cybersecurity

The original post: /r/cybersecurity by /u/yo_heythere1 on 2024-10-10 15:49:48.

Is it normal for security managers to panic on every, single alert that the vendor’s tools deemed as “critical” … I want to get insight if anyone else experiences the same where critical/sensitive findings require all hands on deck war room. This can range from misconfigured accounts to malware found on a single host. Personally, I’m the type to due some research before starting any calls to see if it’s a false positive like did the respective team legitimately ran the exe or was there an authorized pen test.

even i am still a novice to this field and am learning how to improve, but i cannot see myself working under management that panics without gathering some background information.

The original post: /r/cybersecurity by /u/CEPAORG on 2024-10-10 14:24:47.

The original post: /r/cybersecurity by /u/scertic on 2024-10-10 13:29:14.

Original Title: The 2023 World Economic Forum’s (WEF) Global Risks Report was not too much off from projected Cyber Risks - Back in 2023, Digital Dependence and Strong As The Weakest Link were in bold. it's Q4 of projected year and we are already there. What are your expectations?

The original post: /r/cybersecurity by /u/tisme- on 2024-10-10 10:49:00.

The original post: /r/cybersecurity by /u/selmynnawhysea on 2024-10-10 09:28:18.

The original post: /r/cybersecurity by /u/towtoo893 on 2024-10-10 09:02:55.

The original post: /r/cybersecurity by /u/towtoo893 on 2024-10-10 08:45:24.

The original post: /r/cybersecurity by /u/jajajaline on 2024-10-10 05:14:18.

If you found evidence of actors in your environment and then decided to hire a firm to threat hunt, did you get enough info? Was it worth it?

View Poll

The original post: /r/cybersecurity by /u/john217 on 2024-10-10 00:03:35.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-10-09 23:17:52.

The original post: /r/cybersecurity by /u/Far-Web-4551 on 2024-10-09 21:07:17.

Can any one confirm?

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!"

The original post: /r/cybersecurity by /u/FourD00rsMoreWhores on 2024-10-09 21:01:51.

The original post: /r/cybersecurity by /u/Alternative_Rush_817 on 2024-10-09 19:54:14.

I am a new Security Lead/Analyst for medium sized company who does not have a great security posture. One of the many things I have been tasked with is creating and aiding in enforcing policies that pertain to what standard procedure should be, should a user violate some security policy, i.e. fail a phishing test, so many times. The company runs some internal security analysis/tests but does nothing with the info/results of any of it.

So, my question is, what is a typical or industry standard way of handling these incidents? Is it just one the first violation they get an email/written warning, second is additional training, and so on? Or what do you guys recommend.

Thanks in advance for any advice or point in the right direction!

The original post: /r/cybersecurity by /u/NudgeSecurity on 2024-10-09 19:29:48.

It’s been around two years since ChatGPT exploded and AI use is still climbing—we’ve seen 900% growth in AI tool adoption since last (June/July). How have you approached security and governance for AI usage? What are you doing that’s working well? What’s not working for you?

The original post: /r/cybersecurity by /u/Cant_Think_Name12 on 2024-10-09 19:07:18.

Hi all,

Question for those of you who use Ontinue for a 24/7 external SOC, what are your thoughts? (Reference: Cyber Defense Center | Ontinue ION)

What are the pros of it, cons, pricing like?

How do you find their analysts and response/escalation times to be? Are their custom detection rules any good? Do they handle your internal incidents or only their own custom ones?

How is their alert tuning? What's included in a 'minimum' package?

Overall, I'm looking for any feedback on them to decide whether to go for them or not. Any insight would be greatly appreciated.

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-10-09 10:57:05.

The original post: /r/cybersecurity by /u/VLANtagonist on 2024-10-09 17:12:36.

When a bad actor engages in a credential stuffing attack against our customer portal, we can immediately tell (when they get to 2fa and fail) that the credentials are good. It’s an easy call to lock the account and reach out to the customer for a reset.

Where it gets dicier, from my perspective, is with Darkweb intel from our providers on supposed customer username/password combos. If we get a list of 600 names, but have no basis for establishing the accuracy, it’s more difficult to justify enacting the same procedure, particularly since it’s entirely possible that the username/password combo is recycled from some other old source, has long since been changed, and may come up multiple times in these dumps.

One of our vendors allegedly tests customer credentials against breach dumps (although we’ve yet to see an instance of this occurring with our customers). With our internal users, we of course have no qualms about having pentesters going even so far as to brute force creds. But with customers, it has a different feel, even if we are just contemplating potentially trying to validate creds from our threat intelligence providers.

Has anyone else tested the validity of these creds? Do you just proceed as if they are valid?

The original post: /r/cybersecurity by /u/Certain-Towel7026 on 2024-10-09 17:04:50.

I became more involved in security auditing and infrastructure hardening in the past 3 years. I understand there are US tax laws that say tax data should only be accessible by US personnel within the US.

Over the past year my company has hired thousands of India based employees and a few of them have access to all data in azure, which certainly holds PII and tax data. I've basically been told stand down, don't bring it up, this a sensitive topic. Is there an authority I can contact to report this outside of my organization anonymously? I don't even really care that this might not impact me on an audit as this is a company decision to allow it, and not a security concern that I can control, but I certainly do not enjoy being in meetings where we tell people you cannot access this you are outside of the US, while in that same meeting there 3 or 4 people in India with the access. It makes no sense and certainly violates tax data privacy laws right?

Maybe I don't understand the tax privacy data laws and this is an over reaction?

The original post: /r/cybersecurity by /u/Upper-Wash7148 on 2024-10-09 16:44:09.

Hello Cybersecurity Reddit! I was wondering what kind of response a company will look for when a question like this or similar to this is asked.

Will they be looking for you to pick up that weight? Or Tell management?

The original post: /r/cybersecurity by /u/Odd-Feed-9797 on 2024-10-09 16:29:22.

Reverb has failed sellers/users by allowing a massive data breach, and if you've ever sold anything, your personal information is now in a publicly accessible data dump, mine included.

Changing your password isn't much help, but yeah, just thought I'd post here in case someone didn't know. Take care.

https://www.linkedin.com/pulse/more-than-56-million-records-reverb-sellers-details-leaked-diachenko/

The original post: /r/cybersecurity by /u/EntranceIntrepid3009 on 2024-10-09 15:39:20.

Today was the first day a recruiter mentioned a job where the employer would sponsor a SC.

How valuable is this? Is this a bargaining chip for a higher salary?

The original post: /r/cybersecurity by /u/wewewawa on 2024-10-09 15:27:57.

The original post: /r/cybersecurity by /u/Competitive_Fan_6750 on 2024-10-09 15:03:43.

Hey, I have 7+ years of experience in cybersecurity and got an offer from Cognizant. Should I join ? How is job security in Cognizant? How is work life balance in cognizant?

The original post: /r/cybersecurity by /u/wmm_1 on 2024-10-09 13:37:06.

I just landed as a data analyst at a cyber security company. (How I got this job is still beyond me and I am dealing with alot of imposter syndrome).

While I enjoy being a DA I want to keep my options open and thinking about getting more involved with the actual work of a cybersecurity firm than just the data analytics.

What would you suggest I look at for possible next steps in my career path? I plan on staying in this role for 2-3 years but I've learned you need to start looking now for that next role.

My current hard skillset is SQL, TABLEAU, and very entry level python. I have studied for the COMPTIA Security + but never finished or registered to take it.

The original post: /r/cybersecurity by /u/TechInformed on 2024-10-09 13:10:17.