cybersecurity

The original post: /r/cybersecurity by /u/SmknMrz on 2024-09-26 05:22:30.

Can we please talk about this talk at BH this year, since comments are (understandably, I think) disabled for it on YT?

https://youtu.be/RepuHwg-JCA?si=bHnfuSITooe3vZ7m

The original post: /r/cybersecurity by /u/jjmm32 on 2024-09-26 02:16:10.

Takeaway

The only way to prevent these attacks from occurring in the future is to drastically enhance identity security. Training detection models is not sufficient anymore for discerning between what's real and fake, especially as AI continues to advance at alarming rates. If cybersecurity is a cat-and-mouse game, this is a cat-and-compound V mouse. Bad actors getting through is inevitable, and therefore post-auth security is more crucial than ever.

Summary

• Sophisticated deepfake fooled Senate video call screening, impersonating Ukrainian official
• AI-generated voice clone passed as authentic on the standard Zoom platform
• Senate lacked real-time identity verification for high-level international calls
• Attackers exploited existing relationships and known information to appear legitimate
• Incident exposes the vulnerability of video conferencing in sensitive government communications

Source: https://punchbowl.news/archive/cardin_ukraine_deepfake/

The original post: /r/cybersecurity by /u/JCTopping on 2024-09-26 02:05:59.

The original post: /r/cybersecurity by /u/Known_Improvement653 on 2024-09-26 01:45:47.

Anyone known of a method/tools to detect and block IOC in SHA512 hashes?

The original post: /r/cybersecurity by /u/shiftdeleat on 2024-09-26 00:32:40.

I'm a lowly sysadmin need some cybersecurity expert advice. We received an azure alert for suspicious login for a user. When reviewed it was a "Microsoft Authentication Broker" login from an overseas "IOS" device.

This should have been blocked by our CAP blocking access outside our country, but it bypassed MFA and CAP as single factor auth...

I can't find a way in CAP to block access outside our country for Microsoft Authentication Broker logins.

Any recommendations on blocking these auth attempts? Seems more difficult than it should be !!

The original post: /r/cybersecurity by /u/Embarrassed-Royal-59 on 2024-09-25 23:35:53.

My manager said i have the option to choose to work on anything i want in our tech company minus app sec and siem products (others are working on this).

If you assume there is no budget and you’re a mid level (so can improve on pretty much every facet of security) what would you choose to work on?

Feel free to ask questions about our tech stack to get a better picture but this is meant to ask a pretty generalized question.

The original post: /r/cybersecurity by /u/Whole_Razzmatazz_487 on 2024-09-25 23:27:50.

I heard along time ago yahoo had a Software vulnerability where u can force users to see images without pressing "view image"

I am currently studying cyber security and one of my teachers told me there may be or may be not a bug for that now and i took it as a challenge to find out ... The closest i got was a previous bug where u change something in the form thing .. then it will force users to see images but it got patched out Is there any other ways that is currently working?

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-09-25 21:54:38.

The original post: /r/cybersecurity by /u/Lost_Jellyfish_2224 on 2024-09-25 21:49:51.

So I run a website. A social network. And we have the "share to facebook" button.

While going through my access logs, and logs of my members...

I noticed that everyone logged in was sending data to Facebook via their meta bot 1.1 I think it was, if it wasn't that then it was some UA of Facebook external.hit

Their: Username, ip address, email, session data and more was being sent to Facebook spiders.

Yes, I can prove this, I could turn it back on for a few hours and log a bunch and then send

But trust what I'm saying, their data was being harvested as long as they were logged into Facebook (I debugger this by checking my own account, while logged into Facebook it was taking my data, while not logged in it simply provided a means of sharing, and took advertising data, you know basic data everyone thinks Facebook steals.

So I disabled the button and blocked Facebook and meta with it Htacxess and also CF

So what gives with meta?

The original post: /r/cybersecurity by /u/JollyCartoonist3702 on 2024-09-25 21:45:20.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-09-25 21:42:32.

The original post: /r/cybersecurity by /u/Upstairs-ButtonTouch on 2024-09-25 20:24:22.

In your experience, what are some of the most commonly overlooked or underestimated security vulnerabilities when developing applications, and how can they be addressed effectively?

The original post: /r/cybersecurity by /u/Impossible-graph on 2024-09-25 20:03:34.

The original post: /r/cybersecurity by /u/FifenC0ugar on 2024-09-25 19:26:59.

After watching the Veritasium Video it got me thinking about Google voice. Which is my go to recommendation to people who ask how to protect from sim hijacking. Google voice uses VoIP and doesn't rely on roaming. Which should protect it from locating and stealing phone calls/listening in. But would it also make it difficult or impossible for bad actors to steal text messages such as 2FA codes?

I'm a cyber security student with a passion for cyber security. My knowledge is still limited but I love learning this stuff.

(I couldn't find a tag that seemed to fit super well. Mods let me know if I need to edit my post)

The original post: /r/cybersecurity by /u/Ornatbadger64 on 2024-09-25 18:46:44.

Just curious if this exists within the cyber/info security space or are we all doom and gloom?

The original post: /r/cybersecurity by /u/byyourleavesir on 2024-09-25 18:36:07.

I am a pen tester and clients supply their own hardware tokens/yubikeys for testing. Does anyone else have a treasure chest full of them? How do you manage them in an identifiable and convenient manner?

I have been thinking about getting a key ring but can't find one that won't just have my laptop look like a janitors belt.

Mostly looking for an answer but also just complaining a bit.

The original post: /r/cybersecurity by /u/Kiwi4227 on 2024-09-25 18:12:32.

Hi cybersecurity experts, I’m a UX designer currently working on a project to understand the challenges and pain points that you face when dealing with false alerts in your daily workflow. I would really appreciate it if you could share your experiences! Here’s what I’m looking for: What kind of false alerts do you typically encounter? How often do false alerts interrupt your workflow? What are the biggest frustrations or pain points caused by false alerts? How do false alerts affect decision-making and productivity? Any suggestions for improving the process of handling false alerts? How does the dashboard look like what all elements you would want to see in a glance??

The original post: /r/cybersecurity by /u/Stock-Cat-3279 on 2024-09-25 17:11:45.

I’m a comp sci with concentration in cyber security student interning with the govt. While working my internship I realized that I want to be a network engineer and work on network security. My supervisors tasked me with creating a list of goals for me to achieve while at the company. I’ve done some research into ideal networking skills / concepts I should have and know. My questions is what are some recommendations you all have or would recommend someone get?

The original post: /r/cybersecurity by /u/Gold240sx on 2024-09-25 17:04:57.

I’m a web developer, and I built a website for a customer. I’m gonna keep my client anonymous for obvious purposes. Prior to this I worked at a print and mailing company that printed junk mail with personalized messages for each person based upon data tables that were purchased by data companies, and sent the mail pieces to users directly. They print billions of pieces. So I built a landing page that takes in variable names to automatically fill most all the form out, with the ability for users to correct any mistakes in the info.

In order, there’s mail pieces with a QR code that sends a user to our landing page with the custom URL being parsed to fill out the form fields.

The form fields are:

• First and Last name
• email
• Phone number
• Address (the mail piece is at the address already so it’s not really sensitive at that point)

It just occurred to me, that I’m sure most people aren’t going to scan it to begin with, but let’s say guy with bad intentions scans his mail piece QR code, or disgruntled USPS employee then realizes that he could get the names, emails and phone numbers of every person in the neighborhood by scanning one by one their mail piece QR codes.

I know I’m not asking a legal channel but in y’alls opinion, could this present a legal risk to my client or to me, or am I overthinking it? I of course want to avoid that as well as protect peoples data privacy. Thank you in advance.

The original post: /r/cybersecurity by /u/SomeoneIsSomeWhere on 2024-09-25 16:43:26.

The original post: /r/cybersecurity by /u/ItsANetworkIssue on 2024-09-25 16:37:42.

Need any tips or ideas of how cyber for public schools differentiates from the private sector. Are there common practices? Any blogs or articles to read and prepare myself? I tried searching through this subreddit's history, but didn't find anything.

This is my first cyber role. Have 2+ years of experience in help desk and sys admin roles.

The original post: /r/cybersecurity by /u/ScoobyDov on 2024-09-25 16:35:15.

I currently am a Systems Admins and IT specialist in my mandatory military service. I work 40 hours a week on average and use my free time at work and at home to learn more about cyber security. I genuinely enjoy the learning and already have around 50-60 hours on THM and finished about 30 rooms, my goal is to get my OSCP within a year or two and pursue it as a career after my military service. I am wondering if in a year or two I can find a part time cyber security job with an OSCP to work 20 ish hours a week, like do job opportunities like that even exist. I have 2.5 more years to my mandatory service. Thanks for the help

The original post: /r/cybersecurity by /u/Exact_Day4619 on 2024-09-25 16:08:50.

I’ve had a very tumultuous and unstable career path in the past two years working in cybersecurity as a lead/manager of ops.

I work in govt contracting so the space is not that big and most people know each other. Past two years I’ve been going through some personal issues so I left a few jobs within a few months but on good terms, Ie: no misconduct or illegal actions. My reasoning for leaving was burnout and because I was dealing with personal issues. I feel like that has left a stain on my reputation and now I’m in my third job in the past year. People don’t really talk to me or involve me and they outright ignore my emails and leave me out of meetings. I keep getting anxiety that I’ll get fired. I applied to so many jobs in the past month or so and barely got any responses. I also have more anxiety due to the fact that grass isn’t greener on the other side and I feel like because of my past actions, it’s following me now.

Not sure what to do. If I should switch careers, weather the storm or keep applying in other jobs within cybersecurity. TIA.

The original post: /r/cybersecurity by /u/Trawzor on 2024-09-25 15:46:19.

I just recently started my degree, the degree would in English be directly translated to "Degree of Bachelor of Science in Engineering in Computer Engineering - specialization in IT and Cybersecurity."

I live in Sweden, but wish to move somewhere else in Europe, my dream has always been Switzerland but I have no idea how the job market looks.

What countries have the best cybersecurity job market? I guess USA would be #1 but no offence to any American Id rather not live there.

The original post: /r/cybersecurity by /u/zer0daydreamer on 2024-09-25 15:21:54.

Should all privileged IDs be lodged into a password vault (e.g CyberArk)?

Let’s say a person is authorised to have a privileged account that has appropriate privileges to carry out his daily job scope. He also goes through proper processes such as getting a change request tickets, etc to access the system.

Should such IDs be lodged into a password vault given that the account may cause disruption to the system to a certain extent? Having this question because my thoughts are that whether it is lodged or not, it may still cause disruption if the person who was authorised to do a change made a mistake in the production environment. It also may be too much of a hassle operationally to keep withdrawing the account password from the password vault daily.

Curious to hear your thoughts!