Security.nl
Sun, 05 May 2024 09:59:02 +0200Het plan om alle chatberichten van Europese burgers te controleren op misbruikmateriaal leidt tot een enorme hoeveelheid ...
https://www.security.nl/posting/840482/Hoogleraar%3A+chatcontrole+leidt+tot+enorme+hoeveelheid+valspositieve+resultaten?channel=rss
De Duitse schoenenketen Salamander is wegens een cyberaanval al ruim twee weken offline, zo blijkt uit een bericht op de eigen ...
https://www.security.nl/posting/840480/Duitse+schoenenketen+Salamander+al+twee+weken+offline+wegens+cyberaanval?channel=rss
Google heeft een manier beschreven hoe bijvoorbeeld systeembeheerders via Windows Event-logs kunnen zien of er bij een ...
https://www.security.nl/posting/840477/Google+beschrijft+manier+om+gestolen+wachtwoorden+uit+browser+te+detecteren?channel=rss
Vpn-dienst Mullvad waarschuwt gebruikers op Android voor een probleem waarbij hun dns-verzoeken kunnen lekken, wat volgens de ...
https://www.security.nl/posting/840359/Vpn-dienst+Mullvad+waarschuwt+voor+lekken+dns-verzoeken+op+Android?channel=rss
Een Britse klant van Chase Bank is voor een bedrag van omgerekend 21.000 euro opgelicht, waarbij de oplichter gebruikmaakte van ...
https://www.security.nl/posting/840353/Slachtoffer+bankhelpdeskfraude+via+echte+pushnotificatie+bank-app+opgelicht?channel=rss
Elk kwartaal maakt back-upprovider Backblaze een overzicht van uitgevallen harde schijven en in het eerste kwartaal van dit ...
https://www.security.nl/posting/840338/Back-updienst+ziet+9+jaar+oude+Seagate-schijven+nog+steeds+goed+meekomen?channel=rss
Technische capaciteiten van politie en opsporingsdiensten moeten worden uitgebreid, om zo online monitoring en het verzamelen ...
https://www.security.nl/posting/840322/Europol%3A+technische+capaciteit+politie+uitbreiden+voor+betere+online+monitoring?channel=rss
Microsoft heeft in verschillende populaire Android-applicaties, die bij elkaar meer dan vier miljard installaties hebben, een ...
https://www.security.nl/posting/840309/Microsoft+vindt+path+traversal-lek+in+Android-apps+met+4+miljard+installaties?channel=rss
De actiegroep Vertrouwen in de GGZ is een rechtszaak tegen de Autoriteit Persoonsgegevens gestart, omdat de ...
https://www.security.nl/posting/840291/Rechtszaak+tegen+Autoriteit+Persoonsgegevens+over+documenten+NZa-plan?channel=rss
Het HagaZiekenhuis in Den haag heeft vijf verpleegkundigen van de afdeling verloskunde op staande voet ontslagen nadat ze via ...
https://www.security.nl/posting/840285/HagaZiekenhuis+betrapt+stelend+personeel+met+verborgen+camera?channel=rss
Aanvallers maken misbruik van verkeerd ingesteld DMARC-beleid bij het uitvoeren van spearphishing-aanvallen, zo claimen de FBI, ...
https://www.security.nl/posting/840276/FBI%3A+verkeerd+ingesteld+DMARC-beleid+misbruikt+bij+spearphishing-aanvallen?channel=rss
Een 40-jarige Amerikaanse man die op grote schaal in vervalste Cisco-switches handelde is in de Verenigde Staten veroordeeld ...
https://www.security.nl/posting/840266/Leverancier+vervalste+Cisco-switches+veroordeeld+tot+ruim+zes+jaar+cel?channel=rss
De Amerikaanse autoriteiten hebben softwareontwikkelaars opgeroepen een einde aan path traversal te maken, omdat deze klasse ...
https://www.security.nl/posting/840263/VS+roept+softwareontwikkelaars+op+einde+aan+path+traversal+te+maken?channel=rss
Gebruikers van Firefox voor Android konden lange tijd uit slechts een tiental extensies kiezen, maar de afgelopen maanden zijn ...
https://www.security.nl/posting/840250/Firefox+voor+Android+passeert+duizend+extensies%3A+adblockers+populairst?channel=rss
Het uitrollen van end-to-end encryptie op digitale platforms vormt een reële bedreiging voor de veiligheid van de samenleving, ...
https://www.security.nl/posting/840244/Politie%3A+encryptie+op+digitale+platforms+vormt+bedreiging+voor+samenleving?channel=rss
In de Verenigde Staten is een 57-jarige voormalige cybersecurity-consultant aangeklaagd voor het afpersen van een it-bedrijf ...
https://www.security.nl/posting/840200/Cybersecurity-consultant+aangeklaagd+voor+afpersen+van+it-bedrijf?channel=rss
Zo'n zestien procent van de Google-accounts maakt gebruik van een passkey om in te loggen, zo claimt Google. Van de 2,4 miljard ...
https://www.security.nl/posting/840196/Google%3A+zestien+procent+accounts+gebruikt+passkey+voor+inloggen?channel=rss
Een 24-jarige Oekraïense man is in de Verenigde Staten veroordeeld tot een gevangenisstraf van ruim dertien jaar wegens een ...
https://www.security.nl/posting/840191/Man+krijgt+dertien+jaar+cel+voor+wereldwijde+ransomware-aanval+via+Kaseya?channel=rss
Criminelen die vorige maand wisten in te breken op systemen van een Frans ziekenhuis hebben gigabytes aan gestolen ...
https://www.security.nl/posting/840182/Criminelen+publiceren+gigabytes+aan+gestolen+pati%C3%ABntdata+Frans+ziekenhuis?channel=rss
Supermarkten die gezichtsherkenning willen inzetten om winkeldiefstal tegen te gaan of eigendommen en medewerkers te beschermen ...
https://www.security.nl/posting/840173/AP%3A+supermarkt+maakt+met+gezichtsherkenning+forse+inbreuk+op+privacy+klant?channel=rss
Waar experts en overheidsinstanties zoals de FBI en het Nationaal Cyber Security Centrum (NCSC) tegen het periodiek wijzigen ...
https://www.security.nl/posting/840165/Belgische+politie+raadt+aan+om+wachtwoorden+regelmatig+te+wijzigen?channel=rss
De Australische overheid heeft vandaag 'nieuw cybersecurity-advies' voor gezinnen gepubliceerd, waarin het onder andere ...
https://www.security.nl/posting/840155/Australische+overheid+adviseert+uitschakelen+locatiediensten+op+telefoon?channel=rss
Drinkwater- en rioolwaterzuiveringsbedrijven, dammen en bedrijven in de energie- en landbouwsector in de Verenigde Staten en ...
https://www.security.nl/posting/840145/FBI%3A+waterbedrijven+aangevallen+via+standaard+wachtwoorden+en+VNC?channel=rss
Het ontwikkelteam van Thunderbird heeft een twintig jaar oude 'bug' verholpen om spam beter te kunnen herkennen. Op 10 mei 2004 ...
https://www.security.nl/posting/840132/Thunderbird+verhelpt+20+jaar+oude+%27bug%27+om+spam+beter+te+herkennen?channel=rss
OpenSSL heeft besloten om downloads voortaan alleen nog maar via GitHub.com aan te bieden. Met andere methodes wordt vanaf 1 ...
https://www.security.nl/posting/840127/OpenSSL+biedt+downloads+voortaan+alleen+nog+maar+aan+via+GitHub_com?channel=rss
UnitedHealth, de grootste zorgverzekeraar in de Verenigde Staten, heeft bevestigd dat het criminelen achter een ...
https://www.security.nl/posting/840119/Zorgverzekeraar+VS+betaalde+ransomwaregroep+22+miljoen+dollar+losgeld?channel=rss
Een groep van meer dan 250 onderzoekers en wetenschappers hebben in een open brief opnieuw alarm geslagen over plannen van ...
https://www.security.nl/posting/840115/Wetenschappers+slaan+opnieuw+alarm+over+Brussels+plan+voor+chatcontrole?channel=rss
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in GitLab waarmee het mogelijk is om accounts van gebruikers ...
https://www.security.nl/posting/840114/VS+waarschuwt+voor+misbruik+GitLab-lek+waarmee+accounts+zijn+te+kapen?channel=rss
Bij een inbraak op de productieomgeving van Dropbox Sign zijn allerlei gegevens van klanten gestolen, waaronder tokens, ...
https://www.security.nl/posting/840113/Dropbox+Sign+meldt+diefstal+tokens+en+wachtwoordhashes+klanten+bij+inbraak?channel=rss
Een ransomware-aanval die zich vorig jaar november voordeed kan de Comhairle nan Eilean Siar, de Raad voor de Western Isles in ...
https://www.security.nl/posting/840047/Herstel+ransomware-aanval+kan+Schotse+raad+600_000+euro+kosten?channel=rss
De Australische luchtvaartmaatschappij Qantas heeft van een onbekend aantal passagiers de gegevens gelekt. Passagiers die op de ...
https://www.security.nl/posting/840037/Luchtvaartmaatschappij+Qantas+lekte+passagiersgegevens+via+app?channel=rss
De Europese burgerrechtenbeweging EDRi vreest live gezichtsherkenning in openbare ruimtes als gevolg van de Europese AI-wet ...
https://www.security.nl/posting/840017/Burgerrechtenbeweging+vreest+live+gezichtsherkenning+door+Europese+AI-wet?channel=rss
Amerikaanse senatoren hebben de Amerikaanse toezichthouder FTC opgeroepen een onderzoek naar autofabrikanten in te stellen, ...
https://www.security.nl/posting/840010/%27Autofabrikanten+breken+belofte+over+delen+locatiegegevens+met+politie%27?channel=rss
De Europese Ombudsman heeft de Europese Commissie beticht van wanbestuur en opgeroepen om documenten over het willen ...
https://www.security.nl/posting/839990/Ombudsman+roept+Brussel+op+documenten+chatcontrole+openbaar+te+maken?channel=rss
De Nederlandse Staat heeft niet onrechtmatig gehandeld met de invoering van het coronatoegangsbewijs (CTB), ook al was dit een ...
https://www.security.nl/posting/839965/Rechtbank%3A+Staat+handelde+niet+onrechtmatig+met+coronatoegangsbewijs?channel=rss
Cryptobeurs Bitvavo heeft van een 'beperkte groep gebruikers' de persoonsgegevens gelekt. Het gaat om voor- en achternaam, ...
https://www.security.nl/posting/839956/Cryptobeurs+Bitvavo+lekt+persoonsgegevens+%27beperkte+groep+gebruikers%27?channel=rss
Het verhuizen van systemen van de Stichting Internet Domeinregistratie Nederland (SIDN), de organisatie die de .nl-domeinnamen ...
https://www.security.nl/posting/839931/GroenLinks-PvdA%3A+verhuizing+SIDN+naar+Amazon+gigantisch+probleem?channel=rss
Het scrapen van gegevens is bijna altijd illegaal, zo laat de Autoriteit Persoonsgegevens (AP) vandaag weten. Bij scraping ...
https://www.security.nl/posting/839937/Autoriteit+Persoonsgegevens%3A+scrapen+van+gegevens+bijna+altijd+illegaal?channel=rss
De Amerikaanse overheid meldt dat aanvallers actief misbruik maken van een beveiligingslek in Windows SmartScreen. Microsoft ...
https://www.security.nl/posting/839927/VS+meldt+actief+misbruik+van+beveiligingslek+in+Windows+SmartScreen?channel=rss
Juridische vraag: Vanochtend ontdekte ik toevallig dat mijn werkgever een camera heeft aangebracht bij onze werkplek. En dat is ...
https://www.security.nl/posting/839922/Ik+wil+per+direct+weg+bij+mijn+werkgever+die+zonder+melding+camera%27s+heeft+geplaatst_+Kan+dit%3F?channel=rss
Stichting Privacy First is niet te spreken over de verplichte registratie voor het kunnen bijwonen van de Nationale ...
https://www.security.nl/posting/839916/Privacy+First+hekelt+verplichte+registratie+voor+bijwonen+Dodenherdenking?channel=rss
De voorzieningenrechter van de Rechtbank Amsterdam heeft voorlopig een streep gehaald door het eerste online gebiedsverbod van ...
https://www.security.nl/posting/839915/Rechter+zet+voorlopig+streep+door+online+gebiedsverbod+burgemeester+Halsema?channel=rss
Een 26-jarige Finse man die verantwoordelijk is voor het gevoeligste datalek in de Finse geschiedenis is vandaag veroordeeld ...
https://www.security.nl/posting/839869/Dader+gevoeligste+datalek+in+Finse+geschiedenis+veroordeeld+tot+zes+jaar+cel?channel=rss
Apple maakt het voor malafide appstores mogelijk om Europese Safari-gebruikers via een uniek device ID op internet te volgen, ...
https://www.security.nl/posting/839866/Onderzoekers%3A+Safari-gebruikers+via+uniek+device+ID+op+internet+te+volgen?channel=rss
Gestolen inloggegevens voor een Citrix-portaal maakten het mogelijk voor aanvallers om toegang tot systemen van het Amerikaanse ...
https://www.security.nl/posting/839853/%27Gestolen+Citrix-login+maakte+groot+Amerikaans+datalek+mogelijk%27?channel=rss
De Europese Commissie doet onderzoek of Meta mogelijk de Digital Services Act (DSA) heeft overtreden. Het gaat dan om ...
https://www.security.nl/posting/839843/Brussel+doet+onderzoek+naar+mogelijke+DSA-overtredingen+van+Meta?channel=rss
De Britse gezondheidszorg moet meer doen om de gegevens van mensen met hiv te beschermen, omdat er zich teveel datalekken ...
https://www.security.nl/posting/839839/Britse+toezichthouder+wil+einde+aan+datalekken+met+hiv-status+pati%C3%ABnten?channel=rss
Europese politiechefs kwamen onlangs met een oproep aan overheden en techbedrijven om de uitrol van end-to-end encryptie te ...
https://www.security.nl/posting/839833/Kamer+wil+opheldering+over+oproep+politiechefs+om+encryptie+te+verzwakken?channel=rss
Vorige maand legde burgemeester Halsema voor het eerst in Amsterdam een online gebiedsverbod op aan een lid van een rapgroep. ...
https://www.security.nl/posting/839822/Minister%3A+online+gebiedsverbod+Amsterdam+opgelegd+als+noodbevel?channel=rss
Het Openbaar Ministerie (OM) wijzigt het beleid voor het afluisteren van verdachten wanneer die in het bijzijn van journalisten ...
https://www.security.nl/posting/839814/OM+wijzigt+beleid+voor+afluisteren+verdachten+in+bijzijn+van+journalisten?channel=rss
Govinfosecurity.com
Why Customers Benefit From Bringing Threat Hunting and Threat Intelligence TogetherIntel 471 bought a threat hunting startup led by a Raytheon and Swimlane leader to help clients more effectively address complex cyberthreats. Buying Cyborg Security will bring threat hunting and threat intelligence together to beef up security posture and take proactive measures against hackers.
https://www.govinfosecurity.com/how-intel-471s-buy-cyborg-reshaping-threat-hunting-a-25012
Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of DataMembers of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest credentials and hack into victim cloud networks, according to a Mandiant report published Wednesday.
https://www.govinfosecurity.com/new-report-exposes-iranian-hacking-groups-media-masquerade-a-25011
Also: Insights From Verizon's Data Breach Investigations Report; Investment TrendsIn the latest weekly update, ISMG editors discussed what the thousands of attendees at RSA Conference 2024 can expect this year, key insights from Verizon's Data Breach Investigations Report, and how significant funding rounds are shaping the cybersecurity industry.
https://www.govinfosecurity.com/ismg-editors-rsa-conference-2024-preview-a-25010
FortiGuard Labs Identifies Botnet Exploiting Decade-Old D-Link VulnerabilityHackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.
https://www.govinfosecurity.com/new-botnet-goldoon-targets-d-link-devices-a-25009
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members.
https://www.govinfosecurity.com/agency-releases/dod-notice-proposed-rulemaking-on-privacy-training-r-2575
Guidance on establishing processes to rapidly detect and respond to cyber incidents.
https://www.govinfosecurity.com/agency-releases/nist-sp-800-61-revision-1-computer-security-incident-handling-r-2383
Specifying architecture and technical requirements for a common identification standard for federal employees and contractors.
https://www.govinfosecurity.com/agency-releases/nist-fips-pub-201-2-personal-identity-verification-federal-r-2379
Organization, Mission and Information System View
https://www.govinfosecurity.com/agency-releases/nist-sp-800-39-managing-information-security-risk-r-2353
While fewer healthcare websites appear to be using online trackers now than a year ago, nearly 1 in 3 firms are still using Meta Pixel and similar tech tools despite warnings from regulators and a rise in class action litigation alleging privacy violations, said Ian Cohen, CEO of Lokker.
https://www.govinfosecurity.com/interviews/web-trackers-persist-in-healthcare-despite-privacy-risks-i-5384
Information Security Media group CTO and CISO Dan Grosu discusses the challenges of realistically implementing the directives in President Joe Biden's executive order on artificial intelligence. Hint: He thinks it's going to be "a madhouse" if enterprises don't get more educated about AI.
https://www.govinfosecurity.com/interviews/regulating-ai-its-going-to-be-madhouse-i-5383
While most healthcare sector organizations hit with ransomware attacks never imagine giving in to extortion demands, the pressures they face in dealing with the crisis often push about half of them to pay, said attorney Lynn Sessions of BakerHostetler, speaking about the firm's healthcare clients.
https://www.govinfosecurity.com/interviews/many-healthcare-sector-entities-end-up-paying-ransoms-i-5382
SecurityGate CEO Ted Gutierrez said the SEC's new cybersecurity mandates give "more teeth to the idea that cybersecurity is a business problem." He discussed the need for CISOs to link cyber risk and business outcomes and other ways in which the rules affect the field of cybersecurity.
https://www.govinfosecurity.com/interviews/correlating-cyber-investments-business-outcomes-i-5380
Your Personal Brand Is as Crucial as Any Skill in Your Tech ToolkitPersonal branding is the practice of marketing oneself and one's career as a brand. It plays a role in how you are perceived and how you perceive yourself as a professional, and it can set you apart from other candidates. Here are tips on how to create and maintain your personal brand.
https://www.govinfosecurity.com/blogs/how-personal-branding-elevate-your-tech-career-p-3621
High Demand for Experts Who Know Law Plus AI, Blockchain and Internet of ThingsAdvancements in AI, blockchain and the internet of things have caused the demand for professionals who have expertise in those fields as well as in law to skyrocket. There simply are not enough experts equipped with this knowledge, and the gap presents a unique and lucrative career opportunity.
https://www.govinfosecurity.com/blogs/career-spotlight-growing-need-for-technology-legal-analysts-p-3619
Hashi Leads in Secrets Management But Lags in Privileged Access. What's Next?Big Blue took a big bite out of the secrets management space with its proposed buy of San Francisco-based HashiCorp, which rivals CyberArk in its ability to authenticate and authorize access to sensitive data. Will IBM double down on the privileged access market, or let the technology languish?
https://www.govinfosecurity.com/blogs/what-ibm-purchasing-hashicorp-means-for-secrets-management-p-3618
How ChatGPT Can Help You Write Your Job Application DocumentsArtificial intelligence offers innovative tools to refine your job application materials. This guide provides practical steps on how to use one common tool, ChatGPT, to enhance your resume and cover letter, ensuring they capture the attention of potential employers.
https://www.govinfosecurity.com/blogs/harnessing-ai-step-by-step-guide-for-job-seekers-p-3616
securityboulevard.com
Sat, 04 May 2024 15:00:00 +0000Authors/Presenters: Jianhao Xu, Kangjie Lu, Zhengjie Du, Zhu Ding, Linke Li Qiushi Wu, Mathias Payer, Bing Mao Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/usenix-security-23-silent-bugs-matter-a-study-of-compiler-introduced-security-bugs/
Recently, I wrapped up my first work trip with Balbix—a whirlwind tour of customer roundtables in Singapore, Melbourne and Sydney. We were joined by local EY teams that have been working with us for almost an entire year to explore the topic of Cyber Risk Management in the region. EY has launched a new managed … Read More The post The Real Risk is Not Knowing Your Real Risk: Perspectives from Asia Pacific Tour with EY appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/the-real-risk-is-not-knowing-your-real-risk-perspectives-from-asia-pacific-tour-with-ey/
What is the government if not an organization dedicated to the creation of paperwork? All of that paperwork means something, though, and it can range from trivial to vitally important. One of the more important forms, if it’s required for your business or institution to fill out, is the DD2345 form. What is it, what […] The post DD2345 Military Critical Technical Data Agreement and CMMC appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/dd2345-military-critical-technical-data-agreement-and-cmmc/
Failure to configure authentication allowed malicious actors to exploit Airsoftc3.com's database, exposing the sensitive data of a vast number of the gaming site's users. The post Airsoft Data Breach Exposes Data of 75,000 Players appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/airsoft-data-breach-exposes-data-of-75000-players/
For security leaders heading to RSAC 2024 in need of a refresher on all things SOAR (Security Automation, Orchestration and Response), D3 Security has you covered. Before you hit the expo floor, check out these must-read resources that will equip you with the insights needed to understand the security automation space and choose the right […] The post Get SOAR Savvy Before RSAC 2024: 5 Reads to Level Up Your SOC appeared first on D3 Security. The post Get SOAR Savvy Before RSAC 2024: 5 Reads to Level Up Your SOC appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/get-soar-savvy-before-rsac-2024-5-reads-to-level-up-your-soc/
We recently hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, Microsoft 365, and online browsing. They […] The post Cloud Monitor Automation Thwarts Phishing & Malware Emails appeared first on ManagedMethods. The post Cloud Monitor Automation Thwarts Phishing & Malware Emails appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/cloud-monitor-automation-thwarts-phishing-malware-emails/
SAN FRANCISCO — On the eve of what promises to be a news-packed RSA Conference 2024, opening here on Monday, Microsoft is putting its money where its mouth is. Related: Shedding light on LLM vulnerabilities More precisely the software … (more…) The post MY TAKE: Is Satya Nadella’s ‘Secure Future Initiative’ a deja vu of ‘Trustworthy Computing?’ appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/my-take-is-satya-nadellas-secure-future-initiative-a-deja-vu-of-trustworthy-computing/
Prisma SASE 3.0 promises to make it simpler and faster to apply zero-trust policies. The post Palo Alto Networks Extends SASE Reach to Unmanaged Devices appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/palo-alto-networks-extends-sase-reach-to-unmanaged-devices/
Authors/Presenters: Tarun Kumar Yadav, Devashish Gosain, Kent Seamons Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Cryptographic Deniability: A Multi-perspective Study of User Perceptions and Expectations appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/usenix-security-23-cryptographic-deniability-a-multi-perspective-study-of-user-perceptions-and-expectations/
Recently, I chatted with developers from a customer in a heavily regulated industry. They were manually updating their open source dependencies and wanted to find a better solution to save time. Keeping their dependencies up-to-date was very time-consuming but something they identified as crucial for their business. The post The impact of automating open source dependency management appeared first on Security Boulevard.
https://securityboulevard.com/2024/05/the-impact-of-automating-open-source-dependency-management/
CXSecurity.com
Sat, 04 May 2024 21:44:32 +0000Topic: Sandhya Branding Agency - Blind Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Sandhya Branding Agency - Blind Sql Injection #Date...
https://cxsecurity.com/issue/WLB-2024050013
Topic: Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Disclosure Risk: Medium Text:Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elbe...
https://cxsecurity.com/issue/WLB-2024050012
Topic: Microsoft PlayReady Cryptography Weakness Risk: High Text:Hello All, There is yet another attack possible against Protected Media Path process beyond the one involving two global XO...
https://cxsecurity.com/issue/WLB-2024050011
Topic: Webenlive - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Webenlive - Sql Injection #Date: 2024-05-02 #Explo...
https://cxsecurity.com/issue/WLB-2024050010
Topic: SOPlanning 1.52.00 Cross Site Scripting Risk: Low Text:Exploit Title: SOPlanning v1.52.00 'groupe_save.php' XSS (Reflected XSS) Application: SOPlanning Version: 1.52.00 Date: 4/22...
https://cxsecurity.com/issue/WLB-2024050009
Topic: SOPlanning 1.52.00 SQL Injection Risk: Medium Text:Exploit Title: SOPlanning v1.52.00 'projets.php' SQLi Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploi...
https://cxsecurity.com/issue/WLB-2024050008
Topic: SOPlanning 1.52.00 Cross Site Request Forgery Risk: Low Text:< !-- Exploit Title: SOPlanning v1.52.00 'xajax_server.php' CSRF (Account Takeover) Application: SOPlanning Version: 1.52.00 ...
https://cxsecurity.com/issue/WLB-2024050007
Topic: BitraTech - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: BitraTech - Sql Injection #Date: 2024-05-02 #Explo...
https://cxsecurity.com/issue/WLB-2024050006
Topic: Bigem Teknoloji - Blind Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: Bigem Teknoloji - Blind Sql Injection #Date: 2024-0...
https://cxsecurity.com/issue/WLB-2024050005
Topic: Kemp LoadMaster Unauthenticated Command Injection Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024050004
Topic: Doctor Appointment Management System 1.0 Cross Site Scripting Risk: Low Text:# Application Name: Doctor Appointment Management System # Software Link: [Download Link](https://phpgurukul.com/doctor-appoin...
https://cxsecurity.com/issue/WLB-2024050003
Topic: osCommerce 4 - Reflected XSS Risk: Low Text:# Exploit Title: osCommerce 4 - Reflected XSS # Exploit Author: CraCkEr # Date: 22/04/2024 # Vendor: osCommerce ltd. # Vend...
https://cxsecurity.com/issue/WLB-2024050002
Topic: Travel-Manager-OTMSP-1.0 Multiple SQLi Risk: Medium Text:## Titles: Travel-Manager-OTMSP-1.0 Multiple SQLi ## Author: nu11secur1ty ## Date: 05/01/2024 ## Vendor: https://mayurik.com...
https://cxsecurity.com/issue/WLB-2024050001
Topic: Positron Broadcast Signal Processor TRA7005 v1.20 Authentication Bypass Risk: High Text:# Exploit Title: Positron Broadcast Signal Processor TRA7005 v1.20 - Authentication Bypass # Author: LiquidWorm # Vendor: Pos...
https://cxsecurity.com/issue/WLB-2024040068
Topic: GitLens Git Local Configuration Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040067
Topic: fvgfl - SQL Injection vulnerability Risk: Medium Text:********************************************************* #Exploit Title: fvgfl - SQL Injection vulnerability #Date: 2024-04-...
https://cxsecurity.com/issue/WLB-2024040066
Topic: FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040065
Topic: Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE Risk: High Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 SSTI(Markup Sandbox function) lead to RCE # Date: 2...
https://cxsecurity.com/issue/WLB-2024040064
Topic: Palo Alto PAN-OS Command Execution / Arbitrary File Creation Risk: High Text:# Exploit Title: Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation # Date: 21 Apr 2024 # Exploi...
https://cxsecurity.com/issue/WLB-2024040063
Topic: Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040062
Topic: Hikvision Camera - Remote command execution Risk: High Text:# Exploit Title: Exploit Title: Hikvision Camera - Remote command execution # Date: 4/22/2024 # Google Dork : In Shodan searc...
https://cxsecurity.com/issue/WLB-2024040061
Topic: Apache Solr Backup/Restore API Remote Code Execution Risk: Medium Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040060
Topic: Nginx 1.25.5 Host Header Validation Risk: Low Text:# Nginx =< 1.25.5 $host variable validation bug ## Intro: In the "Host" header sent to Nginx web server you can't just in...
https://cxsecurity.com/issue/WLB-2024040059
Topic: Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Risk: Medium Text:Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://w...
https://cxsecurity.com/issue/WLB-2024040058
Topic: LRMS-PHP-by-oretnom23-v1.0 hat-trick Risk: Medium Text:## Titles: LRMS-PHP-by-oretnom23-v1.0 hat-trick 1. Multiple-SQLi 2. File Upload 3. SQLi Bypass Authentication: ## Latest u...
https://cxsecurity.com/issue/WLB-2024040057
Topic: WBCE CMS Version 1.6.1 Remote Command Execution (Authenticated) Risk: High Text:# Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution # Date: 30/11/2023 # Exploit Author: tmrswrr # Vendor Ho...
https://cxsecurity.com/issue/WLB-2024040056
Topic: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference Risk: Medium Text:Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Af...
https://cxsecurity.com/issue/WLB-2024040055
Topic: Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Risk: Medium Text:Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass Vendor: Elber S.r.l. Product web page: https://www.elber...
https://cxsecurity.com/issue/WLB-2024040054
Topic: Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference Risk: Low Text:Elber Wayber Analog/Digital Audio STL 4.00 Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it Aff...
https://cxsecurity.com/issue/WLB-2024040053
Topic: North Wales - Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: North Wales - Sql Injection #Date: 2024-04-21 #Exp...
https://cxsecurity.com/issue/WLB-2024040052
Topic: Relate Learning And Teaching system Version before 2024.1 Stored XSS Risk: Medium Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS # Date: 18/04/2024 # Exploit Author: ka...
https://cxsecurity.com/issue/WLB-2024040051
Topic: Solar-Log Base 2000- Broken Access Control Risk: Medium Text:# Exploit Title: Solar-Log Base 2000- Broken Access Control # Google Dork: In Shodan search engine, the filter is ""Server: IP...
https://cxsecurity.com/issue/WLB-2024040050
Topic: Relate Learning And Teaching system Version before 2024.1 SSTI(Page Sandbox function) lead to RCE Risk: Low Text:# Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS # Date: 18/04/2024 # Exploit Author: ka...
https://cxsecurity.com/issue/WLB-2024040049
Topic: Flowise 1.6.5 Authentication Bypass Risk: Medium Text:# Exploit Title: Flowise 1.6.5 - Authentication Bypass # Date: 17-April-2024 # Exploit Author: Maerifat Majeed # Vendor Home...
https://cxsecurity.com/issue/WLB-2024040048
Topic: Wordpress Plugin Alemha Watermarker 1.3.1 Stored Cross-Site Scripting (XSS) Risk: Low Text:# Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS) # Date: 22 March 2024 # Exploi...
https://cxsecurity.com/issue/WLB-2024040047
Topic: BMC Compuware iStrobe Web 20.13 Pre-auth RCE Risk: High Text:#!/usr/bin/env python3 # Exploit Title: Pre-auth RCE on Compuware iStrobe Web # Date: 01-08-2023 # Exploit Author: trancap...
https://cxsecurity.com/issue/WLB-2024040046
Topic: Centreon 23.10-1.el8 SQL Injection Risk: Medium Text:;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; found : 05.03.2024 ;; version: centreon-vbox-vm-23_1...
https://cxsecurity.com/issue/WLB-2024040045
Topic: CrushFTP Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-...
https://cxsecurity.com/issue/WLB-2024040044
Topic: kruxton-1.0-FileUpload-RCE Risk: High Text:## Title: kruxton-1.0-FileUpload-RCE ## Author: nu11secur1ty ## Date: 04/15/2024 ## Vendor: https://www.mayurik.com/ ## Sof...
https://cxsecurity.com/issue/WLB-2024040043
Topic: Backdoor.Win32.Dumador.c / Remote Stack Buffer Overflow (SEH) Risk: High Text:Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf236...
https://cxsecurity.com/issue/WLB-2024040042
Bleepingcomputer.com
Sat, 04 May 2024 10:17:34 -0400The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. [...]
https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [...]
https://www.bleepingcomputer.com/news/security/android-bug-leaks-dns-queries-even-when-vpn-kill-switch-is-enabled/
The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. [...]
https://www.bleepingcomputer.com/news/security/nsa-warns-of-north-korean-hackers-exploiting-weak-dmarc-email-policies/
Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. [...]
https://www.bleepingcomputer.com/news/security/google-rolls-back-recaptcha-update-to-fix-firefox-issues/
NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]
https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-passkey-auth-for-personal-microsoft-accounts/
Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. [...]
https://www.bleepingcomputer.com/news/security/ceo-who-sold-fake-cisco-devices-to-us-military-gets-6-years-in-prison/
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...]
https://www.bleepingcomputer.com/news/software/bitwarden-launches-new-mfa-authenticator-app-for-ios-android/
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. [...]
https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/
Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. [...]
https://www.bleepingcomputer.com/news/security/police-shuts-down-12-fraud-call-centres-arrests-21-suspects/
Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. [...]
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-dirty-stream-attack-impacting-android-apps/
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/revil-hacker-behind-kaseya-ransomware-attack-gets-13-years-in-prison/
reddit.com/r/blueteamsec
2024-05-03T08:16:23+00:00 submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cj3ezo/cto_at_ncsc_summary_week_ending_may_5th/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck2naw/how_to_enforce_usage_of_privileged_access/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck868m/大网两级soc联动的要素_elements_of_twolevel_soc_linkage/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck82o6/relaying_kerberos_authentication_from_dcom_oxid/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck81qb/lsass_rings_ksecdd_ext_0/
New Article on how to quickly get Syslog/AuditD logs to Microsoft Sentinel for threat hunting and detection building using AuditD. https://medium.com/@truvis.thornton/how-to-install-and-setup-azure-arc-ama-azure-monitor-agent-and-dcr-data-collection-rules-for-47381ee9d312 submitted by /u/thattechkitten [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck2bzm/howto_install_and_setup_azure_arc_ama_azure/
submitted by /u/DrWhax [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck1u8v/a_web_of_surveillance/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck84ns/谷歌利用生成式ai实现自动化恶意软件逆向工程分析_google_uses_generative/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck83np/osssec_suspicious_hookloading_mechanism_in/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck82fn/nat_slipstreaming_v20/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1ck2vqy/did_the_murdoch_empire_hack_mps_for_commercial/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjudn4/empire_510_is_now_live_sacrificial_spawn_process/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjwqqe/tale_of_code_integrity_driver_loads/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjuc3w/android_greybox_fuzzing_with_afl_frida_mode/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjubrr/secure_kernel_research_with_livecloudkd/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjuatf/abusing_ms_windows_printing_for_c2_communication/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjttp6/statement_by_the_north_atlantic_council/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjtrz0/advisory_on_democratic_peoples_republic_of_korea/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjwq1p/amsi_write_raid_0day_bypass/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjucm0/full_disclosure_a_look_at_a_recently_patched/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cju2mx/israeli_private_eye_arrested_in_uk_over_alleged/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjtumi/uk_joins_partners_in_condemnation_of_malicious/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cji7zc/attribution_of_a_russian_cyber_campaign_the/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjczgd/statement_of_the_mfa_on_the_cyberattacks_carried/
submitted by /u/digicat [link] [comments]
https://www.reddit.com/r/blueteamsec/comments/1cjd9cn/державна_служба_спеціального_звязку_та_захисту/
reddit.com/r/hacking
2018-12-06T14:44:57+00:00Before I begin - everything about this should be totally and completely ethical at it's core. I'm not saying this as any sort of legal coverage, or to not get somehow sued if any of you screw up, this is genuinely how it should be. The idea here is information security. I'll say it again. information security. The whole point is to make the world a better place. This isn't for your reckless amusement and shot at recognition with your friends. This is for the betterment of human civilisation. Use your knowledge to solve real-world issues. There's no singular all-determining path to 'hacking', as it comes from knowledge from all areas that eventually coalesce into a general intuition. Although this is true, there are still two common rapid learning paths to 'hacking'. I'll try not to use too many technical terms. The first is the simple, effortless and result-instant path. This involves watching youtube videos with green and black thumbnails with an occasional anonymous mask on top teaching you how to download well-known tools used by thousands daily - or in other words the 'Kali Linux Copy Pasterino Skidder'. You might do something slightly amusing and gain bit of recognition and self-esteem from your friends. Your hacks will be 'real', but anybody that knows anything would dislike you as they all know all you ever did was use a few premade tools. The communities for this sort of shallow result-oriented field include r/HowToHack and probably r/hacking as of now. The second option, however, is much more intensive, rewarding, and mentally demanding. It is also much more fun, if you find the right people to do it with. It involves learning everything from memory interaction with machine code to high level networking - all while you're trying to break into something. This is where Capture the Flag, or 'CTF' hacking comes into play, where you compete with other individuals/teams with the goal of exploiting a service for a string of text (the flag), which is then submitted for a set amount of points. It is essentially competitive hacking. Through CTF you learn literally everything there is about the digital world, in a rather intense but exciting way. Almost all the creators/finders of major exploits have dabbled in CTF in some way/form, and almost all of them have helped solve real-world issues. However, it does take a lot of work though, as CTF becomes much more difficult as you progress through harder challenges. Some require mathematics to break encryption, and others require you to think like no one has before. If you are able to do well in a CTF competition, there is no doubt that you should be able to find exploits and create tools for yourself with relative ease. The CTF community is filled with smart people who can't give two shits about elitist mask wearing twitter hackers, instead they are genuine nerds that love screwing with machines. There's too much to explain, so I will post a few links below where you can begin your journey. Remember - this stuff is not easy if you don't know much, so google everything, question everything, and sooner or later you'll be down the rabbit hole far enough to be enjoying yourself. CTF is real life and online, you will meet people, make new friends, and potentially find your future. What is CTF? (this channel is gold, use it) - https://www.youtube.com/watch?v=8ev9ZX9J45A More on /u/liveoverflow, http://www.liveoverflow.com is hands down one of the best places to learn, along with r/liveoverflow CTF compact guide - https://ctf101.org/ Upcoming CTF events online/irl, live team scores - https://ctftime.org/ What is CTF? - https://ctftime.org/ctf-wtf/ Full list of all CTF challenge websites - http://captf.com/practice-ctf/ > be careful of the tool oriented offensivesec oscp ctf's, they teach you hardly anything compared to these ones and almost always require the use of metasploit or some other program which does all the work for you. http://pwnable.tw/ (a newer set of high quality pwnable challenges) http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges) https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression) https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430) http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges) http://reversing.kr/ http://hax.tor.hu/ https://w3challs.com/ https://pwn0.com/ https://io.netgarage.org/ http://ringzer0team.com/ http://www.hellboundhackers.org/ http://www.overthewire.org/wargames/ http://counterhack.net/Counter_Hack/Challenges.html http://www.hackthissite.org/ http://vulnhub.com/ http://ctf.komodosec.com https://maxkersten.nl/binary-analysis-course/ (suggested by /u/ThisIsLibra, a practical binary analysis course) https://pwnadventure.com (suggested by /u/startnowstop) http://picoctf.com is very good if you are just touching the water. and finally, r/netsec - where real world vulnerabilities are shared. submitted by /u/SlickLibro [link] [comments]
https://www.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide/
New year new you This sub needs a new banner for both old.reddit.com and new.reddit.com This is a call to arms for any of our resident gfx designers out there. If I tried to make it, it would look like a cracked out Albert Gonzalez, Conor Fitzpatrick, or Roman Seleznev made it in MS Paint. We need halp. For banner size specs on new: https://www.reddit.com/r/redesign/comments/87uu45/usage_guidelines_for_images_in_the_redesign/ For banner size specs on old: https://www.reddit.com/r/BannerRequest/wiki/index/artguide/#wiki_sizing_guidelines.3A No real theme or guidance besides make it hacking culture related. Let your imagination flow. Just submit something and then I guess we will hold a community poll to pick the winner out of whatever is submitted. Thanx submitted by /u/DrinkMoreCodeMore [link] [comments]
https://www.reddit.com/r/hacking/comments/1ahkbke/sub_banner_contest_2024/
submitted by /u/tides977 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cklaun/zeekill_from_teenage_cyberthug_to_europes_most/
submitted by /u/DansuMori [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjntzr/sad/
submitted by /u/Effective-Media-3373 [link] [comments]
https://www.reddit.com/r/hacking/comments/1ckm5ig/google_ads_at_its_finest/
submitted by /u/Gnu-Priest [link] [comments]
https://www.reddit.com/r/hacking/comments/1cj8vak/most_are_such_a_disappointment/
submitted by /u/Crcex86 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjsvia/reverse_shelling_a_router_good_watch/
I have a raspberry pi lying around from another project. Would there be any educational reason to pop Kali on that thing? I’m not trying to gray/black hat any networks so I’m unsure what benefit a portable Kali machine would be. Is an easily concealable Kali machine the only real reason I’d install Kali on a pi or are there other use cases I’m not thinking of? Overall, just trying to find a use for the thing, specifically security related. Any ideas help! submitted by /u/kindapurpledinosaur [link] [comments]
https://www.reddit.com/r/hacking/comments/1cke2ub/use_case_of_kali_linus_on_raspberry_pi/
I recently lost my job. I didn't particularly like it, so it's not sad in that sense; however, the financial implications are obviously less than ideal. I've been interested in cybersecurity for a long time and even took the CompTIA Security+ certification a few years ago just for fun, but that is the extent of my relevant experience. I want to use this as an opportunity to upskill myself and finally break into a field that I am genuinely passionate about, and I do not mind starting from the bottom. I have enough saved that I can go at this full time, 8-10 hours a day, for the next 4 months. Importantly, I have basically no other commitments. I have outlined a plan: Month 1: TryHackMe + HTB boxes with walkthrough to get the basics down and document all progress. Month 2: Study for and take the PNPT (can't afford the OSCP), continue with HTB and THM. Month 3: Renew Security+ cert and start applying for tons of jobs, keep going at it with HTB and THM. Month 4: Keep applying, and hopefully get some interviews, and keep doing the same stuff and document all progress. And if I get no results maybe try my luck in Bug Bounty hunting. I know this is a massive undertaking, and I realize it's going to be a tough few months. But I've always seemed to learn quickly, and I'm very committed to making this happen. I would greatly appreciate any feedback, critique, and advice that could help me in my journey. submitted by /u/DimWit666 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cj6sgf/lost_my_job_4_months_to_break_into_cyber_security/
trying to "hack" a gmail account that i've made, password is random i got someone else to set it to a random string, im currently got hydra doing a rockyou.txt brute force but is gonna take 90hours, any way to come at this from like multiple ends to speed it up? submitted by /u/possibly_emma [link] [comments]
https://www.reddit.com/r/hacking/comments/1ckhoae/any_way_to_speed_up_hydra/
Based on all the recommendations I’m now reading the Ghost in the Wires. I gotta admit it’s a great book, but here’s what I don’t get - given that Kevin Mitnick was (is) such an outstanding hacker (one of the best to date, right?), then why was he caught so many times? submitted by /u/eve-collins [link] [comments]
https://www.reddit.com/r/hacking/comments/1cked8i/why_was_mitnick_caught/
submitted by /u/theloslonelyjoe [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjen4j/why_i_dont_play_red_team_anymore/
submitted by /u/enkrstic [link] [comments]
https://www.reddit.com/r/hacking/comments/1cj7xtv/elite_russian_hackers_breach_scholzs_german/
Whats up all? Something thats been on my mind, i know there have been some instances of smart video camera doorbells getting hacked. Smart lights are connect to wi-fi and can be controlled by a smartphone app. Is there any risk of other devices like a laptop being reached thats connected to the same wifi network? submitted by /u/Takingbackcontroll [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjbp81/are_smart_ledlights_a_security_risk/
Hello, I am looking for an osint tool I used to work with a couple of years ago. It was a map, and whenever something big would happen(terrorist attack, natural disaster, etc) it would create a bubble and it would give you up to the minute information on it. I cannot for the life of me remember what it was called. I want to have it pulled up at my work 24/7. thanks in advance. submitted by /u/AlexanderDaOK [link] [comments]
https://www.reddit.com/r/hacking/comments/1cja5og/looking_for_a_osint_tool/
I discovered this video online, and I would like to make this myself, to show my friend what damages small things can do, and how to protect himself in real world situation where this may happen. He has given me full consent to do so, and is even enthusiastic about it. https://youtu.be/fYhz1tCjxbY submitted by /u/_dark__mode_ [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjvkrl/i_would_like_to_recreate_the_device_from_this/
Does anyone know of a tool that can hide Linux command line arguments from being displayed? I remember someone posted a personal project that did so and it didn’t require root to run. Unfortunately I cannot remember the name or the post but I’m almost positive it was posted here. submitted by /u/don_dizzle [link] [comments]
https://www.reddit.com/r/hacking/comments/1cji2mm/looking_for_a_tool/
I am trying to locate a windows login bypass utility that I cannot remember the name of. If memory serves, the bootable tool would do something to the kernel to basically allowing any value to be typed into the password field. The utility did not reset or modify any system or passwords, just allowed bypass. I have the need of gaining admin access to a device, but due to the nature of the device, I need to do so in a way that does not modify any system files in any manner. Any help appreciated! submitted by /u/thexubex [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjhc1j/windows_password_bypass_tool_that_doesnt_modify/
submitted by /u/MakeMoreFae [link] [comments]
https://www.reddit.com/r/hacking/comments/1ci16u3/one_password_to_rule_them_all/
I am trying to locate a windows login bypass utility that I cannot remember the name of. If memory serves, the bootable tool would do something to the kernel to basically allowing any value to be typed into the password field. The utility did not reset or modify any system or passwords, just allowed bypass. I have the need of gaining admin access to a device, but due to the nature of the device, I need to do so in a way that does not modify any system files in any manner. Any help appreciated! submitted by /u/thexubex [link] [comments]
https://www.reddit.com/r/hacking/comments/1cjhc4c/windows_password_bypass_tool_that_doesnt_modify/
submitted by /u/-bretbernhoft__ [link] [comments]
https://www.reddit.com/r/hacking/comments/1chibbp/built_a_python_script_that_maps_all_of_the/
submitted by /u/b1x3r [link] [comments]
https://www.reddit.com/r/hacking/comments/1cilgcj/cracking_into_password_requirements/
submitted by /u/Carlos_Menezes [link] [comments]
https://www.reddit.com/r/hacking/comments/1chrknf/hijack_dlls_through_proxying/
submitted by /u/tides977 [link] [comments]
https://www.reddit.com/r/hacking/comments/1cgsfpf/one_of_europes_most_wanted_cyber_criminals_has/
submitted by /u/Bucketlyy [link] [comments]
https://www.reddit.com/r/hacking/comments/1cga1re/siegedsec_just_hacked_the_westboro_baptist_church/
submitted by /u/DrinkMoreCodeMore [link] [comments]
https://www.reddit.com/r/hacking/comments/1cgx3ya/exploiteducation_provides_a_variety_of_resources/
So coding is my weakest skill in hacking/pen-testing. I was looking on Udemy so courses on coding. Im thinking about taking the '100 codes in 100 days'(i think thats the name). Is this a good place to start my codinh aventure? Or maybe should I look elsewhere? Any tips or recommendations helps alot, thanks. submitted by /u/Mailboxsteve [link] [comments]
https://www.reddit.com/r/hacking/comments/1cgy4ln/whats_a_great_course_on_udemy_to_learning_code/
reddit.com/r/cybersecurity
2024-04-29T00:00:12+00:00This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cfl2u7/mentorship_monday_post_all_career_education_and/
Hi I am preparing dashboard for higher management. Question : need to find out how many total cve are released this year and how many of them impacts my organisation I run Nessus pro so have the cve in my org I need to find out how many cve are release this year. Is there any api which give you this info submitted by /u/Connect-Arm116 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ckf0h3/cve_question/
As the first SOC analyst in a new information security department at a bank, I've learned the critical role of documentation and network segmentation before deploying security solutions like antivirus, SIEM, PAM, and XDR. In the absence of existing policies and procedures, these practices became foundational for establishing a strong security posture. Comprehensive Documentation: * Maintain a detailed record of all systems within your infrastructure, including access permissions (who, where, and how). * Establish a clear and consistent naming system for users, groups, and devices for better organization. Network Segmentation: * Prioritize VLANs, ACLs, and firewall rules before deploying security solutions. Leverage your documentation to create VLANs with specific purposes (e.g., IT-network, IT-support, IT-domain-admin) instead of generic groupings like "IT-users." This refined approach strengthens your network segmentation and overall security posture. The benefits of this approach have helped us extend beyond initial security solution deployment. When we have a well-documented and segmented network, we were able to: Write more effective SIEM rules to audit our infrastructure for suspicious activity. Maximize our new PAM efficiency by precisely controlling access privileges based on the detailed understanding of who needs access to what. Fine-tune Windows auditing policies and GPO deployment based on our network segmentation and access control needs. submitted by /u/Mansori97 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck9hjn/building_an_soc_from_scratch_the_importance_of/
submitted by /u/anynamewillbefine [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck23x1/iranian_hackers_pose_as_journalists_to_push/
Hey all, I have 8 years in IT support with some exposure to network and server administration, and a year in management (I hated it). I want to move into cybersecurity, and I’m wondering how far I should go with certifications before I try to make that jump. I have Sec+ and I’m working on CySa+ and I’d like to do BTL1. I like doing certs, but I’m also kinda killing time while the job market sucks. But at some point it’s going to be weird if I have a bunch of certifications and no practical experience, right? So where should you draw that line? submitted by /u/AwkwardVoicemail [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjzyaa/how_deep_into_certifications_should_you_go_at/
submitted by /u/onwisconsn [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjfg3d/half_of_americans_support_tiktok_ban_poll_finds/
is it possible if all computers on a domain are getting their security settings by GPOs and not set in the local security policy at all that if a DDOS is done on the DCs that the computers will fall back eventually to the insecure default local security policies? submitted by /u/phillies1989 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ckixw5/gpos_and_dc_ddos/
That's not my own words, but the words of many experts who spoke on Capitol Hill last week. I received a lot of flack for posting about this a few months ago, I am glad others are willing to stick there neck out now as well and call this what it is, government overreach. https://cyberscoop.com/cisa-cyber-incident-reporting-hearing/ submitted by /u/FoundationSouth6740 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ckc6a9/circia_requirements_go_too_far/
New Article on how to quickly get Syslog/AuditD logs to Microsoft Sentinel for threat hunting and detection building using AuditD. https://medium.com/@truvis.thornton/how-to-install-and-setup-azure-arc-ama-azure-monitor-agent-and-dcr-data-collection-rules-for-47381ee9d312 submitted by /u/thattechkitten [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck2b64/howto_install_and_setup_azure_arc_ama_azure/
Hello everyone, I’ll get straight to the point, so basically i’ve been interviewing for this company and things had been going really well up until today, i’ve had 2 interviews and they both went amazing. However today, on the 3rd and last interview, which i was told there wasnt really gonna be a “technical questions” component because that was on the 2nd interview. I was suddenly asked a few questions and i just froze, like everything i’ve been studying disappeared from my brain. Worst part is after the interview ended everything came Back to me and i suddenly knew how to answer the questions. Im not used to freeze under pressure, and this is not something that normally happens to me, but i have no idea what happened in that moment, but my mind just forgot everything. I think ill need a miracle to get the job now, even after the first 2 interviews being Good ones. Has this happened to any of you guys before? How did you deal with it? submitted by /u/Organic-Clue773 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjoyj4/i_think_i_blew_my_last_interview/
Hey fellow cybersecurity enthusiasts, Are you tired of searching for the right security tools and resources? Look no further! I'm excited to share Cybersecurity Stash, a comprehensive directory of security tools and resources to help you stay ahead of threats! Cybersecurity Stash is your go-to hub for: 600+ of security tools and resources Curated lists of top security frameworks and standards Vetted resources for threat intelligence and incident response A community-driven knowledge base for cybersecurity best practices Whether you're a seasoned pro or just starting out, Cybersecurity Stash is designed to save you time and energy. Use it to: Discover new security tools and resources Stay up-to-date with the latest security trends and best practices Connect with the cybersecurity community and share knowledge What resources or tools would you like to see added? Share your thoughts and help shape the future of Cybersecurity Stash! Thanks for reading! Check it out now: https://cybersecuritystash.com/ submitted by /u/heyceeso [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjs276/cybersecurity_stash_your_onestop_directory_for/
Hello everyone, I currently work in the industry (in an DF/eDiscovery lab at a FAANG company) this is my first job out of school (had internships though and have worked help desk) I'm planning to set up an enterprise simulation network to enhance my skills as at this point I’m still new and learning and am also working through GCIH at the moment. I aim to create a realistic environment with components like Active Directory, various servers, network segmentation, and security systems. Does anyone have recommendations for an initial setup guide or resources? Perhaps there are pre-configured setups or best practice templates available? Any help or pointers towards comprehensive guides would be greatly appreciated! Thanks in advance for your support! submitted by /u/Particular_Pea_4015 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ckb7bz/best_practices_for_setting_up_an_enterprise/
Hi Security Folks! I have been doing TPRM for past 5 years now. During my tenure I have also worked in Issue Management - working on reviewing & approving remediation action plan/Security Policy Exceptions. I am CISA and CRISC certified. I am confused as to what should I be doing next ? My goal is to gain grow with good experience within Information Security and increase my marketability to ensure job stability. Please guide. submitted by /u/Ok_Pain_6130 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck0ymm/what_after_tprm/
Hello Dear Friends Hope you all are in good health and high spirits Our organization is in the process of buying a software application from a vendor who will also handle deployment and ongoing support. As part of our vendor risk management, we sent a detailed questionnaire to the vendor to assess their security and compliance measures. However, the vendor declined to answer our questions directly and instead provided a SOC 2 report audited by a well-known firm. They also mentioned that they do not have an ISO 27001 certification. Is relying solely on the SOC 2 report sufficient for due diligence in this scenario? What steps should we take if we need more detailed information or evidence of their security practices? Appreciate any advice. submitted by /u/techno_it [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjtsny/is_soc_2_report_sufficient_for_vendor_risk/
Hello! I have a few friends who have made websites for their businesses. One makes websites for customers, and the other uses their website to sell and advertise their coffee. My church also has a website that I would like to ensure is properly secured. Question 1: for the friend who builds websites for clients, can they give me permission to pen test a website that their client had them make, or do I need permission from the company who purchased their service to build the website. Question 2: if a website was built using a website builder, can my friends even give me permission for a pen test, or do I need permission from the owner of the website builder? Thanks for the help, hopefully this isn’t too remedial. submitted by /u/Kind_Mud_5390 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjugaq/penetration_test_legality/
I am trying to make a career move however, I am just a Cybersecurity Champion meaning I am helping coordinate all security matters between the application teams and the Cybersecurity team - I do not have any certificates in the industry or education. My major is college was Social Work. I feel like I do have enough knowledge after working in the role for 3 years but it may be debateble per company/industry? I started with the company as an executive assistant and then transitioned to Cybersecurity Champion. I do love all things security with every thing I have learned in the role. I have not taken any exams because I am afraid I will fail lol - I am a terrible test taker. Are there things you recommend with my next career role that I should apply for? submitted by /u/doorhinge3987 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck9ucg/has_anyone_ever_been_a_cybersecurity_champion_for/
Hello everyone, I work for a pretty large MSSP in SOC in the U.S. I'm closing in on almost 3 years here, a couple months ago I was promoted to senior security analyst. I noticed a trend starting early last year, the company starting doing layoffs at first for the tier 1 soc roles and helpdesk, not all of them but a good amount, then after a week or so we were introduced to new team members for the same roles that were laid off but they were based in India. Then in Sept of last year, layoffs again, this time tier 2 where I was at, at the time. Same thing a week later more teammates from India. Finally once I was promoted a couple months ago to a senior I thought I would be safe. 2 weeks ago, again layoffs announced, this time some of our security engineers and software engineers, you can see the cycle here, surprise, the following week those roles were replaced by people in India. Now almost 40% of my team is based out of India in the SOC, I know with our helpdesk the figure is higher, and with engineering its probably somewhere in the 20%. To be honest without disrespecting anyone, ever since the arrival of the employees from India, our quality of work has declined drastically, I am continually having to intervene on tickets worked by them, which is taking more time from myself having to work on high priority situations, we are constantly having miscommunication issues and it has made work much more difficult then it needs to be. Customers are filing more complaints then ever, some of our application projects for engineering that were due to be released months ago have been pushed for a further timeframe of 5 to 6 months. We had some of our biggest clients telling us that they will have to think carefully if they will want to renew their contract with us. One of the main reasons I went into cybersecurity and spent so much time on education and certifications was because I was being told and led to believe this is a secure field for job risk. I understand a corporation's main goal is to generate profit. But I thought roles in this industry would be more inclined to not be outsourced due to the nature of security data that US companies would be inclined to not have that data accessible overseas. So I can see the writing on the wall, either the company will start laying off the seniors and replacing us for cheaper labor or they will want us to stay here to oversee the environment. Doesn't matter to me though because I don't want to work at this company anymore due to the reasons I stated above. I am continually seeing headlines of these tech layoffs but one of the main backings of these that isn't talked about enough in my opinion is outsourcing. So as I brush up my resume to start looking for another job, which sucks to think about because I genuinely enjoyed working at this company previously. I think to myself and hopefully I can gain some insight from all of you, what roles in the security field are less prone to outsourcing? I am mostly experienced in blue team/defense security and incident response, should I start looking at red team? cloud security? application security? or a specific industry in security? Etc. security is a vast field so I would love any input from you. submitted by /u/Arminius001 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjau8v/jobs_being_outsourced/
submitted by /u/onwisconsn [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjfg18/half_of_americans_support_tiktok_ban_poll_finds/
Hey blue/purple team professionals, how do you handle development and versioning of your correlation rules? Do you prefer using a git repository of some kind of database? I'm asking this because I'm struggling to find an appropriate tool to match my change auditing and versioning needs. submitted by /u/toolateSnake [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck16kj/question_on_correlation_rulesdetections/
I work in email and malware analysis project of US based Mssp. I have no experience in SOC/IR. So in one interview, they asked a question "Assume your organisation do not have EDR and SIEM tools, only a firewall. One endpoint is infected by a ransomware and constantly communicates with its C2s. How will you find out that one infected endpoint in firewall ?" submitted by /u/Terminator996 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjzkek/need_answer_for_the_question_asked_in_interview/
Hello sorry for the long post but my brother asked if i could put a post out here to see if anyone knows how to do this Project or really where he could find a good tutorial that can teach him how this works and how to do it. His professors told him off and wont help him at all, he's trying to get it himself. I've tried to help him but I don't work with this stuff much as I'm studying a different field in tech but have been trying my best to help him. Below is the project and what they want him to do, also any recommendations on what software to use? "This project will test your ability to ethically hack into a target system. You may use all of your accumulated knowledge and ability to compromise the target and locate useful information on it. You will also create a document that illustrates your tools, techniques, approaches, exploits, and resulting data. START THE SYSTEM HACKING TARGET VM Add the downloaded System Hacking Target virtual machine to VMware and start it. You will not log into the system. Instead, it will be the target of your ethical hacking work. TOOLS AND ATTACK VMS You may use any tools and new or pre-built Vms for this project. Helpful tools from this class, which may help on this project, include: • Nmap • OpenVAS • Nikto • BurpSuite • ZAP • Metasploit • John the Ripper • Hashcat • Kali Linux You may use any other tools. Be sure to document and explain all tools’ use. RECONNAISSANCE Perform reconnaissance to learn all you can about the target VM, without hacking into it. Summarize any services you feel may be exploitable, as well as information that helps to identify the type of system the target it running. System Hacking Project Page 1 of 3 FLAGS 11 flags have been dispersed through various locations in the target VM. They are clearly labeled, and you will recognize them when you encounter them. You must find 6 of the flags through your ethical hacking efforts. Each additional flag that you locate, over 6, will earn you an extra credit point on this project. Be sure to document each flag you find and where you locate it. Additionally, if the flag contains encrypted text, you must decode it to receive credit. EXPLOITS Successfully perform 5 separate exploits to gain access to the target system. You need to document the process you used for each exploit – your thought process, the tools you used, the results you saw. PASSWORD COMPROMISE After successfully exploiting the target, obtain the password hashes for the following users. • klog • msfadmin • postgres • root • service • sys • user Once those password hashes are obtained, crack them and identify each of the compromised user’s passwords. For extra credit, identify the MySQL database service root user’s password." Again thank you all for taking the time to even read this and we arent looking for someone to do this ourselves we are just lost on what needs to be done and we can't really find anything to help us and was wondering if anyone else has anything we can watch, read, etc. submitted by /u/clone10001 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ckf6b0/help_with_a_project_that_does_make_sense/
Hello All. I have a question related to Microsoft E3/E5 licensing need for enterprise users. How to we go about deciding which users need E5? Is it just the security analytics and telemetry and Purview or there is much more we will miss with E3? There is a lot of literature out there, but want to know if someone has done this exercise if so, how did you approach it. ( We would like to have MDE, MDO, Intune, Defender for servers etc- are these capabilities connected with E5 licenses for users ? ) submitted by /u/Chance-Art5358 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cju1c6/microsoft_e5e3_for_users/
London Drugs shuts down stores across Western Canada following a major cyber slap. submitted by /u/bazookagun [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cje41h/another_major_pharmacy_chain_shuts_following/
Hi everyone, I have some experience in cybersecurity, my previos job of about 1.5 years involves working as a MRA - BDR for a Cloud Cybersecurity startup where I got some insight into how cybersecurity in general works and talking to professionals in some big companies mainly presenting how our solution works. My current job involves doing Incident Response - SOC analyst responsibilities, I have been working at this job for exactly one year and really like it and have learned a lot but would like to expand my knowledge and in about + - 1 year would like to transition to a Cybersecuirty engineer, what are the main tools/languages and skills I should learn before considering this transition at a medior position? submitted by /u/DjusiDzej [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1ck0ujj/soc_analyst_engineer_transition/
Hello, I'm currently at 2YoE post grad with a bachelor's of science - comp sci degree. I'm only holding sec+ and az900. I've had 4 internships ranging from software engineering, IT help desk, and system engineering (monitoring servers with Dynatrace mainly). I'm now studying for Az104 (also studied AWS but more azure jobs near me) beings I want to branch into the cloud (cloud security ideally). What should I realistically need to know? I've done a lot with Linux in school, I've been learning terraform, some golang, basic SQL, low code with PowerAutomate and PowerApps, done a bit with python but not really sure what to do with it for cyber security or the cloud. Overall, what do I need to know to move into a cyber security role or cloud role (plan to integrate them eventually)? What's the next step after az104? Edit: also would love to get clearance just not sure how I'll manage to land a role offering to get it for me. submitted by /u/CheekAdmirable5995 [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjztjf/seeking_advice_on_what_to_branch_into_what_to/
Hello all, my manager is more and more interested in the field of quantum computing. So as a good employee I want to educate myself on this topic ;) maybe there is a must read book out there. Thank you submitted by /u/pure-xx [link] [comments]
https://www.reddit.com/r/cybersecurity/comments/1cjyslu/book_recommendations_for_quantum_computing_in/