cybersecurity

The original post: /r/cybersecurity by /u/tekz on 2024-11-26 10:13:56.

The original post: /r/cybersecurity by /u/ValidPrestige on 2024-11-26 10:00:53.

The original post: /r/cybersecurity by /u/Due_Trust_6443 on 2024-11-26 08:43:24.

I am testing the efficiency of OWASP CRS with a fuzz based testing tool GotestWAF where it fuzzes the payload by encoding and it places it in different placeholder such as URLpath , URL param, HTMLform and HTMLmultipart form . However I am having a doubt if xss in URLpath is valid .

The original post: /r/cybersecurity by /u/andy-codes on 2024-11-26 06:58:36.

While reviewing NASA’s Open MCT v3.1.0, I identified two key vulnerabilities: stored Cross-Site Scripting (XSS) and a lack of Cross-Site Request Forgery (CSRF) protection. The XSS flaw is found in the flexibleLayout plugin, where user-controlled inputs can inject malicious code. Additionally, the absence of Content Security Policy (CSP) flags increases the exploitation risk. To further compound the issue, Open MCT is vulnerable to CSRF attacks, which can be chained with XSS to compromise sensitive data. We recommended sanitizing user inputs, implementing CSP, and adding CSRF protection.

The original post: /r/cybersecurity by /u/chelsick on 2024-11-25 21:52:09.

Hi everyone. I need some help. I have to give a presentation on a cybersecurity hot topic of my liking. It can be a technology, a specific famous attack/breach, a trending type of attack or vulnerability etc. A recent thing preferably. Feel free to recommend anything I will look it up. Thank you all.

The original post: /r/cybersecurity by /u/ikkebr on 2024-11-25 17:14:03.

Excellent

The original post: /r/cybersecurity by /u/Tujantahaimujhe_ on 2024-11-26 04:06:36.

Hi, I know many of the people have asked earlier, but could someone guide me?

Hello, I am new to this cyber security world and trying to gain knowledge and start out with basics. As I have no one to guide and haven’t started any courses or join any classes. As I am new to this field, I don’t have any prior knowledge of basics of computers or any IT knowledge, so should I continue with comptiaA+ certification? Or should I jump for comptia net+ & sec+ ?? And can someone please help me with free resources where i can start with lectures to gain my knowledge in easies way possible. Thank you very much. It feels great to be a part of this community where we can ask for help without hesitation.

The original post: /r/cybersecurity by /u/Killer_bee20 on 2024-11-26 01:34:54.

Hi everyone!

I have an upcoming interview for a IT Security Operations Intern position with a county IT department in 2 days, and I’m looking for advice from anyone who has interviewed for a similar position or has experience in this field. The role involves tasks like analyzing potential phishing emails, responding to security detections, and contributing to security projects within a Security Operations Center (SOC).

What I’d love to know:

1. If you’ve interviewed for a county or government IT position, what types of questions were you asked?
2. Were there any technical or behavioral questions that stood out?
3. Any specific advice for standing out in a cybersecurity-related interview for a government entity?
4. Suggestions on how to prepare for potential technical or scenario-based questions?

If you’ve been through a similar process or have any tips, I’d greatly appreciate your insights. Thanks in advance!

The original post: /r/cybersecurity by /u/FlyGuys098 on 2024-11-26 00:57:05.

Right now I'm studying for my network + which I hope to get within the next month or two. But right after that I want to get more hands on experience and start studying for security +. I was looking at a couple of sites that offer it and found the ones listed below.

Is there any ones that you recommend or have had good experiences with? I would eventually like to get into cloud security and have seen some good courses offered for Microsoft security certs. From looking at it so far Im leaning towards Cybrary or tryhackme.

https://app.cybrary.it/

https://pwnedlabs.io/dashboard

https://tryhackme.com/

The original post: /r/cybersecurity by /u/KeitrenGraves on 2024-10-13 16:46:39.

I have been thinking about going for my CCNA as I don't think any networking knowledge would hurt but I am wondering if it is even worth it. As a background I currently have my A+, Network+, Google Cybersecurity Cert, AWS Certified Cloud Practitioner, and was going to Security+ before thinking about doing CCNA. So I was just wondering if skipping out on CCNA would hurt me or help in the long run.

The original post: /r/cybersecurity by /u/NISMO1968 on 2024-10-13 16:06:18.

The original post: /r/cybersecurity by /u/sasko12 on 2024-10-13 15:04:53.

The original post: /r/cybersecurity by /u/petitlita on 2024-10-13 12:32:09.

It's far too easy for an attacker to control practically every level of an LLM - the dataset, model, all parts of the prompt, and as a result, the output. Like there's attacks on agentic models that are basically as easy as phishing but can get you RCE. The fact is that responses by nature have to leak some information about the model, which can be used to find a sequence of tokens that gets a desired response. It's probably unrealistic to assume we can actually prevent someone from forcing an AI to act outside of its guardrails. Why are we treating them as trusted and hoping they will secure themselves?

The original post: /r/cybersecurity by /u/TheMuffinTops on 2024-10-13 11:49:13.

Howdy!

I'm planning to deploy openCTI for brand protection which will monitor domains, fake websites and social media impersonation instead of zerofox/recorded future. What do you think? if so, what connectors should i explore?

Thank you.

edit: typo

The original post: /r/cybersecurity by /u/KeyCommittee97 on 2024-10-13 11:01:59.

I just downloaded metasploitable 2 from https://sourceforge.net/ . I just extract it and all i can see is vmdk - with the TYPE Progold_VirtualBox.Shell.vmdk I was expecting vmdk - with TYPE Virtual Machine Disk Format. Can anyone please help?

The original post: /r/cybersecurity by /u/ThrillSurgeon on 2024-10-13 10:59:10.

The original post: /r/cybersecurity by /u/MaximumLetter4257 on 2024-10-13 10:00:19.

im male 23 years old from italy. I already have a degree in political science but unfortunately this has never been my path. But in the end I finished my degree to make my parents happy. Now a year ago I started another degree in computer engineering and I really like it. However, I would like to learn more about cybersecurity. Any ideas where to start?

The original post: /r/cybersecurity by /u/towtoo893 on 2024-10-13 07:25:35.

The original post: /r/cybersecurity by /u/ElectroStaticSpeaker on 2024-10-13 06:46:20.

The original post: /r/cybersecurity by /u/eatsweets3232 on 2024-10-13 02:49:56.

I'm 17 and have been getting into cybersecurity, reading up and studying on it here and there. I recently searched for cybersecurity content on TikTok, and honestly, it’s crazy how many people in the comments seem to think it’s some kind of easy way to make quick money. I know for a fact that cybersecurity isn’t a walk in the park, and it’s definitely not a free money generator like people make it out to be. The same goes for computer science it takes serious effort and skill.

The original post: /r/cybersecurity by /u/Serious-Summer9378 on 2024-10-13 02:07:26.

The original post: /r/cybersecurity by /u/Rare-Action-7692 on 2024-10-13 01:56:27.

https://kdhnews.com/news/local/ransomware-presentation-answers-questions-but-raises-additional-ones/article_0348fa68-837d-11ef-979d-b369a8c7c41f.html

The original post: /r/cybersecurity by /u/Due-Student946 on 2024-10-13 01:01:08.

I'm a Cybersecurity student with previous experience in Cybersecurity. But, I have very limited idea about coding. I passed the HackerRank for Goldman after a lot of practice and recently got invited for the Superday.

But, I'm seeing a CoderPad link with my interview. What is this? Does that mean I will have to code live with an interviewer?

I'm pissing my pants to be honest. I wanted this role for a long time but coding is not my forte!

The original post: /r/cybersecurity by /u/mohusein on 2024-10-12 22:11:40.

Hi everyone,

Im trying to encrypt data in my application level and store the encrypted data in a database then decrypted when needed.

I learnt that i need to keep my keys in a secure place such as aws kms.

Here is the problem: If for any reason aws decided to lock me out of the account and i cant access the keys i will not be able to access my data.

Is there a soultion where i can keep a copy of the key locally but still use it with a service like aws kms?

Im traumatized by the idea of a third party having full control on a crusial aspect like this because last year i was locked out of my rds for like 5 days just for changing my payment details, so never again im giving any service provider such high power.

Thanks for any input.

The original post: /r/cybersecurity by /u/cyberkite1 on 2024-10-12 21:38:33.

Chinese researchers have "reportedly" cracked "military-grade encryption" using a quantum computer, marking a significant threat to global security?

The D-Wave system used in this breach targets Substitution-Permutation Network (SPN) algorithms commonly found in sectors like military and finance.

While no specific passcodes were cracked, this breakthrough suggests that quantum computing is rapidly advancing beyond traditional encryption defenses.

The breakthrough hinges on the quantum annealing algorithm, leveraging quantum tunneling effects. Unlike traditional algorithms, which explore every possible solution path, this method allows quantum systems to 'tunnel' through computational barriers to reach solutions faster. Researchers also integrated classical algorithms like Schnorr and Babai for a hybrid approach to cracking encryption.

Does this development present a potential leap in quantum computing applications, particularly in cryptography? As quantum hardware evolves, encryption methods may need urgent reconsideration to protect sensitive information?

It is now urgent that Google , Microsoft and Apple and other major western technology companies to act in switching to quantum hardened encryption but to ensure is still strong in standard computers.

Articles:

Interesting Engineering: https://interestingengineering.com/science/china-military-encryption-hacking-quantum-system

Quantum Insider: https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/

China SCMP paper: https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper