The original post: /r/cybersecurity by /u/mrtnmrdkl on 2024-11-05 21:54:32.

I work as a security analyst.

It hasn’t been long since I passed my BTL1 exam, and I’d like to take a higher-level practical exam. Which of the above would you recommend, and what experience do you have with them? Or are there other exams you would suggest?

The original post: /r/cybersecurity by /u/bateau_du_gateau on 2024-11-05 21:42:11.

https://www.linkedin.com/pulse/open-letter-isc2-board-ira-winkler-gvoge/

The original post: /r/cybersecurity by /u/moss728 on 2024-11-05 20:48:26.

Hello all,

I'm currently working for a small governmental agency that has less than 50 endpoints. They currently use n-Able RMM for their patch management and antivirus. They have an old SonicWall that the old admin used to manage. It use the Capture software but it will need to be replaced within the next couple months due to EOL. They also have CJIS systems so they have reporting requirements that have to uphold and monthly vulnerability assessment needed.

I would like to find them one vendor that does it all, but that may not be possible. I would like a next generation antivirus product, patch management, vulnerability scans at least once a month, CJIS compliance, and maybe even SOC as a service.

Does anyone know of a good provider for all or close to all they are familiar with?

The original post: /r/cybersecurity by /u/intelw1zard on 2024-11-05 19:48:34.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-05 19:02:42.

The original post: /r/cybersecurity by /u/NudgeSecurity on 2024-11-05 18:35:34.

LastPass has reported a malicious actor adding fake reviews on the Chrome Web Store and directing customers to call a number controlled by the actor. Additionally, we have found instances of Chrome extension reviews targeting users of other password managers, such as Dashlane.

https://www.nudgesecurity.com/post/social-engineering-campaign-using-fake-reviews-on-the-chrome-web-store

The original post: /r/cybersecurity by /u/CYRISMA_Buddy on 2024-11-05 18:11:56.

The original post: /r/cybersecurity by /u/dip_ak on 2024-11-05 17:38:32.

Lots of team members started to use AI coding tools, Financial analysis tools, customer service AI tools, etc.

How can we prevent data getting on public LLM?

The original post: /r/cybersecurity by /u/TourTraditional7572 on 2024-11-05 16:46:47.

I’ve been tasked with writing a proposal for a cyber security audit for a client who has a Shopify site, uses zapper with an AWS Api and uses Kintone for inventory management. What should the audit be composed of? And what should be in the proposal? Please any help is appreciated!!!

The original post: /r/cybersecurity by /u/TechInformed on 2024-11-05 15:04:27.

The original post: /r/cybersecurity by /u/iamjessew on 2024-11-05 14:34:31.

The original post: /r/cybersecurity by /u/mooreds on 2024-11-05 13:33:09.

The original post: /r/cybersecurity by /u/lowkib on 2024-11-05 13:20:13.

Hello,

I’ve been asked to plan to implement a security assessment on an open source project and implement security controls and security best practices for open source.

Does anyone have any experience securing open source projects. If so any ideas?

Thanks

The original post: /r/cybersecurity by /u/trekit_ on 2024-11-05 13:14:52.

I worked as application pentester in my previous role. Recently joined a product company.

My said role involves

1. vapt done from vendor
2. Managing Jira for vulnerability
3. Creating policy
4. Incident managing
5. Testing
6. Other adhoc task...

I am having hard time managing 4 and 5 task because of 1 ,2,3 task. I feeling time wasted in Jira management. If anyone with same situation how are you managing your time for other task?

Point 4 , I have no idea how to go about security incident handling. Basically got understanding from udemy and YouTube but I feel it is not completely understand it yet. If you know Any courses/study materials please share.

Point 5, coming from appsec i have been struggling to skill up with netsec, newer exploits, please share how to manage this ? Need to scale up fast and execute is the ask here.

Switching from IT to Product co is fast paced environment. How does anyone handle this?

Sorry for asking so many questions here at once. Please share your experience and suggestions 🙏

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-05 12:57:13.

The original post: /r/cybersecurity by /u/Akkeri on 2024-11-05 12:16:53.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-05 08:30:15.

In a scenario reminiscent of a modernday Italian Job, hackers have allegedly breached Italys national security, exposing confidential data of some of the countrys most prominent political figures. At the heart of the controversy is Nunzio Samuele Calamucci, a 44 year old IT consultant operating from a modest office near Milans iconic.

The original post: /r/cybersecurity by /u/lifetechmana1 on 2024-11-05 06:40:41.

I have a lot of driving to do tomorrow, and I wanted to see if anybody has recommendations on interesting or insightful cybersecurity or tech based podcasts or YouTube content.

I’ve watched alot of the documentary/essay style stuff from channels like Fern on YT. But I want to see what everyone else recommends!

The original post: /r/cybersecurity by /u/throwaways28282882 on 2024-11-05 06:31:34.

I don’t know if this is the place but today I found out a coworker who I worked with since we interned passed away today. This is the second person in the past two years that has passed away and this is my first corporate job in security. Is this normal in security? I feel like my morale was already at a low when the first person passed and when layoffs happened but now this basically crushed me. On top of that I have people who I have to advise for supply chain security being rude and wanting things done asap. I love my job but I just feel numb. This person literally inspired me at work and I always saw them as someone who would go on to do great things in the industry but now they’re gone. Life really is cruel and unfair.

The original post: /r/cybersecurity by /u/cyberkite1 on 2024-11-05 03:51:49.

Google has unveiled a world-first innovation: AI discovering a zero-day vulnerability in widely-used software. Through a collaboration between Google’s Project Zero and DeepMind, the "Big Sleep" AI agent identified a memory safety flaw in SQLite, a popular database engine. This achievement is a milestone in cybersecurity, leveraging artificial intelligence for enhanced protection.

The groundbreaking find underscores the power of AI when combined with skilled ethical hackers. Google’s Project Zero, known for hunting down critical vulnerabilities, and DeepMind's AI expertise are setting new standards with this large language model-driven agent. Big Sleep is pushing the boundaries of what’s possible in preemptive security measures.

Traditionally, fuzzing (injecting random data to uncover bugs) has been a key tool, but it has limitations. Big Sleep aims to overcome these by detecting complex vulnerabilities before software even reaches users. This could pave the way for AI to become an integral part of software testing, catching issues traditional methods miss.

Although still experimental, Google’s Big Sleep points to a promising future. As AI tools evolve, they could streamline vulnerability management, making it faster and more cost-effective. With innovations like these, defenders may finally stay one step ahead in the cybersecurity race.

I've kept saying this is going to happen and now Google has actually done it, programmed Al to discover zero-day vulnerabilities. This should be a warning because malicious security hackers will also be looking for 0-day vulnerabilities this way and a celebration because Al will help in finding those vulnerabilities.

It creates a lot of questions for the future.

Read more in this article: https://www.forbes.com/sites/daveywinder/2024/11/04/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/

The original post: /r/cybersecurity by /u/Electronic-Ad-6752 on 2024-11-05 03:21:18.

We are trying to develop a 5 year plan to implement 5 goals, but not sure even where to focus

The original post: /r/cybersecurity by /u/Automatic476 on 2024-11-05 01:57:57.

I am curious on everyones take on what are the major shortcomings of the cybersecurity industry right now . What does the industry struggle with, what gaps are there right now in the space, what do major companies not get right?

The original post: /r/cybersecurity by /u/anynamewillbegood on 2024-11-05 00:15:32.

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-05 00:08:07.

The original post: /r/cybersecurity by /u/Impossible-Chip8991 on 2024-11-04 22:37:51.

Hi all,

Wanted to start off by saying am not familiar much with LDAP. I just want to make sure LDAP signing is enforced. I've enforced it through GPO specifically the "domain controller: LDAP server signing requirement" and "network security:LDAP client signing requirements" set to Require Signing.

This was proven to be pushed out via a Resultant Set of Policy tool report, but some pen testers report that ldap isnt forcing signing. Also, to test on the my side I've been using the default win11 LDP app, connecting to my domain controller server, to see if it prompts for a password or token of sorts.

My first question is if this is the correct way to test if LDAP signing is turned on, or if those GPO's I mentioned are the ones I want. I also toyed with the one titled "LDAP server channel binding token requirements" and set to Always, but same result shows via the LDP app.

Any help would be appreciated.