cybersecurity

The original post: /r/cybersecurity by /u/Deep_Sir9886 on 2024-11-12 17:16:44.

Could it be possible for a malicious USB mass storage device to modify itself? I.e., for the device's firmware to modify files stored on its media? I see no reason why not -- right? If so:

1. What applications of such a method would best justify using it (and thus risking its detection), especially if deployed via supply-chain attack?
2. What methods would best counter this threat? Encryption & signature before storage?
3. Are the methods from #2 in fact universally deployed in the situations identified in #1?

(Apologies if this is duplicate. My former attempt contained an error which I *think* caused AutoModerator to delete it.)

The original post: /r/cybersecurity by /u/intelw1zard on 2024-11-12 16:04:50.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-12 15:31:02.

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-12 15:25:43.

The original post: /r/cybersecurity by /u/Mirrorworl on 2024-11-12 14:51:13.

Recently I started looking into threat intelligence tools and I noticed that it's hard to compare what’s out there. In my opinion, this area is still pretty new, and I couldn't find a clear comparison of different brands in one place. I took it into my own hands and decided to create a comparison for threat intelligence tools for businesses. In my opinion, it’s a simple way to see what’s available, and I believe it fills an important gap.

Here it is - Comparison Table

I included what I believe are the most important features, and I plan to add more tools and criteria soon. As more businesses start taking their security more seriously, I thought, why keep it to myself?

Here’s what I looked at:

• Real-Time Monitoring - helps you catch suspicious activity by tracking your systems and sending quick alerts.
• Dark Web Monitoring - looks for your data on the dark web to see if it's being traded or discussed illegally.
• Data Leak Prevention - warns you if your sensitive information gets shared outside your organization.
• Compatibility with Current Systems - makes it easy to integrate with your current IT setup, without causing disruptions.
• Data Encryption - protects your data by turning it into a secure format that only authorized users can read.
• Brand Protection - shields your brand from threats like fake products, impersonation, or misuse of your brand name.

I hope this table helps you find what you need or just learn more about these tools. If you think I missed something or know another tool worth adding, let me know. Let’s make it even better!

The original post: /r/cybersecurity by /u/wiredmagazine on 2024-11-12 14:31:52.

The original post: /r/cybersecurity by /u/RepulsiveAdvisor8703 on 2024-11-12 03:27:21.

Hello everyone,

I’m a fifth-semester student in Computer Systems Engineering, and I'm currently gathering information for a colloquium on the impact of quantum computing on cybersecurity. I would greatly appreciate your support in answering a brief survey, which should take no more than 5 minutes. Your responses will be very helpful in understanding the knowledge and preparedness surrounding this emerging technology.

Thank you very much for your time and collaboration!

https://forms.gle/7q27mcA5F2cxsdJZ8

The original post: /r/cybersecurity by /u/Sensitive-Sundae4774 on 2024-11-12 13:32:47.

Hey all, With Black Friday coming up, I’m curious if there are any good deals in the cybersecurity space – whether it’s certifications, training, tools, or anything else.

If you come across any discounts or promotions, feel free to share them here so we can all take advantage of the deals!

Thanks in advance and looking forward to seeing what’s out there!

The original post: /r/cybersecurity by /u/JCTopping on 2024-11-12 13:09:13.

The original post: /r/cybersecurity by /u/Such-Heat1674 on 2024-11-12 12:23:55.

The original post: /r/cybersecurity by /u/ShaSalinger on 2024-11-12 08:37:44.

Hi wondering if anyone has references such as books on Cyber fraud. I tried roughly searching for this and the only good reference I found was a book by Rick Howard - Cyber Fraud TTPs (2009). Although it was a good resource, it's quite old already.

I was hoping anyone can point me in the right direction on possible references on the latest cybersecurity x fraud trends, patterns, and events as well as any references drilling on the two intersections of these two domains. Thanks!

The original post: /r/cybersecurity by /u/daily_rocket on 2024-11-12 04:19:00.

After working for 5 years as a Security Engineer at the same company, I am comfortable to say that the most important aspect that kept me at the company I am in is the full 100% remote arragement. Companies always whine about not finding security professionals all the time and when they find them, they ask them to go to the office in 2024. Want good security professionals and good talent? -> offer full remote positions. It's as simple as that !!

The original post: /r/cybersecurity by /u/waltfrombb on 2024-11-12 02:33:11.

I have an interview coming up. If one of the questions is about how I would secure a cloud-based web application (or any other application), then could I do threat modeling? To figure out what security controls I would put in place?

I'm nervous. I also only fit about half the requirements on the posting for it, so I really wanna make sure I give it my 100%.

The original post: /r/cybersecurity by /u/kin7sug1 on 2024-11-12 02:01:16.

Specifically, I am talking about Chrome Browser Extensions but I would be interested in other perspectives as well.

Do you allow anyone to install any extension? Do you flag extensions for review (based on qualities) and block after the fact? Do you block extensions that require certain permissions? Do you just deny by default and allow by exception?

Would be curious to hear some success or horror stories around rolling out browser security measures.

The original post: /r/cybersecurity by /u/sulabh1992 on 2024-11-11 23:12:38.

When we encrypt a drive using bitlocker we create a password to access the drive. Now bitlocker uses AES 128 bit encryption which is very strong and hard to break. But doesn't creating a password defeats the purpose of strong encryption. I mean someone else just have to know your password to access the data in the drive even if it is encypted. So does it mean that encryption is only as strong as your password or am I missing something?

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-11 22:59:30.

The original post: /r/cybersecurity by /u/Nemesis651 on 2024-11-11 22:51:07.

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-11-11 22:42:26.

The original post: /r/cybersecurity by /u/RotemNkunim on 2024-11-11 22:26:39.

Hey everyone, happy Monday. I had a question that I was hoping people could answer. I’m helping my CTI team define training for our analysts and we plan on using SANS quite a bit. The only question is how and for which skills.

We’ve identified SEC504 and FOR578 (I think that’s the CTI training) as two that would be beneficial. My question is the extent to which each course has comparable options from different vendors. In other words, is either of these trainings a gold standard that few other vendors can replicate? I’ve heard great things about both. The other way I’m thinking about this question is by assessing the feasibility/practicality of replicating either course through free/open-source content.

One other thing I’ll add is that our cohort of analysts tend to have better analysis skills than technical savvy. Many have former experience in the IC but didn’t work in a SOC. Perhaps that’s an important factor.

Thanks!

The original post: /r/cybersecurity by /u/nikola28 on 2024-11-11 19:31:56.

The original post: /r/cybersecurity by /u/VFDrives_PanelMaster on 2024-11-11 19:24:40.

Small business with ~20 computers. We currently have a tech co manage our security. Utilizing Sophos Central Intercept X Advanced for computers. We've been running this for awhile but hearsay is since we installed/utilized - computers have been slow. Any recommendations for alternatives, is sophos known for slowing down? This is out of my wheelhouse. Would like adequate protection without slowing down operations.

Most work is just internet, email (PDFs opening in adobe seem to be big issue for some reason). Any insight is appreciated.

The original post: /r/cybersecurity by /u/Such-Heat1674 on 2024-11-11 16:35:22.

The original post: /r/cybersecurity by /u/Smooth-Loquat-4954 on 2024-11-11 14:06:56.

The original post: /r/cybersecurity by /u/Hedierhfz on 2024-11-11 14:02:59.

AI is transforming cybersecurity—from automating threat detection to creating defenses that adapt in real-time. But as AI tools become smarter, cybercriminals are also using AI to develop new attack methods. Is AI making us safer, or is it adding more risk to the equation? What do you think—boon or threat? Let’s discuss!

The original post: /r/cybersecurity by /u/AdLatter9794 on 2024-11-11 13:41:05.

Is there any known EDR that supports windows 11 ARM?