cybersecurity

The original post: /r/cybersecurity by /u/ZealousidealBat9474 on 2024-10-11 08:43:27.

🔹 Dark Mode added

🔹 Dynamically resizable tables and widgets

🔹 API keys can now be added directly through the GUI

💡 Would love to get your thoughts and feedback! 💡

🔗 Check it out:https://github.com/Gadzhovski/TRACE-Forensic-Toolkit

The original post: /r/cybersecurity by /u/yong0114 on 2024-10-11 07:43:41.

"What are the most effective cybersecurity practices UK businesses should adopt to protect against emerging threats?

The original post: /r/cybersecurity by /u/Indexdsd on 2024-10-10 22:00:30.

Hi, I am looking for new job opportunities, as in my current role as a mid/senior analyst, we are being asked to return to the office. This is so frustrating, especially since most jobs these days are hybrid. From my perspective, working in the office and commuting is just a waste of time,let me know your thoughts..

Anyways... If your company is remote-friendly, please let me know! I have strong experience with KQL, PowerShell, Defender, Sentinel, Splunk, creating rules, playbooks/ Logic Apps, and more.

Thanks

The original post: /r/cybersecurity by /u/alt69785 on 2024-10-10 21:16:55.

The original post: /r/cybersecurity by /u/_STY on 2024-10-10 17:23:15.

I have a Bitwarden pro subscription and moved a few of my accounts TOTP 2FA credentials into Bitwarden.

While very convenient, is it really a good idea to store 2FA codes in the same system that stores passwords? Doesn't violate the premise of 2FA?

This obvious concern is that compromise of the password manager gives full credentials to anything with both factors saved. For any identity we store with both password and TOTP we in effect went from a thing we have [TOTP token/authentication device] and thing we know [password] to essentially just thing we authenticated to prior [Bitwarden].

I understand that the Bitwarden authentication itself should be secured with it's own MFA and by extension anything else stored there is as well, but is putting the ability to completely authenticate to anything inherently riskier than say storing only passwords in Bitwarden and all TOTP on a secondary dedicated app or device?

EDIT: I appreciate the advice on what password managers/TOTP apps people use but that wasn't really the question. The answer seems pretty clear though; storing two factors for the same identity in the same way is less secure.

The original post: /r/cybersecurity by /u/Scwidiloo10 on 2024-10-11 03:44:26.

The original post: /r/cybersecurity by /u/Rude-Ad9224 on 2024-10-11 02:10:19.

What are some ways to allow third party apps accessing the application? One of the possible solutions we are exploring is to share OAuth tokens through mTLS. Would love to hear some ideas here.

The original post: /r/cybersecurity by /u/ThrillSurgeon on 2024-10-11 02:09:33.

The original post: /r/cybersecurity by /u/ThrillSurgeon on 2024-10-11 02:08:46.

The original post: /r/cybersecurity by /u/anotherspiff on 2024-10-10 23:42:30.

Any suggestions on how approach this in a Microsoft/Azure environment? At minimum I'd like to be able to monitor outgoing communication for pasted or attached images. Ideally we'd be able to detect sensitive data in the image but idk how feasible that is. I realize disabling screenshots is possible, but determined individuals could easily find a way around that.

The original post: /r/cybersecurity by /u/goki7 on 2024-10-10 23:02:24.

The original post: /r/cybersecurity by /u/JaySierra86 on 2024-10-10 22:56:12.

From what I've read, Qualcomm has released a patch to OEMs.

Source: Qualcomm confirms cyberattack on Android devices that exploited a vulnerability in its chipsets (androidauthority.com)

The original post: /r/cybersecurity by /u/Orangensaft91 on 2024-10-10 22:53:16.

We just had a small ddos attack from approx. 40 servers that where bruteforcing our login page. After blocking all of them I checked shodan for some of the ips. Nearly all of them had tcp 5201 open, identifying as „JD-GUI Jaca decompiler“. Anyone has seen something like that before?

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-10 21:35:19.

The original post: /r/cybersecurity by /u/cyberkite1 on 2024-10-10 21:17:05.

📲 CYBERSECURITY ALERT❗Qualcomm has confirmed a significant security vulnerability affecting millions of Android devices!

Affected devices are: flagship Snapdragon 8 (Gen 1) mobile platform, used is many Android phones, including some made by Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE - this potentially means millions of devices. Any others?

Qualcomm has released patches for a critical zero-day vulnerability (CVE-2024-43047) in its Digital Signal Processor (DSP) service, impacting several of its chipsets.

This flaw, identified by Google Project Zero, Amnesty International, and other researchers, could lead to memory corruption and was actively exploited by attackers. Qualcomm has urged OEMs to roll out these patches swiftly to affected devices.

The vulnerability was caused by a use-after-free weakness in the DSP kernel, which could be exploited by local attackers with low privileges. It was labeled as "limited and targeted" by security researchers, suggesting it may have been used in attacks against high-risk individuals, including journalists and dissidents.

In addition to CVE-2024-43047, Qualcomm also addressed another severe flaw (CVE-2024-33066) related to improper input validation in the WLAN Resource Manager. Both patches are now available to OEMs, with Qualcomm strongly recommending their immediate deployment.

Recommended remedies:

1. Qualcomm's continued work in addressing critical vulnerabilities highlights the importance of regular security updates to protect devices from potential exploitation.
2. Users should reach out to their device manufacturers to ensure their devices are fully patched.
3. Anything else?

Read more on this: https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/

The original post: /r/cybersecurity by /u/laughlander on 2024-10-10 19:45:37.

The original post: /r/cybersecurity by /u/blueCat1301 on 2024-10-10 19:35:19.

Hi,

We are a very small US start-up looking to get SOC2 certified. We already have a Drata subscription.

About us:

• Saas, pure API, no UI, no site where users can login, just an API
• Modern stack, AWS, GSuit, Slack, Github, etc
• Three people team, two developers and one business person all remote

Reasonably paranoid about security, but not experts. We have a good understanding of the basics, but we are not security experts.

We need the certification as a sales tool for some big corporate leads.

We would love someone who can practically do it for us. Someone who can say: for your business you should have thees policies, these controls, etc. Ideally be on with us also during the audit.

Thank you.

PS: If this is not the right place to ask, please let me know where to ask.

The original post: /r/cybersecurity by /u/Bombardier143 on 2024-10-10 19:22:36.

I'm building a pipeline to automate some of the tasks in the initial analysis of a malware sample. I'm thinking of including capa.

I've noticed it sometimes giving me false information on capabilities of clean files. I don't have enough experience to know for sure how reliable it is.

If someone has any experience with it, is it a reliable tool?

The original post: /r/cybersecurity by /u/Patient_Mousse_1643 on 2024-10-10 18:50:28.

Hi everyone!

Recently we have drowning in a sea of phishing attempts (software company, about 3300 employees). Our management finally woke up and green-lit a budget for a real email security solution.

We were all set to take Abnormal Security for a spin, but then some friends/colleagues started sharing mixed reviews. Now I'm second-guessing everything and wondering if we're the only ones struggling this much. Figured I'd tap the hive mind here.

So, lay it on me:

1. What's everyone using these days to block those sneaky spearphishing attempts? Any products actually keeping up with the onslaught, or are we all in the same leaky boat?
2. With all this AI-powered phishing madness, has anyone found vendors that are genuinely staying ahead of the curve, or is it a losing battle across the board?
3. Any widespread nightmares or products that seem to be falling short for multiple companies? What should we steer clear of?

Darktrace and Avanan are on our radar too, but honestly, I'm open to anything at this point. If you've got war stories or insights on the current state of affairs, I'm all ears.

Thanks for any wisdom you can drop

The original post: /r/cybersecurity by /u/saga04 on 2024-10-10 17:21:51.

Can we trust them as do not see any white-labeled trust center link with them? Are US enterprises okay in trusting them or it doesn't matter and what matters is a certificate?

The original post: /r/cybersecurity by /u/Regular-Scallion4266 on 2024-10-10 17:13:26.

I'm a senior finishing a bachelor's in cybersecurity, with an associate's in IT and certifications like CompTIA Security+. I interned for a year, starting in the helpdesk team and transitioning to cybersecurity, where I gained experience in networking, ITSM, and deploying laptops. The company is an insurance company across multiple locations. I've been with the info sec team for 2 months, I'm hoping they'll offer me a job soon, I'm in Southwestern VA if that makes a difference.

The original post: /r/cybersecurity by /u/Afraid-Size740 on 2024-10-10 17:01:27.

Hey folks, How are you finding the market at the moment? Senior professional here struggling to get a new role so I wonder if anyone is facing the same?

The original post: /r/cybersecurity by /u/pancakebreakfast on 2024-10-10 16:56:59.

Attacks on large language models (LLMs) take less than a minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security.

Pillar’s State of Attacks on GenAI report, published Wednesday, revealed new insights on LLM attacks and jailbreaks, based on telemetry data and real-life attack examples from more than 2,000 AI applications.

LLM jailbreaks successfully bypass model guardrails in one out of every five attempts, the Pillar researchers also found, with the speed and ease of LLM exploits demonstrating the risks posed by the growing generative AI (GenAI) attack surface.

“In the near future, every application will be an AI application; that means that everything we know about security is changing,” Pillar Security CEO and Co-founder Dor Sarig told SC Media.

The original post: /r/cybersecurity by /u/PeneiPenisini on 2024-10-10 16:50:18.

I was listening to risky biz a couple weeks ago and they had the guy from push security on. Ended up watching him so a demo of evilnovnc on YouTube. I usually only get to see the fallout from these types of attacks but I love to get a picture of what the attacher sees to wrap my head around the whole thing. So my question, are there any people/channels out there that do regular demos of malware that aren't like hour long deep dives?

The original post: /r/cybersecurity by /u/buy_chocolate_bars on 2024-10-10 15:56:18.

I work at a software company, and one of our clients in another country is requesting a photocopy of each employee's passport who will access the systems deployed on their network. I've never heard of such a request before, given that passports are sensitive documents. Has anyone else encountered this? How did you handle it?