cybersecurity

The original post: /r/cybersecurity by /u/ParticularAnt5424 on 2024-11-16 03:20:53.

I am looking for a CNAPP tool that supports Kubernetes, we will have to test all of them but I was wondering what people experience with those tools. I am very interested in upwind as there is not much info about them

The original post: /r/cybersecurity by /u/rockycore on 2024-11-16 02:01:37.

[deleted]

The original post: /r/cybersecurity by /u/ValidPrestige on 2024-11-16 01:38:17.

The original post: /r/cybersecurity by /u/PlayfulVirus3771 on 2024-11-16 00:48:56.

Hello everyone,

I just landed a security engineer role at a healthcare org, focusing on Azure . Super excited but also kinda nervous! I've got about a year of experience from my previous tech company job, but that was more infrastructure/security hybrid stuff.

Here's the situation - I'll be reporting directly to the CISO in a pretty small security team (just me, another engineer, and the CISO). One of my main responsibilities will be handling security audits, which I've only assisted with before, never led.

Would love some advice on:

1. How to prep for healthcare security.
2. Tips on building a good relationship with the CISO
3. What to focus on in my first few months
4. How to approach running security audits (especially HIPAA/healthcare specific ones)

I know healthcare audits are no joke - any guidance would be super appreciated!

Thanks!

The original post: /r/cybersecurity by /u/arqf_ on 2024-11-15 23:57:19.

The original post: /r/cybersecurity by /u/StraightEstate on 2024-11-15 22:37:16.

I just remembered this. Has there ever been any updates on a catch? or further news related to Jia Tan?

The original post: /r/cybersecurity by /u/eladeba on 2024-11-15 21:02:54.

Any thoughts on this?

https://techcrunch.com/2024/11/14/new-apple-security-feature-reboots-iphones-after-3-days-researchers-confirm/

“Inactivity reboot” effectively puts iPhones in a more secure state by locking the user’s encryption keys in the iPhone’s secure enclave chip. “Even if thieves leave your iPhone powered on for a long time, they won’t be able to unlock it with cheaper, outdated forensic tooling,” Classen wrote on X.

The original post: /r/cybersecurity by /u/Several_Print4633 on 2024-11-15 20:57:47.

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-15 19:57:50.

The original post: /r/cybersecurity by /u/Infinite_Friend_1920 on 2024-11-15 17:48:11.

Hiya! So ive been a SOC analyst for 3 years and finally have a little break in my long list of studies I will be forever undertaking. I want to get into malware analysis more and wondered if anyone had any helpful tips, resources or courses you would recommend me taking a look at.

Thanks all amlnd keep up the good work!

The original post: /r/cybersecurity by /u/ChallengeAdept8759 on 2024-11-15 17:42:46.

The original post: /r/cybersecurity by /u/Cant_Think_Name12 on 2024-11-15 17:07:16.

Hi All,

I receive a lot of alerts about users downloading cracked software or key-generators. Sometimes they're blocked, sometimes they run for a minute or two then get remediated, or sometimes they fully run.

My question is, what do you guys do when you encounter users downloading these cracks/keygenerators? If it ran for 1-2 minutes do you reimage the device? Do you simply just quarantine the file and call it a day?

My thought process is, if it ran for at all for over a minute, then, reimage the device, as it's a crack/keygen and can be bundled with other goodies I could be missing.

If it didn't run, then, notify the user and remove it from the device.

Do you guys have any other insight on what could/should be done?

Most of these cracks are coming from USBs, not, downloaded directly from the internet. However, we can't restrict USB access due to the nature of our business.

Any insight would be great!

Note1:

• I appreciate all the feedback from everyone. Great to see everyone's thoughts and how they handle things.

Note2:

• My company is very reliant on Local admin rights and USBs. so, unfortunately restricting access is near impossible despite efforts to reduce the numbers. Security is trying to reduce it, however, business is against it

The original post: /r/cybersecurity by /u/blackpoint_APG on 2024-11-15 16:35:42.

A newly disclosed remote code execution (RCE) vulnerability (PAN-SA-2024-0015) in Palo Alto firewalls is actively being exploited, with a critical CVSS score of 9.3. Threat actors are targeting exposed management interfaces, leveraging low-complexity, automated attacks.

No Patch Yet: Palo Alto urges organizations to restrict public access to management interfaces immediately.

Why it matters:

This vulnerability threatens network security, allowing attackers to modify firewall rules, access sensitive data, and pivot within networks.

Threat actors are likely to target this vulnerability for initial access to target organizations. Additionally, threat actors likely will exploit the vulnerability to manipulate network traffic, create new firewall rules, or redirect traffic to other areas of the network providing a method for lateral movement through the network.

Action Needed Now:

Secure your interfaces per Palo Alto’s recommendations to mitigate risk.

Relevant Links:

• Palo Alto Advisory

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-14 17:14:06.

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-14 17:13:10.

The original post: /r/cybersecurity by /u/intelw1zard on 2024-11-14 17:08:48.

The original post: /r/cybersecurity by /u/oridavid1231 on 2024-11-14 17:06:06.

The original post: /r/cybersecurity by /u/paparacii on 2024-11-14 16:52:09.

Went from one company where I had somewhat specialized role to another general one where I'm the only official security guy.

We have compliance requirements (rhymes with easy-eye) we must follow and I've been spending lot of time updating policies, setting up (but not extensively tuning) SIEM, Getting centralized Antivirus, updating more policies.

I keep thinking how this it's just bueraucracy and feel a bit uneasy that somewhere something might pop up and it'll rain on me. How do I stay sharp?

The original post: /r/cybersecurity by /u/GrowthVector on 2024-11-14 16:18:59.

Zero Day exploit via phishing emails

https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

The original post: /r/cybersecurity by /u/mooreds on 2024-11-14 16:02:40.

The original post: /r/cybersecurity by /u/Navid_Shams on 2024-11-14 16:01:41.

Cyber Security experts at google, using the Cyber Security Forecast 2025, are predicting an uptick in APT actions and a modification to their TTPs. Among those updates is an increase in AI usability and a heavier emphasis on increased access to tools on the broader internet. How do you all see the year 2025 going for the world of Cyber Security?

https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2025

The original post: /r/cybersecurity by /u/gurugabrielpradipaka on 2024-11-14 16:00:25.

The original post: /r/cybersecurity by /u/Novel_Negotiation224 on 2024-11-14 15:52:05.

The original post: /r/cybersecurity by /u/IRanqer on 2024-11-14 15:50:40.

Hello everyone,

I am responsible for introducing a concept to manage vulnerabilities more pro actively and centralized in our department for our systems (network devices) to remediate them even before internal vulnerability scans detect them.

I would like to automate everything as much as possible. I thought about getting a list of our systems and their software version maybe through API calls to our IPAM system. Then getting a list of known CVEs and filtering for manufacturer, system and version information to get only CVEs for systems we use. However, I dont know yet how to get this kind of information effectively.

Based on this we could plan the remediation of these CVEs.

Does anybody have any experience or recommendations for strategies or tools?

The goal is to detect published CVEs as fast as possible without scanning the infrastructure too often.

The original post: /r/cybersecurity by /u/Traut on 2024-11-14 15:31:24.

While building a SOC metrics template (a blog post here), I made some JQ functions to handle all the calculations directly on Elastic Security data. These cover

• calculating MTTR based on workflow\_status\_updated\_at and status fields of the alert obj
• computing SLA % based on the pre-set hour limits per severity
• computing alert load per analyst based on pre-set shifts

The funcs do not require you to use BlackStork Fabric, they are standalone JQ funcs.

Code on GitHub — https://github.com/blackstork-io/fabric-templates/blob/main/cybersec/secops/soc-weekly-activity-overview-elastic-security.utils.jq