The original post: /r/cybersecurity by /u/pecika on 2024-10-01 14:38:03.

The original post: /r/cybersecurity by /u/velcrowater on 2024-10-01 09:51:27.

For background I currently work in IT and want to branch out into cybersecurity. I am considering SOC analyst or roles in IAM (yes they are both quite different and I am still in my deciding phase).

I currently subscribe to a few newsletters, get youtube recommended videos on various cybersec topics, attended a couple cybersec seminars.

Though I'd like to know where all of you also find good and engaging content?

I am open to anything - videos, podcasts, books or websites - please do share!

The original post: /r/cybersecurity by /u/scertic on 2024-10-01 08:42:40.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-09-30 21:07:24.

The original post: /r/cybersecurity by /u/throwaway16830261 on 2024-09-30 20:17:24.

The original post: /r/cybersecurity by /u/NerdBanger on 2024-09-30 18:08:33.

This looks really suspicious to me, there is a dynamic route to one of Verizon's AS's that keeps being re-advertised to route through a private AS in Hong Kong.

Maybe I'm reading it wrong, but is this a possible BGP Hijack underway causing today's outage?

The original post: /r/cybersecurity by /u/Historical-Focus8565 on 2024-09-30 16:54:00.

I am looking for more non biased opinions than from their references.

Has anyone used Gurucul? Opinions on the product? Really one of the most important parts, is support good? Do they really make new integrations for you in ~2 weeks?

I want ALL the information you, as a user, have on them.

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-09-30 16:42:28.

The original post: /r/cybersecurity by /u/mandos_io on 2024-09-30 16:39:15.

The original post: /r/cybersecurity by /u/polika77 on 2024-09-30 15:57:49.

The original post: /r/cybersecurity by /u/mooreds on 2024-09-30 15:53:01.

The original post: /r/cybersecurity by /u/LordandPeasantGamgee on 2024-09-30 15:11:40.

I'm needing to run a BC/DR test and an Incident Response test for my org as we work our way through SOC 2 Type 2 Audit. These are the last two items needed per our security policies before finishing my audit.

Any ideas to make this simple and practical for my stakeholders but also help us walk away better off? We are a SaaS org and I wanted to focus on a few scenarios for us to go over.

The original post: /r/cybersecurity by /u/Optimal_Pepper3071 on 2024-09-30 14:45:11.

Hi everyone!

After a lot of hard work, I’m excited to introduce to the community a project I’ve been working on – my new website, The Cyber Feed!

What started as a simple goal to help cybersecurity professionals stay updated with the latest news has now grown into something much bigger—a platform that's evolving into a full-fledged Threat Intelligence Platform!

I’m thrilled to share that the website is now in its beta stage, and I would like to give the members of this community the opportunity to have a first glance. Your feedback (good and bad) will be incredibly valuable in making this platform the best it can be.

Currently, the platform’s core feature is the Security Feed, which curates the latest cyber security articles and blog posts. With the help of AI, every Security Feed Update gets automatically tagged, key points are extracted, and a score is provided to show how important/relevant it is. You can also use filters to quickly find the news that matters most to you.

Let me know what you guys think and I’m happy to answer any questions 😊

https://thecyberfeed.com

The original post: /r/cybersecurity by /u/N_Pieters on 2024-09-30 14:44:05.

Hi, we are looking to comply with multiple cybersec frameworks, CIS is referring for example to password length of 14 characters without MFA and 8 with MFA.

Now that is where some are struggling on: if MFA is enabled only for VPN and cloud, but not on prem does that fall in the 8 or 14 character requirement?

My way of thinking is that the MFA scope is internally (on prem logon) + externally (Cloud apps, vpn...) then 8 are sufficient, if on prem is not MFA enabled (but externally it is) then we fall under the 14 characters.

What do you think?

Thanks for the insights!

The original post: /r/cybersecurity by /u/anonymoususer493383 on 2024-09-30 14:35:45.

Hi all,

I’m looking for some advice from some fellow experienced analysts.

I’m an L2 SOC Analyst with 2 years experience in a relatively small MSSP.

We have < 10 customers, but deal with between 100 to 200 alerts a day.

There’s only ever one analyst (meaning myself) on at any given time working these alerts, which means, in a 24 hour period, a singular analyst may deal with 100 alerts in a 12 hour shift. This also means you have no other analysts to talk to during your shift, and no staff whatsoever on weekends (meaning literally just yourself).

On top of this large amount of alerts, we only have 2 engineers. Some alerts have been awaiting tuning from over 9 months ago, but haven’t been touched. In total, there are nearly 1000 tuning requests in queue.

We’re expected to:

• Triage, investigate and escalate alerts
• Identify alerts for tuning and raise these to engineering
• Create, write and present monthly customer reports which are particularly detailed
• Create, write and detail threat models for existing and new customers
• Attend daily, weekly and monthly customer meetings to listen to their concerns and deal with as appropriate
• Create, write and present Threat Advisory releases as and when they are released
• Obtain qualifications in our own time

It’s extremely lonely, overwhelming and tiring. I often don’t take my allocated hour break so that I can meet the demands of the daily onslaught of tickets from various customers.

There are no other analysts to communicate with, and rarely an L3 is present should you need to escalate or request assistance. I work a 12 hour shift completely alone, only contacted by seniors when they want even more work on-top of my daily tasks.

I’m at burn-out point, as is all of the other analysts. Raising these issues to seniors hasn’t resulted in any change, despite our concerns of overworking number of alerts to analyst ratio, lack of tuning and unrealistic expectations.

Lastly, I’m not learning anything either. It feels like a game of catchup with alerts, where I’m not investigating these to their full potential, simply to meet the demands of the amount of tickets.

Existing SOC Analysts, what does your day to day look like? Is this the normal SOC experience? Should I be looking for other occupation elsewhere?

The original post: /r/cybersecurity by /u/No_Parking7019 on 2024-09-30 14:10:46.

Since CloudNordic couldn't find the security vulnerability that led to the ransomware attack, what would you strongly guess be the reason behind this attack? I'd like to question this because consequently, most readers mention that using AWS, GCP, or Azure would be superior compared to small companies.

CloudNordic only had a few weak factors like no scheduled offsite backup or redundancy (although can claim that the offsite backup is client's responsibility). I didn't see any big client knocking on their doors with negligibility lawsuits.

If these insecurities keep growing, smaller companies will have less chances to convince their customer to rely on themselves, leading to oligopoly.

Although I'm not a CyberSecurity expert, based on their statement or as stated on techCrunch article,

It’s not clear how the ransomware attack began, but the company said that the attack happened — or was at least exacerbated — by moving infected systems from one data center to another data center that was “unfortunately wired to access our internal network that is used to manage all of our servers.” CloudNordic said that it “had no knowledge that there was an infection.”

“Via the internal network, the attackers gained access to central administration systems and the backup systems.”

I'd like to assume that they were using private IP to transfer data between the data centers. This is unlikely to expose any holes until either the IP is exposed and there's no Firewall/IP Blacklist, or unless there's already a ransomware installed in the system via infected OS packages or libraries.

The latter would be unlikely to happen since this was triggered only during or after data transfer or migration. Or there could be a scenario that one of their customers or employees were trying to attempt and finally succeeded because the new data center was vulnerable.

Another scenario, if they migrated all the resources from one data center to another data center, there could've been a heated exchange or payment dues with the former data center.

CloudNordic would have migrated using remote SFTP, whose IP has been logged onto the outgoing traffic. The malicious attacker found out and either brute-forced the password attempts (or) the admin in charge of migration forgot to remove the key file.

What do you think would have triggered this because I don't think there'd be any external trigger but rather a personal grudge.

The original post: /r/cybersecurity by /u/KAYSER_101 on 2024-09-30 13:40:19.

Hello, excuse me for my English as it's not my first language.

I’m a digital forensics engineering student in my final year. This summer, I completed my internship at a company that specializes in networking and implementing firewalls, IDS, IPS, etc. Let’s call it Company X. It’s a great place with very nice people.

They’ve offered me the chance to do my long-term internship with them during the second semester of my final year. I asked what I would learn and what my future role in the company would be if I stayed on. They said that during the internship, I would focus on networking and learn how to implement IDS, IPS, firewalls, and similar technologies—and my job afterward would involve the same work.

Here’s the thing: I’m passionate about cybersecurity, especially the blue team field. I’ve been learning the basics of cybersecurity mostly on TryHackMe, where I’ve completed the Pre Security path, Complete Beginner, Web Fundamentals, Jr Penetration Tester, and SOC Level 1. I’m also planning to take SOC 101 at TCM Security and get some hands-on experience with SIEM and SOAR, firewalls , etc .

Specifically, I want to focus on SOC analysis. I could potentially reach out to other companies that work in the SOC field to do my internship there. However, if Company X finds out, I’m worried I might lose both opportunities.

What should I do? Should I stick with Company X for my internship and possibly work with them afterward, or should I take the risk and explore other opportunities in the SOC field?

The original post: /r/cybersecurity by /u/heartgoldt20 on 2024-09-30 08:55:16.

We are currently using Knowbe4 as our Phishing simulation and training. But we are not using the most out of it are there any alternatives that are better or can someone help me with a guide to fully optimize Knowbe4 or just take a look with me.

The original post: /r/cybersecurity by /u/SubjectReflection672 on 2024-09-30 08:47:07.

I've been working on a project that aims to make vulnerability detection, penetration testing and adversary simulation easier and more streamlined. The project concerns a cloud-based platform that is centered around various user-created modules. We are launching soon, but before that I'd like to hear your thoughts about features that should be present and where existing tools fall short. I'm also eager to hear about your experiences with similar platforms. Our platform is made for its users to shape as a collective, so as to ensure that it serves them well.

This is not an advertisement for the platform. I am the lead developer of the platform and have been working on it since 2020. As we are close to launch, we need to plan for new features, so I figured I'd ask what people actually want

Thanks!

The original post: /r/cybersecurity by /u/ritik_2001 on 2024-09-30 08:45:50.

So very recently A LOT of my accounts on various platforms made an unauthorised sign in request, my linkedin even got compromised from Hong Kong with my profile picture changed to a veitnamese woman, there were login attempts to my steam and Microsoft basically everywhere I had my email associated with.

I secured them after noticing it but a few days later one of my friends is also getting unauthorised sign in requests.

Is anyone else receiving these requests?

The original post: /r/cybersecurity by /u/HeftyConsideration22 on 2024-09-30 08:42:48.

Like the title says. Can you share things like security tools you used and implemented or common isuess you faced?

The original post: /r/cybersecurity by /u/InspectionHot8781 on 2024-09-30 07:40:05.

I'm curious about how to minimize over-privileged users or roles without causing chaos in day-to-day work. Obviously, security is super important, but so is making sure people can actually do their jobs without constantly running into roadblocks.

What steps or strategies do you use to make sure everyone has just enough access to get things done while keeping everything secure? Would love to hear what’s worked (or hasn’t) for you

The original post: /r/cybersecurity by /u/External-Desk-6562 on 2024-09-30 06:57:33.

We have Microsoft Defender for Cloud Apps implemented for one of our customer, so we want to do some assessment on the current architecture of MDCA, something like Well architected review which we do for Microsoft Sentinel which contains around 30points so we can validate it against our current setup, but i could not find any checklist for MDCA , if anyone is pro who can make some 30pointer checklist😀😀 or is there some checklist which I'm not aware of.... Thanks in advance 😀😀

The original post: /r/cybersecurity by /u/AssistantNo6151 on 2024-09-30 06:34:33.

Hello, everyone!

I am currently working on selecting a research topic for my academic project in Cybersecurity and would love to get your input. I’m looking for innovative, practical ideas that address current or emerging challenges within the field. If you have any interesting ideas or suggestions—whether it’s related to threat intelligence, blockchain security, IoT vulnerabilities, or any other aspect of Cybersecurity—I would greatly appreciate your thoughts.

Ideally, I’m seeking project ideas that not only fulfil academic requirements but could also have real-world applications or long-term value. Feel free to share any concepts you’ve been exploring, or any ideas you believe would make a meaningful impact in the field.

Thanks in advance for your input and suggestions!

or

To make it easier, I’ve created a form where you can type your suggestions along with a brief description. You can access it here: https://forms.gle/4QW3PWs1o64Voejx5

Cybersecurity #ProjectIdeas #ThreatIntelligence #BlockchainSecurity #NetworkSecurity #IoTSecurity #AIinCybersecurity #PenTesting #MachineLearningforSecurity

The original post: /r/cybersecurity by /u/No-Situation1622 on 2024-09-30 06:26:38.

Hey all,

I've been researching this a bit and finding conflicting opinions. When it comes to Service Uptime, is availability within CIA Triad looking at Uptime? Or is it more concerned about access to that the data.

Let's take an example, I run a corner shop and have a till system. All I need it to do is scan barcodes and show me the total price customer has to pay. I couldn't give a monkeys about storing transection history or anything. Therefore my uptime would be "critical" but access to the data that's generated would be "standard". Would availability within CIA Triad be classed as Standard or critical in this scenario?

A bit more further context, at work we are going through all our services and InfoSec team are doing a CIA on all of them. Based on availability rating, we will use this to determine Disaster Recovery Plans, redundancy strategies etc... Therefore availability needs to be based on uptime.