaal tien in Nederland, zijn via een kwetsbare Qlik Sense-server ...
https://www.security.nl/posting/839260/Nederlandse+bedrijven+via+kwetsbare+Qlik+Sense-server+besmet+met+ransomware?channel=rss
De AIVD moet informatie over cyberdreigingen direct met belangrijke bedrijven delen, zo wil de VVD. De partij presenteert ...
https://www.security.nl/posting/839254/VVD+wil+dat+AIVD+informatie+over+cyberdreigingen+direct+met+bedrijven+deelt?channel=rss
Firewalls van Cisco zijn al maandenlang het doelwit van aanvallen waarbij twee zerodaylekken worden gebruikt, zo heeft het ...
https://www.security.nl/posting/839251/Cisco-firewalls+al+maandenlang+doelwit+van+zeroday-aanvallen?channel=rss
GitHub besloot vorig jaar om het gebruik van tweefactorauthenticatie (2FA) voor ontwikkelaars verplicht te stellen, wat tot een ...
https://www.security.nl/posting/839218/GitHub+meldt+sterke+afname+van+sms+als+optie+voor+tweefactorauthenticatie?channel=rss
De gps-trackingapp iSharing heeft als gevolg van een IDOR-kwetsbaarheid van miljoenen gebruikers de locatie- en ...
https://www.security.nl/posting/839211/Gps-trackingapp+iSharing+lekte+locatiegegevens+miljoenen+gebruikers?channel=rss
Onder Amerikaanse Ring-gebruikers is een bedrag van 5,6 miljoen dollar verdeeld omdat medewerkers van het bedrijf illegaal ...
https://www.security.nl/posting/839200/Ring-gebruikers+krijgen+vergoeding+omdat+medewerkers+priv%C3%A9opnames+bekeken?channel=rss
Google heeft vandaag nieuwe versies van Chrome uitgebracht waarin een kritieke kwetsbaarheid is verholpen waardoor een ...
https://www.security.nl/posting/839195/Google+verhelpt+opnieuw+kritiek+Chrome-lek+dat+uitvoeren+code+mogelijk+maakt?channel=rss
Onderzoekers hebben gekeken hoelang het duurt om bcrypt-wachtwoordhashes met verschillende videokaarten te kraken. Het gaat dan ...
https://www.security.nl/posting/839185/Onderzoekers+testen+kraken+bcrypt-wachtwoordhashes+met+videokaarten?channel=rss
GroenLinks-PvdA heeft demissionair minister Yesilgöz van Justitie en Veiligheid om opheldering gevraagd over afmeldcodes, ...
https://www.security.nl/posting/839181/GroenLinks-PvdA+wil+opheldering+over+lekken+afmeldcodes+alarmsystemen?channel=rss
De Open Source Security Foundation (OpenSSF) en OpenJS Foundation waarschuwen opensource-ontwikkelaars voor social engineering, ...
https://www.security.nl/posting/839152/OpenSSF+waarschuwt+opensource-ontwikkelaars+voor+social+engineering?channel=rss
De Stichting Internet Domeinregistratie Nederland (SIDN), de organisatie die de .nl-domeinnamen beheert, heeft vorig jaar ...
https://www.security.nl/posting/839150/SIDN+be%C3%ABindigde+vorig+jaar+achtduizend+_nl-domeinen+van+malafide+houder?channel=rss
'Edge devices' zoals vpn's, firewalls en e-mail gateways, zijn steeds vaker het doelwit van spionageaanvallen, zo stelt Googles ...
https://www.security.nl/posting/839115/Mandiant%3A+vpn%27s+en+firewalls+steeds+vaker+doelwit+van+spionageaanvallen?channel=rss
De Abuse Information Exchange, een initiatief van Nederlandse internetproviders om het aantal besmette computers in Nederland ...
https://www.security.nl/posting/839129/Nederlandse+Abuse+Information+Exchange+na+twaalf+jaar+opgeheven?channel=rss
Juridische vraag: Onder de AVG is een datalek (volgens mij) ook als data onbeschikbaar is voor geautoriseerde gebruikers. Mijn ...
https://www.security.nl/posting/839117/Is+er+sprake+van+een+datalek+als+persoonsgegevens+door+een+storing+tijdelijk+niet+beschikbaar+zijn%3F?channel=rss
De Amerikaanse overheid heeft aan dertien personen die zijn betrokken bij de ontwikkeling en verkoop van commerciële spyware ...
https://www.security.nl/posting/839104/VS+legt+visumbeperkingen+op+aan+spywareleveranciers+en+hun+families?channel=rss
Na Europol en de Britse politie laat ook de Nederlandse politie weten zich zorgen over de uitrol van encryptie te maken. "Het ...
https://www.security.nl/posting/839088/Politie+bezorgd+over+encryptie%3A+debat+rond+privacy+volledig+gepolariseerd?channel=rss
Een 28-jarige Amsterdamse man die wordt verdacht van het stelen van persoonsgegevens van honderdduizenden festivalgangers, ...
https://www.security.nl/posting/839082/Verdachte+datadiefstal+festivals%3A+ik+kon+inloggen+met+wachtwoord+Welkom01?channel=rss
Aanvallers hebben via het updatemechanisme van virusscanner eScan een onbekend aantal organisaties met backdoors en ...
https://www.security.nl/posting/839033/Aanvallers+verspreiden+backdoor+via+updateproces+antivirussoftware+eScan?channel=rss
Het Openbaar Ministerie heeft tegen een 28-jarige man uit Amsterdam die wordt verdacht van het stelen van persoonsgegevens van ...
https://www.security.nl/posting/839026/OM+eist+celstraf+tegen+ict%27er+voor+stelen+data+honderdduizenden+festivalgangers?channel=rss
Vloerbedekkingketen Carpetright accepteert als gevolg van een cyberaanval in de winkels alleen nog maar contant geld en ...
https://www.security.nl/posting/839024/Carpetright+accepteert+door+cyberaanval+alleen+cash+en+overschrijvingen?channel=rss
Populaire Chinese cloudgebaseerde keyboard-apps lekken de toetsaanslagen van wel een miljard gebruikers, zo waarschuwen ...
https://www.security.nl/posting/838997/%27Populaire+Chinese+keyboard-apps+lekken+toetsaanslagen+miljard+gebruikers%27?channel=rss
China vormt één van de grootste cyberdreigingen voor Nederland en daarom moeten onderzoeken naar Chinese aanvallen worden ...
https://www.security.nl/posting/838992/AIVD%3A+China+%C3%A9%C3%A9n+van+de+grootste+cyberdreigingen+voor+Nederland?channel=rss
Een kritieke kwetsbaarheid in een app van Chirp Systems maakt het mogelijk voor aanvallers om toegang tot tienduizenden ...
https://www.security.nl/posting/838990/%27Slimme+sloten%27+via+hard-coded+credentials+in+Chirp+Systems+app+te+openen?channel=rss
De meeste datingapps zijn niet goed voor de privacy en verkopen persoonlijke data van gebruikers, zo stelt Mozilla op basis van ...
https://www.security.nl/posting/838977/Mozilla%3A+meeste+datingapps+verkopen+en+delen+persoonlijke+data+gebruikers?channel=rss
Bij een ransomware-aanval op Change Healthcare is persoonlijke informatie van een 'aanzienlijk deel' van de Amerikaanse ...
https://www.security.nl/posting/838962/Priv%C3%A9gegevens+groot+deel+bevolking+VS+gestolen+bij+ransomware-aanval?channel=rss
Nieuw Sociaal Contract (NSC) heeft tijdens een overleg van de vaste commissie voor Digitale Zaken demissionair staatssecretaris ...
https://www.security.nl/posting/838949/NSC+wil+opheldering+over+inzet+van+%27slimme+camera%27s%27+in+supermarkten?channel=rss
De politie heeft twee 24-jarige mannen uit Heerlen en Sittard aangehouden op verdenking van het uitvoeren van meerdere ...
https://www.security.nl/posting/838950/Politie+houdt+verdachten+aan+voor+ddos-aanvallen+op+Limburgs+bedrijf?channel=rss
Mozilla heeft een een recent toegevoegde feature aan Firefox waardoor onbetrouwbaar geachte downloads proactief worden ...
https://www.security.nl/posting/838936/Firefox+schakelt+proactief+blokkeren+onbetrouwbare+downloads+tijdelijk+uit?channel=rss
De gemeente Deventer gaat dit jaar vaker drone-controles uitvoeren, zo laat het in het jaarverslag van de Vergunningverlening, ...
https://www.security.nl/posting/838924/Gemeente+Deventer+gaat+dit+jaar+vaker+drone-inspecties+uitvoeren?channel=rss
De Nederlandse overheid gaat samenwerken met de Zuid-Koreaanse automerken Kia en Hyundai, waarbij onder andere wordt gekeken of ...
https://www.security.nl/posting/838930/Overheid+en+fabrikanten+kijken+naar+systeem+dat+auto%27s+toegang+tot+gebied+geeft?channel=rss
Een zerodaylek in de Windows Print Spooler-service, dat door de NSA aan Microsoft werd gerapporteerd, is jarenlang gebruikt bij ...
https://www.security.nl/posting/838922/Microsoft%3A+zerodaylek+in+Windows+Print+Spooler+jarenlang+gebruikt+bij+aanvallen?channel=rss
De gemeente Tilburg zegt dat het geen bevoegdheid heeft om op deurbelcamera' te handhaven die de openbare weg filmen. Ook ziet ...
https://www.security.nl/posting/838864/Gemeente+Tilburg%3A+geen+bevoegdheid+om+op+deurbelcamera%27s+te+handhaven?channel=rss
Het onderzoek van de Autoriteit Persoonsgegevens naar het gebruik van Facebook door de Rijksoverheid is gebaseerd op 'onjuiste ...
https://www.security.nl/posting/838849/Meta%3A+onderzoek+Autoriteit+Persoonsgegevens+gebaseerd+op+%27onjuiste+feiten%27?channel=rss
De Europese privacytoezichthouders, verenigd in de EDPB, hebben hun prioriteiten voor de komende vier jaar bekendgemaakt en ...
https://www.security.nl/posting/838841/Privacytoezichthouders+richten+zich+komende+jaren+op+betere+naleving+AVG?channel=rss
Zo'n tien procent van de firewalls van Palo Alto Networks mist een mitigatie die moet beschermen tegen aanvallen waarbij ...
https://www.security.nl/posting/838830/%27Tien+procent+Palo+Alto+Networks-firewalls+mist+mitigatie+tegen+aanvallen%27?channel=rss
Demissionair minister Helder van Volksgezondheid kijkt naar opties voor het koppelen van zorgdata voor secundair gebruik. Dat ...
https://www.security.nl/posting/838815/Minister+kijkt+naar+opties+voor+koppelen+zorgdata+voor+secundair+gebruik?channel=rss
De Griekse privacytoezichthouder HDPA heeft de Griekse post wegens een datalek door een ransomware-aanval in 2022 een boete van ...
https://www.security.nl/posting/838797/Griekse+post+krijgt+voor+datalek+door+ransomware+drie+miljoen+euro+boete?channel=rss
Het Amerikaanse National Institute of Standards and Technology (NIST), een organisatie die onder andere verantwoordelijk is ...
https://www.security.nl/posting/838788/NIST+loopt+ver+achter+met+verwerken+van+kwetsbaarheden+in+NVD-database?channel=rss
Het aantal slachtoffers van ransomware dat losgeld betaalt is naar het laagste niveau in vijf jaar tijd gedaald, zo stelt ...
https://www.security.nl/posting/838780/Securitybedrijf+meldt+afname+losgeldbetalingen+door+slachtoffers+ransomware?channel=rss
De manier waarop techbedrijven end-to-end encryptie uitrollen brengt gebruikers in gevaar, zo stelt Graeme Biggar, hoofd van ...
https://www.security.nl/posting/838776/Britse+politie%3A+brede+uitrol+end-to-end+encyptie+brengt+gebruikers+in+gevaar?channel=rss
Govinfosecurity.com
Improved Tooling Makes Such Attacks More LikelyResearch shows that attackers can physically extract secrets embedded into read-only memory on a shoestring budget. The equipment involves a polishing wheel, a jig and an optical microscope. The attack sounds impossible "until it’s observed for real," said Tony Moor, a IOActive researcher.
https://www.govinfosecurity.com/researcher-strips-rom-for-binary-code-a-24937
After Quintupling Revenue Over the Past 18 Months, ThreatLocker Wants to Go PublicThreatLocker completed a $115 million Series D funding round to further its zero trust cybersecurity ambitions. The Orlando-based company plans to use the funding to expand the number of applications it supports and prepare for a potential initial public offering.
https://www.govinfosecurity.com/threatlocker-gets-115m-to-fuel-zero-trust-defense-eyes-ipo-a-24936
Hanna Kim to Take Over Login.gov at a Pivotal Moment for Federal Sign-On ServiceLogin.gov, the federal government's single sign-on service, told staffers Wednesday that there would be a change in its top leadership starting next month as the organization ramps up plans to begin testing facial recognition technologies and new pricing models.
https://www.govinfosecurity.com/logingov-to-test-facial-recognition-under-new-leadership-a-24935
Networking Giant Dubs Campaign Against Government Customers 'Arcane Door'Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country. It dubs the campaign "Arcane Door."
https://www.govinfosecurity.com/cisco-fixes-firewall-0-days-after-likely-nation-state-hack-a-24934
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.
https://www.govinfosecurity.com/agency-releases/dod-notice-proposed-rulemaking-on-privacy-training-r-2575
Guidance on establishing processes to rapidly detect and respond to cyber incidents.
https://www.govinfosecurity.com/agency-releases/nist-sp-800-61-revision-1-computer-security-incident-handling-r-2383
Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.
https://www.govinfosecurity.com/agency-releases/nist-fips-pub-201-2-personal-identity-verification-federal-r-2379
Organization, Mission and Information System View
https://www.govinfosecurity.com/agency-releases/nist-sp-800-39-managing-information-security-risk-r-2353
Medical device makers submitting products for premarket approval by the Food and Drug Administration often struggle the most with cybersecurity in three major areas - design controls, providing a software bill of materials and testing, according to Nastassia Tamari of the FDA.
https://www.govinfosecurity.com/interviews/major-areas-cybersecurity-focus-for-medical-device-makers-i-5378
In this episode of the "Cybersecurity Insights" podcast, Uptycs CEO Ganesh Pai discusses unifying XDR and CNAPP to improve visibility and explains the coming shift from behavioral detection to outlier or anomaly detection, which uses sophisticated ML and AI.
https://www.govinfosecurity.com/interviews/benefits-unified-cnapp-xdr-platform-i-5377
Anjana Kumbampati of Cisco discusses the unique challenges MSPs face, such as managing multiple ecosystems and vendors, which complicates their operational and billing processes. She explains how Cisco helps streamline these aspects to boost MSP efficiency and profitability.
https://www.govinfosecurity.com/interviews/building-security-for-msps-ciscos-blueprint-for-success-i-5376
Healthcare sector organizations often still struggle to implement security frameworks effectively, often not fully understanding the requirements or failing to integrate them into their overall cybersecurity strategy, said Keith Forrester of security firm Optiv, who offers tips to help.
https://www.govinfosecurity.com/interviews/health-firms-struggle-cybersecurity-frameworks-i-5375
How ChatGPT Can Help You Write Your Job Application DocumentsArtificial intelligence offers innovative tools to refine your job application materials. This guide provides practical steps on how to use one common tool, ChatGPT, to enhance your resume and cover letter, ensuring they capture the attention of potential employers.
https://www.govinfosecurity.com/blogs/harnessing-ai-step-by-step-guide-for-job-seekers-p-3616
Lacework Got the Largest Funding Round in Cyber History. Now, It's Eyeing the ExitsWiz is in advanced negotiations to buy Lacework for between $150 million and $200 million. The companies recently signed a letter of intent and are now in the midst of a comprehensive due diligence process, after which a decision will be made on whether the acquisition will go through.
https://www.govinfosecurity.com/blogs/from-83b-to-200m-lacework-examining-sale-to-wiz-p-3615
Christopher Budd on the Rise of Junk Gun Ransomware VariantsSince June 2023, 19 junk gun ransomware variants have been discovered on the dark web. These cheap, independently produced and crudely constructed variants offer an attractive way for newer cybercriminals to get started in the ransomware world and are mostly effective against SMBs.
https://www.govinfosecurity.com/blogs/lowest-rung-attackers-challenging-ransomware-as-a-service-p-3612
Experts See Groups Shoot Themselves in the Foot by Yet Again Swindling AffiliatesHere's ransomware news to celebrate: The number of victims who opt to pay a ransom has dropped to a record low. Also, the operators of two major groups hit by law enforcement disruptions have each chosen to swindle their affiliates, sowing disaffection and driving away burned business partners.
https://www.govinfosecurity.com/blogs/ransomware-victims-who-pay-ransom-drops-to-record-low-p-3614
securityboulevard.com
Thu, 25 Apr 2024 14:42:11 +0000Although artificial intelligence (AI) has been with us for some time, the technology seems to be everywhere these days, as vendors and end users get more vocal about its benefits. They’re right to be enthused. McKinsey estimates that AI could unlock trillions of dollars’ worth of value globally across functions in 19 sectors. In some areas, it’s no longer about even carving out competitive differentiation, but merely delivering what is expected by customers and employees. The post It’s All About Data: How to Drive Secure Use of AI appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/its-all-about-data-how-to-drive-secure-use-of-ai/
As technology advances and attackers develop ever-more sophisticated tactics, CISOs and security teams face a constant battle of trying to stay ahead of the curve. This year, several key themes are expected to dominate the cybersecurity landscape, shaping the priorities of CISOs and their teams. The post Navigating the Evolving Threat Landscape: Addressing 2024 CISO and Security Team Goals with MixMode appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/navigating-the-evolving-threat-landscape-addressing-2024-ciso-and-security-team-goals-with-mixmode/
JOIN US FOR AN EVENING OF THREAT HUNTING FUN! Cyborg Security has launched a podcast with a twist! Join us for the first fully interactive threat hunting podcast where you can hang out with threat hunters from all over the world! Join a rag-tag bunch of threat hunters as they come out of the woods […] The post Episode 16 appeared first on Cyborg Security. The post Episode 16 appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/episode-16/
The rapid proliferation of AI also introduces a new frontier for cyber threats against your digital DNA. As businesses and individuals increasingly adopt AI technologies, they inadvertently become prime targets for cybercriminals. The allure lies in the vast amounts of sensitive data handled by AI applications, spanning from financial records to personal information. AI has … The post Cyber Threats in the Age of AI: Protecting Your Digital DNA appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/cyber-threats-in-the-age-of-ai-protecting-your-digital-dna/
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities. Salt Security is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address this growing challenge. These innovations empower organizations to identify and mitigate malicious attempts to exploit OAuth flows, ultimately safeguarding sensitive data and user accounts. The OAuth Attack Landscape Let's take a closer look at the types of OAuth attacks these new capabilities will address: Access Token and Authorization Code Theft: Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications. Increasing OAuth Attacks: OAuth has been in widespread use for over a decade but we have seen attacks on the rise. This is caused by organizations' increased usage of APIs and microservices making OAuth even more popular while increasing the complexity of securing it. Attackers have taken advantage of this by crafting specific OAuth-based attacks with continuing attempts to find additional OAuth vulnerabilities to exploit. Real-World Consequences: Lessons from ChatGPT Salt Security's recent investigation exposed several critical security flaws within the OAuth implementations of popular ChatGPT plug-ins highlighted in a blog post by Salt Labs. The blog above provides specific details of these security flaws. Firstly, ChatGPT's plugin installation process was vulnerable. An attacker could exploit this to inject malicious plugins, potentially accessing any messages sent within ChatGPT. Secondly, the plugin development framework, PluginLab, needed proper authentication. This allowed attackers to masquerade as victims and take over their plugin accounts. This vulnerability could have been exploited in plugins like "AskTheCode" to compromise connected GitHub accounts with 0-click attacks. Finally, several plugins had OAuth redirection vulnerabilities. Attackers could exploit this by sending malicious links to victims and stealing their plugin credentials, enabling account takeovers. Beyond this most recent example of OAuth threats with ChatGPT, the Salt Labs team has found several other OAuth-specific exploitable vulnerabilities, indicating the critical need for tools to help find and mitigate these types of risks before attackers can take advantage. The Salt Labs team found these vulnerabilities that used a variety of OAuth attack methodologies with Booking.com, Grammarly, Vidio.com, and Expo/CodeCademy. These real-world examples underscore the importance of robust security measures to thwart sophisticated OAuth attack tactics before they can inflict significant damage. By implementing strong OAuth security controls, organizations can safeguard their users' data, prevent unauthorized access to critical resources, and maintain user trust. Salt Security's Solution: Multi-Layered OAuth Defense Salt Security's upcoming enhancements offer a comprehensive approach to OAuth security: New OAuth Threat Detections: Enhancing Salt’s industry-leading behavior threat analysis system, we will carefully examine specific parameters and configurations used in API requests and responses related to OAuth. Utilizing AI/ML techniques will create a standard pattern for "normal" requests. Alerts will be generated for requests that deviate from established patterns, indicating possible OAuth attacks or other exploits. We are introducing new attack type detections in this release including OAuth hijacking attacks, OAuth CSRF attacks, and OAuth leaked secrets. This advanced behavioral analysis enables the identification of sophisticated OAuth attacks which threat actors are using in the wild today. OAuth Posture Rules: To enhance the capabilities of Salt’s API Posture Governance engine, there will be customized OAuth posture rules which will enable organizations to define and enforce their own specific security standards for OAuth implementations. This will guarantee that APIs adhere to the best practices in security and greatly reduce the risk of vulnerabilities that attackers could exploit. To illustrate, organizations can use pre-defined rules to help prevent leaked client secrets and prevent authorization code injection attacks. This level of control allows businesses to customize their OAuth security posture according to their specific risk tolerance and compliance requirements. The Business Case for Enhanced OAuth Protection This enhanced functionality from Salt Security provides robust OAuth defenses that help organizations achieve several critical security objectives. Firstly, it proactively shields customer accounts, intellectual property, and authorization tokens from malicious actors who continuously seek to exploit vulnerabilities in OAuth implementations. Secondly, organizations that demonstrate a commitment to robust security practices foster user confidence and enhance brand reputation, leading to stronger customer relationships and a competitive edge in the marketplace. Thirdly, the potential for severe financial and reputational damage stemming from a successful OAuth attack is significantly reduced. OAuth exploits can cause data breaches that are incredibly costly, and reputational damage can take years to repair. Finally, Salt Security's unwavering commitment to research and development ensures that its solutions remain effective against emerging OAuth attack techniques. Salt’s proactive approach keeps businesses a step ahead of evolving threats, allowing them to operate with greater confidence and agility. See the OAuth Posture Rules in Action. The post Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/salt-security-addresses-critical-oauth-vulnerabilities-enhancing-api-security-with-oauth-protection-package/
You know YouTube, and you probably love YouTube. Beyond a place to share creative videos, it can be a great educational resource. However, it’s not all sunshine and rainbows. Although YouTube has fairly strict policies regarding the type of content users can upload, inappropriate videos intended for older audiences still live on the popular website. […] The post How a YouTube Content Filter Can Give Your District More Control appeared first on ManagedMethods. The post How a YouTube Content Filter Can Give Your District More Control appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/how-a-youtube-content-filter-can-give-your-district-more-control/
Understanding ITDR and ISPM In the cybersecurity world, two emerging identity-centric categories promise to provide... The post ITDR vs ISPM: Which Identity-first Product Should You Explore? appeared first on Axiad. The post ITDR vs ISPM: Which Identity-first Product Should You Explore? appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/itdr-vs-ispm-which-identity-first-product-should-you-explore/
Remember the old saying: “You can’t protect what you can’t see”? When I started preaching about it as part of the marketing launch for Real-time Network Awareness (RNA) it seemed pretty obvious that we needed more visibility in order to protect our environments more effectively. But in the intervening years, as an industry, we’ve managed to go in the opposite direction – making it increasingly difficult to gain a comprehensive understanding of our modern networks. The post “You Can’t Protect What You Can’t See” Still Rings True. Why Observability Now. appeared first on Netography. The post “You Can’t Protect What You Can’t See” Still Rings True. Why Observability Now. appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/you-cant-protect-what-you-cant-see-still-rings-true-why-observability-now/
Learn how to elevate your CX strategies with CIAM and data-driven insights. From seamless digital experiences to proactive customer engagement, discover the key to driving growth and loyalty in a competitive market. The post Transforming Customer Experience: Enhancing CX through CIAM and Insights appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/transforming-customer-experience-enhancing-cx-through-ciam-and-insights/
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious activity proactively. This guide provides a comprehensive overview of how this technique works, business benefits, its types, methodologies, costs, and everything in between. What is penetration testing in cybersecurity? Penetration testing, commonly known as pen … What is Penetration Testing: A comprehensive business guide Read More » The post What is Penetration Testing: A comprehensive business guide appeared first on Security Boulevard.
https://securityboulevard.com/2024/04/what-is-penetration-testing-a-comprehensive-business-guide/
CXSecurity.com
Thu, 25 Apr 2024 03:54:58 +0000Topic: FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040065
Topic: Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Risk: High Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE # Date: 2...
https://cxsecurity.com/issue/WLB-2024040064
Topic: Palo Alto PAN-OS Command Execution / Arbitrary File Creation Risk: High Text:# Exploit Title: Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation # Date: 21 Apr 2024 # Exploi...
https://cxsecurity.com/issue/WLB-2024040063
Topic: Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040062
Topic: Hikvision Camera - Remote command execution Risk: High Text:# Exploit Title: Exploit Title: Hikvision Camera - Remote command execution # Date: 4/22/2024 # Google Dork : In Shodan searc...
https://cxsecurity.com/issue/WLB-2024040061
Topic: Apache Solr Backup/Restore API Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040060
Topic: Nginx 1.25.5 Host Header Validation Risk: Low Text:# Nginx =< 1.25.5 $host variable validation bug ## Intro: In the "Host" header sent to Nginx web server you can't just in...
https://cxsecurity.com/issue/WLB-2024040059
Topic: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Risk: Medium Text:Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://w...
https://cxsecurity.com/issue/WLB-2024040058
Topic: LRMS-PHP-by-oretnom23-v1.0 hat-trick Risk: Medium Text:## Titles: LRMS-PHP-by-oretnom23-v1.0 hat-trick 1. Multiple-SQLi 2. File Upload 3. SQLi Bypass Authentication: ## Latest u...
https://cxsecurity.com/issue/WLB-2024040057
Topic: WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated) Risk: High Text:# Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution # Date: 30/11/2023 # Exploit Author: tmrswrr # Vendor Ho...
https://cxsecurity.com/issue/WLB-2024040056
Topic: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Risk: Medium Text:Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Af...
https://cxsecurity.com/issue/WLB-2024040055
Topic: Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Risk: Medium Text:Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber...
https://cxsecurity.com/issue/WLB-2024040054
Topic: Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Risk: Low Text:Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Aff...
https://cxsecurity.com/issue/WLB-2024040053
Topic: North Wales - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: North Wales - Sql Injection #Date: 2024-04-21 #Exp...
https://cxsecurity.com/issue/WLB-2024040052
Topic: Relate Learning And Teaching system Version before 2024.1 Stored XSS Risk: Medium Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS # Date: 18/04/2024 # Exploit Author: ka...
https://cxsecurity.com/issue/WLB-2024040051
Topic: Solar-Log Base 2000- Broken Access Control Risk: Medium Text:# Exploit Title: Solar-Log Base 2000- Broken Access Control # Google Dork: In Shodan search engine, the filter is ""Server: IP...
https://cxsecurity.com/issue/WLB-2024040050
Topic: Relate Learning And Teaching system Version before 2024.1 SSTI(Page Sandbox function) lead to RCE Risk: Low Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS # Date: 18/04/2024 # Exploit Author: ka...
https://cxsecurity.com/issue/WLB-2024040049
Topic: Flowise 1.6.5 Authentication Bypass Risk: Medium Text:# Exploit Title: Flowise 1.6.5 - Authentication Bypass # Date: 17-April-2024 # Exploit Author: Maerifat Majeed # Vendor Home...
https://cxsecurity.com/issue/WLB-2024040048
Topic: Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS) Risk: Low Text:# Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS) # Date: 22 March 2024 # Exploi...
https://cxsecurity.com/issue/WLB-2024040047
Topic: BMC Compuware iStrobe Web 20.13 Pre-auth RCE Risk: High Text:#!/usr/bin/env python3 # Exploit Title: Pre-auth RCE on Compuware iStrobe Web # Date: 01-08-2023 # Exploit Author: trancap...
https://cxsecurity.com/issue/WLB-2024040046
Topic: Centreon 23.10-1.el8 SQL Injection Risk: Medium Text:;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; found : 05.03.2024 ;; version: centreon-vbox-vm-23_1...
https://cxsecurity.com/issue/WLB-2024040045
Topic: CrushFTP Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040044
Topic: kruxton-1.0-FileUpload-RCE Risk: High Text:## Title: kruxton-1.0-FileUpload-RCE ## Author: nu11secur1ty ## Date: 04/15/2024 ## Vendor: https://www.mayurik.com/ ## Sof...
https://cxsecurity.com/issue/WLB-2024040043
Topic: Backdoor.Win32.Dumador.c / Remote Stack Buffer Overflow (SEH) Risk: High Text:Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf236...
https://cxsecurity.com/issue/WLB-2024040042
Topic: Amazon AWS Glue Database Password Disclosure Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory == title: Database Passw...
https://cxsecurity.com/issue/WLB-2024040041
Topic: OpenClinic GA 5.247.01 Path Traversal (Authenticated) Risk: High Text:# Exploit Title: OpenClinic GA 5.247.01 - Path Traversal (Authenticated) # Date: 2023-08-14 # Exploit Author: V. B. # Vendor...
https://cxsecurity.com/issue/WLB-2024040040
Topic: PrusaSlicer 2.6.1 Arbitrary Code Execution Risk: High Text:# Exploit Title: PrusaSlicer 2.6.1 - Arbitrary code execution on g-code export # Date: 16/01/2024 # Exploit Author: Kamil Bre...
https://cxsecurity.com/issue/WLB-2024040039
Topic: AMPLE BILLS 0.1 SQL injection Risk: Medium Text:## Title: AMPLE BILLS 0.1 Multiple-SQLi ## Author: nu11secur1ty ## Date: 04/13/2024 ## Vendor: https://www.mayurik.com/ ## ...
https://cxsecurity.com/issue/WLB-2024040038
Topic: kruxton-1.0-Multiple-SQLi Risk: Medium Text:## Title: kruxton-1.0-Multiple-SQLi ## Author: nu11secur1ty ## Date: 04/15/2024 ## Vendor: https://www.mayurik.com/ ## Sof...
https://cxsecurity.com/issue/WLB-2024040037
Topic: Django REST Framework SimpleJWT 5.3.1 Information Disclosure Risk: High Text:# Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure # Date: 26/01/2024 # Exploit Author: Dhrumil Mi...
https://cxsecurity.com/issue/WLB-2024040036
Topic: Jenkins 2.441 Local File Inclusion Risk: Medium Text:# Exploit Title: Jenkins 2.441 - Local File Inclusion # Date: 14/04/2024 # Exploit Author: Matisse Beckandt (Backendt) # Ven...
https://cxsecurity.com/issue/WLB-2024040035
Topic: Moodle 3.10.1 SQL Injection Risk: Medium Text:# Exploit Title: Moodle Authenticated Time-Based Blind SQL Injection - "sort" Parameter # Google Dork: # Date: 04/11/2023 #...
https://cxsecurity.com/issue/WLB-2024040034
Topic: Bigem Teknoloji - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Bigem Teknoloji - Sql Injection #Date: 2024-04-12 ...
https://cxsecurity.com/issue/WLB-2024040033
Topic: Ray OS 2.6.3 Command Injection Risk: Medium Text:# Exploit Title: Ray OS v2.6.3 - Command Injection RCE(Unauthorized) # Description: # The Ray Project dashboard contains a C...
https://cxsecurity.com/issue/WLB-2024040032
Topic: Casdoor < v1.331.0 /api/set-password CSRF Risk: Low Text:# Exploit Title: Casdoor < v1.331.0 - '/api/set-password' CSRF # Application: Casdoor # Version: < = 1.331.0 # Date: 03/07/20...
https://cxsecurity.com/issue/WLB-2024040031
Topic: MinIO < 2024-01-31T20-20-33Z Privilege Escalation Risk: Medium Text:# Exploit Title: MinIO < 2024-01-31T20-20-33Z - Privilege Escalation # Date: 2024-04-11 # Exploit Author: Jenson Zhao # Ven...
https://cxsecurity.com/issue/WLB-2024040030
Topic: Wordpress Plugin Playlist for Youtube 1.32 Stored Cross-Site Scripting (XSS) Risk: Low Text:# Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting (XSS) # Date: 22 March 2024 # Exploit Au...
https://cxsecurity.com/issue/WLB-2024040029
Topic: Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path Risk: Medium Text:# Exploit Title: Terratec dmx_6fire USB - Unquoted Service Path # Google Dork: null # Date: 4/10/2024 # Exploit Author: Jos...
https://cxsecurity.com/issue/WLB-2024040028
Topic: Blood Bank v1.0 Stored Cross Site Scripting (XSS) Risk: Low Text:# Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS) # Date: 2023-11-14 # Exploit Author: Ersin Erenler # Vend...
https://cxsecurity.com/issue/WLB-2024040027
Topic: AMPLE BILLS 0.1 Multiple-SQLi Risk: Medium Text:## Title: AMPLE BILLS 0.1 Multiple-SQLi ## Author: nu11secur1ty ## Date: 04/13/2024 ## Vendor: https://www.mayurik.com/ ##...
https://cxsecurity.com/issue/WLB-2024040026
Bleepingcomputer.com
Thu, 25 Apr 2024 10:27:41 -0400Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [...]
https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...]
https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/
Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...]
https://www.bleepingcomputer.com/news/security/us-charges-samourai-cryptomixer-founders-for-laundering-100-million/
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [...]
https://www.bleepingcomputer.com/news/security/maximum-severity-flowmon-bug-has-a-public-exploit-patch-now/
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...]
https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/
Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. [...]
https://www.bleepingcomputer.com/news/security/google-meet-opens-client-side-encrypted-calls-to-non-google-users/
Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5036980-update-goes-live-with-start-menu-ads/
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. [...]
https://www.bleepingcomputer.com/news/security/ring-customers-get-56-million-in-privacy-breach-settlement/
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [...]
https://www.bleepingcomputer.com/news/security/coralraider-attacks-use-cdn-cache-to-push-info-stealer-malware/
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange-hotfixes-for-security-update-issues/
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...]
https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/
reddit.com/r/blueteamsec
2024-04-20T07:31:36+00:00 submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1c8k4ap/cto_at_ncsc_summary_week_ending_april_21st/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ccr0mz/nationstate_threat_actors_renew_publications_to/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cco132/guidance_for_incident_responders/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cct2le/poll_vaulting_cyber_threats_to_global_elections/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ccrd18/quantum_of_malice_during_our_investigation_of/
submitted by /u/tbhaxor [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cco9qj/series_apparmor_basics_for_sysadmins/
submitted by /u/QforQ [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cc9ki5/ja4t_tcp_fingerprinting_and_how_to_use_it_to/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cc6bew/arcanedoor_new_espionagefocused_campaign_found/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ccjxp2/isoon_toolkit_what_is_tz/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbq3lr/the_notsosilent_type_vulnerabilities_across/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbpzkk/spain_reopens_a_probe_into_a_pegasus_spyware_case/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cblsqj/justice_department_announces_charges_against_four/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbq2bp/identify_north_koreas_kdefense_company_hacking/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbq03p/justice_department_charges_four_iranian_nationals/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbpwfp/promoting_accountability_for_the_misuse_of/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbkufk/attck_v15_brings_the_action/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cbpz3s/2023_country_reports_on_human_rights_practices/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cb2qn3/decrypting_synology_patchfiles/
submitted by /u/jnazario [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cb58rw/technical_analysis_of_the_rust_loader_for_the/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cb4yxl/suspected_coralraider_continues_to_expand/
submitted by /u/campuscodi [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cb3t97/guptiminer_hijacking_antivirus_updates_for/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cayi8l/muddywater_campaign_abusing_atera_agents/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cayhyp/chinas_military_cyber_operations/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cagyuc/analyzing_forest_blizzards_custom_postcompromise/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1camtv6/markets_matter_a_glance_into_the_spyware_industry/
reddit.com/r/hacking
2018-12-06T14:44:57+00:00Before I begin - everything about this should be totally and completely ethical at it's core. I'm not saying this as any sort of legal coverage, or to not get somehow sued if any of you screw up, this is genuinely how it should be. The idea here is information security. I'll say it again. information security. The whole point is to make the world a better place. This isn't for your reckless amusement and shot at recognition with your friends. This is for the betterment of human civilisation. Use your knowledge to solve real-world issues. There's no singular all-determining path to 'hacking', as it comes from knowledge from all areas that eventually coalesce into a general intuition. Although this is true, there are still two common rapid learning paths to 'hacking'. I'll try not to use too many technical terms. The first is the simple, effortless and result-instant path. This involves watching youtube videos with green and black thumbnails with an occasional anonymous mask on top teaching you how to download well-known tools used by thousands daily - or in other words the 'Kali Linux Copy Pasterino Skidder'. You might do something slightly amusing and gain bit of recognition and self-esteem from your friends. Your hacks will be 'real', but anybody that knows anything would dislike you as they all know all you ever did was use a few premade tools. The communities for this sort of shallow result-oriented field include r/HowToHack and probably r/hacking as of now. The second option, however, is much more intensive, rewarding, and mentally demanding. It is also much more fun, if you find the right people to do it with. It involves learning everything from memory interaction with machine code to high level networking - all while you're trying to break into something. This is where Capture the Flag, or 'CTF' hacking comes into play, where you compete with other individuals/teams with the goal of exploiting a service for a string of text (the flag), which is then submitted for a set amount of points. It is essentially competitive hacking. Through CTF you learn literally everything there is about the digital world, in a rather intense but exciting way. Almost all the creators/finders of major exploits have dabbled in CTF in some way/form, and almost all of them have helped solve real-world issues. However, it does take a lot of work though, as CTF becomes much more difficult as you progress through harder challenges. Some require mathematics to break encryption, and others require you to think like no one has before. If you are able to do well in a CTF competition, there is no doubt that you should be able to find exploits and create tools for yourself with relative ease. The CTF community is filled with smart people who can't give two shits about elitist mask wearing twitter hackers, instead they are genuine nerds that love screwing with machines. There's too much to explain, so I will post a few links below where you can begin your journey. Remember - this stuff is not easy if you don't know much, so google everything, question everything, and sooner or later you'll be down the rabbit hole far enough to be enjoying yourself. CTF is real life and online, you will meet people, make new friends, and potentially find your future. What is CTF? (this channel is gold, use it) - https://www.youtube.com/watch?v=8ev9ZX9J45A More on /u/liveoverflow, http://www.liveoverflow.com is hands down one of the best places to learn, along with r/liveoverflow CTF compact guide - https://ctf101.org/ Upcoming CTF events online/irl, live team scores - https://ctftime.org/ What is CTF? - https://ctftime.org/ctf-wtf/ Full list of all CTF challenge websites - http://captf.com/practice-ctf/ > be careful of the tool oriented offensivesec oscp ctf's, they teach you hardly anything compared to these ones and almost always require the use of metasploit or some other program which does all the work for you. http://pwnable.tw/ (a newer set of high quality pwnable challenges) http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges) https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression) https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges) http://reversing.kr/ http://hax.tor.hu/ https://w3challs.com/ https://pwn0.com/ https://io.netgarage.org/ http://ringzer0team.com/ http://www.hellboundhackers.org/ http://www.overthewire.org/wargames/ http://counterhack.net/Counter_Hack/Challenges.html http://www.hackthissite.org/ http://vulnhub.com/ http://ctf.komodosec.com https://maxkersten.nl/binary-analysis-course/ (suggested by /u/ThisIsLibra, a practical binary analysis course) https://pwnadventure.com (suggested by /u/startnowstop) http://picoctf.com is very good if you are just touching the water. and finally, r/netsec - where real world vulnerabilities are shared. submitted by /u/SlickLibro [link] [comments]
https://www.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide/
New year new you This sub needs a new banner for both old.reddit.com and new.reddit.com This is a call to arms for any of our resident gfx designers out there. If I tried to make it, it would look like a cracked out Albert Gonzalez, Conor Fitzpatrick, or Roman Seleznev made it in MS Paint. We need halp. For banner size specs on new: https://www.reddit.com/r/redesign/comments/87uu45/usage_guidelines_for_images_in_the_redesign/ For banner size specs on old: https://www.reddit.com/r/BannerRequest/wiki/index/artguide/#wiki_sizing_guidelines.3A No real theme or guidance besides make it hacking culture related. Let your imagination flow. Just submit something and then I guess we will hold a community poll to pick the winner out of whatever is submitted. Thanx submitted by /u/DrinkMoreCodeMore [link] [comments]
https://www.reddit.com/r/hacking/comments/1ahkbke/sub_banner_contest_2024/
From a real bug bounty program. submitted by /u/Ok-Establishment1343 [link] [comments]
https://www.reddit.com/r/hacking/comments/1ccmyam/i_wish_this_was_a_joke/
submitted by /u/webbs3 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cckztr/north_korean_hackers_lazarus_use_linkedin_to/
A domain admin had to change a local setting on my office pc and left notepad open with admin rights. Is there a way to get admin rights on my computer via notepad? Can I change any settings or files to get more privileges? submitted by /u/BobThefuknBuilder [link] [comments]
https://www.reddit.com/r/hacking/comments/1ccs19u/get_admin_rights_with_notepad/
Just curious. Wargames, sneakers and obviously matrix I've seen submitted by /u/GuyWhoSaysNay [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbprrh/best_hacking_movies/
Hi all, looking for a recommendation on the best database explorer out there. I have recently started grabbing some older leaked databases to peruse and I am wondering what supports the most common file types? What has no issues with LARGE files? The few databases I have grabbed have all been in CSV and several gigs. I am on a windows machine and excel and notepad refuses to try opening something that large. submitted by /u/toddmp [link] [comments]
https://www.reddit.com/r/hacking/comments/1cccbo8/best_database_vieweranalyzer/
https://preview.redd.it/ioojoq8nvcwc1.jpg?width=1546&format=pjpg&auto=webp&s=35d09150c97f8d240deb79ffdcf239f94a1f4970 https://preview.redd.it/35ex5jjivcwc1.jpg?width=584&format=pjpg&auto=webp&s=7a5fa08692536ee78ef3007caa25fb0cd91e188d https://ripitapart.com/2024/04/20/dispo-adventures-episode-1-reverse-engineering-and-running-windows-95-on-a-disposable-vape-with-a-colour-lcd-screen/ https://github.com/ginbot86/ColorLCDVape-RE submitted by /u/nomoreimfull [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbpkvz/raz_tn9000_hd_screen_vapes_hacked_rethemed_with/
Just happened to me and i dont know what to do. Should I try to do a system restore? Or can it be fixed? Also, is my bluetooth headphone i was using at the time compromised? submitted by /u/Elevator_Goblin [link] [comments]
https://www.reddit.com/r/hacking/comments/1ccj7gy/what_do_i_do_after_bluesnarf_attack/
A friend of mine bought a software that costs ~4000$. It is highly specialized domain which I think allows them to apply such prices. The software only opens when the USB key is plugged in. My friend will now move frequently between two cities and he needs to work from his laptop. He asked me to install the software on it. Which I did and works well. But what if the key is lost or breaks? The company doesn't want to give a pair. Is it possible to duplicate this USB key? I was thinking of using dd command in linux to make a copy and put it on another key. But when I plug the USB in Windows, it doesn't show anywhere. So that is where I thought that it was some kind of special USB devices, and maybe it's copy-protected? Like will it block itself if I try to duplicate it? I've never seen or heard of anything like that, which I find interesting. submitted by /u/kahagino [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbv7ne/can_i_duplicate_a_usb_key_that_unlocks_a_software/
submitted by /u/Offsec_Community [link] [comments]
https://www.reddit.com/r/hacking/comments/1cc4gw0/xz_utils_rundown_what_we_learned_and_what_to_do/
I recently started studying on HTB and one of the lessons gave a brief overview of Docker. It got me thinking if I could use Docker containers to run Parrot OS rather than virtual machines. Parrot has pre-configured docker images ready to go. It sounds like it would be a lot easier to run than a virtual machine. But I may be overlooking security aspects because I'm not familiar at all with that side of things as far as Docker is concerned. Any opinions? submitted by /u/asuhayda [link] [comments]
https://www.reddit.com/r/hacking/comments/1cc2vf7/docker_vs_vm/
submitted by /u/DrinkMoreCodeMore [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbh671/russian_fsb_counterintelligence_chief_gets_9/
Brand new to general hacking as opposed to specific devices. If I can access a WiFi network can I see/record the content that is transmitted? Corollary question—-is there a way I can protect my wifi aside from a strong password from such attempts? Thank you submitted by /u/Same_Raise6473 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cc3sp5/wifi_content/
I bought the book about 1997, it had a manhole cover on the front cover and was about assembly language, more or less hacking assembly, bought the book in new jersey at a borders if it matters. didn't get to far in reading it until the book went missing hoping someone else remembers the name submitted by /u/kobie [link] [comments]
https://www.reddit.com/r/hacking/comments/1cblxjm/looking_to_find_a_book_from_the_90s_had_a_manhole/
First problem is I can use the tool but won't work properly using ngronk if I have a vpn enabled. Also I am no expert but I'm pretty sure anything involving port forwarding is going to reveal your network or put you at risk. So how would you go about using the tool seeker safely? submitted by /u/Obvious-Preference85 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cc76sg/how_to_use_the_tool_seeker_in_kali_linux/
Without using external/third-party such as uploading to any social media or cloud, how does one prove that the data exist in the past and cannot be made up later? It is possible to prove that a data is from present and not from before by attaching unpredictable data source such as bitcoin block id or latest news headline but trying to do the opposite seems impossible. submitted by /u/deniedmessage [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbr7a7/how_to_locally_prove_that_a_digital_data_is_from/
I've been looking everywhere but nothing works so can I host the BeEF demo page so that I can access it outside the home network? It doesn't need to be a different page, just the demo page because I am only testing it. submitted by /u/PythonPrecision [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbc3mm/how_to_host_beef_site_publicly/
Hey all I did try w proton and nord on DO and AWS. Loosing connection to the VM in both cases(tho required some additional movement w proton). It does add records to routing table. I remember proton wasn’t adding right entries to the table. And after manual adjustments I’d loose connection to the machine the same way I loose it with nord. Machine becomes fully unreachable. And only restart helps. I have no idea how networking with these vms is done on the cloud provider side. So appreciate if someone shares their knowledge. And another question. Has anyone successfully connected to any vpn from any cloud provider? Also do you know if DO monitors port scans a lot? I know gcp does. A disclaimer tho. I’m not doing anything illegal. All with an explicit consent. Just want to speed up the scan. Thanks in advance. submitted by /u/unknow_feature [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbawfq/vpn_on_cloud_vms/
So, for example lets say i got banned from an app and i can't log in from my device {A} but I can login from device {B} so from this as we can say my "account" is not banned but the device is and most probably its IMEI so if I have a rooted device with custom rom with magisk+zygisk is there any workaround to bypass a IMEI ban ?? [you guys know which app i am talking about ryt 😂].. submitted by /u/AN0NYMOUS4u [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbk9ze/bypassing_method/
I find it hard to keep myself updated on what’s going on atm and find relevant sources to get to know of programs etc relevant for what’s needed today. When I try to search things up it just gives me the most superficial answers. I don’t want to know the basics of a pdf file, I want to know its latest vulnerabilities detected. I just feel that everything in this area is evolving so quickly and I find it hard to keep up with it. I find it hard to stay updated on the news, what’s going on, what’s relevant. So I wonder how do you do to stay updated? Where do you get your news from, or get to know of programs that’d detect for example the latest type of harmful code in a file? None of the bigger newspapers include stuff related to this (unless it’s huge), so are there other ways of staying updated? submitted by /u/mindful_cheetahh [link] [comments]
https://www.reddit.com/r/hacking/comments/1cak5dv/how_do_you_keep_yourself_updated/
So, I was cracking my wifi to see if it can happen or not. I have zero knowledge of coding. I took help from YT and successfully done WPA handshake and obtained a .cap file but I am not able to crack it. How can i find password from it. Anyone who has knowledge in this field in welcomed. I can't attach the file here. Please tell me a solution 🙂 submitted by /u/H_i_t_e_n [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbsqs2/not_able_to_crack_cap_file/
I was wondering, how worried are folks in the community about their own operational security - and what sort of tricks do you engage in to keep yourself more safe from exploits we know exist? I started to wonder about RFID enabled credit cards and having worked on them for years was troubled by how casually insecure folks were about them. So I figured what better place to ask. submitted by /u/markth_wi [link] [comments]
https://www.reddit.com/r/hacking/comments/1cb4d25/rfid_hacking/
I am trying to reverse engineer a server for an application of which I only have the client side. I have never done anything like this before and it's just a learning project but I have been stuck for some time and need help. The client makes several calls to the server, whose IP is resolved to the local network and the packets are sent to 192.168.0.1, 192.168.5.1 and 10.200.5.55, all on port 1900. Is it possible to run a server on the same machine that accepts the tcp connections to these addresses on that port? I have been told to use a hook but I don't really know how. It may be a dumb question but it has me quite confused. submitted by /u/BananaSplit7253 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbf3dr/reverse_engineering_a_server/
I’ve heard a lot about them recently, not for any specific reason rather I just went on a deep dive after seeing a video about them. The one thing I can’t find is: Are they legal? On one hand it is a virus that can potentially destroy a computer. However on the other it doesn’t actually steal any data or do anything particularly malicious as it is just an insane amount of files. The way most people talk about it is as if it’s just nothing, but then I’ve seen others say it is highly illegal. Figured here was the best place to ask. Cheers submitted by /u/Leeboy04 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cbfzcn/are_zip_bombs_legal/
So i recently found this video https://www.youtube.com/watch?v=hV8W4o-Mu2o seemed interesting, im new to the whole hacker space so i thought this might be a fun project, went a bought a v3, about the same price figured i could get some better features, and preform similar exploits. i extracted the different parts of the firmware and used mkimage with the correct flags original uimage : 0 0x0 uImage header, header size: 64 bytes, header CRC: 0x35D07B10, created: 2024-01-05 00:39:44, image size: 9420800 bytes, Data Address: 0x0, Entry Point: 0x0, data CRC: 0x85E1A3CC, OS: Linux, CPU: MIPS, image type: Firmware Image, compression type: none, image name: "jz_fw" flags used : -A MIPS -O linux -T firmware -C none -a 0 -e 0 -n jz_fw the created output even using all original files and just my own uheader image, claims to be 64 bytes bigger then the original uimage header.... interesting, but seeing as the files are the same size, a bit of hex editing seemed to fix the issue, now i can't get the camera to read my custom firmware unless i use EXACTLY the original uimage header, now i know theres no way to allow dynamic firmware upgrades if you are locked into specific hex headers, so im doing something wrong. the CRC won't match any updates i add to the fs meaning im SOL to try and just use the original without any updates, so im wondering if anyone has the wyze cam v3, or has worked with similar and sees a clear issue what could be going on? binwalk -t on my uheader image is 0 0x0 uImage header, header size: 64 bytes, header CRC: 0x39AFB197, created: 2024-04-23 04:53:17, image size: 9420864 bytes, Data Address: 0x0, Entry Point: 0x0, data CRC: 0xD4573CBC, OS: Linux, CPU: MIPS, image type: Firmware Image, compression type: none, image name: "jz_fw" so far nothing i've tried has gotten the camera to recognize anything but the absolute original firmware, i've seen on github people getting custom firmwares working, but the scripts they use are so all over the place its a bit tricky to follow them for this one error. submitted by /u/vsadygv [link] [comments]
https://www.reddit.com/r/hacking/comments/1cawwnm/uimage_header_wyze_cam_v3/
FBI Director Christopher Wray warns about Chinese hackers targeting U.S. critical infrastructure to induce panic. China's Volt Typhoon program has successfully infiltrated U.S. infrastructure since 2021. Wray highlights China's offensive cyber program and its aim to dominate on the world stage. He also mentions the threat posed by TikTok and the potential invasion of Taiwan by China before 2027. Wray emphasizes the need to address the current threats posed by China rather than considering them as long-term concerns. Source: https://gizmodo.com/china-hacking-fbi-christopher-wray-panic-volt-typhoon-1851423740 submitted by /u/NuseAI [link] [comments]
https://www.reddit.com/r/hacking/comments/1c9q89d/fbi_director_says_chinas_hacking_aimed_at_us/
reddit.com/r/cybersecurity
2024-04-22T00:00:19+00:00This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1c9woec/mentorship_monday_post_all_career_education_and/
I was wondering if this field is suitable for someone with adhd. submitted by /u/Itchy_Sherbet_9895 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccox91/anyone_with_adhdadd_whos_thriving_in_the_field_of/
https://amp.cnn.com/cnn/2024/04/17/politics/russia-hacking-group-suspected-texas-water-cyberattack submitted by /u/AffectionateNeck6368 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccbx9m/russian_hackers_attack_texas_water_facility/
What are your thoughts around the technicalities of banning a service such as Tiktok? Will the company be dissolved completely or will there be pressure put on Apple/Google app stores to remove the app, or even a DNS level block? Just using Tiktok as an example here but curious about the technicalities of blocking a website/service. submitted by /u/no_shit_dude2 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cct8mb/how_will_the_us_ban_tiktok_on_a_technical_level/
submitted by /u/gawdarn [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cbzjrj/ftc_bans_non_competes_f_yeah/
I’ve been seeing a lot of buzz around ISO 42001 and NIST AI RMF lately and it seems these frameworks are gaining traction across industries. Have any of you considered adopting these frameworks for your organization this year? Or maybe your CISO has mentioned them? submitted by /u/CyberSavvy2901 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccsh40/are_iso_42001_and_nist_ai_rmf_on_your_radar_this/
Hello all, I am sure you may have seen a post like this a handful of times, last few I have found were a few years old. I am looking for opinions and experience on these 3 Vulnerability scanners. ( Our main goal was to get some info on EOL software / os ) Currently using Nexpose which seems to be decent, most use friendly / easy to navigate. Trialing Qualys and Nessus at the same time currently also. Qualys seems to be the most detailed out of the 3. Nessus seems easier to use and I like the on demand remediation scan. Qualys & Nexpose agents both report back after x amount of time where Nessus agent only works on a daily scan. Qualys and Nessus seem to be finding more 3rd party application Vulnerabilities then Nexpose. Any pros and cons or experience with these long term that you could provide? submitted by /u/Exciting_Passenger39 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccre3p/qualys_vs_nexpose_vs_nessus/
Anyone in cyber security think they're being used just to fill a blank hole and mark off a checkbox that your org needs to show they have a ft cybersecurity employee on-hand? submitted by /u/I_said_watch_Clark_ [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccsudh/being_used/
I have an interview with Amazon in a few weeks for a senior security intel engineer position. I have the STAR(R) format down, and I am pouring over leadership principles, but one small issue has me a bit concerned. The interview will have a coding test, in Python and SQL. I have used both, mostly for my own data analysis projects which were primarily ingest several thousand CSV's of netflow, do analytic stuff, and then output tables and charts. I am not a developer. In past roles, I used enough Python and SQL to get my immediate task/automation done, and then that's it, move on to my investigative work. My work the past year has been pure detection engineering, and I haven't touched either language. How much coding do I really need to demonstrate? I have a few weeks to prepare, and I can "relearn" general purpose Python and SQL, which I will probably do anyway, but how deep do I need to get into more general software development topics? submitted by /u/Ok-Echo-Blue [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cchjgw/amazon_senior_security_intel_engineer/
Need a way to get privileged access management for our environment. I need it to include, database access (we have multiple), server access (mostly ssh and some rdp), vault and kubernetes. If it also has a way to connect Azure to it and provision the roles there, that would be very helpful as well. We used Thycotic secret server at my old company, and I don’t want to do that again since it was a pain to configure and deploy. I think they are still working on getting things working a year in now. submitted by /u/flakimbocbocu [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cce4zw/pam_for_rdp_vault_and_kubernetes/
submitted by /u/CYRISMA_Buddy [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cc40hx/ring_customers_get_56_million_in_privacy_breach/
Hello, I am doing an internship in a small company which is fully remote. There are no physical assets within the company. I am given the task to provide cybersecurity training to the employees (around 70 peole) with 0 budget. I am looking for FREE cybersecutity training tools. Any suggestions are highly appreciated! 🙏 submitted by /u/britzolaras [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccjwjn/looking_for_cybersecurity_training_tools/
So for those with Softtware Engineering background but are now in Security Engineering, how do you keep your programming skills in shape if you're not getting a good dose of programming in your daily Security role? Are there personal project you've worked on in the past that has helped? Integrations you've implemented in your daily job that has helped you keep your programming skills in shape? If you're willing to share. I'd be interested in hearing some of them. submitted by /u/cyberdot14 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccers8/staying_up_to_date_with_programming_skills/
submitted by /u/Standard_Arm_4476 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cctd6x/multiple_vulnerabilities_in_open_devin_autonomous/
I posted this in the weekly job advice thread but it got no responses, so maybe this can give a bit of extra visibility. I am a fullstack web developer team lead with 5+ years experience and recently I have been curious about careers focused in cyber security. I am exploring options in this space that might be suited to my experience, skills and interests. I have an educational background in computer engineering (at the technologist level) with a focus in x86/x64, c/c++, c#. My current interest is in application programming, compilers, reverse engineering, and creating software to interact with the code I am reversing. This niche type of interest is outside much of my day job as a web developer which I would like to branch away from and I am trying to understand what related jobs are in this space. What kind of jobs are suitable for someone with my interests and experience level here? From what I understand "malware analysis" and "pen testing" appear to be the most related subject matter areas to my interests, is this accurate or is there a better way to categorize it and what kind of jobs fall into this category? Are there broader, more rewarding types of related careers I should focus on instead? I have skill in managing people, but also want to focus on programming and code if its possible. My current job is a hybrid. What kind of salaries can I expect from someone in these types of roles and subject matter? I am in N/A. I have been considering taking enrolled in Google's Cybersecurity Professional Certificate and plan to do Security+ to gain a better understanding of the broader space while I continue to work my day job. Is this a good idea or is there a more optimal use of my time here given my specific interests in this field? As a few notes: Ideally I not want to be an analyst who supports/manages a corporate security solution. This style of work is not appealing to me (although maybe some aspects of it might, such as forensics?). My interests are more focused on code and appear to align closer to specific niche areas in this field. If I have to do lower level analyst work to just break into the field (and take a MASSIVE pay cut) I would consider it, but the most ideal situation I could move laterally both in pay and position as much as possible. Is this a realistic mindset? Thanks! submitted by /u/Deeznutzzzz_z [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cct5mi/experienced_fullstack_dev_general_hacking_nerd/
Hi there, I graduate high-school next year, and I'm considering 2 options. Currently, I have the option to go get a degree in cybersecurity at some mediocre local college. But I'm also considering going the military route, I live in Canada, and the armed forces has a cyber operator career. This career is very new, opened up a few years ago, and due to that, I heard that you get promoted very fast. I also know that the entire Canadian cyber force works out of one building in Ottawa, meaning that I sorta get access/exposure to all parts of cyber, but sadly they don't ever deploy. This career would lead me to get a 2-year diploma at a private college. And then I'd have a 5-ish-year contract, so a total of 7 years. But I'm not sure if the military would be the right route to be able to get a job after I leave. Is it difficult for people who left the military to get jobs in cyber? Any advice y'all could give me? Thanks :) submitted by /u/Bazook1e [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccs4xg/canadian_military_for_cyber/
I have a work laptop connected to my employer's VPN which is using my home WiFi network. Can my employer see what I and other users of this WiFi/router do on the internet via personal devices (non related to my employer by any means) when the work VPN is running only on that specific laptop? Would such activity be legal in EU? As far as I know there isnt any spying software on that work device. submitted by /u/Spare_Employment_986 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccnoas/can_my_employer_see_what_i_andor_other_personal/
submitted by /u/thinkB4WeSpeak [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cc8auf/are_we_ready_for_a_cyber_attack_on_food_and/
Hi guys, I am a former SWE and I wanted to learn about cybersecurity I fell in love with malware dev, social engineering, and just real hacking. I like to work out how to avoid being caught but proxies, firewalls, and anti-viruses, and honestly when I started actual pen testing it was very boring so I then researched I figured out red team does this stuff and they try not to get caught by the blue team and use low-level languages, create their tools ( I guess to evade blue team and antiviruses ), they develop exploits and use them they pretend to be a hacker and try not to get caught. So my qs is this actually true do they develop exploits, create tools, social engineering and custom malware or is this just a big bluff and is their any actual difference between a red teamer and a pen tester submitted by /u/Malik_Rezk [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccr4jc/red_teaming_and_pentesting/
Hello. So i am leading a new team of pentesters and i am trying to have some measurements or a way to assess their skills so i can have some KPI that can improve the team. So was wondering if any have an idea on how to do this? As an example how to measure the web pentesting skills of the Pentester? submitted by /u/morizk90 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccqgc4/skill_measurements_kpi/
Hey there, So, I'm a European student currently grinding through my first year of a Bachelor's degree in IT. I've got this opportunity lined up a six-month internship as a cybersecurity analyst that could potentially lead into a full-time job. But here's the kicker: juggling work during the day and hitting the books at night is proving to be one heck of a struggle. I'm not sure I can keep this up for another two years. Here's the burning question: In the job market, what's more important—having two years of hands-on cybersecurity experience but no degree, or having that degree but lacking real-world experience? I've noticed a ton of job listings demanding a degree, so I'm curious to hear your thoughts on this dilemma. submitted by /u/Defiant_Rip1515 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cby9tv/is_experience_more_valuable_than_a_degree/
Threat hunting resources Hello everyone, I am very interested in threat hunting and I would like to pursue it as a career, specifically in azure environment. I have background in cyber security as a SOC analyst for a small company and I have the sec+ and networking+ certs. I was looking for, and I found some - resources that I thought could be useful for me to learn the basics and some of them are pretty useful. the problem is that a lot of these are projects that have since been deprecated or very basic/vague concepts that don't really dig into threat hunting. Could you wonderful people help me study the art of threat hunting? P.S: does threat hunting require a mathematical background? I've read somewhere that it does. Thank you! submitted by /u/OWLleopard123 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccp8f7/threat_hunting_resources/
Hello!! I'm fairly new to SOC and really new to R7. Do you have any threat hunting queries that you use to proactively detect malicious behavior? Thank you! submitted by /u/Kekatronicles [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccj9fr/insightidr_threat_hunting/
(That would be Adaptive Security Appliance*,* of course...) What's Going On? This afternoon, Cisco released 2 new CVEs impacting their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), both of which are actively exploited by UAT4356. More on CVE-2024-20353 Vendor CVSS Score 8.6 Allows an unauthenticated, remote attacker to force a compromised device to reload unexpectedly, resulting in a denial of service (DoS) condition. More on CVE-2024-20359 Vendor CVSS Score 6.0 Allows an unauthenticated, local attacker to execute arbitrary code with root-level privileges. (Note: Administrator privileges are required to exploit this vulnerability.) Potential Risk? The APG and Cisco have confirmed that these two vulnerabilities are currently actively exploited in the wild! Specifically, Cisco's Talos Intelligence reported an ongoing campaign ("ArcaneDoor"), in which threat actors from UAT4356 deployed two backdoors (“Line Runner” and “Line Dancer”). These threat actors conducted multiple malicious activities, including: Configuration modification, Reconnaissance, Network traffic capture and exfiltration, and Potential lateral movement. How to Mitigate Today, Cisco recommends: Applying software updates with patches for the impacted Cisco ASA and FTD software. Using their provided Cisco Software Checker to help users identify vulnerability exposure to these and other CVEs. Note: Cisco has not identified other workarounds for either CVE-2024-20353 or CVE-2024-20359! For more information ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability submitted by /u/blackpoint_APG [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cc6e35/2x_actively_exploited_cisco_cves_in_adaptive/
I am looking for some options to save some splunk costs (not immediately) but probably in a year or so. I came across this startup, so far the capabilities offered looks fascinating. Any suggestions or experiences to share ? submitted by /u/chow_mean65 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccnd96/anyone_heard_of_service_offered_by_cribl/
Hi, was told to post here, hope that's ok. The company I work for has a small IT team and they ask us all for passwords. If we change them, they ask us again for the updated password. This can't be right, can it? We are ISO 2701 and 9001 acredited which must mean something when it comes to security? I don't want to talk to IT for fear of recriminations, what can I do? Among some of the documents we work with are folks' medical records. submitted by /u/Freshwater_Salmon556 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ccmx56/my_it_department_knows_all_our_passwords/