{"posts":[{"content":"Cryptography on video clips","created_at":1613415518.0,"id":"lkbej0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lkbej0/cryptography_on_video_clips/","subreddit":"cybersecurity","title":"Is it possible to use cryptography on video clips, how does it work?","upvotes":1,"user_id":"Dude109765"},{"content":"I am sure my phone is being monitored","created_at":1613415483.0,"id":"lkbe9n","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lkbe9n/i_am_sure_my_phone_is_being_monitored/","subreddit":"cybersecurity","title":"I have come here multiple times but I am ignored. I am absolutely sure about this and it is kinda big deal considering It has persisted past restoring. I don't know where to go because no one believes it. Could it be sim card related?","upvotes":1,"user_id":"Informal-Permission1"},{"content":"CMMC: Stopping Cyber Espionage Like Chinese Theft of F-35 Data","created_at":1613412360.0,"id":"lkao08","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lkao08/cmmc_stopping_cyber_espionage_like_chinese_theft/","subreddit":"cybersecurity","title":"[https://breakingdefense.com/2021/02/cmmc-stopping-cyber-espionage-like-chinese-theft-of-f-35-data/?fbclid=IwAR1mpenZhevhrez-jgFjbGHTiV0SVo7fIYltWPidqZw6f-ZljvMgLQp4itU](https://breakingdefense.com/2021/02/cmmc-stopping-cyber-espionage-like-chinese-theft-of-f-35-data/?fbclid=IwAR1mpenZhevhrez-jgFjbGHTiV0SVo7fIYltWPidqZw6f-ZljvMgLQp4itU)","upvotes":2,"user_id":"aybolitus"},{"content":"What's the big deal with passwords?","created_at":1613410669.0,"id":"lka9wq","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lka9wq/whats_the_big_deal_with_passwords/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"glowsplash"},{"content":"What is The Dark Web? Everything You Need to Know","created_at":1613410469.0,"id":"lka8dg","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lka8dg/what_is_the_dark_web_everything_you_need_to_know/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"chelsea_walker"},{"content":"How did Kevin David Mitnick get arrested by the FBI?","created_at":1613405908.0,"id":"lk979u","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lk979u/how_did_kevin_david_mitnick_get_arrested_by_the/","subreddit":"cybersecurity","title":"Kevin David Mitnick, was once the most notorious break-in artist in the history of computers. He was on the most wanted list of the FBI because of his famous \u2018electronic joyride\u2019 during which he hacked into 40 major companies just for the challenge. To know how he got caught by the FBI, refer to the link below.\n\n[https://youtu.be/hrJI29gZWUc](https://youtu.be/hrJI29gZWUc)","upvotes":0,"user_id":"FishermanWitty8173"},{"content":"Sign in to authenticator with just a Google account? How is it safe?","created_at":1613400673.0,"id":"lk7xpo","n_comments":4,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lk7xpo/sign_in_to_authenticator_with_just_a_google/","subreddit":"cybersecurity","title":"Hello everyone\n\nSo I've been using authenticator to log in some investing platform ages ago, left just a little bit of my funds in, and forgot about it for some time. Since then, I've changedy my phone a couple of times and didn't save any emergency codes. To my surprise, I just downloaded the Google authenticator app and it works just like that with the same platform. How is that possible? Is it just my main Google account that's connected? Because if so, then I'm finding it really hard to believe that it's secured.\n\nIf someone have broken into my Google account then they could obtain access to virtually everything that my authenticator protects right? I use different accounts to sign up and login wherever, but I just don't get it, someone please explain to me what's going on","upvotes":6,"user_id":"12321Jay"},{"content":"Microsoft says it found 1,000-plus developers' fingerprints on the SolarWinds attack","created_at":1613400527.0,"id":"lk7wa4","n_comments":11,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lk7wa4/microsoft_says_it_found_1000plus_developers/","subreddit":"cybersecurity","title":"","upvotes":85,"user_id":"deadbroccoli"},{"content":"Are there really jobs out there for certs like OSCP and demand for them?","created_at":1613395456.0,"id":"lk6kxz","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lk6kxz/are_there_really_jobs_out_there_for_certs_like/","subreddit":"cybersecurity","title":"Hey guys, I hope this is the right place to post this. \n\nI am currently studying for my ccna because I would like to gain a fundamental understanding of networking but I would like to eventually move into pen testing and infosec once I gain the knowledge and experience. \n\nIs there really jobs out there for certs like the oscp? I ask this because it seems to me that companies wouldn't really be interested in things such as red teaming or hiring somebody to pentest their systems. Are these certs really worth going after or is it better to stick to some of the networking certs to get into infosec?\n\nI could be totally wrong about and I am hoping that I am because I find Linux extremely interesting and I planned on studying for and eventually obtaining the OSCP. \n\nThanks in advance for the input.","upvotes":1,"user_id":"Alternative-Fox6236"},{"content":"I\u2019d love to get the members\u2019 feedback on remote access in these covid-19 days. Are you using a VPN? If so, is it working well? Please choose the best answer. Thank you!","created_at":1613392647.0,"id":"lk5t8i","n_comments":3,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lk5t8i/id_love_to_get_the_members_feedback_on_remote/","subreddit":"cybersecurity","title":"\n\n[View Poll](https://www.reddit.com/poll/lk5t8i)","upvotes":0,"user_id":"Ultra_secret"},{"content":"Q3liZXJzZWMgbXkgd2F5IC0gUGFydCAxCg== :: Ceso Adventures","created_at":1613385549.0,"id":"lk3qwl","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lk3qwl/q3lizxjzzwmgbxkgd2f5ic0gugfydcaxcg_ceso_adventures/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"cesox"},{"content":"I've been blocked by a website I was testing during a bug bounty, should I be worried?","created_at":1613385531.0,"id":"lk3qqo","n_comments":11,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lk3qqo/ive_been_blocked_by_a_website_i_was_testing/","subreddit":"cybersecurity","title":"So I'm relatively new to bug bounties, I'm not a script kiddy but neither am I at all experienced in web security. I thought the best way to learn is to just to start on a real project (I've done a decent amount of CTFs but nothing real life). Anyways, I found a website to test on HackerOne and I scanned the rules and thought I'd have a start. I mostly mess around with graphql queries to see what I can change and try to get access to their firewalled API but find nothing really. Then I decided to try and use dirsearch to find any useful URLs. When doing this I forget to rate limit it. After not finding much I give myself a break and leave the computer for a while. When I come back to the computer I find out that my IP is now blocked from accessing this website. A bit worried I check back to HackerOne and find out that I had missed some quite important information. I forgot to append \"HackerOne\" to my user agent and the rate limit for scanning was 100 / min and I was doing about 30 / second (for about 15 mins). Now I'm probably being overly worried but should I contact the website to apologise and explain as they may be worried someone who's not doing a bug bounty is trying to gain access. Or should I avoid contacting them as I technically broke their bug bounty rules. Is there any real risk of them bringing any legal action against me (I don't have a VPN and my router has its own IP so if they wanted to contact the police, they could identify me).","upvotes":1,"user_id":"MrRandoMcGee"},{"content":"A Brief Summary of Who Hacktivists Anonymous Are and Whether They'll Ever Get Caught","created_at":1613379537.0,"id":"lk1wiw","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lk1wiw/a_brief_summary_of_who_hacktivists_anonymous_are/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"cyberbeam20"},{"content":"I'm a data scientist, and I'm curious about supplementing ds skills with cyber security experience and education. Any ideas?","created_at":1613378161.0,"id":"lk1h96","n_comments":4,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lk1h96/im_a_data_scientist_and_im_curious_about/","subreddit":"cybersecurity","title":"I know there are ways to pivot into cyber security. Are any of those specific to DS? I'm not interested in leaving my DS career right now. I just think these skills could be a unique combination and possibly useful. Is that reasonable to think? \n\nI have very little understanding of what cyber security requires as a skill set, but protecting data is a big deal in my world, so I'm pretty sure there's room for development there. Thoughts?","upvotes":3,"user_id":"WhosaWhatsa"},{"content":"Please fill out this survey!","created_at":1613377803.0,"id":"lk1dfr","n_comments":1,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/lk1dfr/please_fill_out_this_survey/","subreddit":"cybersecurity","title":"Need a survey filled out for school regarding cyber security and passwords, Its for a UX design class. \n\n\n[https://forms.gle/fkochFCvt6Jkrxd3A](https://forms.gle/fkochFCvt6Jkrxd3A)","upvotes":0,"user_id":"hunt6429"},{"content":"Mentorship Monday","created_at":1613376018.0,"id":"lk0sdv","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lk0sdv/mentorship_monday/","subreddit":"cybersecurity","title":"This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do *you* want to know about certs/degrees, job requirements, and any other general cybersecurity career questions?\n\nAdditionally, we encourage everyone to check out [Questions](https://www.reddit.com/r/cybersecurity/search/?q=flair%3Aquestion&restrict_sr=1&t=week) posted in the last week and see if you can answer them!","upvotes":3,"user_id":"AutoModerator"},{"content":"Switch career to security engineer, worth it?","created_at":1613373039.0,"id":"ljzu5h","n_comments":2,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ljzu5h/switch_career_to_security_engineer_worth_it/","subreddit":"cybersecurity","title":"Hi, I am a software engineer with \\~6 years of experience, mainly focusing on backend development.\n\nI am interested in security engineering, particularly identity management field. I am debating if I should make the transition. I just started studying for CEH, but most job I saw would require certain years of experience.\n\nCan someone with a similar career path share your experience and thoughts? Thanks","upvotes":2,"user_id":"cgcamusda"},{"content":"Egregor ransomware members arrested by Ukrainian, French police","created_at":1613372881.0,"id":"ljzs7g","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ljzs7g/egregor_ransomware_members_arrested_by_ukrainian/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"jpc4stro"},{"content":"Interested in pursuing Cyber security as a career would like input on what to expect education and in the field wise","created_at":1613370767.0,"id":"ljz3ro","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ljz3ro/interested_in_pursuing_cyber_security_as_a_career/","subreddit":"cybersecurity","title":"I've been doing customer support with a tech company for years but it is for their products.\n\n\nI'm looking to make a change into an actual career as I'm starting college towards a degree in the fall. I'm hoping to make Cyber Security or IT what I focus in.\n\nI'm not the best at math but can and am willing to learn it. As of now I'm still doing some research and would like to perhaps work in pentesting as the ability to work remote appeals to me. Though I'm open to working in Networking and System administrator for the experience.\n\nFor those of you that are certified or already in the field. \n\nWhat kind of advice would you recommend for learning before attending school?\n\nAs well as what does a normal day on the job look like?","upvotes":1,"user_id":"greyson3"},{"content":"OT/ICS Masters/Graduate programs?","created_at":1613369748.0,"id":"ljyrw0","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljyrw0/otics_mastersgraduate_programs/","subreddit":"cybersecurity","title":"Would anyone have any suggestions on US graduate or master's programs strong in ICS/SCADA/embedded or OT security?","upvotes":2,"user_id":"bllinker"},{"content":"Currently in university studying Computer Engineering, things to do to make myself a stronger candidate?","created_at":1613369633.0,"id":"ljyqnj","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljyqnj/currently_in_university_studying_computer/","subreddit":"cybersecurity","title":"I'm currently a sophomore Computer Engineering and just found a passion to learn more about Cyber Security, I recently joined my university's CTF team and have been having a blast and want to look into getting into cyber security as a career.\n\nMy questions are:\n\nIs it hard to find a job in Cyber Security as a computer engineer?\n\nWhat are some things I can do while in college to give myself a better chance at getting a cyber security job when I graduate (should I get certs etc.)?\n\nThanks in advance!","upvotes":5,"user_id":"P3ngiun"},{"content":"How to start","created_at":1613367801.0,"id":"ljy4i0","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ljy4i0/how_to_start/","subreddit":"cybersecurity","title":"As someone changing career paths and starting over what would you guys recommend into getting started in cybersecurity? I have a B.B.A. in Marketing & International business and currently work in the mortgage industry. However, I want to do something different and interesting. Something that can challenge me every day. That is why I'm interested in Cybersecurity. Also, I read not many women are in the field and that makes it more exciting. I have to add I have no IT background. \nI've been looking into doing WGU **Bachelors of Cybersecurity & Information Assurance** \nThat includes all these certs: \nCertified Cloud Security Professional (CCSP) \u2013 Associate of (ISC)\u00b2 designation\n\n* Systems Security Certified Practitioner (SSCP) \u2013 Associate of (ISC)\u00b2 designation\n* A+ (CompTIA)\n* Cybersecurity Analyst Certification, CySA+ (CompTIA)\n* Network+ (CompTIA)\n* Network Vulnerability Assessment Professional (CompTIA)\n* Network Security Professional (CompTIA)\n* Security Analytics Professional (CompTIA)\n* Security+ (CompTIA)\n* Project+ (CompTIA)\n* PenTest+ (CompTIA)\n* IT Operations Specialist (CompTIA)\n* Secure Infrastructure Specialist (CompTIA)\n* ITIL\u00ae1 Foundation \n\n\nThank you in advance :)","upvotes":0,"user_id":"Fabulous_Adeptness_7"},{"content":"Questions regarding a cybersecurity program","created_at":1613364441.0,"id":"ljwztp","n_comments":3,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/ljwztp/questions_regarding_a_cybersecurity_program/","subreddit":"cybersecurity","title":"I was hoping an alumn or someone here could give me insight into the Year Up cybersecurity program. Is it possible to land an entry level cs role after internship? I have already prepared mostly for my A+ before finding this program.. \n\nI've seen a lot of people post about going through the IT program but not cybersecurity. Is it worth it??? Thanks!","upvotes":2,"user_id":"ActualDiet4971"},{"content":"What is considered ethical/non-ethical","created_at":1613362177.0,"id":"ljw7xg","n_comments":6,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/ljw7xg/what_is_considered_ethicalnonethical/","subreddit":"cybersecurity","title":"I found a pretty exposed server with almost every port open and I thought shoot let me SSH for the hell of it not exactly it to work without a password and it did... I immediately exited and didn\u2019t do anything and plan on telling them ASAP. But I\u2019m curious what is the threshold? \nThey have FTP/ssh/and MySQL exposed to everyone, is there an official process to notify them?","upvotes":1,"user_id":"tunaluna94"},{"content":"What is this device on my WiFi?","created_at":1613360049.0,"id":"ljvgso","n_comments":5,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ljvgso/what_is_this_device_on_my_wifi/","subreddit":"cybersecurity","title":"I found a Espressi device on my WiFi randomly? Can someone tell me what it is? And why it would be on my WiFi?","upvotes":0,"user_id":"Blakely_Rose"},{"content":"How safe is 7Zip encryption?","created_at":1613357786.0,"id":"ljuo64","n_comments":10,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/ljuo64/how_safe_is_7zip_encryption/","subreddit":"cybersecurity","title":"Hi, I have a folder with some sensitive data that I have to upload to a cloud. I found some topics that say that 7Zip encryption had problems in the past, but they are old topics (at the least I didn't found so much, but here an example [https://www.reddit.com/r/security/comments/ak6lqg/7zip\\_encryption\\_is\\_completely\\_broken\\_according\\_to/](https://www.reddit.com/r/security/comments/ak6lqg/7zip_encryption_is_completely_broken_according_to/) ). So in 2021, is there any reason why I shouldn't use it to encrypt the folder? I already know that it uses AES-256 bit encryption and this is pretty a safe encryption, but obviously it depends from the implementation of that algorithm. Should I use another program to encrypt the folder? Could you tell me some programs to do that? By the way, I have to compress the folder to reduce the space, but I could just zip, and then encrypt the zipped file.\n\n​\n\nThank you in advance and sorry for my bad english","upvotes":9,"user_id":"secon25"},{"content":"We are trying to help people get into IT & IT Security (Security Unfiltered Podcast)","created_at":1613353981.0,"id":"ljtchn","n_comments":52,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/ljtchn/we_are_trying_to_help_people_get_into_it_it/","subreddit":"cybersecurity","title":"What's up Peeps and Peepettes? Wanted to let you guys know that Security Unfiltered has released another podcast episode:\n\n​\n\n**Episode #2 Experience vs Certifications vs Degrees.**\n\n[Podcast Episode.2](https://securityunfiltered.buzzsprout.com/1656988/7717843-certs-vs-experience-vs-degrees)\n\n​\n\nOur Podcast and content is catered to helping those get into IT & IT Security - while providing some of the tips/lessons/hardships we've experienced on our path.\n\n​\n\nWe keep things 100 --- and tell you how it is. Of course, everyone will have their own opinion and path to success, however, we noticed that there is a lack of constant reference material that kind of covers some of the things that people we typically ask.\n\n​\n\nSo please check it out, let us know what you think. We want to eventually do training, projects, templates, etc to help those along in this journey.\n\n​\n\nWe want to make sure if just anyone out there could benefit that they had a chance to check us out.\n\n​\n\nHost: \n\nJoe South - [https://www.joesecurityblog.com/](https://www.joesecurityblog.com/)\n\nTech Jacks - [https://techjacks.net/](https://techjacks.net/)\n\nYoutube Channel - [https://www.youtube.com/channel/UCMiKLzFkkGHDfdf7wri94uw](https://www.youtube.com/channel/UCMiKLzFkkGHDfdf7wri94uw)\n\nPodcast site - [https://securityunfiltered.buzzsprout.com/](https://securityunfiltered.buzzsprout.com/)\n\n​\n\nJoe South is a Senior Cloud Engineer\n\nTech Jacks - Security Architecture | IT GRC Manager\n\n​\n\nAlright i've said enough and I ain't trying to get all spammy. Appreciate it if yall can check out the content, comment, subscribe, share, all that good stuff. Hope you all have a good rest of the day!","upvotes":377,"user_id":"TechJacks"},{"content":"has anyone used/tried remcos remote access tool","created_at":1613353935.0,"id":"ljtbvn","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljtbvn/has_anyone_usedtried_remcos_remote_access_tool/","subreddit":"cybersecurity","title":"i need a software where i can monitor different computers, so i heard of remcos remote access tool, it seems legit, but i am concerned it is a RAT itself [https://breaking-security.net/remcos/free/](https://breaking-security.net/remcos/free/)\n\ni do not know anything about cyber security so if anyone knows anything about this program or if its safe please tell me","upvotes":1,"user_id":"peppapigisgay4"},{"content":"Entering cyber security a bit of guidance for entry-level jobs","created_at":1613353905.0,"id":"ljtbhr","n_comments":6,"percentage_upvoted":0.74,"permalink":"/r/cybersecurity/comments/ljtbhr/entering_cyber_security_a_bit_of_guidance_for/","subreddit":"cybersecurity","title":"Hey guys, I was wanting to enter cybersecurity coming from a healthcare role (RN). I'm 37, family, house, blah blah. I spoke with a friend of a friend who stated that when he hires entry-level auditors he really only requires Secure+ 601. It has been many moons since I learned anything about computers and while I know some basic functions and some understanding but nothing too in-depth. Would it be best for me to study for an A+ certification prior to the Secure+? Should I continue to try and learn python? I had just started it and it seems like it could be very helpful for scripts and such for the job. \n\nI would love to get into a position of analyst or pentest and work remotely from home, ideally. I would like to not incur more student debt as I already have two BA. I am willing to learn independently but don't want to just blindly learn things that won't help me get that initial entry-level jobs. Plus, we are wanting to move back into a small town in the mountains which is why more remote work would be ideal. Obviously, we gotta follow where the jobs and money is though, we realize that. \n\nI will be financing this while taking high-risk travel assignments for work and in between assignments and day off study to move into CS. My wife is currently a nurse, and prego, we have a kiddo at home so I still need to the finances to obtain a better life for us all. \n\nCurrently, we are living in the Houston metro area. If anyone in the area has time to chat or even aid as a pt mentor to help guide that would be amazing. \n\n​\n\nAppreciate any fb.","upvotes":5,"user_id":"Icy-Scratch5289"},{"content":"WireGuard VPN on OPNsense & Android","created_at":1613352568.0,"id":"ljsuhf","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/ljsuhf/wireguard_vpn_on_opnsense_android/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"creativeboy7"},{"content":"Traitor - Automate low-hanging fruit privesc (including gtfobins) in Linux","created_at":1613351907.0,"id":"ljsmc5","n_comments":1,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/ljsmc5/traitor_automate_lowhanging_fruit_privesc/","subreddit":"cybersecurity","title":"","upvotes":50,"user_id":"pope_friction"},{"content":"Egregor ransomware operators arrested in Ukraine | ZDNet","created_at":1613347377.0,"id":"ljr1c1","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljr1c1/egregor_ransomware_operators_arrested_in_ukraine/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"deadbroccoli"},{"content":"How to prevent hacker from making a reverse remote connection","created_at":1613345621.0,"id":"ljqhny","n_comments":7,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/ljqhny/how_to_prevent_hacker_from_making_a_reverse/","subreddit":"cybersecurity","title":"Hi I recently saw a [report](https://youtu.be/le71yVPh4uk?t=160) on how a crusader against phone scammers was able to make a reverse remote connection to the scammer's computer once scammer made/attempting to make a remote connection to his computer. What would be best way to **prevent such a reverse remote connection** being made from compromised machine? I want to **make sure I'm not opening myself up to attack when I am providing remote support**. is there a way to have an alert sent anytime there is a remote connection is active on my computer and what command allows me to quickly see all remote connections. I would like a solution for **chromebook** as well. I believe scammer was using teamviewer but I assume vulnerabilty is not unique to that software\n\nreference: [https://youtu.be/le71yVPh4uk?t=160](https://youtu.be/le71yVPh4uk?t=160)","upvotes":0,"user_id":"itst_org"},{"content":"25 Free Cybersecurity Resources, Courses, and Tools","created_at":1613344317.0,"id":"ljq37x","n_comments":2,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/ljq37x/25_free_cybersecurity_resources_courses_and_tools/","subreddit":"cybersecurity","title":"","upvotes":40,"user_id":"redtollman"},{"content":"Streaming Tutorials | Cyber Aces | Free online cybersecurity courses","created_at":1613344127.0,"id":"ljq159","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ljq159/streaming_tutorials_cyber_aces_free_online/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"redtollman"},{"content":"Can my iPhone 12 get a virus if I went on a website that said warning and not secure?","created_at":1613339195.0,"id":"ljonqv","n_comments":3,"percentage_upvoted":0.2,"permalink":"/r/cybersecurity/comments/ljonqv/can_my_iphone_12_get_a_virus_if_i_went_on_a/","subreddit":"cybersecurity","title":"My phone isn\u2019t jailbroken and I didn\u2019t download any apps which weren\u2019t from the App Store. Simply just went on a dodgy website by mistake from pressing a photo from google images.","upvotes":0,"user_id":"alanambl"},{"content":"Malicious e-mail trends during a global pandemic","created_at":1613337577.0,"id":"ljo99o","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljo99o/malicious_email_trends_during_a_global_pandemic/","subreddit":"cybersecurity","title":"Hi everyone, \n\nI\u2019m writing a research paper on the trends of malicious e-mails during the 2020 coronavirus pandemic. \n\nSurvey length is 5-10 minutes. \nNo PII is required or requested. \n\n[https://docs.google.com/forms/d/e/1FAIpQLSelsYvq3uCMrqcTV9vhnezcVnc591bi5wSYVwkdT6VNw6-QEQ/viewform?usp=sf_link](https://docs.google.com/forms/d/e/1FAIpQLSelsYvq3uCMrqcTV9vhnezcVnc591bi5wSYVwkdT6VNw6-QEQ/viewform?usp=sf_link)\n\nThank you!","upvotes":13,"user_id":"TediousFever"},{"content":"Looking at learning cyber security during lockdown","created_at":1613335347.0,"id":"ljnq4q","n_comments":3,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/ljnq4q/looking_at_learning_cyber_security_during_lockdown/","subreddit":"cybersecurity","title":"I\u2019ve been off work for a while now due to lockdown in the UK and I\u2019ve been looking at getting into cyber security, I have basic knowledge of computers from owning one for personal use, but don\u2019t have experience in much else for example coding. I\u2019m not sure where to start in terms of online courses to do with cyber security or wether I should learn code first, is anyone able to give me a point in the right direction? (Very enthusiastic reader so if anyone knows of any books that can give me the fundamentals that would be greatly appreciated) Thanks!","upvotes":1,"user_id":"Wutangnoodles"},{"content":"Looking for a cool website","created_at":1613335152.0,"id":"ljnoi2","n_comments":2,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/ljnoi2/looking_for_a_cool_website/","subreddit":"cybersecurity","title":"The site essentially has a list of all the websites, new old, that have challenges or games targeting at cybersecurity. I've lost the website but I had a lot of fun on it. It ranks new websites too. I'm looking for it right now so if I find it myself I'll post a follow up, but any help would be appreciated","upvotes":3,"user_id":"dhritiisingh"},{"content":"I want to start learning","created_at":1613334411.0,"id":"ljnie4","n_comments":7,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ljnie4/i_want_to_start_learning/","subreddit":"cybersecurity","title":"I want to start from scratch, I wouldn't say I have a background on the subject, but its concept sparked an interest, so I want to start digging deeper","upvotes":0,"user_id":"Fouad-Sendi"},{"content":"Hunting for CVE 2021-3156 with Auditd","created_at":1613329896.0,"id":"ljmkms","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/ljmkms/hunting_for_cve_20213156_with_auditd/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"BravelyCoward"},{"content":"How much likely is for a person from India with a Bachelors and 2.5 - 3 years of experience as a Security Engineer / Penetration Tester gets to land a job in US?","created_at":1613325101.0,"id":"ljlnms","n_comments":11,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/ljlnms/how_much_likely_is_for_a_person_from_india_with_a/","subreddit":"cybersecurity","title":"Hey guys, can you comment on the above question about what do you think like a person who has worked on Cloud Security Administration and Network Penetration Testing, been doing it for almost 3 years and now thinking to went abroad (United States) just because there are more opportunities, more learning and especially more $$$ in comparison to his own country. What are the chances that his dream might come true?","upvotes":1,"user_id":"07Kingslayer"},{"content":"I want to start learning about Cybersecurity.","created_at":1613320817.0,"id":"ljku3m","n_comments":19,"percentage_upvoted":0.79,"permalink":"/r/cybersecurity/comments/ljku3m/i_want_to_start_learning_about_cybersecurity/","subreddit":"cybersecurity","title":"Basically what the title says, but I don't know what question to ask because I don't even know anything. How/where can I begin to learn?","upvotes":28,"user_id":"Fouad-Sendi"},{"content":"Preparing to Issue 200 Million Certificates in 24 Hours","created_at":1613318398.0,"id":"ljkcr3","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljkcr3/preparing_to_issue_200_million_certificates_in_24/","subreddit":"cybersecurity","title":"","upvotes":20,"user_id":"uinerimak"},{"content":"SSH-MITM - Version 0.4.0 released with suport for port forwarding and check for CVE-2020-14145 OpenSSH <= 8.4","created_at":1613317537.0,"id":"ljk6up","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljk6up/sshmitm_version_040_released_with_suport_for_port/","subreddit":"cybersecurity","title":"Version 0.4.0 has support for port forwarding and check for CVE-2020-14145!\n\n**HELP NEEDED!** Please help to improve this awesome tool by **giving a star on github** (this will raise the authors motivation) or **writing about ssh-mitm** in your **tweets, facebook posts or scientific papers.**\n\nProject on Github: [https://github.com/ssh-mitm/ssh-mitm](https://github.com/ssh-mitm/ssh-mitm)\n\n**OpenSSH up to Version 8.4 Information Leak CVE-2020-14145**\n\nCVE-2020-14145 is a vulnerability in the openssh client up to version 8.4 (latest version), which allows the server to determine, if a client has cached fingerprint. By abusing this information a mitm server knows, if the client will abort the session with a man in the middle error or asks the user, if he/she trusts the fingerprint.\n\nTo check if the client is affected, you only must start ssh-mitm and connect your client to the server. It's not neccesary to accept the fingerprint. SSH-MITM shows in the log output, if your client is affected.\n\nClient connects for the first time:\n\n`2021-02-14 08:36:11,170 [INFO] CVE-2020-14145: Client connecting for the FIRST time!`\n\nClient has a local cached fingerprint:\n\n`2021-02-14 08:36:11,170 [INFO] Client has a locally cached remote fingerprint!`\n\n**Port Forwarding**\n\nWith the support for port forwarding, it's now possible to intercept connections, which are routed trough a ssh connection.\n\nLocal- and remote port forwarding are supported.\n\n**Other improvements**\n\nThe new version also uses better plugin names and the help command is improved, which lists all available plugins ant their description.\n\nExecuting commands without a terminal (`ssh remotehost 'ls -l'`) is now fixed and the command can be intercepted.\n\nThe host key algorithms can be configured. So you can test your clients with different keys length or algorithms.","upvotes":1,"user_id":"hugo_leitsnik"},{"content":"I'm wondering how far away I am..","created_at":1613314020.0,"id":"ljjdu8","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljjdu8/im_wondering_how_far_away_i_am/","subreddit":"cybersecurity","title":"Good morning/afternoon wherever you may be in the world.\n\nI've typed this out about three times now and decided against posting it, so i'm here on a throwaway to ask for some assistance.\n\nI recently have undertaken a Certificate IV in Cyber Security. A few lectures in we were told to go onto a Packet Tracer exercise and try our hand at answering the questions (I believe the exercise itself came from CISCO).\n\n[https://imgur.com/gallery/rXF4eZX](https://imgur.com/gallery/rXF4eZX)\n\nThe link above has 3 pictures in it (I apologise if I'm breaking any format/post norms here, I'm more than capable of fixing anything should it be required. Including posting to a different subreddit if required)\n\nThe diagram as you would no doubt all know is the topology and underneath that is the question, then the answer I have down so far.\n\nThe reason for my post is I am seeking someone to tell me either one here or via a private message how far away I am from the mark. I feel like I have explained it in my view, but I am very new to this. \n\nMy overall point for doing this is I have family in need of physical care and if I'm too far away from the point they're after, I'll know to drop this course before the debt arises and care for my grandfather until I can develop my skills more over the years. \n\n\nThank you in advance for any help.","upvotes":1,"user_id":"cybernewboi"},{"content":"Cyber Security in Myanmar","created_at":1613313542.0,"id":"ljja40","n_comments":54,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/ljja40/cyber_security_in_myanmar/","subreddit":"cybersecurity","title":"I have a few questions as to what I can do to keep my ISP from tracking any of my information and anything I post online as well as all my connected google accounts. \n\nNormally, I personally would not have given a fk about my ISP having my browsing info and all else but now it's different. \n\nMyanmar, where I am currently residing is in the midst of a military coup. Just recently they drafted a cyberlaw that would make even having a device illegal, to put it plainly. Although most of what they've proposed on that draft is highly impossible, and it needs to go through several telecoms and other reviews to be approved, it's pretty significant that our internet privacy is at risk. \n\nEvery night the military has been kidnapping people prominent in the protests, from government officials to protest leaders.. and I fear internet activists and journalists will be next. So far, they've detained over 360 people, including regular civilians at the protests. \n\nWhat I've said here is only the tip of the iceberg... I plan to document the full thing somewhere but I don't want to risk being tracked down by the military. I've gone down a cyber security rabbit hole since last night, I can't seem to get the answers I need. So far, I've downloaded Brave, felt safe using reddit and twitter cause apparently they're encrypted sites so the ISP cant track what I'm doing on the site other than that I'm on the site. \n\nThe military is allowed at any given time to demand Internet Providers for data on their users and track each person down. I'm afraid everyone online will be next to get kidnapped by the police at night.","upvotes":206,"user_id":"mnonemous"},{"content":"whats fastest way to verify that file hash of downloaded file matches the hash of the download source?","created_at":1613307570.0,"id":"ljhrm6","n_comments":7,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/ljhrm6/whats_fastest_way_to_verify_that_file_hash_of/","subreddit":"cybersecurity","title":" I want a quick way to very integrity of all my important downloads even if coming from a trusted source.","upvotes":6,"user_id":"itst_org"},{"content":"Where to look for jobs?","created_at":1613306430.0,"id":"ljhh1y","n_comments":5,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ljhh1y/where_to_look_for_jobs/","subreddit":"cybersecurity","title":"Hello all. I have a background in medical imaging (CT tech) and want to get into cybersecurity. One thing I don't get is where am I supposed to be looking for a job. Am I supposed to apply for every single company there is, ranging from retail shops to Google and what not?\n\n​\n\nThanks","upvotes":0,"user_id":"pto1995"},{"content":"Cybsecurity Capstone","created_at":1613304813.0,"id":"ljh1c7","n_comments":14,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ljh1c7/cybsecurity_capstone/","subreddit":"cybersecurity","title":"Need help capstone project\n\nHello everyone, please take a moment to fill out the survey and share the link. The more responses I get, the more it will help me with my final project for school. I'm closing the survey on March 10th. Please share the link with your friends, family, and colleagues. \n\nhttps://forms.gle/fxVhPfdQEoL4GFia6\n\nPlease know that I am not asking for any personal information in this survey. This survey is for my project to collect data on how the pandemic and technology have changed you.","upvotes":4,"user_id":"Matty172002"},{"content":"Need extra gcih practice exam","created_at":1613298215.0,"id":"ljf7dr","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ljf7dr/need_extra_gcih_practice_exam/","subreddit":"cybersecurity","title":"Hey cybersec community. Does anyone have an extra practice exam avail to give away for the sans gcih? I didn\u2019t score high enough as anticipated but still think I have room to improve. Would love another shot before my test if possible. \n\nThanks all!!!","upvotes":0,"user_id":"snownook"},{"content":"Danger of selling used phone","created_at":1613297048.0,"id":"ljeuv4","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ljeuv4/danger_of_selling_used_phone/","subreddit":"cybersecurity","title":"Hi all. Happy Chinese New Year.\n\nHaving waited nearly a month for the Samsung S21 to drop in price, I finally managed to get it a discount yesterday from a 3rd party seller. The good thing is that I can also trade in my used phone (Huawei Mate 20) so that makes it even better.\n\nHowever, I am little concerned with selling my used phone as from what I've researched online, your IMEI number can be used maliciously. Like don't get me wrong, I am definitely clearing all my data and factory resetting my used phone before trading it in but I'm just scared people could still theoretically use the IMEI number on that phone maliciously (like to clone the data or impersonate me) and somehow it would trace back to me.\n\nIs this an unfounded worry and is there anything else I should be more wary about?","upvotes":1,"user_id":"trevorleong"},{"content":"Is having multiple app-specific passwords a good idea?","created_at":1613294065.0,"id":"ljdzi3","n_comments":12,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/ljdzi3/is_having_multiple_appspecific_passwords_a_good/","subreddit":"cybersecurity","title":"When I was setting up app specific passwords for my Google account, the recommendation was to use a different app specific password for each app that needs one.\n\nIf I have a dozen apps, then I have a dozen different passwords. Doesn\u2019t having a dozen different wears to get into my account decrease my security instead of increase it?\n\nObviously, the best thing to do is to NOT use app specific passwords. But if you need them, is it better to have one password per app, or just one very strong password you use in all your apps?","upvotes":6,"user_id":"plazman30"},{"content":"Urgent help regard cyber security awareness","created_at":1613283496.0,"id":"ljaqee","n_comments":8,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ljaqee/urgent_help_regard_cyber_security_awareness/","subreddit":"cybersecurity","title":"Hello guys, i\u2019m a student and i need to make a small article about cyber security awareness.\ncan u please help me with brainstorming ideas that i should include while writing this article.","upvotes":0,"user_id":"NotATypical1"},{"content":"Social Cyber Security","created_at":1613280000.0,"id":"lj9k2t","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lj9k2t/social_cyber_security/","subreddit":"cybersecurity","title":"Is anyone aware of community sites for collaborative cyber security learning? ...except reddit ;)","upvotes":0,"user_id":"skynet_beer"},{"content":"What questions cybersecurity and business leaders need to be asking","created_at":1613277673.0,"id":"lj8r9h","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lj8r9h/what_questions_cybersecurity_and_business_leaders/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Gidoneli"},{"content":"Cyber security trends","created_at":1613277200.0,"id":"lj8lll","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lj8lll/cyber_security_trends/","subreddit":"cybersecurity","title":"Hey everyone, what are your opinions on the trends we're seeing in cyber security in 2021? Any list of topics I can research will be greatly appreciated :)","upvotes":1,"user_id":"tig121"},{"content":"DarkSide Ransomware Hit Canadian Discount Car and Truck Rentals","created_at":1613274888.0,"id":"lj7tf0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lj7tf0/darkside_ransomware_hit_canadian_discount_car_and/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"harshsharma9619"},{"content":"Advice for fairly priced secure and private ecosystem for personal use on multiple devices?","created_at":1613272793.0,"id":"lj73yd","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lj73yd/advice_for_fairly_priced_secure_and_private/","subreddit":"cybersecurity","title":"So I've finally decided to try to take privacy and security more seriously. \n\nBut I am not sure what to go for, as I want to find a good balance between price, security, privacy and \"ease-of-use\". \n\nFirst and foremost I am looking for this, that works and syncs with most OS (win, mac, linux, android & ios) as I use a mix of those: \n**- email** \n**- cloud (doesn't have to be very large)** \n**- password manager**\n\nI guess I am looking for what the *Proton Ecosystem* is offering now that they also have a Drive in beta. Is the *Zoho ecosystem* secure and private enough, perhaps?\n\nOr should I just mix and match?\n\nI don't need the security and privacy to be \"over-the-top\", it's not like I'm going to do anything illegal or anything. I just want to have an e-mail and a cloud that I can trust that no one else than me can access and read.","upvotes":1,"user_id":"athorod"},{"content":"Hack Chat // HD Moore // The Journey of a Hacker and Entrepreneur","created_at":1613268431.0,"id":"lj5nm9","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lj5nm9/hack_chat_hd_moore_the_journey_of_a_hacker_and/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Cyberthere"},{"content":"Question about mimikatz","created_at":1613267975.0,"id":"lj5hkf","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lj5hkf/question_about_mimikatz/","subreddit":"cybersecurity","title":"Ok so I just listened to the episode of Darknet Diaries that discusses notpetya malware and Jack goes on a small rant about mimikatz and windows authentication security. I have used mimikatz in CTF's and it is extremely effective, but my question is how effective is it in the wild? Is it still relevant or is there a better winpriv tool?\n\nEdit: forgive the formatting, I'm on mobile.","upvotes":3,"user_id":"pyros642"},{"content":"Create an md-5 hash cracker using go lang","created_at":1613265325.0,"id":"lj4m09","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lj4m09/create_an_md5_hash_cracker_using_go_lang/","subreddit":"cybersecurity","title":"[https://burpoverflow.medium.com/create-a-md-5-hash-cracker-using-go-lang-26d847d7d027](https://burpoverflow.medium.com/create-a-md-5-hash-cracker-using-go-lang-26d847d7d027)","upvotes":0,"user_id":"BurpOverflow"},{"content":"Throwing it out there...","created_at":1613264704.0,"id":"lj4epg","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lj4epg/throwing_it_out_there/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"frassacasss"},{"content":"Agent7 - Endpoint Security solution (Looking for contributors!)","created_at":1613263744.0,"id":"lj430r","n_comments":6,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lj430r/agent7_endpoint_security_solution_looking_for/","subreddit":"cybersecurity","title":" Hey all, \n\nJust posted my endpoint security/monitoring tool on [Github](https://github.com/bmarsh9/agent7/blob/main/README.md) for anyone to use. Feel free to check it out! PR's and contributors are encouraged! At a super high level, agents collect a bunch of targeted information from endpoints (and Active Directory) and send it to a centralized server. \n\nAlso wrote a blog post on it [here](https://www.sec-eng.tech/2021/02/11/agent7-an-security-agent-that-doesnt-suck-i-hope/)\n\nThanks! (but really, looking for people to help out and build it more)","upvotes":10,"user_id":"skywalker_1391"},{"content":"Does having your own domain increase email security?","created_at":1613262894.0,"id":"lj3t7b","n_comments":16,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/lj3t7b/does_having_your_own_domain_increase_email/","subreddit":"cybersecurity","title":"If so, **how** does having your own domain increase email security?\n\nLet's say I create a Protonmail email account. \nDoes having my own domain somehow increase security?\n\nHow does it work? \nIf you have your own domain, is it as simple as pointing/forwarding email to a provider?\n\nI am not interested at this time in hosting a website. I am more interested in security/privacy.\n\nThank you all","upvotes":1,"user_id":"ag100pct"},{"content":"Secure Document Center(s)","created_at":1613261316.0,"id":"lj3awf","n_comments":5,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lj3awf/secure_document_centers/","subreddit":"cybersecurity","title":"Seeing more and more organizations switch to these.\n\nOn a zoomed out level, doesn't this just create *more* accounts, and *more* potential vectors of leaking? Trying to see what problem this solves.","upvotes":2,"user_id":"Cinderbike"},{"content":"Am i hacked ?","created_at":1613261013.0,"id":"lj37aa","n_comments":16,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lj37aa/am_i_hacked/","subreddit":"cybersecurity","title":"Got an email containing my password from a forum account i haven't used in a couple of years. In the email the guy said he installed some malware via the browser while i was watching porn, and that he has videos of me masturbating, that he obtained using my webcam.\n\nHe wants me to send him 5000$ in btc and he gave me a wallet.\n\n Now here's the thing, i've never typed that password via the phone, i dont keep my webcam plugged in the PC, and i dont even watch porn on the desktop.\n\n So my guess is that he bruteforced that forum, got my email and password and than sent me this email to try and scare me into giving him the money. Btw im not paying either way cuz, \n\n1)i think hes bluffing \n2)i dont have any money lol\n3) the forum is an illegal wow server owned by the russians, and the ip that sent me an email was also russian, so it may be an inside job from an admin or smt.\nOn top of all of this i am using a linux distro, and i seriously doubt that he could have installed any malware on my pc without me knowing about it. But maybe im wrong... idk. Any way to check and be sure ?\n\nSo what do you guys think ? And what do you think i should do ?\n\n\nEdit: Thanks everyone, you all made me feel safer.","upvotes":0,"user_id":"bunnyfucker258"},{"content":"VBA that parses Outlook for sensitive keywords and attachments, exfiltrating via email","created_at":1613259881.0,"id":"lj2u52","n_comments":0,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lj2u52/vba_that_parses_outlook_for_sensitive_keywords/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"Raptur3d"},{"content":"If you\u2019re looking for a career in CyberSecurity but, don\u2019t know what specialization to go into. Consider checking out my new video","created_at":1613258010.0,"id":"lj2a08","n_comments":19,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/lj2a08/if_youre_looking_for_a_career_in_cybersecurity/","subreddit":"cybersecurity","title":"","upvotes":76,"user_id":"aroe3"},{"content":"OnlyFans account gone?","created_at":1613257600.0,"id":"lj25iy","n_comments":12,"percentage_upvoted":0.11,"permalink":"/r/cybersecurity/comments/lj25iy/onlyfans_account_gone/","subreddit":"cybersecurity","title":" Hi. I logged in to my Only Fans just now to discover that my 4 subscriptions are gone, including one i started just a couple of hours ago. I am using the right email as i can see the registration email in my inbox. But there is no trace of any subscriptions, there is no card registered to the account and my messages are gone. So what has happened?","upvotes":0,"user_id":"vicarious90"},{"content":"An assassination plot against India's PM sent a bunch of of his critics to jail. A recent WashingtonPost report revealed that evidence was allegedly planted in a Windows laptop by an attacker. A Remote Access Trojan(RAT) was used to plant documents. Are such attacks possible in Linux & Mac too?","created_at":1613256271.0,"id":"lj1rk2","n_comments":32,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/lj1rk2/an_assassination_plot_against_indias_pm_sent_a/","subreddit":"cybersecurity","title":"","upvotes":97,"user_id":"rqhul"},{"content":"Does USB really more secure than SATA?","created_at":1613254511.0,"id":"lj1a9f","n_comments":9,"percentage_upvoted":0.38,"permalink":"/r/cybersecurity/comments/lj1a9f/does_usb_really_more_secure_than_sata/","subreddit":"cybersecurity","title":"I found this page [https://libreboot.org/faq.html](https://libreboot.org/faq.html)) and it stated that USB is secure than SATA because USB does not have DMA. However, USB also has vicious and undetectable attack like Badusb ([https://hackaday.com/tag/badusb/](https://hackaday.com/tag/badusb/)).\n\nWhich one is the least to get a backdoor/malicious firmware for average joe when buying physical storage, USB or (HDD/SSD)?","upvotes":0,"user_id":"grateafloieltrysien"},{"content":"Free Scenario Based DFIR cases","created_at":1613253591.0,"id":"lj10yc","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lj10yc/free_scenario_based_dfir_cases/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"OOptions"},{"content":"Do I need to have a formal degree in cybersecurity?","created_at":1613252492.0,"id":"lj0qu6","n_comments":7,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lj0qu6/do_i_need_to_have_a_formal_degree_in_cybersecurity/","subreddit":"cybersecurity","title":"**Backstory:** I have recently graduated with a BSc in electrical engineering. I am currently working as a junior dev with Python and some Java. I have wanted to go into cybersecurity, since about halfway through my BSc. I was never sure how to go about it and figured that the most logical way to get into it is through university. Fast forward to one month ago and I started a MSc in cybersecurity. \n\nNow comes the tricky part. The course is entirely online and the lectures are lackluster (and way too short to really get into the material). I have done free courses on [cybrary](https://www.cybrary.it/) (Network+ and Security+) as well as the material on exploitation on [LiveOverflow](https://www.youtube.com/watch?v=iyAyN3GFM7A&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN), so it's not all that confusing. However, I don't seem to be getting much out of the uni course, considering that I am paying a pretty penny. At this point, I want to continue learning and progressing in the field of cybersecurity but am unsure if the formal route (eg. University MSc degree) is all that worth it.\n\nDo you need a degree to start working in security? If not what are the alternatives (cert, internship, etc.) and how comparable are they to actually having a formal degree? Is cybersecurity more or less like a dev job, where you are judged by your skillset? \n\nAny feedback and advice will really helpful. \n\n​\n\nPS. I am not that concerned about the monetary expenses for the degree, but rather the value I can get out of it. I don't want to have a pretty paper at the end of the two years that's not going to contribute much. I would much prefer the knowledge and actual career success.","upvotes":0,"user_id":"directx8"},{"content":"Crack this","created_at":1613251096.0,"id":"lj0elo","n_comments":5,"percentage_upvoted":0.2,"permalink":"/r/cybersecurity/comments/lj0elo/crack_this/","subreddit":"cybersecurity","title":"Use your powers of observation and identify algorithm for decode/dehashing/decrypt the following data.\nIn encryption section, we are using Symmetric-key algorithm with ECB mode and 128 sized key and key is \"0fffff713370ffff\".\n\nEncoded DATA :\t\nVkd0a1ZrMXJOVlZaZWtKT1lsWkZlRlJZY0ZwTlZUVnhWRlJPVDFaSFRqVlViWEJXWlZVeE5sUlVUazVsYkVZMlZHeFNUazFyTVRaYU0zQlBaV3N4TTFSWWNFNWxhekZGVkZod1RtRnJNRGs9\n\n\n\nHashed DATA :\t\n97624f8e595158f1e113d4b4dd0acf87e847ae5f\n\n\n\nEncrypted DATA :\t\nvFQvCl3g8fZV7pwGQyHjLC/YNxHQKy1y6Ly0L6tVN9g=","upvotes":0,"user_id":"Error404xx0xx"},{"content":"Cybersecurity classes, what will you like to learn?","created_at":1613250653.0,"id":"lj0ara","n_comments":8,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/lj0ara/cybersecurity_classes_what_will_you_like_to_learn/","subreddit":"cybersecurity","title":"On Tuesday I start my first day as a teache (in MX), the class I'll give is Intruction to Cybersecurity, but the syllabus the school gave me to follow, is quite old, and even some of the books are discontinued and \"impossible\" to find. Therefore, I told the principal all this problems and he was really open and told me I could change it as much as I wanted.\n\nWhat will be the main topics to teach in a introductory class?","upvotes":9,"user_id":"ferpalma21"},{"content":"US IRS Warns About Phishing Campaign Stealing Sensitive Data From Tax Pros","created_at":1613247203.0,"id":"lizh1u","n_comments":0,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/lizh1u/us_irs_warns_about_phishing_campaign_stealing/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"harshsharma9619"},{"content":"What's the big deal with passwords?","created_at":1613243491.0,"id":"liyokj","n_comments":53,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/liyokj/whats_the_big_deal_with_passwords/","subreddit":"cybersecurity","title":"","upvotes":412,"user_id":"docsan"},{"content":"Best site to check last found vulnerabilities?","created_at":1613240668.0,"id":"liy3lh","n_comments":4,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/liy3lh/best_site_to_check_last_found_vulnerabilities/","subreddit":"cybersecurity","title":"Does someone know any good site to check the last vulnerabilities? (Maybe sites used from companies to monitor their security and know it they have to patch something urgently)","upvotes":4,"user_id":"SmokeyShark_777"},{"content":"Kali extremely infected this morning","created_at":1613240259.0,"id":"liy0mk","n_comments":7,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/liy0mk/kali_extremely_infected_this_morning/","subreddit":"cybersecurity","title":"Good morning,\nI use kali os for educational purposes and today I downloaded the version off their official website I have done it like 900 times before but this time the antivirus found 750 extremely malicious elements, additionally nearly all of the files in a folder of my desktop have been turned to cache files.\nI\u2019m confused about this...\nI checked the pgp keys of the software and they are all legitimate so the website of kali was not hacked or compromised apparently...\nBut I swear I never seen so many virus alerts on a system... ridiculous...\nDoes anyone know what happening and what I should do next?\nThanks","upvotes":0,"user_id":"AMAZINGFLIGHT64"},{"content":"Oppressive Government. How to Anonymize My Internet Presence?","created_at":1613237912.0,"id":"lixjf4","n_comments":10,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lixjf4/oppressive_government_how_to_anonymize_my/","subreddit":"cybersecurity","title":"As the title says. I cannot express myself freely through social media without worrying about legal fire.\n\nI know about numerous cases about parliament members scavenging through social media to find comments that are speaking against them, filing a suit, and squeezing poor kids making minimum wage for \u20ac2000+ fines.\n\nI'll be honest. I want to be prepared for a scenario where the authorities might contact a social media provider for my information. IP etc, the profile would be a fake anyway. How can I prevent that from happening? \n\nIs the TOR network through a TAILS installation enough?","upvotes":4,"user_id":"VanFinFon"},{"content":"Making the jump into cybersec while in college.","created_at":1613220392.0,"id":"litg28","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/litg28/making_the_jump_into_cybersec_while_in_college/","subreddit":"cybersecurity","title":"I made a post yesterday and got some pretty helpful comments, but I have another dilemma about going into cybersecurity. My college does not offer degrees in cybersec (maybe because its a very new field). However, they do have a CS program that has a specialization branch in cybersecurity.\n\nIf I wanted a lucrative cybersecurity career, should I continue with the degree and try to get some certs along the way? People say that a degree with no experience is not every employable in this field. So if experience is so important, why should I still be in college when I could just be working on pure certs and experience? School takes up a lot of my energy, which could be put towards experience gathering. And to be honest, I have always hated school. If there is a way to get ahead in life without having to go to college, that would be awesome. Im just nervous about dropping out, getting ready for this industry, then realizing that I should have just suffered another 3 years to get that diploma. I feel like a degree would be even less helpful for me if it wasnt even a \"dedicated\" cybersec degree. Its still a CS degree, its just earned with cybersecurity electives.\n\nIt just seems so tempting to just get out of here, get some basic certs on my own, and get a entry level job at a help desk at a young age to start the climb early. I would be 3 years ahead of my peers, and gathering hands on experience right away. But just leaving college as a whole just seems scary. What if I ended up not even liking it despite this field seeming attractive to me right now? Should I just try to stay in school and get experience at the same time? If so, how would I gain experience while also working toward a degree? Please offer me some insight. I am willing to finish the program if it means I have more doors open for upward mobility and opportunity. I hate traditional school, but its not the worst thing in the world. Im already done with 1 year of college and it felt pretty fast, so 3 more years does not seem too long.\n\nFor some more context: my family is pretty well off, and my college is relatively affordable so money is not an issue. I also have not stepped foot on my college campus yet due to the pandemic, so I still have not experienced true college. If I were to drop out, I would do it after having tested the waters at real school.","upvotes":2,"user_id":"RedacteddHT"},{"content":"Trying to find a GitHub/website that showed that even in incognito mode, they could track that you visited it. Even with cookies disabled","created_at":1613216185.0,"id":"lisaaq","n_comments":3,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lisaaq/trying_to_find_a_githubwebsite_that_showed_that/","subreddit":"cybersecurity","title":"I think it had the word \u201cmagic in its name\u201d. It has its own GitHub. Any ideas or anyone know what I\u2019m talking about.","upvotes":13,"user_id":"Highfivesghost"},{"content":"What would a typical use case be for using Wireshark as a security analyst?","created_at":1613211343.0,"id":"liqxlh","n_comments":11,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/liqxlh/what_would_a_typical_use_case_be_for_using/","subreddit":"cybersecurity","title":"I have found info online about analysing existing wireshark traffic logs/pcap files but in a cyber security role i imagine it very unlikely wireshark would have be running while a user for instance browses to a malicous website. I would imagine it more likely you would somehow leverage wireshark after a suspected compromise.\n\nCould someone please advise on scenarios in which they use wireshark in their cyber security role?\n\nThanks","upvotes":5,"user_id":"cbriss911"},{"content":"HONESTLY! Will the COMPTIA CYSA+ Land you a role as A SOC Analyst ?Does it truly Give you the necessary skills ?What are the necessary skills to Land that role?","created_at":1613203708.0,"id":"lioixp","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lioixp/honestly_will_the_comptia_cysa_land_you_a_role_as/","subreddit":"cybersecurity","title":"FYI! I have two years experience with help desk TIER 1 AND as a Field Engineer II. I have SEC+ 2020 July and AWS CCP Jan 2021. I have been applying since JUL and nothing has CAME THRU. Debating if the CYSA will give me that edge to land that role. IF NOT what will. All recommendations are welcome","upvotes":0,"user_id":"mastermynd_rell"},{"content":"UDEMY - Red Team Ethical Hacking - Intermediate - $9.99 Coupon (5 days)","created_at":1613201792.0,"id":"linw3s","n_comments":4,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/linw3s/udemy_red_team_ethical_hacking_intermediate_999/","subreddit":"cybersecurity","title":"Hello! I just created this new Red Team course a week ago.\n\nThis is the cheapest Udemy lets me create a coupon (without making it free), and it expires in a few days.\n\n[https://www.udemy.com/course/red-team-ethical-hacking-intermediate/?couponCode=B663E0C3EFEBB27614D5](https://www.udemy.com/course/red-team-ethical-hacking-intermediate/?couponCode=B663E0C3EFEBB27614D5)\n\nMy curriculum covers Red Team concepts ranging from process injection, lateral movement, persistence, and evasion.\n\nI appreciate any support, as 97% will go to me instead of Udemy through this link.\n\nAlso, in case anyone is interested as well, the following link is for my older Beginner's course.\n[https://www.udemy.com/course/red-team-post-exploitation-beginner/?couponCode=4FB6E27B3697812D7612](https://www.udemy.com/course/red-team-post-exploitation-beginner/?couponCode=4FB6E27B3697812D7612)","upvotes":8,"user_id":"chrispentester"},{"content":"Is unencrypted LAN->LAN wireless traffic plaintext to those not on your network?","created_at":1613199679.0,"id":"lin5wu","n_comments":7,"percentage_upvoted":0.72,"permalink":"/r/cybersecurity/comments/lin5wu/is_unencrypted_lanlan_wireless_traffic_plaintext/","subreddit":"cybersecurity","title":"Scenario: I'm communicating with my router's management interface wirelessly, self-signed untrusted cert. Of course someone who is on my network will be able to view this communication as plaintext.\n\nWhat about an individual who is not authenticated into my network? Can my neighbour, for instance, intercept these unencrypted packets and gather information? Or is my wireless network traffic ALWAYS encrypted with the SSID's preshared key, and thus only decryptable to those with the wireless credentials?","upvotes":3,"user_id":"Crusher2197"},{"content":"Sales associate offer from AT&T & Comcast. Potential to move to a cybersecurity position","created_at":1613198043.0,"id":"liml36","n_comments":3,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/liml36/sales_associate_offer_from_att_comcast_potential/","subreddit":"cybersecurity","title":"I have gotten 2 job offers for sales positions without applying and thought that maybe I can use this opportunity to transfer to a infosec job in the future. Is a sales position at a tech company worth it for ot someone with no IT experience","upvotes":0,"user_id":"alan5031"},{"content":"Interview Experience","created_at":1613196161.0,"id":"lilybd","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lilybd/interview_experience/","subreddit":"cybersecurity","title":"Hello folks\nThis is another \u201cvent off\u201d post that I just had to write to release some steam! \n\nI have recently gone through a series of various interview rounds, 5 rounds to be specific. The whole thing was just moving in a perfect manner only for the whole thing to come to a dead end. \n\nThe company is \u201cprofessional\u201d and is becoming a big name in the industry. I thought kudos to us candidates who are always showing the utmost professionalism, while corporates can suddenly just bring the whole thing to a halt without any considerations. \n\nHow difficult would it be to send a simple email? We all know business circumstances can change, requirements also could change, or the company might just found a better candidate, but this doesn\u2019t mean that you don\u2019t let the other candidates know of any feedback. \n\nIt\u2019s been 5 weeks since the last interview and I haven\u2019t heard anything back from them. It\u2019s really funny that we\u2019re in 2021 and still being considerate and respectful seem to be far away from being the norm! \n\nI have already moved on, but whenever I think about all of the preparation and efforts that I had to make during the whole process, I feel sorry for how the system works. \n\nMy best wishes that nobody goes through this same experience!!","upvotes":4,"user_id":"devoo984"},{"content":"Yandex Disclosed Data Breach Affecting 4,887 Employees Email Boxes","created_at":1613194390.0,"id":"lilbxx","n_comments":1,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lilbxx/yandex_disclosed_data_breach_affecting_4887/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"harshsharma9619"},{"content":"Where to start?","created_at":1613194233.0,"id":"lil9zu","n_comments":5,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lil9zu/where_to_start/","subreddit":"cybersecurity","title":"25 year old male here, based in UK looking for a new career path with an interest in IT, specifcally wanting to learn more about Cyber Security. I have a few questions:\n\nWhat are the most relevant qualifications needed?\n\nAre there companies available that train you/pay whilst you learn in a specific cyber security role?\n\nDo you work in this job sector and what advice would you give?\n\n​\n\nAppreciate any help.","upvotes":0,"user_id":"Ryzzthebizz"},{"content":"Nervous about getting into Cybersec.","created_at":1613189927.0,"id":"lijr0y","n_comments":13,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lijr0y/nervous_about_getting_into_cybersec/","subreddit":"cybersecurity","title":"I am a first year college student currently in a bachelors program for CS. I have kinda gotten over software dev and have become interested in cybersec, but im nervous about it. How can I ensure that its for me? My school does not have a bachelors in IT, only masters. Do I need to stay with CS (which i dont really like as much as I thought I would), or get a vocational IT degree? I am willing to drop out of my 4 year to go to trade school for IT assuming thats what I end up going for. During my research on this career path, I see that the most employable things are experience, certs, and maybe a degree. My situation is a bit weird, because my family (luckily) can afford a 4 year college, but I dont really know if I even want to stay in my program. However, I have not even been to real college yet due to the pandemic, so maybe I still have to experience it in real life. Please help.","upvotes":4,"user_id":"RedacteddHT"},{"content":"SEC504: GCIH","created_at":1613189501.0,"id":"lijlnc","n_comments":5,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/lijlnc/sec504_gcih/","subreddit":"cybersecurity","title":"Just passed GCIH with an 89, wasn\u2019t too bad. The material is super useful if you\u2019re in an analyst position. I\u2019m around to help anyone if they need some tips or are worried about anything.","upvotes":11,"user_id":"MoodSwingzzz"},{"content":"Human Operated Ransomware","created_at":1613188881.0,"id":"lijdlc","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lijdlc/human_operated_ransomware/","subreddit":"cybersecurity","title":" Human Operated Ransomware: \n[https://docs.microsoft.com/en-us/security/compass/human-operated-ransomware?WT.mc\\_id=WDIT-MVP-5002293](https://docs.microsoft.com/en-us/security/compass/human-operated-ransomware?WT.mc_id=WDIT-MVP-5002293)\u200b\u200b\u200b\u200b\u200b\u200b\u200b \n\n\\#Microsoft #MSDocs #Security #CyberSecurity","upvotes":0,"user_id":"hoorge"},{"content":"Cyber security programs around DMV","created_at":1613188751.0,"id":"lijbkv","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lijbkv/cyber_security_programs_around_dmv/","subreddit":"cybersecurity","title":"Does anyone have any cyber security programs that you recommend around the DMV area.","upvotes":1,"user_id":"grussom214"},{"content":"What\u2019s most interesting about the Florida water system hack? That we heard about it at all.","created_at":1613188732.0,"id":"lijbbu","n_comments":35,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lijbbu/whats_most_interesting_about_the_florida_water/","subreddit":"cybersecurity","title":"","upvotes":339,"user_id":"fragrance-harbour"},{"content":"Wireshark finding TCP from ::1?","created_at":1613188556.0,"id":"lij8xz","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lij8xz/wireshark_finding_tcp_from_1/","subreddit":"cybersecurity","title":"What source is *that* IP address? \n\n\nI am growing suspicious that my comp has a virus but don't know enough about computers to say for sure or where to dig\n\n​\n\nI can provide Length and Info if that won't dox my port.\n\nTHnkas","upvotes":1,"user_id":"Tendee-cal_Analysis"},{"content":"What's the deal on spoofed email?","created_at":1613188070.0,"id":"lij2to","n_comments":7,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lij2to/whats_the_deal_on_spoofed_email/","subreddit":"cybersecurity","title":"I received an email from someone who I rarely hear from:\n\nSubject: Help ! ! \n\nGood Morning, \nHow are you? I need a favor from you. \nThanks. Regards \nName\n\nFirst thing I did was check the header...it did not come from the person...or even their email provider.\n\nCurious I hit reply...just to see where the reply went to (did not intend to send). \nIt went the person's real email account.\n\nThere were no attachments...no links... no feigned return address.\n\nSo what's the dealio? Somebody just messin....or am I naive?","upvotes":2,"user_id":"ag100pct"},{"content":"Need help","created_at":1613187909.0,"id":"lij0tb","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lij0tb/need_help/","subreddit":"cybersecurity","title":"Hello \n\nSuggest me a subject pleaase for my 15 days project at school . \n\nPS: Just starting to learn the cybersecurity","upvotes":0,"user_id":"MemoryResponsible480"},{"content":"Australian Clinical Data Breach February 2021. QIMR Berghofer Medical Research Institute caught up in Accellion breach with 620MB of the data appearing to have been accessed on 25 December","created_at":1613187577.0,"id":"liiwko","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/liiwko/australian_clinical_data_breach_february_2021/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"kirbyIDau"},{"content":"Optimize vulnerability scanning with memory immunization","created_at":1613187055.0,"id":"liipre","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/liipre/optimize_vulnerability_scanning_with_memory/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"rjrait"},{"content":"Exploiting Local File Inclusion in Node.js | TryHackMe Advent of Cyber 1 Day 15","created_at":1613185730.0,"id":"lii7se","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lii7se/exploiting_local_file_inclusion_in_nodejs/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"MotasemHa"},{"content":"IS THIS A VIRUS?","created_at":1613185486.0,"id":"lii4ij","n_comments":11,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lii4ij/is_this_a_virus/","subreddit":"cybersecurity","title":" \n\nSorting\\\\SortDefault.nls\n\n **umpc.dll file** \"[locale.ls](https://locale.ls/)\" and \"libprotobuf.dll\" \n\nran a proc surveying program and found these files without any description, company name, etc. our internet (netgear router) has been flipping awful the last 3 days and we cannot figure out why\n\n​\n\nWoudl these be threats? how/where can I figure this out? \n\n\nThank you, oh brilliant tech-savvy redditors :3","upvotes":1,"user_id":"Tendee-cal_Analysis"},{"content":"SecurityHeaders.com","created_at":1613183735.0,"id":"lihgd2","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lihgd2/securityheaderscom/","subreddit":"cybersecurity","title":"\nHi,\n\nI've been experimenting with this free web app. Quickly grades a site that user enters and scans the site for what HTTP security headers are enabled/enforced on that site. Then it grades the results. Examples:\n\nMicrosoft.com: C;\nApple.com: C;\nAmazon.com: C;\nFacebook.com: A;\nGoogle.com: D;\nNetflix.com: C;\nNSA.gov: C\n\nThe grades seem to be a result of what headers are missing or present and possibly how they're implemented. \n\nObviously not a full security review/assessment., but what are your thoughts on the value of the the info/details retuned by this service?\n\nThanks.","upvotes":1,"user_id":"Senor-Mgmt"},{"content":"An interesting overview of this week's Cyber Security News","created_at":1613183453.0,"id":"lihckv","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lihckv/an_interesting_overview_of_this_weeks_cyber/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"maorsh"},{"content":"Need advice on home router with device based black/white listing","created_at":1613182774.0,"id":"lih3mv","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lih3mv/need_advice_on_home_router_with_device_based/","subreddit":"cybersecurity","title":"I'm trying to help my someone with the following firewall requirements:\n\nOn a home router, for a given client mac address:\n\n1) deny all traffic\n2) permit traffic to external sites/IPs matching a whitelist\n\nThe goal is to provide a child with access only to sites needed to conduct remote learning. There's no need to refer to an external source for site black/white listing.\n\nMost parental controls I've seen attempt to filter. This use case does not need filtering. It's very targeted.\n\nAny ideas?","upvotes":0,"user_id":"IamMyQuantumState"},{"content":"What to do for CEU / ECE credits to maintain certificates?","created_at":1613180960.0,"id":"lige7y","n_comments":3,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lige7y/what_to_do_for_ceu_ece_credits_to_maintain/","subreddit":"cybersecurity","title":"What do you guys typically do for Continuing Education Units / EC-Council Continuing Education Credits to maintain your certifications and keep renewing them?\n\nI am currently a student in a Cyber masters program so its easy, but I'm curious what people typically do later in life.","upvotes":2,"user_id":"WillHackForBeer"},{"content":"I hold the CISSP, Cobit 2019 and working on CGEIT but no job :(","created_at":1613179819.0,"id":"lifygi","n_comments":14,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lifygi/i_hold_the_cissp_cobit_2019_and_working_on_cgeit/","subreddit":"cybersecurity","title":"Does anyone have any recommendations on where to start? What companies are actively looking for help desk employees? I have a BS in Cyber I hold industry certs I have IT job experience I can't land a job to save my life. Please kind words and tips would be greatly appreciated.","upvotes":0,"user_id":"diorhelp"},{"content":"The Good, the Bad and the Ugly in Cybersecurity - Week 7","created_at":1613179809.0,"id":"lifybe","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lifybe/the_good_the_bad_and_the_ugly_in_cybersecurity/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Cyberthere"},{"content":"Small hidden camera","created_at":1613179513.0,"id":"lifu9i","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lifu9i/small_hidden_camera/","subreddit":"cybersecurity","title":"Anyone ever had to try to make a little sting operation with a hidden camera? We have some fishy stuff trying to figure out at work, and boss wants to buy one. Trying to find something small with no WiFi access, that just records motion and in darkness, hopefully. Was gonna use a raspberry pi, but it would be a little hard to hide where we are conducting this. \n\nWe have one already in a small fan, that is powered by raspberry pi. But would be hard to place in this said location. Would just look a little funny to see fan in a server area.","upvotes":0,"user_id":"Soradgs"},{"content":"Strange Devices' IPs Showing up in my Network?","created_at":1613178838.0,"id":"lifkqw","n_comments":9,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lifkqw/strange_devices_ips_showing_up_in_my_network/","subreddit":"cybersecurity","title":"From China, Some from Virginia, US. WHy would these get into my network? \nI ran WireShark and found some TLS traffic coming from Virginia, USA, why? I do not live in that segment of the continent\n\n​\n\nMy internet has been slow, jerky and bad as of late, despite being pretty good b4 hand. I h8 to sound ignorant and paranoid (though I am the FORMER hah) but a very scary possibility of hacking?\n\nWhat do?\n\nTHank you all!","upvotes":0,"user_id":"BionicleFBrE4"},{"content":"Biden Pledges Tough Response To Cyberthreats. Experts Say It Won't Be Easy","created_at":1613176215.0,"id":"lielr5","n_comments":8,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/lielr5/biden_pledges_tough_response_to_cyberthreats/","subreddit":"cybersecurity","title":"","upvotes":19,"user_id":"wewewawa"},{"content":"Taking CEH exam only with the eJPT knowledge","created_at":1613175697.0,"id":"lief3o","n_comments":8,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lief3o/taking_ceh_exam_only_with_the_ejpt_knowledge/","subreddit":"cybersecurity","title":"Hi ! I wondered if you guys think it would be possible to pass the CEH exam only with the eJPT knowledge. \n\nFrom what I have seen on forums the eJPT and the CEH seem to cover approximatively the same content. Since I already passed the eJPT, I was wondering if taking the 850$ CEH course was worth the price or if I could simply take the CEH exam without failing miserably","upvotes":3,"user_id":"PetiteGousseDAil"},{"content":"COVID-19 leads to explosion in cyberattacks, data breaches","created_at":1613172675.0,"id":"lidcx2","n_comments":0,"percentage_upvoted":0.73,"permalink":"/r/cybersecurity/comments/lidcx2/covid19_leads_to_explosion_in_cyberattacks_data/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"WebLinkr"},{"content":"Google paid $6.7 million to bug bounty hunters in 2020 - Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.","created_at":1613172252.0,"id":"lid7q0","n_comments":10,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lid7q0/google_paid_67_million_to_bug_bounty_hunters_in/","subreddit":"cybersecurity","title":"","upvotes":133,"user_id":"speckz"},{"content":"JOB AVAILABILITY?","created_at":1613172213.0,"id":"lid78i","n_comments":6,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lid78i/job_availability/","subreddit":"cybersecurity","title":"Possibly getting a BS in cyber security, what is job availability after finishing or while obtaining? I enjoy, respect and admire this field.","upvotes":0,"user_id":"M3ANREDHEAD"},{"content":"Weekly cybernews recap:","created_at":1613170125.0,"id":"licgzj","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/licgzj/weekly_cybernews_recap/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"caramel_member"},{"content":"The \"P\" in Telegram stands for Privacy","created_at":1613168347.0,"id":"libx4q","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/libx4q/the_p_in_telegram_stands_for_privacy/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"input0"},{"content":"How do you stay up to date on cybersecurity news and new things within cybersecurity in general?","created_at":1613166947.0,"id":"libhhv","n_comments":35,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/libhhv/how_do_you_stay_up_to_date_on_cybersecurity_news/","subreddit":"cybersecurity","title":"","upvotes":77,"user_id":"jbagel27"},{"content":"How to make my login system secure?","created_at":1613166917.0,"id":"libh5w","n_comments":5,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/libh5w/how_to_make_my_login_system_secure/","subreddit":"cybersecurity","title":"Hello guys. I am building my own Website and my next big step is the login system (with node, express and mongodb ). \n\nI did some tutorials where i built a registration and login form, which sends the data to my db, where i used JWT, bcrypt and salt in these tutorials. \n\nNow i am about to implement it in my own site and im wondering how i can make it secure as possible. I will not store important information like credit card data, but it still has to be secure. \n\nWhat i have so far is just a ssl certificate (everything runs over https). I thought about doing the authentication with bcrypt, so the data is stored hashed. I am still wondering, how can i implement JWT. I might be confused or i might not understood JWT yet, but as far i understood, JWT encryps the login data on their own way and send a Token to the client. That means, it is not possible to integrate both technologies at the same time, because the authentication data encrypted with bcrypt on my server will be encrypted on an another way than the data encrypted by JWT. So the authorization process will never work.\n\nSo is there a way to use both technologies, or is it pointless to do? \nWhich other possibilities do i have to make it secure?","upvotes":7,"user_id":"Prestigious-Low-8942"},{"content":"Emotet banking malware","created_at":1613166551.0,"id":"libd9j","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/libd9j/emotet_banking_malware/","subreddit":"cybersecurity","title":"So my bank blocked my account, mobile bank application and my card due to as they said they spotted traces of Emotet banking malware on my PC from which I was logging into my bank. I ran a few full scans with windows defender and avast and nothing was found except some keygen I have for ages. The question is, does it make sense to make a full system reinstall to be completely sure that it's clean or the issue might be on non system drives? Also could banking security falsely identify data theft?","upvotes":1,"user_id":"dreamARTz"},{"content":"Happy Friday. Ransomware Tips (and laughs) for the masses","created_at":1613165933.0,"id":"lib6uv","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lib6uv/happy_friday_ransomware_tips_and_laughs_for_the/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Mac_Hertz"},{"content":"DNS providers in Canada","created_at":1613163584.0,"id":"liajcz","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/liajcz/dns_providers_in_canada/","subreddit":"cybersecurity","title":"Hi, what are some of the Canadian DNS providers for enterprise? They have to be based in Canada and not just have their presence in Canada. I found CIRA so far but I still have to test their speed.","upvotes":1,"user_id":"vskhosa"},{"content":"The Long Hack: How China Exploited a U.S. Tech Supplier","created_at":1613161398.0,"id":"li9zqo","n_comments":6,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/li9zqo/the_long_hack_how_china_exploited_a_us_tech/","subreddit":"cybersecurity","title":"","upvotes":112,"user_id":"justfor1t"},{"content":"Can I share my IP with my friends ( real life )","created_at":1613158137.0,"id":"li98iu","n_comments":11,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/li98iu/can_i_share_my_ip_with_my_friends_real_life/","subreddit":"cybersecurity","title":"I want to play minecraft with my friends with a server hosted on my (home) pc, and I have done port-forwarding. The only step left for me to do is to share my ip with my friends but I'm not sure if it is too safe. So could someone please help me?","upvotes":2,"user_id":"meteor_3001"},{"content":"\ud835\udde5\ud835\ude02\ud835\uddfb \ud835\uddde\ud835\uddee\ud835\uddf9\ud835\uddf6 \ud835\uddfc\ud835\uddfb \ud835\uddd4\ud835\uddfb\ud835\ude06 \ud835\uddd4\ud835\uddfb\ud835\uddf1\ud835\uddff\ud835\uddfc\ud835\uddf6\ud835\uddf1 \ud835\uddfa\ud835\uddfc\ud835\uddef\ud835\uddf6\ud835\uddf9\ud835\uddf2, \ud835\uddee\ud835\uddfb\ud835\uddf1 \ud835\uddf0\ud835\uddfc\ud835\uddfb\ud835\uddf3\ud835\uddf6\ud835\uddf4\ud835\ude02\ud835\uddff\ud835\uddf2 \ud835\udde5\ud835\uddf2\ud835\uddfa\ud835\uddfc\ud835\ude01\ud835\uddf2 \ud835\uddee\ud835\uddf0\ud835\uddf0\ud835\uddf2\ud835\ude00\ud835\ude00","created_at":1613156229.0,"id":"li8suv","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/li8suv/\ud835\udde5\ud835\ude02\ud835\uddfb_\ud835\uddde\ud835\uddee\ud835\uddf9\ud835\uddf6_\ud835\uddfc\ud835\uddfb_\ud835\uddd4\ud835\uddfb\ud835\ude06_\ud835\uddd4\ud835\uddfb\ud835\uddf1\ud835\uddff\ud835\uddfc\ud835\uddf6\ud835\uddf1_\ud835\uddfa\ud835\uddfc\ud835\uddef\ud835\uddf6\ud835\uddf9\ud835\uddf2_\ud835\uddee\ud835\uddfb\ud835\uddf1_\ud835\uddf0\ud835\uddfc\ud835\uddfb\ud835\uddf3\ud835\uddf6\ud835\uddf4\ud835\ude02\ud835\uddff\ud835\uddf2/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"HackExplorer"},{"content":"Best entry level course + certificate?","created_at":1613155857.0,"id":"li8q2w","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/li8q2w/best_entry_level_course_certificate/","subreddit":"cybersecurity","title":"Hi, I was wondering what would you suggest to be the best entry level cybersecurity course with certificate and why?","upvotes":3,"user_id":"arktozc"},{"content":"Starting to feel a little discouraged","created_at":1613154570.0,"id":"li8g8f","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/li8g8f/starting_to_feel_a_little_discouraged/","subreddit":"cybersecurity","title":"Hello everyone! \n\n \n\nThese past few months I have been struggling to get into the cybersecurity field. I have been in the IT field for about 5 years and am currently working as a HelpDesk Technician. \n\n \n\nI hold the Security+ & AWS CCP certifications. Studying for the Sec+ was pretty easy, as a lot of the topics/tools covered in the exam, I worked with on a daily basis (ex: SSO, MFA, least privilege, &, etc.). \n\n \n\nI do understand that cybersecurity isn't an entry-level field, which is why I am working on building up my skillset. At the moment, I am working on getting the Azure Fundamentals, CYSA+, CCNA certs as well as learning python and Linux. I also understand certs don't hold much weight without actually having hands-on experience. I have a subscription with A Cloud Guru and utilize their labs, I have a virtual home lab with Linux VMS, and try to lab every day.\n\n \n\n\nIt feels like it isn't enough and I'm starting to feel really overwhelmed with all the things I have to learn. I search and apply for jobs every day, but all I get back are rejection emails. Now during my searches, I'm starting to see these Summer security internships pop-up which seems like a great opportunity to get real hands-on experience. I'm not currently enrolled in a college degree program, so I don't qualify for these internships.\n\n \n\nAny tips/suggestions on how to get my foot through the door would be greatly appreciated.","upvotes":1,"user_id":"herringbone_"},{"content":"Digital Transformation in Retail and Ecommerce","created_at":1613153020.0,"id":"li8471","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/li8471/digital_transformation_in_retail_and_ecommerce/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"iamjohnlenn"},{"content":"Google Kicks Location Data Broker That Sold Muslim Prayer App User Data","created_at":1613148444.0,"id":"li75sh","n_comments":20,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/li75sh/google_kicks_location_data_broker_that_sold/","subreddit":"cybersecurity","title":"","upvotes":282,"user_id":"furfulla"},{"content":"Top Cybersecurity Funding and Investments in February 2021","created_at":1613145840.0,"id":"li6nfl","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/li6nfl/top_cybersecurity_funding_and_investments_in/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"analyticsinsight_AI"},{"content":"Phishing laws and who is responsible","created_at":1613145733.0,"id":"li6ml6","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/li6ml6/phishing_laws_and_who_is_responsible/","subreddit":"cybersecurity","title":"I\u2019m writing a paper as part of my undergrad and I\u2019m finding it difficult to really hone in on something specific: if an employee falls victim to a phishing scam, is the employee responsible for the losses incurred, or is the company responsible? \n\nThere\u2019s some case law in the UK that implies it\u2019s the employee (see: https://www.secureworldexpo.com/industry-news/business-email-compromise-cases-updated) but that\u2019s almost like comparing apples to oranges. \n\nMaybe this subject would be better received in a legal subreddit, but thought I\u2019d try my hand here first. \n\nAre there any case laws that show the employee or the company is responsible for the losses?\n\nEdit: changed user to employee for clarity.","upvotes":1,"user_id":"KapitanTightpants"},{"content":"Dependency Confusion Explained - New Supply Chain Attack","created_at":1613139049.0,"id":"li56gl","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/li56gl/dependency_confusion_explained_new_supply_chain/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"AidGli"},{"content":"Security Architect","created_at":1613135511.0,"id":"li4aub","n_comments":3,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/li4aub/security_architect/","subreddit":"cybersecurity","title":"Hey all,\n\nWhat in-depth skills would one require to be a Security Architect ? Say cloud security architect.\n\nDoes courses like AWS Azure Security help or do we need knowledge equivalent to Solution Architects ?\n\nAny particular courses or pathways you guys recommend ?\n\nThanks","upvotes":2,"user_id":"secno0b"},{"content":"resources to learn windows internals","created_at":1613134434.0,"id":"li40ck","n_comments":1,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/li40ck/resources_to_learn_windows_internals/","subreddit":"cybersecurity","title":"What could be the best resources to learn windows internals from a cybersecurity perspective? \n\nTopics like kernel, registry, file system, windows APIs and windows IPC mechanisms.","upvotes":4,"user_id":"anjan42"},{"content":"Amazon trying to be sneaky with AI","created_at":1613134172.0,"id":"li3xyw","n_comments":0,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/li3xyw/amazon_trying_to_be_sneaky_with_ai/","subreddit":"cybersecurity","title":"https://www.latimes.com/business/technology/story/2021-02-10/senators-amazon-dahua-inquiry-uighurs-rubio-menendez","upvotes":3,"user_id":"d4vinder"},{"content":"Backdoored Browser Extensions Hid Malicious Traffic - Avast Threat Labs","created_at":1613133484.0,"id":"li3rrv","n_comments":0,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/li3rrv/backdoored_browser_extensions_hid_malicious/","subreddit":"cybersecurity","title":"","upvotes":27,"user_id":"FlyIntoTheSun7"},{"content":"Career Advice - Masters degree or no","created_at":1613130847.0,"id":"li312p","n_comments":10,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/li312p/career_advice_masters_degree_or_no/","subreddit":"cybersecurity","title":"Background: I'm 31. I have a 4 year degree, 6 years experience in security, and 7 certs (mixture of SANS, Offensive Security, and eLearnSecurity). I'm trying to decide what to do next. I want to keep staying technical for the near future but I might want to pursue management or teaching later in my life. \n\nWith that said, I'm considering a Masters because of the latter. Would this be a good move? I've been eyeing SANS MSISE which I would have to pay about 35k out of pocket for. I've been thinking about this option because SANS is pretty well known in the industry and I'd also get 5 relevant GIAC certs along the way. Should I look for cheaper alternatives or should I just focus on my job and certs?\n\nMy goal is to keep myself relevant in the job market while also being able to pursue management or teaching opportunities 5+ years down the road if I wanted to. More pay doesn't hurt as well. I'd love to hear any advice. I'm a little torn at the moment of what to do next.","upvotes":1,"user_id":"poppopretn"},{"content":"Massive INE giveaway!","created_at":1613127464.0,"id":"li20pp","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/li20pp/massive_ine_giveaway/","subreddit":"cybersecurity","title":"[https://www.youtube.com/watch?v=8BmvcNT20aI](https://www.youtube.com/watch?v=8BmvcNT20aI)\n\nHey friends, 3 days are left for the INE giveaway, which is providing cybersecurity, cloud, networking courses for individuals. Just participate in this giveaway and watch the David Bombal video. I hope that I could help somebody. Thanks!","upvotes":7,"user_id":"ibilalkayy"},{"content":"Are P2P connections reliable (security wise and technically) for streaming?","created_at":1613126007.0,"id":"li1kwq","n_comments":3,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/li1kwq/are_p2p_connections_reliable_security_wise_and/","subreddit":"cybersecurity","title":"Well first off hello there.\n\nSo consider this situation, you are making an application for streaming, and u decide that u are going to use P2P for the streaming part as it makes load on the server less resulting in cheaper server management costs. So question arises that is it worth it?","upvotes":3,"user_id":"Snbhat0708"},{"content":"Best Languages to Learn For CyberSecurity?","created_at":1613125761.0,"id":"li1i26","n_comments":16,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/li1i26/best_languages_to_learn_for_cybersecurity/","subreddit":"cybersecurity","title":"What are the best languages to learn or will learn in the Cyber field?","upvotes":8,"user_id":"Away-Stress"},{"content":"How can applications(on android) be malicious if it's run on sandboxed environment?","created_at":1613119888.0,"id":"lhzmok","n_comments":4,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lhzmok/how_can_applicationson_android_be_malicious_if/","subreddit":"cybersecurity","title":"Okay, maybe this is a dumb question, but forgive me\n\n\nAs I understand, android apps are run on sandboxed environment, meaning an application cannot mess up with other things on the phone, because it's completely seperated.\n\nIf an app cannot affect other apps or files, because it's completely seperated from each other, how can it be malicious in any way?","upvotes":3,"user_id":"NiceScents"},{"content":"Further my IT Career","created_at":1613118485.0,"id":"lhz5ia","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhz5ia/further_my_it_career/","subreddit":"cybersecurity","title":"Hello cybersecurity Reddit. I\u2019m currently 19 years old in the Air Force doing IT. Currently the only certification I have is Security+. I\u2019m looking to get an IT related bachelor\u2019s degree while I\u2019m in. Any recommendations what bachelor\u2019s degree to get and other certifications to get while I\u2019m in. Wanting to make 6 figures when I get out.","upvotes":0,"user_id":"tylerruf"},{"content":"ELI5: What can the people who bought the sourcecode's for cyberpunk and the witcher 3 do with said sourcecode?","created_at":1613116621.0,"id":"lhyixk","n_comments":6,"percentage_upvoted":0.56,"permalink":"/r/cybersecurity/comments/lhyixk/eli5_what_can_the_people_who_bought_the/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"homelesscharles"},{"content":"10 SIM Swappers Arrested for Stealing $100M in Crypto from Celebrities","created_at":1613116046.0,"id":"lhybqz","n_comments":1,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/lhybqz/10_sim_swappers_arrested_for_stealing_100m_in/","subreddit":"cybersecurity","title":"","upvotes":30,"user_id":"WalkureARCH"},{"content":"How do I convert this number into little endian format?","created_at":1613113413.0,"id":"lhxei5","n_comments":11,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/lhxei5/how_do_i_convert_this_number_into_little_endian/","subreddit":"cybersecurity","title":"The number is 080484c5","upvotes":0,"user_id":"beat_boyer"},{"content":"Persistent Malicious Rootkit installed on a Processor or RAM sticks. Is it possible?","created_at":1613113100.0,"id":"lhxa9a","n_comments":21,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lhxa9a/persistent_malicious_rootkit_installed_on_a/","subreddit":"cybersecurity","title":"It's known that there are rootkits that can infect motherboards, hard drives, routers, graphics cards, and other peripheral devices. But is it possible for a malicious rootkit to persistently infect a processor (specifically, an Intel i7 or i9 processor) or motherboard RAM sticks? I want to say that the answer is \"No\" but I haven't been able to confirm this.\n\nSpecifically, does there exist any rootkit that if you were to take the processor out of an infected computer (computer 1) and insert into an uninfected computer (computer 2) then computer 2 would then become infected? What about motherboard RAM sticks?\n\nFor processors, I've read that the reason that the Russian and Chinese militaries produce and use their own (inferior) processors is due to security concerns over American made processors. Also, the Intel Management Engine can be infected but such an infection would physically resides on the motherboard and not the processor so transferring the processor in this case would not transfer the infection.","upvotes":90,"user_id":"YummyYummyArsenic"},{"content":"Buidling my own NG Firewall / UTM?","created_at":1613109959.0,"id":"lhw4qx","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhw4qx/buidling_my_own_ng_firewall_utm/","subreddit":"cybersecurity","title":"Hi Community,\n\nI recognize this might not be the best place to post this, there are so many options - however as most of you are working in the security industry and I am interested in the field, but more from a learning and personal implementation over a career in it; because of location and other issues.\n\nI have started a dedicated build of a network device to replace my little negate 1100 that just has been having issues. It's a Asrock ITX board, small itx case, 650 ps, and is waiting on a decision on the 1151 (300 series) processor and either 32 or 64 GB DDR4. It has one NVME and SSD and a 4-port Intel nic.\n\nI may require a HD for storage pending.\n\nMy current thoughts are :\n\n1 - Install a Hypervisor like Esxi or ProxMox (other alternatives) - I would like to keep as small as possible in footprint.\n\n2 - Install OPNsense as the \"Router / Firewall\" \n\n* Subscription to Sunvalley (home or soho)\n* Proofpoint for IDS\n\n3 - Looking at PacketFense as a NAC for my Unifi switches (just the 5-port mini ones) \n\n4 - OSEEC Paid Attomic Corp version (have demo on Friday to see if a bunch of open source meshed together products are worth $50USD per endpoint.\n\n5 - I still require a solution for Log Management / SIEM / Monitoring\n\n6 - Something for Vulnerability Scanning (if AtomicCorp OSSEC not selected) \n\nATP , Antivirus Proxy etc?, VPN\n\nI am not opposed to purchasing some things, keeping in mind that it my home. I do support a small business in IT, so translating lessons and products learned to help them would be an asset as well.\n\nFeel free to make suggestions. \n\nThanks!","upvotes":1,"user_id":"cathalo169"},{"content":"The encryption debate is about all of our personal messages \u2013 and that must be acknowledged","created_at":1613106474.0,"id":"lhut3j","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhut3j/the_encryption_debate_is_about_all_of_our/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Creative_Ad_v1"},{"content":"The military dicatorship that took over myanmar a 11 days ago is trying to put this document into law in myanmar. On page 10 it mentions a 3 year law where ISP's keep all data on a person. Is there a way to be anonymous and still use the internet with this sort of law in place?","created_at":1613105756.0,"id":"lhuiwq","n_comments":21,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lhuiwq/the_military_dicatorship_that_took_over_myanmar_a/","subreddit":"cybersecurity","title":"","upvotes":68,"user_id":"Sabatar446"},{"content":"Florida Water Treatment System Hack","created_at":1613105470.0,"id":"lhuett","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lhuett/florida_water_treatment_system_hack/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"WebLinkr"},{"content":"No work experience.. what's the next step after the CompTIA Security+ certification?","created_at":1613105359.0,"id":"lhud36","n_comments":84,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/lhud36/no_work_experience_whats_the_next_step_after_the/","subreddit":"cybersecurity","title":"Hey guys! I'm planning on taking the CompTIA Security+ certification soon and I was wondering what would be the next good step after getting the certification.\n\nI'm in the human resources field but I do have a vocational degree in IT. Aside from that, I don't have any IT/cybersecurity work experience.\n\nKnowing that, what would be the next logical step after getting the CompTIA Security+ certification where no work experience is required? I know that CISSP won't work because of the 5 year work experience that is required.\n\nPS: My goal is to learn as much as I can and get certifications so that in the future I can \"easily\" find a job in cybersecurity without having prior work experience in that field.\n\nThank you for your help!","upvotes":164,"user_id":"yukiteru15"},{"content":"PI coin Mining","created_at":1613105081.0,"id":"lhu9at","n_comments":4,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lhu9at/pi_coin_mining/","subreddit":"cybersecurity","title":"Should we mine PI coins on our phone? Any security risks associated with it? Skeptical, any security specialists with opinions?","upvotes":0,"user_id":"Niche007"},{"content":"Career Question","created_at":1613103419.0,"id":"lhtmjv","n_comments":11,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/lhtmjv/career_question/","subreddit":"cybersecurity","title":"Do I need a Bachelors Degree to do Cyber Security? I see Ads on public transportation and the internet about 9-12 month courses to receive certification to be in the field. One of the schools I looked into wasn\u2019t even a proper school according to comments I\u2019ve read. (Pcage.edu) College has always been a drag for me but I\u2019d be willing to dedicate a year to a course that can train me in skills and knowledge to do Cyber Security.","upvotes":3,"user_id":"KeepTheWord"},{"content":"\"Sad, but true.\" VOA interviewed a Cyber security expert in Myanmar.","created_at":1613102922.0,"id":"lhtfe1","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lhtfe1/sad_but_true_voa_interviewed_a_cyber_security/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Sabatar446"},{"content":"Certifications","created_at":1613102294.0,"id":"lht61k","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lht61k/certifications/","subreddit":"cybersecurity","title":"Hi there \n\nI\u2019m wanting to change career paths, and I\u2019ll be moving to the UK in the next few months and I\u2019ve seen multiple cyber security courses offered that take a few months, are quite intensive, and then offer certificates at the end. \n\nI\u2019m wanting to know what I should be looking for with regards certifications, what I will learn etc. \n\nI\u2019m aware that I\u2019ll probably need more knowledge and certificates than what one course can offer, but I want to know what certificates I should have to at least get a \u201cbeginner position\u201d","upvotes":1,"user_id":"ByeByeMan666"},{"content":"New NIST guidance applies the Cybersecurity Framework to threats to positioning, navigation and timing (PNT) services.","created_at":1613101344.0,"id":"lhss3n","n_comments":0,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/lhss3n/new_nist_guidance_applies_the_cybersecurity/","subreddit":"cybersecurity","title":"","upvotes":48,"user_id":"nist"},{"content":"Discord Linux channel ops suggest to install \"questionable\" software because is \"simpler\" to use.","created_at":1613100799.0,"id":"lhsknu","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhsknu/discord_linux_channel_ops_suggest_to_install/","subreddit":"cybersecurity","title":"Ops on the Discord Linux channel suggest linux newbies to use the \"questionable\" software Balena Etcher ([https://balena.io](https://balena.io)) for burning iso installs to CDs/USBs disk labelling it as easier when the OS in use by the user (Ubuntu) already ships with more situable alternative like gnome-disks or dd.\n\nEtcher is a known adware/spyware after Balena owned it: [https://github.com/balena-io/etcher/issues/2977](https://github.com/balena-io/etcher/issues/2977)\n\n[https://github.com/balena-io/etcher/issues/2057](https://github.com/balena-io/etcher/issues/2057)\n\n[https://github.com/balena-io/etcher/issues/2497](https://github.com/balena-io/etcher/issues/2497)\n\n​\n\nto me is disgusting how the FOSS and Linux comunity is getting sold to companies and big tech players to the disadvantage of the comunity and newcomers. I think this is something that HAS TO stop, starting from this. Is not the first time users are being forced to do something they don't want to or don't need to just because someone is \"pushing them\" into the right direction.\n\n​\n\n[https://postimg.cc/6yyVgnM4](https://postimg.cc/6yyVgnM4)\n\n[https://postimg.cc/qhJyL3tR](https://postimg.cc/qhJyL3tR)\n\n[https://postimg.cc/BjFTQs9q](https://postimg.cc/BjFTQs9q)\n\n[https://postimg.cc/zL1nyM8T](https://postimg.cc/zL1nyM8T)","upvotes":0,"user_id":"Phoenix_voice"},{"content":"cyber risk analytics - with artificial intelligence, machine learning and real-time intelligence","created_at":1613100713.0,"id":"lhsjis","n_comments":0,"percentage_upvoted":0.59,"permalink":"/r/cybersecurity/comments/lhsjis/cyber_risk_analytics_with_artificial_intelligence/","subreddit":"cybersecurity","title":"My latest research on predictive and dynamic cyber risk analytics - with artificial intelligence, machine learning and real-time intelligence has just been published with SpringerNature in \u2018Safety in Extreme Environments\u2019. Read here: [https://doi.org/10.1007/s42797-021-00025-1](https://doi.org/10.1007/s42797-021-00025-1)","upvotes":2,"user_id":"radanliev"},{"content":"Security and exposed password in HTTP requests","created_at":1613099753.0,"id":"lhs6eq","n_comments":31,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lhs6eq/security_and_exposed_password_in_http_requests/","subreddit":"cybersecurity","title":"Hello folks!\n\nI am a web developer learning currently learning more about web security.\nSo I've noticed today that one of the websites I use frequently exposes the password in the login HTTP request, the request uses HTTPS right, but still, I am concerned because the request payload has {email: 'x', userName: 'y', password: 'z'} and password is exactly what the raw password string is, it is not encrypted and has not received any treatment at all. \n\nSo I come here to ask if this is really safe, I can imagine that this could be intercepted somehow despite using HTTPS, and if it can the user password would be exposed right?","upvotes":25,"user_id":"haganenorenkin"},{"content":"Cyberpunk and Witcher hackers don\u2019t seem to be bluffing with $1M source code auction","created_at":1613099256.0,"id":"lhrzey","n_comments":0,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/lhrzey/cyberpunk_and_witcher_hackers_dont_seem_to_be/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"NoMoreOH"},{"content":"Question about cybersecurity and grad degrees","created_at":1613099051.0,"id":"lhrwfx","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhrwfx/question_about_cybersecurity_and_grad_degrees/","subreddit":"cybersecurity","title":"I am going through a computer science master right now (also working as a software engineer) and I've mainly taken courses related distributed systems (one cloud security req) and such and I'm trying to figure out what other courses I'd want to take. Since I want to move into cybersecurity eventually and because I think it's interesting, I was thinking about taking a few cybersecurity courses or maybe even getting a concentration in it. I just wanted to see what everyone thinks though since cybersecurity is pretty heavy on industry certs and since the field seems to move so fast. Generally, is it worth it to study cybersecurity in a masters program or is it more beneficial to take other \"core\" courses to build up surrounding knowledge and then get security certs outside of it?","upvotes":1,"user_id":"ny_coder"},{"content":"Emotet Botnet: What It Means for You","created_at":1613092516.0,"id":"lhpek2","n_comments":2,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/lhpek2/emotet_botnet_what_it_means_for_you/","subreddit":"cybersecurity","title":"","upvotes":36,"user_id":"sprjenart"},{"content":"Best undergraduate cybersecurity program","created_at":1613091313.0,"id":"lhoxnn","n_comments":12,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhoxnn/best_undergraduate_cybersecurity_program/","subreddit":"cybersecurity","title":"Which college has the best undergraduate cybersecurity program out of these 4 (assuming cost of attendance is roughly the same)? 1) RIT 2) U of New Haven 3) George Mason University 4) St John's University (Queens, NY). U of New Haven is the only one that is a designated center for cyber operations, not sure if that is important.","upvotes":1,"user_id":"Aelita0075"},{"content":"Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.","created_at":1613091114.0,"id":"lhouz1","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhouz1/automatically_compile_an_aws_service_control/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"speckz"},{"content":"My Spotify account has been hacked","created_at":1613089950.0,"id":"lhofp3","n_comments":16,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lhofp3/my_spotify_account_has_been_hacked/","subreddit":"cybersecurity","title":"So today i logged into spotify to find that someone else was using my account on the web app. I've changed my password about 10 times and made it very random each time. They get right back in each time, sometimes before I even have a chance to log in. I've also tried the \"Log everyone out\" function that spotify offers and he get's right back in. I then contacted support and they couldn't do anything either. Can you guys help me out here? It's quite annoying I can't listen to music while studying :(","upvotes":3,"user_id":"VietboyX"},{"content":"3 Vulnerabilities in Kaspersky-backed TinyCheck","created_at":1613088383.0,"id":"lhnur9","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lhnur9/3_vulnerabilities_in_kasperskybacked_tinycheck/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"JustOr113"},{"content":"Maybe this is too basic of a question, but assuming you use a password manager and generate strong unique passwords for each account, what is the current recommendation for how often you should be changing your passwords?","created_at":1613088364.0,"id":"lhnuj4","n_comments":13,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhnuj4/maybe_this_is_too_basic_of_a_question_but/","subreddit":"cybersecurity","title":"To clarify, this is not referring to the master password which is arguably a different topic because there are different considerations there. This is only regarding other accounts maintained by your password manager.\n\nMy understanding from [NIST's statement](https://pages.nist.gov/800-63-FAQ/#q-b05) is that, as long as your passwords are strong, you should only change them if there is a known or suspected leak. I got into a [back and forth](https://reddit.com/r/cybersecurity/comments/lciip1/im_just_a_regular_person_average_threat_level/gm2i2n9/) with a different user on this sub who states those guidelines are only for administrators regarding user accounts they oversee and that best practices are still to change your passwords every 3-6 months.\n\nI'm not necessarily trying to win an argument as I'm absolutely a novice in all of this, but my understanding when I read NIST is that it's bad to change strong passwords unless there's a good reason to do so. I'm just trying to be as secure as possible in light of recommendations and this all has got me a bit confused.","upvotes":3,"user_id":"TheRavenSayeth"},{"content":"Zero trust security explained","created_at":1613087165.0,"id":"lhnejq","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lhnejq/zero_trust_security_explained/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"KeyDutch"},{"content":"Detecting evasive syscalls from user mode","created_at":1613086928.0,"id":"lhnbl5","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhnbl5/detecting_evasive_syscalls_from_user_mode/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"El_galZyrian"},{"content":"Block Facebook servers - Complete IP Addresses list","created_at":1613084971.0,"id":"lhmmpg","n_comments":5,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/lhmmpg/block_facebook_servers_complete_ip_addresses_list/","subreddit":"cybersecurity","title":"","upvotes":11,"user_id":"jwion"},{"content":"WHY DON'T DEVELOPERS WRITE more SECURE CODE? \ud83e\udd14","created_at":1613084917.0,"id":"lhmm1l","n_comments":3,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lhmm1l/why_dont_developers_write_more_secure_code/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"ClayDesk"},{"content":"Cyber Security Headlines - Week in Review - February 8-12, 2021","created_at":1613084868.0,"id":"lhmled","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lhmled/cyber_security_headlines_week_in_review_february/","subreddit":"cybersecurity","title":"This week\u2019s *Cyber Security Headlines - Week in Review*, February 8-12, 2021 is hosted by [Steve Prentice](http://www.linkedin.com/in/stevenprentice) ([@stevenprentice](https://twitter.com/stevenprentice)) with our guest, [Johna Till Johnson](https://www.linkedin.com/in/johna-till-johnson-18b60/) ([@JohnaTillJohnso](https://twitter.com/JohnaTillJohnso)), CEO, [Nemertes Research](https://nemertes.com/).\n\n**Here are some of the stories we\u2019re going to be covering TONIGHT on Cyber Security Headlines \u2013 Week in Review. Please join us live every Thursday at 4pm PT/7pm ET by registering for** [**the open discussion**](https://www.crowdcast.io/e/cyber-security-headlines)**.**\n\n## New phishing attack uses Morse code to hide malicious URLs\n\nA novel new phishing approach uses a fake invoice email complete with an HTML spreadsheet attachment that includes the victim company\u2019s name in the file name for greater credibility. The malicious script, written in Morse code is located within the HTML code of the spreadsheet along with a decodeMorse() instruction that converts it back into JavaScript. This then generates a realistic looking Microsoft session time-out screen, complete with the victim company\u2019s logo, retrieved from logo.clearbit. Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials. According to Bleeping Computer, this is the first recorded instance of the use of Morse code in this fashion.\n\n([Bleeping Computer](https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/))\n\n## Florida water treatment plant hacked to distribute harmful chemicals/Used TeamViewer\n\nPinellas County Florida sheriff Bob Gualtieri said Monday that someone gained remote access to the Oldsmar, Florida water treatment plant at 8 AM February 5th, attempting to increase sodium hydroxide, otherwise known as lye, to a dangerous level. A plant operator first thought a supervisor had accessed the system from home. After the intruder raised the lye level, a monitoring operator immediately reduced it, with the remote access system now disabled. The Sheriff noted other fail-safes and alarm systems would have also prevented the dangerous adjustment had the operator not noticed.\u00a0\n\n([AP News](https://apnews.com/article/florida-water-treatment-ab175add0454bcb914c0eb3fb9588466))\n\n## Office 365 will help admins find impersonation attack targets\n\nIn addition to the nation state warning we mentioned on yesterday\u2019s podcast, Microsoft is also going to make it easier for Defender for Office 365 customers to identify impersonation-based phishing attacks including intentionally misspelled email addresses and domain names. Security admins will be able to use new filters dubbed *Impersonated user* and *Impersonated domain* together with the Threat Explorer and real-time detections to detect organization users and domains targeted in impersonation attacks. The new information will be available for security team admins via the Impersonation insight pages as well as on a newly added Email Entity page and will be more widely available to end users by the end of February.\n\n([Bleeping Computer](https://www.bleepingcomputer.com/news/security/office-365-will-help-admins-find-impersonation-attack-targets/))\n\n## Mount Sinai study finds Apple Watch can predict COVID-19 diagnosis up to a week before testing\n\nThe study, published in the peer-reviewed *Journal of Medical Internet Research* found that wearable hardware like the Apple Watch can effectively predict a positive COVID-19 diagnosis up to a week before current PCR-based nasal swab tests. The researchers focused on heart rate variability (HRV), which is a key indicator of strain on a person\u2019s nervous system and combined this with patients\u2019 self-reported symptoms. The study is ongoing and will expand to examine what else wearables like the Apple Watch can tell about other impacts of COVID-19 including the relationships between sleep and physical activity and the disease.\n\n([TechCrunch](https://techcrunch.com/2021/02/09/mount-sinai-study-finds-apple-watch-can-predict-covid-19-diagnosis-up-to-a-week-before-testing/)) \n\n## Activists complain of weakened voting security standard\n\nThe US federal agency overseeing election administration has quietly tweaked a key element of proposed security standards for voting systems, removing language that would ban any voting machines that had wireless modems or chips. This has raised concern among voting-integrity experts and computer security specialists who suggest the mere presence of such wireless hardware poses risks. The election administration officials state that their rules require manufacturers disable wireless functions present in any machines, although the wireless hardware can remain.\n\n([Associated Press](https://apnews.com/article/business-voting-machines-voting-hacking-elections-13c64df55961dac87b417608818655a6))\n\n## Google pays $6.7 million in bug bounties\n\n2020 marked the third consecutive year that Google increased its bug bounty payouts, up 3% to $6.7 million on the year. These bounties went to 662 security researchers across 62 countries. Chrome\u2019s Vulnerabilities Rewards Program handed out the most bounties, getting over 300 bug submissions and paying out $2.1 million. Android bugs paid out $1.74 million, including the first-ever Android 11 developer preview bonus, while Google Play bugs accounted for $270,000.\n\n([ZDNet](https://www.zdnet.com/article/google-paid-6-7-million-to-bug-bounty-hunters-in-2020/))","upvotes":2,"user_id":"dspark"},{"content":"Is the file \"shading_otp\" safe","created_at":1613083989.0,"id":"lhma3u","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lhma3u/is_the_file_shading_otp_safe/","subreddit":"cybersecurity","title":"I have been recently seeing a file appearing even though I delete it ,it will still come back I just want to know if that file \"shading_otp\" safe for my android device or is it some malware. Thanks","upvotes":0,"user_id":"dev2838382818"},{"content":"Which mini PC is good for cybersecurity?","created_at":1613083797.0,"id":"lhm7sr","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhm7sr/which_mini_pc_is_good_for_cybersecurity/","subreddit":"cybersecurity","title":"I have an old 2009 macbook Pro I upgraded it and installed Linux Ubuntu. I have a monitor and I was thinking of connecting it to the monitor but I came through this list of mini pc and I was wondering will it be worth it to switch to mini pc ?\n\nhttps://itsfoss.com/linux-based-mini-pc/","upvotes":0,"user_id":"sk8er_girl90"},{"content":"CD Projekt Red Files Distributed Online, Starting With Gwent","created_at":1613081588.0,"id":"lhlgx8","n_comments":21,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/lhlgx8/cd_projekt_red_files_distributed_online_starting/","subreddit":"cybersecurity","title":"","upvotes":142,"user_id":"MelodicRice7902"},{"content":"Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies","created_at":1613079978.0,"id":"lhkyg1","n_comments":2,"percentage_upvoted":0.79,"permalink":"/r/cybersecurity/comments/lhkyg1/dependency_confusion_how_i_hacked_into_apple/","subreddit":"cybersecurity","title":"","upvotes":11,"user_id":"Docusnap_Official"},{"content":"Surfshark alert vs have I been pawned for breached emails and similar","created_at":1613077669.0,"id":"lhkarj","n_comments":2,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lhkarj/surfshark_alert_vs_have_i_been_pawned_for/","subreddit":"cybersecurity","title":"I've been looking into both of these data breach tools and wanted to ask your opinion on both.\n\nSo first hibp is free and surfshark alert is not. I think it's like 3 bucks a month with a vpn subscribtion, but I'm not exactly opposed to paying a couple of bucks if it works well and has more features than hibp. Kind of. I need more opinions. I've looked into it and the main differences apart from being a paid/free thing are that:\n\n* hibp works mainly with emails and alert works a bit extensive where it can tell not only that your email was breached but over 60 different data points included (leaked password, address, etc.);\n* Alert also notifies if credit card number was breached in any way which I don't see anywhere on hibp;\n* identity number (i.e. SSN) also can be monitored which also doesn't exist on hibp;\n\nBoth can send immediate alerts if email gets breached and both can be used on unlimited number of emails (I think).\n\nWhat is your opinion on this particular topic? Would you pay for these features or do you think that what have I been pawned does is enough for you? I know this is probably specific to each person, but I'm genuinely interested.","upvotes":0,"user_id":"Serious_Childhood"},{"content":"[D] DDoS Attack: Understanding the Basics of A Rising Cyberthreat","created_at":1613073317.0,"id":"lhj75l","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lhj75l/d_ddos_attack_understanding_the_basics_of_a/","subreddit":"cybersecurity","title":" \n\nIn the past few months, DDoS attacks have increased in frequency and with higher sophistication. Cloudflare reported witnessing a rise in extortion and ransom-based DDoS (RDDoS) [cyberattacks](https://www.globaltechoutlook.com/insight-into-increasing-cyberattacks-on-gaming-community/) targeting organizations worldwide in 2020.\n\nAs per an article by Zdnet, analysis of [cyberthreat](https://www.globaltechoutlook.com/netsecops-is-helping-enterprises-to-deal-with-cybersecurity-threat/) and criminal activity by security researchers at [Neustar](https://www.home.neustar/resources/whitepapers/cyber-threats-and-trends-pandemic-style) found that the number of DDoS attacks grew by 154% between 2019 and 2020. Financial services, telecommunications and government agencies are some of the sectors most targeted by attackers. The Cloudflare [report](https://blog.cloudflare.com/network-layer-ddos-attack-trends-for-q4-2020/) also mentions that the web protection and security companies observed an increase in the number of large DDoS attacks over 500Mbps and 50k packets per second (pps). \u00a0Simultaneously, attack vectors continued to evolve with protocol-based attacks seeing a three to ten times increase compared to the third quarter of 2020.\n\nA DDoS or distributed denial-of-service attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network. When a data packet arrives at its destination in a network, it issues a request for access. The\u00a0destination router\u00a0or server reviews the request and either accepts or denies it. DDoS attack aims to overwhelm the target or its surrounding infrastructure with a flood of Internet traffic comprising harmful data packets requesting access.\u00a0As a result, the network server ends up crashing or disrupting its services, inflicting huge losses for companies.\n\n​\n\nFor more info check: [https://www.globaltechoutlook.com/ddos-attack-understanding-the-basics-of-a-rising-cyberthreat/](https://www.globaltechoutlook.com/ddos-attack-understanding-the-basics-of-a-rising-cyberthreat/)","upvotes":1,"user_id":"Techllamaandcat"},{"content":"CD Projekt Red's ransomed data has been leaked online. - Auction starting at $1m immediately for $7m.","created_at":1613072178.0,"id":"lhixr5","n_comments":16,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/lhixr5/cd_projekt_reds_ransomed_data_has_been_leaked/","subreddit":"cybersecurity","title":"","upvotes":47,"user_id":"Killco_Joe"},{"content":"MITM Attack","created_at":1613071314.0,"id":"lhiqo3","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhiqo3/mitm_attack/","subreddit":"cybersecurity","title":"Hi,\n\nI'm trying to execute a MITM Attack on my own WIFI as a training.\n\nI can successfully launch ARP Spoofing and the packets from my Phone/Laptop are going through the fake MAC Address acting like the router. But that's it, I can't do anything else.\n\nI'm trying to decrypt SSL Packets so I can read any information or manipulate packets on the fly, but I can't seem to do that (Limited knowledge and experience I suppose..)\n\nDoes someone have a tutorial that can help me out ? Or Programs that are useful ? I'm using ettercap, bettercap and Wireshark.\n\n​\n\nWould appreciate any help I can get. ","upvotes":2,"user_id":"bigsuperhero"},{"content":"Can a pc be part of a DDoS attack if it isn't connected to the internet at that time? For example if I disconnect it from the wifi before leaving it in standby.","created_at":1613068438.0,"id":"lhi25x","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhi25x/can_a_pc_be_part_of_a_ddos_attack_if_it_isnt/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Matkionni"},{"content":"DNS exfiltration of data: step-by-step simple guide","created_at":1613068348.0,"id":"lhi1dd","n_comments":2,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lhi1dd/dns_exfiltration_of_data_stepbystep_simple_guide/","subreddit":"cybersecurity","title":"","upvotes":18,"user_id":"DifferentInterest"},{"content":"FBI Warns Companies About Using TeamViewer and Windows 7 After Oldsmar Attack","created_at":1613065157.0,"id":"lhhaqy","n_comments":10,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lhhaqy/fbi_warns_companies_about_using_teamviewer_and/","subreddit":"cybersecurity","title":"","upvotes":17,"user_id":"harshsharma9619"},{"content":"Where to start learning?","created_at":1613063494.0,"id":"lhgwnl","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhgwnl/where_to_start_learning/","subreddit":"cybersecurity","title":"I am currently a junior studying cybersecurity (business and cs) and cryptography. My course schedule leads me to believe that I will not be jumping into much of actual cyber security work until my senior year. I have a good amount of experience working with aws and a little bit more than novice experience with programming. Are there any training courses that I can take (preferably free) to further my experience? What about certifications? With covid I feel that I definitely have a lot of time to tackle a certification on the side. What would be the most approachable and beneficial certification for me to tackle during this time? Any advice would be greatly appreciated.","upvotes":2,"user_id":"royal_flushAK"},{"content":"What you could do if your credentials are breached!","created_at":1613061004.0,"id":"lhgcig","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lhgcig/what_you_could_do_if_your_credentials_are_breached/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"docsan"},{"content":"New Fonix ransomware decryptor can recover victim's files for free","created_at":1613059989.0,"id":"lhg4rn","n_comments":0,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lhg4rn/new_fonix_ransomware_decryptor_can_recover/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"kteklol"},{"content":"Actively Exploited Windows Kernel Bug Allows Takeover","created_at":1613059458.0,"id":"lhg0o2","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lhg0o2/actively_exploited_windows_kernel_bug_allows/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"kteklol"},{"content":"Hacked networks will need to be burned 'down to the ground'","created_at":1613059061.0,"id":"lhfxcu","n_comments":0,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lhfxcu/hacked_networks_will_need_to_be_burned_down_to/","subreddit":"cybersecurity","title":"","upvotes":43,"user_id":"foesn"},{"content":"So the past few months I\u2019ve been being cyber stalked in a weird way. There has been use of proxy recruitment, threats, and malicious subliminal marketing.","created_at":1613058789.0,"id":"lhfv98","n_comments":14,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhfv98/so_the_past_few_months_ive_been_being_cyber/","subreddit":"cybersecurity","title":"I have been being encouraged to join Certain religious groups lately and it makes use of certain significant names of people I know. It threatens me on a daily basis. And hints at homicide and suicide or infectious diseases. It sure feels like a witch hunt. Even the products I have seen around me have been sketchy. And no one believes me. Who do I go to for help. I found a lot of things in my analytics that I have decoded. and it\u2019s an iPhone 7 but sure acts like an android half the time. I have even had people watching me through TVs and through the apps in my phone and Siri comes on by her self the tv in my home has been compromised also, I\u2019ve seen drones or satellites above my house . I\u2019ve even heard voiceovers happen while I\u2019m talking on the phone saying a different thing then I tried to say. My privacy policies all seem sploofed and It\u2019s at the point that I scared to go outside. Feels a lot like a witch hunt and that I\u2019m the butt of a joke. I\u2019m pretty sure an ex posted my information on the dark web and that I may be the victim of human trafficking. I\u2019ve had numerous amounts of people trying to contact me from all over the world. Try and coheres me to hotels and multiple people all tryin to get in my pants. I\u2019m terrified of everything now. Who do I go to for help without being told I\u2019m crazy. I\u2019m even scared to go to the cops.","upvotes":0,"user_id":"Sunstar1177"},{"content":"Exploiting CVE2019-1388 Windows Certificate Dialogue | TryHackMe Accumulate","created_at":1613058433.0,"id":"lhfsga","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhfsga/exploiting_cve20191388_windows_certificate/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"MotasemHa"},{"content":"What recommendations and setups do You guys suggest me setup in terms of security and protection?","created_at":1613056666.0,"id":"lhfecf","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhfecf/what_recommendations_and_setups_do_you_guys/","subreddit":"cybersecurity","title":"Hey guys, I've been researching for a while now of my setup plan and configuration for my Home network and security. I've setup my Network and Router with Ubiquity Dream Machine. I'm considering adding OpenVPN and maybe OpenDNS. Im also having a look at what NST Network Security toolkit can offer me and Security Onion\n\nWith Dream Machine router I've made some segments and Firewall rules and working on enabling more configurations Like Network monitoring Network Traffic. A more Secure DNS Host and a Security anti-virus/anti malware for all of my devices and phones. I tried a couple of options recently they seem promising. I tried Bitdefender total sec, mobile security, Malwarebytes and their VPNs. I'm still confused of what to go for as a reputable provider. Since Malwarebytes got hacked I became skeptical about them as my suite. So I'm considering more options both open source and paid. \n\nWhat I require :\n\nNetwork Monitoring\nNetwork Security\nMalware Detection\nGood Firewalls\nIDS/IPS\nAdvanced Malware Detection\nAPT malware and techniques detection\nReliable DNS\nReliable VPN for both gaming and privacy\n\nWhat I'm using :\n\nWireshark \nGlasswire\nDream Machine \nOpenDNS","upvotes":3,"user_id":"SoftAddict"},{"content":"What are the merits of using a password manager over just writing them down and storing them in a safe place? (OTHER THAN CONVENIENCE)","created_at":1613055751.0,"id":"lhf6t7","n_comments":10,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lhf6t7/what_are_the_merits_of_using_a_password_manager/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"AManOfStories5904"},{"content":"Windows Defender found multiple Trojans such as: Trojan:Script/Wacatac.B!ml Behavior:Win32/Execution.LR!ml Trojan:Win32/Casur.A!cl","created_at":1613055222.0,"id":"lhf2cn","n_comments":17,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhf2cn/windows_defender_found_multiple_trojans_such_as/","subreddit":"cybersecurity","title":"Without my actions they have been all \"allowed\" and once removed it comes back as I go back to \"Allowed Threats\"\n\nWhat is the best course of action from here? \n\nIs clean re-installing Windows the only option left?","upvotes":0,"user_id":"Electronic-Ad712"},{"content":"What are some good and trustworthy password managers?","created_at":1613053370.0,"id":"lhemrb","n_comments":11,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lhemrb/what_are_some_good_and_trustworthy_password/","subreddit":"cybersecurity","title":"Read above.","upvotes":0,"user_id":"AManOfStories5904"},{"content":"need security help regarding google home mini- and i\u2019m scared","created_at":1613053011.0,"id":"lhejm3","n_comments":11,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lhejm3/need_security_help_regarding_google_home_mini_and/","subreddit":"cybersecurity","title":"hey all. i\u2019m sorry, i\u2019m not very tech savvy but i need your help. i hope this is the right sub for this.\ntonight i was streaming on twitch, and about 20 minutes into my stream, my google home goes off. i\u2019d like to point out that i only ever use it to play music on spotify, so it\u2019s connected to my wifi and to spotify, but nothing else. i\u2019ve never connected it to my twitch account, and never knew that was possible.\nanyway, 20 minutes into my stream, my google home goes off randomly. \u201chello (twitch name). it looks like we don\u2019t have your home address saved. let\u2019s do that now.\u201d i was horrified, and unplugged it immediately. again, i don\u2019t know much about cyber security but i feel like someone watching hacked it, trying to get my address? or someone got into it through my router, but it said my twitch name? it felt so personal and i\u2019m scared.\ni\u2019ve since kept it unplugged, revoked its access to my google account, and changed my google password. what should i do??","upvotes":3,"user_id":"onlyxyloto"},{"content":"Specific questions about using a device with ancient Android & Linux.","created_at":1613042937.0,"id":"lhbttb","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhbttb/specific_questions_about_using_a_device_with/","subreddit":"cybersecurity","title":"Hello, \n\nI have a device with great hardware, yet orphaned by both manufacturer & community, and completely devoid of software support. It runs either Android 8.1 with December 2018 security patch and 3.18.79 Linux kernel, or Debian Linux with very same 3.18.79 kernel version, with or without Sailfish on top. Sadly newer kernel is unrealistic, mainline completely out of the question. \n\nCurrently I use Android. I'm trying to determine what can I more or less safely do on it, given ancient firmware. \n\nThe device is capable of Wi-Fi, LTE, and Bluetooth. It has Google apps & services removed except Android System Webview & Phone app which has some Google blobs in it. The device is rooted, and has a rather small number of apps, notably: \n\n* AFwall+ firewall\n\n* AdAway\n\n* AuroraStore & F-droid app stores\n\n* Firefox & Fennec browsers (with Noscript, uBlock Origin, etc)\n\n* NewPipe for watching Youtube videos\n\n* QKSMS for SMS (native SMS app nuked)\n\n* Serial console app for managing servers using serial devices\n \n* Shazam\n\n* Telegram messenger \n\n* VPN client\n\nI assume I shouldn't use Telegram on it. Shouldn't use serial console apps either, because if the device in question is compromised, it's a disaster. Shouldn't use Bluetooth. \n\nShould I give up on browsing? What about (non-phishing) SMS attacks? What about LTE usage and rogue base stations? Should I maybe remove SIM card from the device even if I give up on web browsing, to reduce attack surface? Should I give up on wifi as well, and use ethernet only? \n\nI can install pure Debian Linux on the device - but since it runs the same ancient kernel as Android, and is less polished, I feel all it will achieve is decrease battery life, make phone calls much more difficult, and force me to give up on Shazam which is extremely useful on the device when my smartphone is discharged or otherwise unreachable. Am I mistaken in this regard, and will switching from Android to Debian improve device security in this particular instance, despite ancient kernel on both?","upvotes":2,"user_id":"DIYprojectz"},{"content":"Has anybody heard or used quick start bootcamp","created_at":1613042746.0,"id":"lhbrwp","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhbrwp/has_anybody_heard_or_used_quick_start_bootcamp/","subreddit":"cybersecurity","title":"Hello, so just curious if anybody has heard of or even used quick start bootcamp for cyber security ? I was looking into getting into cyber security and came across this company I just want to know if anybody has used them to get an education in cyber security and if it\u2019s worth it. Thanks for any info","upvotes":1,"user_id":"dinolivinglife"},{"content":"Need Help Starting Out - Second Career in Cyber Security","created_at":1613039054.0,"id":"lhalyx","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lhalyx/need_help_starting_out_second_career_in_cyber/","subreddit":"cybersecurity","title":"Thanks for reading. I'm considering making a career switch to the Cyber Security field. I'm in my mid 20's and working in sales for an IT Consulting/Solutions firm, and the more I've worked with CyberSec clients the more I think it'd be a good fit. \n\nMy Bachelor's degree is in Poli Sci, so I'd essentially be using transfer credits to count for Gen Ed, and then completing the rest of the degree online while continuing to work. I've also considered knocking out core classes at a community college to transfer over and cut down on costs. I was wondering if anyone had made a similar switch or had any advice on what the best route would be.\n\nI've been reading posts about degrees in Computer Science vs. one focused solely on CyberSec, and hadn't thought before if one was a better long-term pick. Or if potentially it\u2019d be better to skip another degree and tackle the certifications and do the self taught approach.\n\nAny advice is much appreciated. Thanks!","upvotes":5,"user_id":"1m2rad2b4go10"},{"content":"Bachelors in Informatics, is it worth the 1 year of school to get my MS Information Systems with a concentration in Enterprise Security and Risk Management?","created_at":1613037620.0,"id":"lha582","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lha582/bachelors_in_informatics_is_it_worth_the_1_year/","subreddit":"cybersecurity","title":"I\u2019m sure this is one of those \u201cit depends\u201d or \u201cit\u2019s based on what you want\u201d kind of answers.. but looking for what people have done and not done in their own lives.\nMy overall goal is to be in Security. I have several intermediate security certs and an IT background, and currently in an Information security internship.","upvotes":1,"user_id":"jbagel27"},{"content":"Is it worth it to get SSCP if I already have CySA+, Sec+, and Net+?","created_at":1613036976.0,"id":"lh9xal","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh9xal/is_it_worth_it_to_get_sscp_if_i_already_have_cysa/","subreddit":"cybersecurity","title":"I am graduating in December and would like to acquire another cert before then, since I have time at my security internship to study. I\u2019ve heard SSCP and Sec+ are pretty similar and most other certs out there seem that it will take much more time to study than I can allot. Is it worth my time and money to study for SSCP?","upvotes":3,"user_id":"jbagel27"},{"content":"COVID is a Historical Dividing Line \u2013 So is Atense Computer Vaccine","created_at":1613036149.0,"id":"lh9np6","n_comments":1,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lh9np6/covid_is_a_historical_dividing_line_so_is_atense/","subreddit":"cybersecurity","title":"[http://www.digitaljournal.com/pr/4970371#ixzz6m7eeRRN0](http://www.digitaljournal.com/pr/4970371#ixzz6m7eeRRN0)","upvotes":0,"user_id":"JayAeyPi"},{"content":"Regarding snort ruleset","created_at":1613036115.0,"id":"lh9n5s","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh9n5s/regarding_snort_ruleset/","subreddit":"cybersecurity","title":"Hi all,\n\nI'm currently working on my research about writing and configuring the snort engine ruleset for several exploits. I have a doubt or question that I want to clear about, whether we have to write the snort rule for just the exploit itself in the sense that if suppose I want to write a rule for FTP that has an exploit named vsftpd(very secure FTP daemon) backdoor if I search this on the internet I couldn't be able to find the exact snort rule on the internet. So I have to perform the exploit first and then see and observe the traffic using exploit packet capture and then write the snort rule for that traffic. So far I feel that the second way is the most feasible way compared with the first method. What's your go on this?\n\n​\n\nThanks in advance","upvotes":4,"user_id":"vigneshwar96"},{"content":"DDoS Attack and Crypto","created_at":1613036061.0,"id":"lh9ml0","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh9ml0/ddos_attack_and_crypto/","subreddit":"cybersecurity","title":"Any security expert here who can explain how crypto systems are protected against DDoS attacks? It sounds really easy to take the network down (or at least slow it down) by sending millions of junk queries to nodes. But I'd like to hear from experts and devs to understand how this issue is prevented in crypto networks. Thanks in advance.","upvotes":1,"user_id":"IoTrust"},{"content":"NICE Webinar: Top Ten Ways to Discover a Cybersecurity Career That Is Right for You (I\u2019m co-presenting \ud83d\ude04)","created_at":1613034520.0,"id":"lh95bn","n_comments":3,"percentage_upvoted":0.79,"permalink":"/r/cybersecurity/comments/lh95bn/nice_webinar_top_ten_ways_to_discover_a/","subreddit":"cybersecurity","title":"","upvotes":14,"user_id":"HeyGuyGuyGuy"},{"content":"Would Ultrawide Monitor be Better Than Dual Monitors for Pen Testing?","created_at":1613034447.0,"id":"lh94hp","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh94hp/would_ultrawide_monitor_be_better_than_dual/","subreddit":"cybersecurity","title":"I have never used ultrawide monitors, but I am considering to get one if it worth it.\nWould you rather use dual monitors or a ultrawide one for pen testing?\nMy idea is that the virtual box can go in one monitor and the research and browser can be in another screen. Of course it is possible to do the same with ultrawide but I am not sure how handy it is.\nI just need your ideas and thoughts about it, specifically with pen testing and scripting as use cases.\nAnother idea would be having dual screen with one normal monitor with un ultrawide one. Would that be overkill?","upvotes":2,"user_id":"londok"},{"content":"IP address made public?","created_at":1613032863.0,"id":"lh8l3u","n_comments":8,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lh8l3u/ip_address_made_public/","subreddit":"cybersecurity","title":"Not sure if this is the place for this but looking for some help..\n\nWas on the PlayStation with a couple of the lads tonight, and someone said in chat to us at the end of the game \"I've now made your IP public\", which we laughed off to him, but then he proceeded to name \"lanc(?)\" and \"wireshark\" were the tools he'd used.\n\nI searched wireshark and from what I understand it seems possible to obtain someone's IP.\n\nPerfectly possible it's just some kid messing around but not sure I want to risk it. Anything I can do/should do?\n\nI've turned the router off tonight and I'm in the office tomorrow so it won't be on all day. I read doing this can inform your ISP the IP is no longer in use?","upvotes":0,"user_id":"moose_nut"},{"content":"First Infosec job!","created_at":1613029311.0,"id":"lh7dfl","n_comments":4,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/lh7dfl/first_infosec_job/","subreddit":"cybersecurity","title":"Hello Everyone!\n\nI (2yr lurker) have defied the odds and career changed into a Cybersecurity job as an assessor for industrial control systems that I have \u201csome\u201d previous experience with in my last career.\n\nI do not have an engineering or IT background and am in my second semester of a (really good, hands on, not just policy bullshit) masters degree in Cybersecurity with an emphasis in Industrial control system security.\n\nThe only catch is the company is kind of start up mode and job stability is questionable. That being said, what can I learn to make myself more valuable if I had to enter the job hunt a year from now? \n\nI will soak up as much as I can as I will be dealing a lot with NIST RMF and pretty much policy and compliance related stuff. I really like OT/ICS and I have a bit of that in my background (sort of) so I\u2019d like to continue with that if possible.\n\nAny advice on certs, education, alternative career paths, or things I can learn in general would be much appreciate so I can further my career and \u201cfuture proof\u201d myself as much as I can. Thanks!","upvotes":4,"user_id":"rushter90"},{"content":"Security analyst tips","created_at":1613028621.0,"id":"lh74c0","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh74c0/security_analyst_tips/","subreddit":"cybersecurity","title":"I have an interview for security analyst 1 tomorrow, is there anything I should know beforehand? The company is doing a recorded 1 person interview and said I will be asked 5-10 questions.","upvotes":2,"user_id":"CaveatDraco26"},{"content":"What are the biggest security management challenges for Enterprise organizations?","created_at":1613027474.0,"id":"lh6pu7","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh6pu7/what_are_the_biggest_security_management/","subreddit":"cybersecurity","title":"I recently read an article that said the biggest challenges security managers face at their organizations is budget constraints... out of curiosity do people agree with this or what other challenges do you think face security managers when it comes to protecting the organization ie user awareness?","upvotes":1,"user_id":"jw00l"},{"content":"SANS SEC401 vs 504","created_at":1613026305.0,"id":"lh6aar","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh6aar/sans_sec401_vs_504/","subreddit":"cybersecurity","title":"I'm think about starting down the SANS path, was wondering if anyone has taken these courses, or makes hiring decisions based on these. If so, what's your background? What sort of title/position are you hunting for or are you in? Which would you desire more in a potential employee?\n\n​\n\nThanks in advance!","upvotes":2,"user_id":"CptSgtLtSir"},{"content":"Nessus within metasploit","created_at":1613021100.0,"id":"lh4bco","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh4bco/nessus_within_metasploit/","subreddit":"cybersecurity","title":"Was reading though ethical hacking book. Is there any advantage of using Nessus inside Kali (metaspoilt) console? For automation? Or any advantage else than using from GUI?","upvotes":1,"user_id":"Pamelaxyz"},{"content":"CIS Benchmark for Firefox 85","created_at":1613021049.0,"id":"lh4aq1","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh4aq1/cis_benchmark_for_firefox_85/","subreddit":"cybersecurity","title":"Hi, I am pretty new to Information security and just learned about CIS and it seems pretty cool. When I went to the site, I noticed that the CIS Benchmark for Firefox is for 38.x. Does anyone know if this will work for Firefox current version (85)? or has it been discontinued?\n\n​\n\nHere is the link to all the CIS Benchmarks: [https://www.cisecurity.org/cis-benchmarks/](https://www.cisecurity.org/cis-benchmarks/) \n\nJust wondering, thanks","upvotes":1,"user_id":"carter-the-amazing"},{"content":"How does one get a bachelor's in cyber security?","created_at":1613020500.0,"id":"lh43mg","n_comments":10,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh43mg/how_does_one_get_a_bachelors_in_cyber_security/","subreddit":"cybersecurity","title":"I have no idea how it works\n\nMy community college has a 2 year program for a certificate or associate's i think but it's not a 4 year bachelor's which would open many doors (if the standards remain the same in the future)\n\nCurrently had to put College on hold because of money and job issues","upvotes":1,"user_id":"GiveMeYourBussy"},{"content":"SALSA 20?","created_at":1613019693.0,"id":"lh3rqg","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lh3rqg/salsa_20/","subreddit":"cybersecurity","title":"Signal messenger The Signal Protocol \n\nvs \n\nTeleGuard is the data-secure messenger, with the best encryption algorithm currently available: SALSA 20.","upvotes":0,"user_id":"Haldane-FRS"},{"content":"Free Red Team Certifications","created_at":1613017907.0,"id":"lh32s6","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lh32s6/free_red_team_certifications/","subreddit":"cybersecurity","title":"Hi,\n\nAre there any free online red team certifications to get? It would be nice if you share if you know any. \nI'm currently studying for the sec+ and looking to get some free red team, pentesting certifications along the way.\n\nThanks..","upvotes":0,"user_id":"valeriusthe3rd"},{"content":"WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK","created_at":1613017744.0,"id":"lh3024","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh3024/windows_kernel_zeroday_exploit_cve20211732_is/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"hviniciusg"},{"content":"Wireshark Tutorial (TLS Handshake)","created_at":1613017632.0,"id":"lh2yi8","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lh2yi8/wireshark_tutorial_tls_handshake/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"burdin271"},{"content":"FTP jail \"virtualchroot\" : is it as good as real chroot ?","created_at":1613017388.0,"id":"lh2v3p","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh2v3p/ftp_jail_virtualchroot_is_it_as_good_as_real/","subreddit":"cybersecurity","title":"Hi, first post here ! \n\nWhile talking with some IT guys about FTP, NAS and bind mounts, I leaned about PureFTPd (based on Troll-FTPd) which doesn't really chroot users, it's emulating chroot somehow thus allowing you to make use of symlinks in order to access directories outside of a jail. \n\nIn just wonder, is it really secure, or is it possible for a hacker to bypass this [fakechroot](https://github.com/jedisct1/pure-ftpd/blob/master/src/fakechroot.c) somehow ?","upvotes":1,"user_id":"advertance"},{"content":"Online Cyber Security Degree worth its?","created_at":1613016142.0,"id":"lh2d5z","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh2d5z/online_cyber_security_degree_worth_its/","subreddit":"cybersecurity","title":"Hello everyone, active duty Marine here. Currently in the process of getting enrolled at American Military University for a Bachelors in Cyber Security. \nMy questions are is it worth it to attend this university for this degree? As far as job options? \nI am choosing this because of the online option while I\u2019m still active duty.\n\nOr is it not worth it, and should I wait and attend a bigger university for computer science?","upvotes":1,"user_id":"No-Advance-4273"},{"content":"Malware blocking weekly report","created_at":1613015452.0,"id":"lh239k","n_comments":8,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh239k/malware_blocking_weekly_report/","subreddit":"cybersecurity","title":"Running a Barracuda 410 Web Filter and normally I don't get anything from my weekly reports. But this week, I received a report that kind of left me wondering. I have two users that have abnormal malware requests. One user had 181 for \"Spyware.Exploit.Misc.MU\". The other is what really caught my attention; \"Spyware.Exploit.BRTS.yourpdf.online\" with 38288 requests. Is it possible this is a false positive? Even if it was, how could it have done almost 40k requests within a week? Barracuda nor google have been much help here. Anyone have anything I should be looking for?","upvotes":8,"user_id":"Beneficial_Status_46"},{"content":"OpSecurity NSA/FEDS","created_at":1613014429.0,"id":"lh1o8o","n_comments":0,"percentage_upvoted":0.17,"permalink":"/r/cybersecurity/comments/lh1o8o/opsecurity_nsafeds/","subreddit":"cybersecurity","title":"So I am hoping people can give me tips with beefing up my operational security and securley looking at and sending and receiving information over the internet. For some reason the FEDS have been investigating someone in my household or are just trying to gather information. Maybe someone had hacked into my system and this was the reason these things have been happening i really dont know. However I know enough to know that my network is being monitored Anyhow I am running Debian Linux Parrot SEC i always use a VPN and usually use TOR and sometimes torify the entire system as well when having to send or receive anything security releated information. However when I try to access certain sites over TOR that I had no issue accessing before this was happening I seem to have a problem with now. Sometimes I will receive a forbidden post when accessing other sites as well. While this is very annoying to deal with it is also a good time to test out different security techniques to see what works and what dosnt. If anyone has any ideas of what I can do differently to hide the websites that I visit and stop information from being tracked or what not, I would greatly appreciate and would be willing to test out different methods of use.","upvotes":0,"user_id":"ride4lidfe33"},{"content":"Resources for new innovations in Biometrics and Cryptography","created_at":1613013197.0,"id":"lh17gv","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh17gv/resources_for_new_innovations_in_biometrics_and/","subreddit":"cybersecurity","title":"I am trying to decide on a topic for a research project. The guidelines require that I find current innovations in Biometrics and/or Cryptography, and explain how they can help solve problems in cybersecurity. \n\nI was hoping this fine community could help point me to some resources that may have details about the latest innovations in Biometrics and Cryptography. I would also gladly read up on any innovations in those fields that some of you may want to share. I'm not entirely sure where cybersecurity experts go to find information on new research in the field.","upvotes":1,"user_id":"yosidy"},{"content":"Secure voice communication and secure correspondence","created_at":1613012886.0,"id":"lh132h","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh132h/secure_voice_communication_and_secure/","subreddit":"cybersecurity","title":"Hello! The following question arose. In our modern world, I can no longer ignore the fact that all corporations sell and steal our personal data.\n\n​\n\nFriends, do you have any idea how you can correctly protect communication on the network and what methods and means are needed for this. Everything is in the legal field!\n\n​\n\nI warn you right away, I am new to this topic.","upvotes":1,"user_id":"Physical_Name_"},{"content":"New apps that I didn't download are on my phone, I'm suspecting some form of monitoring/spyware coming from my father. How can I be sure of this and what can I do to keep my privacy?","created_at":1613012877.0,"id":"lh12y6","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh12y6/new_apps_that_i_didnt_download_are_on_my_phone_im/","subreddit":"cybersecurity","title":"I had recently given my father my phone unlocked, I'm not sure what he can do with an unlocked phone, can he see apps I've downloaded in things in it? I have no passwords saved on my phone, but is it possible to see them if the apps I have are signed in to? We got the phone for free under a data plan that he pays for, how far does the reach of what he can see go? I have access to the data account and I can't find anything however. I don't want him to see my personal messages or photos, even if he cant do so what are some ways I can protect my privacy? He tends to snoop, going through every app (thankfully I deleted personal ones before he had it) so I think he'll try certain things to find things. Thank you for your help.","upvotes":1,"user_id":"Pyroies"},{"content":"Question about security concerning an audio converter website converting m4a to mp3","created_at":1613012644.0,"id":"lh0zq2","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh0zq2/question_about_security_concerning_an_audio/","subreddit":"cybersecurity","title":"Hi everyone ! I am lately converting m4a to mp3 using this website [online-audio-converter.com](https://online-audio-converter.com/) .\n\nDo you think it is safe ? I have used it quite some time and am now scared I might have been compromised. Would I know it if I were to be compromise using this ? I think it's safe but I ain't sure.\n\nThank you so much in advance,\n\nBest","upvotes":1,"user_id":"NicoZougou"},{"content":"Cyberpunk 2077 and Witcher 3 Games Source Code Put Up For Auction","created_at":1613012245.0,"id":"lh0tz7","n_comments":12,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lh0tz7/cyberpunk_2077_and_witcher_3_games_source_code/","subreddit":"cybersecurity","title":"","upvotes":14,"user_id":"harshsharma9619"},{"content":"Zlib, Libgen, malwr dot com and virustotal","created_at":1613012131.0,"id":"lh0seq","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lh0seq/zlib_libgen_malwr_dot_com_and_virustotal/","subreddit":"cybersecurity","title":"Hi ! I clicked on the link that I found on a thread of the /r security about virustotal\n\nand the link is malwr dot com (all attached with a \".\")\n\nIs it safe, or is it possible that i got a virus just by clicking on it ? Thank you so much in advance,\n\nAlso, I 've downloaded many books from Z library as well as Lib Gen, and those are only PDF, EPUB, as well as one AZW3.\n\nI used virustotal on all of them and they came out as clean. Do you think I can consider myself safe ?\n\nI started putting small amounts of money on crypto and I became a little paranoid ...\n\nThanks a lot in advance ...\n\nBest,","upvotes":1,"user_id":"NicoZougou"},{"content":"And this, children is why we pay attention to cyber-security","created_at":1613011164.0,"id":"lh0eqp","n_comments":33,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lh0eqp/and_this_children_is_why_we_pay_attention_to/","subreddit":"cybersecurity","title":"","upvotes":736,"user_id":"ooitzoo"},{"content":"Hacked requesting Bitcoin","created_at":1613010068.0,"id":"lgzzdk","n_comments":4,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lgzzdk/hacked_requesting_bitcoin/","subreddit":"cybersecurity","title":"Hi all, I hope I am in the right place \n\nIn short I would like to understand the following a little better \n\nI was hacked and received a ransom email. \nI was using mail.com and have had previous issues with security, eg email sent out not by me etc \nThey have some images which they attached as proof, the most worrying is probably my passport. \nWhat I suspect what happened is they got in my email, reset my Dropbox as there was a reset email in the trash and got the images from there. Then when I made a withdrawal from Binance they decided to act, as the amount they asked for matched my withdrawal. \n\nI immediately disconnected wifi and reset all passwords, I believe it\u2019s unlikely they hacked our iPhones but I don\u2019t know enough to be certain. \nI am also going to close that account as their security is questionable at best, although I am unsure how they got in. \n\nI did not pay them and shall not but I am interested in how this happened and what could the the extent of their hacking. I am not convinced they have a Trojan but I am lining up to format my computer as a safety measure. \n\nAny input is welcome","upvotes":0,"user_id":"Shadow_LF"},{"content":"FAIR Risk Management","created_at":1613008223.0,"id":"lgz902","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgz902/fair_risk_management/","subreddit":"cybersecurity","title":"Does anyone have any experience implementing this approach to Information Risk Management? It seems to make sense on paper but I have yet to hear from anyone other than consulting firms pushing it, that have used in practice. For those that have used it in practice, do you think it added a lot of value over more traditional approaches to risk management?","upvotes":4,"user_id":"neauxgeauxbreaux"},{"content":"Career Change","created_at":1613007702.0,"id":"lgz1rs","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lgz1rs/career_change/","subreddit":"cybersecurity","title":"Hi all. Just after some quick advice, I\u2019ve checked out some courses online and various other places but what advice would you all give to someone looking to move into the world of cyber. It would be a huge career change for me but I can\u2019t deny it seems to be more than just a keen interest now and is something I\u2019d genuinely contemplate!\nAny advice greatly appreciated. \nThanks.","upvotes":0,"user_id":"zaka_7"},{"content":"What is the coding like for cyber security engineers?","created_at":1613007631.0,"id":"lgz0q1","n_comments":12,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lgz0q1/what_is_the_coding_like_for_cyber_security/","subreddit":"cybersecurity","title":"I\u2019ve no idea really how cyber security works. I\u2019m a new software dev myself so things like making websites, services and that I understand and understand what the code would look like and what it would be coded in for example Java. \n\nBut I don\u2019t get what a cyber security engineer codes exactly, if any? Do they work with a language? What does he/she work with and is there a handy video to show what type of work they usually do with regards to technology?\n\nI might have watched too many movies but in my head a hacker would write a bit of code and then a cyber security engineer would have to \u201cbeat\u201d that code. But I\u2019m mostly likely way off lol","upvotes":8,"user_id":"SS117_"},{"content":"USBank sending emails with an HTML attachment","created_at":1613007296.0,"id":"lgyvzd","n_comments":8,"percentage_upvoted":0.72,"permalink":"/r/cybersecurity/comments/lgyvzd/usbank_sending_emails_with_an_html_attachment/","subreddit":"cybersecurity","title":"I've been getting emails supposedly from U.S. Bank saying I have a secure email that I need to read. The instructions in the email tell me to download and open the HTML attachment on my computer to read my secure email.\n\nNow, this smells phishy as fuck and of course, never in a million years am I going to open an HTML attachment from someone claiming to be my bank. I'm sure they're going to try to get me to enter my credentials... yadayada... now my accounts are empty.\n\nHowever, I started doing some digging. I'm in the middle of applying for a PPP loan from USBank and they keep kicking back my application. And every time they kick my application back, I also get one of these phishing emails. I start examining the links in the email and they are all as represented and go to either [usbank.com](https://usbank.com) URLs or [res.cisco.com](https://res.cisco.com) URLs. I do some research on my bank website and it turns out, they use Cisco Secure Email Encryption Service. And after more research, it turns out this is how the product works. They send you an HTML attachment in email which you download to your local drive and open it.\n\nAfter all this, I opened the attachment. I turned on dev tools in Chrome and tracked all the URLs being connected to. They were all genuine Cisco URLs and it turns out to be totally legit. This is how my bank sends encrypted communications to me. They never asked for my account credentials. I had to make a new password to just read this encrypted emails. And the emails were legit communication with me.\n\nAm I nuts here or is this a galactically bad idea?? They are basically training me to trust email attachments which seems ripe for phishing. What would you guys have done in this situation?","upvotes":3,"user_id":"svhelloworld"},{"content":"Actively Exploited Windows Kernel Bug Allows Takeover","created_at":1613006571.0,"id":"lgylx0","n_comments":0,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/lgylx0/actively_exploited_windows_kernel_bug_allows/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"LogicalRiver"},{"content":"2020 Saw 560 U.S. Healthcare Facilities Affected by Ransomware - NetSec.News","created_at":1613006323.0,"id":"lgyigo","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgyigo/2020_saw_560_us_healthcare_facilities_affected_by/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"mobile343"},{"content":"Looking for practice labs/CTF challenges for BLUE TEAMERS","created_at":1612954163.0,"id":"lgk70s","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgk70s/looking_for_practice_labsctf_challenges_for_blue/","subreddit":"cybersecurity","title":"Evening y'all, I was wondering if anyone could directly link me to either some coursework or websites that y'all would recommend that host practice labs or CTF challenges for learning and practicing blue team (defensive security of course) techniques and skills? I have been using [https://cyberdefenders.org/](https://cyberdefenders.org/) , but it seems it's still in its developing stages of content to practice with, so I was hoping there is some more solid foundation, blue teamer practice hubs out there? Thanks","upvotes":2,"user_id":"bholmes98"},{"content":"Insider Threat Endpoint Agent- Recommendations?","created_at":1613004386.0,"id":"lgxqwk","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgxqwk/insider_threat_endpoint_agent_recommendations/","subreddit":"cybersecurity","title":"What\u2019s a tool that your team has used to detect DLP activities on an endpoint or the net-app? File alteration and deletion, screenshots and recording thereafter, etc. If it incorporated internal credential misuse, and other Insider Threat Concerns, it would be exactly what I\u2019m looking for. Apologize for ending a sentence with a preposition. \n\nWe have our network activity UEBA and looking to supplement.\n\nThanks!","upvotes":1,"user_id":"somevistas"},{"content":"If NVIDIA buys ARM is that the end of our hopes of a good processor without a Management Engine?","created_at":1613003566.0,"id":"lgxfus","n_comments":4,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/lgxfus/if_nvidia_buys_arm_is_that_the_end_of_our_hopes/","subreddit":"cybersecurity","title":"They want to buy ARM for 33b Euros.","upvotes":10,"user_id":"EditorTSNJ"},{"content":"Automated scanning found 1 in 5 Belgian websites to be very easy to hack, with an astonishing 40% still using HTTP instead of HTTPS. Biggest offender is government sites and hospitals.","created_at":1613001909.0,"id":"lgwtkd","n_comments":1,"percentage_upvoted":0.82,"permalink":"/r/cybersecurity/comments/lgwtkd/automated_scanning_found_1_in_5_belgian_websites/","subreddit":"cybersecurity","title":"","upvotes":12,"user_id":"boxsalesman"},{"content":"HHS ANNOUNCES LARGEST EVER FINANCIAL PENALTY FOR HIPAA RIGHT OF ACCESS FAILURE","created_at":1613001288.0,"id":"lgwlbi","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgwlbi/hhs_announces_largest_ever_financial_penalty_for/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"mobile343"},{"content":"\"Amazon video*[weird code]\" transacation showing up on my account.","created_at":1613001049.0,"id":"lgwi6e","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lgwi6e/amazon_videoweird_code_transacation_showing_up_on/","subreddit":"cybersecurity","title":"There have been four transactions from my account, all at 65 kroners (Norwegian currency). That's 7.7 dollars. \n\nNow, I'm pretty sure 65 kroners is a standard price for ordering movies from streaming platforms. However, I have had an Amazon Prime subscription way back in the day. I checked my email and searched for \"Amazon Prime\", and it said I cancelled my subscription in November 2019, and that it had started in July. I checked my account history, and when I searched Google, it said \"Google\" and there the subscription showed: \"Google \\*Google Play Ap\", for 33 kr, from July to October. \n\nSo, the subscription was 33 kr, every month, and it ended in 2019. \n\nThree of the 65 kr transactions have happened in 2020, whereas one has happened quite recently, in January 2021 (this is the one I noticed). Now, perhaps some of you recognize the code:\n\n>Amazon Video\\*mv5ym9sk4 \n> \n> \n> \n>Amazon Video\\*mj50v2tw4\n\nThere's two more but I think you can see the type of formatting. Are these the transactions of movies, or is this perhaps also a subscription? Perhaps my subscription was somehow renewed and now they have a different way of listing the subscription fees, along with higher prices? Or, the more likely alternative (IMO), is my debit card being used to pay for movies, probably because of it being \"installed\" as the default purchase method on someone's computer. Could be my ex's computer and she hasn't noticed she's using my card or something?","upvotes":0,"user_id":"SomeDudeOnRedditWhiz"},{"content":"Android Devices Hunted by LodaRAT Windows Malware","created_at":1612997644.0,"id":"lgv9jh","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgv9jh/android_devices_hunted_by_lodarat_windows_malware/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Sector936"},{"content":"Hosting Provider Shuts Down for Good Following a Cyberattack","created_at":1612996459.0,"id":"lguv2i","n_comments":2,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/lguv2i/hosting_provider_shuts_down_for_good_following_a/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"VincentLaurent"},{"content":"Firewall external IP adress","created_at":1612995843.0,"id":"lgunu6","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgunu6/firewall_external_ip_adress/","subreddit":"cybersecurity","title":"Hi! I'm very new with this and I was wondering why firewall have external public IP adress? Which use does it have?\n\nSorry if the question is dumb :(","upvotes":1,"user_id":"Imaginary_Sweet_578"},{"content":"A look at GSM - A practical look at 2G GSM security after three decades","created_at":1612995659.0,"id":"lgulna","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lgulna/a_look_at_gsm_a_practical_look_at_2g_gsm_security/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"speckz"},{"content":"Static code analysis","created_at":1612993349.0,"id":"lgtv6n","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgtv6n/static_code_analysis/","subreddit":"cybersecurity","title":"Wondering how much programming knowledge one would need to do static code analysis. Specifically I know it\u2019s written in C++ and Java. I have some knowledge about C++ but never worked as a coder. While I plan to check tools like coverity (based on internet search), my intention for this question is to understand, how much programming knowledge should I try to enhance for effectively doing it? Also are there other (and better) tools ? Thanks","upvotes":1,"user_id":"Harry_pentest"},{"content":"HELP","created_at":1612993333.0,"id":"lgtuzf","n_comments":13,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lgtuzf/help/","subreddit":"cybersecurity","title":"What's laptops are good for learning cybersecurity in university?\n\n[View Poll](https://www.reddit.com/poll/lgtuzf)","upvotes":0,"user_id":"Imma_a_potato42"},{"content":"Dependency Confusion","created_at":1612992633.0,"id":"lgtnrs","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgtnrs/dependency_confusion/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"khayrirrw"},{"content":"Analysing HelloKitty Ransomware Attacks (CD Projekt / CyberPunk)","created_at":1612992182.0,"id":"lgtizm","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lgtizm/analysing_hellokitty_ransomware_attacks_cd/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"zenomeno"},{"content":"Is 2fa cloud backup really safe?","created_at":1612987466.0,"id":"lgs8xa","n_comments":5,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lgs8xa/is_2fa_cloud_backup_really_safe/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"SaraStone844"},{"content":"What is a \"wwww\" URL - Legit or \"fake\"?","created_at":1612986848.0,"id":"lgs355","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgs355/what_is_a_wwww_url_legit_or_fake/","subreddit":"cybersecurity","title":"I was trying to find via DDG searches if a netflix show was watchable in my country.\n\nThe first search result was a netflix.com url with \"wwww\" instead of \"www\" at the start.\n\nWhilst i did accidentaly click on the url, firefox instantly issued a security warning and i did not continue to the website.\n\nNow, what exactly is a \"wwww\" URL? I have seen URLs start with ww2 for example, but never with \"wwww\".\n\nDoes a url with \"wwww\" still lead to the \"normal\" netflix website, everything else being equal, or is that a way of leading people to a website just pretending to be netflix?\n\nThanks in advance for your answers.","upvotes":1,"user_id":"allthistooshallpass"},{"content":"2 sim cards","created_at":1612984792.0,"id":"lgrm5f","n_comments":7,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lgrm5f/2_sim_cards/","subreddit":"cybersecurity","title":"Let's say I had a phone and got a new one. Now I have two phones, and when I got a new one I also got a new sim card. But my old sim card is still in my old phone. Will both phones receive text messages sent to my number? Will both phones be connected to my phone number?","upvotes":0,"user_id":"speedstickoceansurf"},{"content":"2 sim cards","created_at":1612984792.0,"id":"lgrm5e","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lgrm5e/2_sim_cards/","subreddit":"cybersecurity","title":"Let's say I had a phone and got a new one. Now I have two phones, and when I got a new one I also got a new sim card. But my old sim card is still in my old phone. Will both phones receive text messages sent to my number? Will both phones be connected to my phone number?","upvotes":0,"user_id":"speedstickoceansurf"},{"content":"How hackers are finding creative ways to steal gift cards using artificial intelligence.","created_at":1612982852.0,"id":"lgr5un","n_comments":3,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lgr5un/how_hackers_are_finding_creative_ways_to_steal/","subreddit":"cybersecurity","title":"","upvotes":20,"user_id":"Sibillycwey"},{"content":"Got scammed, need help...","created_at":1612981352.0,"id":"lgqu0p","n_comments":8,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/lgqu0p/got_scammed_need_help/","subreddit":"cybersecurity","title":"Hi!\n\nLong story short, I recently got scammed (within the last week). I'm not sure if this is the right subreddit to be posting this on, but I'm gonna give it a shot anyway and hopefully I can be led in the right direction. **Here's the information:**\n\n* A guy posing as Kevin Huse from the DEA called me and told me that my social security number and bank information was in jeopardy, and that I needed to take immediate action. I was certainly suspicious at first, but when I cross-checked the phone number with the official DEA number online and saw that it matched, it unfortunately convinced me that he was telling the truth.\n* I talked to roughly three different people, all with slight Indian accents. I mostly talked to the \"Kevin Huse\" poser though.\n* I ended up buying gift cards in bulk (totaling $2800) and sending them the card numbers. I know, it's such an obvious ruse, but I was sold on the phone number displayed on my phone matching the one I saw online.\n* I just now learned that spoofing is a thing. Here are the numbers that contacted me.\n * (214) 366 - 6900 (Dallas, TX)\n * (469) 845 - 8939 (Irving, TX)\n * (972) 664 - 4870 (Dallas, TX)\n * (413) 287 - 4656 (Russell, MA)\n * (913) 674 - 7498 (Atchison, KS)\n* Something that's throwing me off about the second, third, and fourth numbers: I sent texts to these numbers, and they actually went to the false number, but when I called them, they went to the actual numbers. The third one even sent a text back.\n* They started talking to me on Thursday, 2/4/2021\n* I called Sephora, which is the company I bought all the gift cards from, and this is the info they gave:\n * All the money on the cards were used over the internet on Monday, 2/8/2021\n * They traced the usage back to somewhere in Florida.\n* They still don't know that I've figured them out, and they're probably gonna keep calling me for a few more days. I plan on leading them on for a bit and try to use those conversations and phone calls to my advantage.\n\nI know I was fooled pretty easily, you don't have to tell me. I'm self-aware of my na\u00efvet\u00e9. I understand at this point that there's pretty much no way to get that money back. However, I now have a personal vendetta against these rats and want revenge. **Here's what I want to learn how to do, or have someone do for me:**\n\n* Track these guys down. Names, location, family, occupation, anything.\n* Use my phone convo connection to them to find their real phone number and try to identify them through white pages\n* Take whatever I can away from them, hopefully enough to cover what they took from me\n\nI'm not too sure what categories this situation falls under, but if there are any specialists out there who are willing to help (cybersecurity, phone tracers, manhunters, hitmen lmao) I would much appreciate it. In the meantime, I'm going to be doing my own research to try to resolve this myself.\n\nEDIT: \"I know I was fooled pretty easily, you don't have to tell me. I'm self-aware of my na\u00efvet\u00e9.\" Fuck tech subreddits, bunch of pretentious shits who get off on telling people how they messed up.","upvotes":0,"user_id":"Inddi"},{"content":"Is the file \"shading_otp\" safe","created_at":1612981260.0,"id":"lgqta3","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgqta3/is_the_file_shading_otp_safe/","subreddit":"cybersecurity","title":"One day recently I saw this suspicious file in my Galaxy J7 it was called shading_otp but everytime I deleted it it came back. Can please if that file is safe or not thanks.","upvotes":1,"user_id":"dev2838382818"},{"content":"AWS training environment","created_at":1612979464.0,"id":"lgqeuo","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lgqeuo/aws_training_environment/","subreddit":"cybersecurity","title":"Hi all, \n\nHope this is ok, but I was hoping to get everyone's opinion on a project I want to start.\n\nThe company I work for does everything on AWS and the security engineering team wants a way for new hires to demonstrate their AWS security skills (IAM, Security groups, API, WAF, KMS) in a live environment. Except Im not sure on how to achieve this. I was thinking I could build a little app or just host the juice shop, and incorporate most AWS services and then leave some anti-patterns or mistakes for the potential hire to find? But I'm open to hearing other suggestions. \n\n​\n\nThanks in advanced!","upvotes":0,"user_id":"Josh_016"},{"content":"Is It Possible to Hire Hackers Online?","created_at":1612978627.0,"id":"lgq8h8","n_comments":5,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lgq8h8/is_it_possible_to_hire_hackers_online/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"isabelapix"},{"content":"Using \"Burner Emails\" for privacy (Hiding your real email address)","created_at":1612976029.0,"id":"lgpocg","n_comments":35,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/lgpocg/using_burner_emails_for_privacy_hiding_your_real/","subreddit":"cybersecurity","title":"","upvotes":324,"user_id":"docsan"},{"content":"Furthering our support for election security","created_at":1612923519.0,"id":"lg9max","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg9max/furthering_our_support_for_election_security/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"julian88888888"},{"content":"How your website will be hacked if you have no CSRF protection","created_at":1612974303.0,"id":"lgpais","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lgpais/how_your_website_will_be_hacked_if_you_have_no/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"foesn"},{"content":"Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies","created_at":1612974214.0,"id":"lgp9up","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgp9up/dependency_confusion_how_i_hacked_into_apple/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"foesn"},{"content":"Another person looking to get into the cyber security field. Is this a good path?","created_at":1612972983.0,"id":"lgozqs","n_comments":2,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/lgozqs/another_person_looking_to_get_into_the_cyber/","subreddit":"cybersecurity","title":"Hello all. I am sure you all get similar posts somewhat often.\n\nI currently have a bachelors in Criminal Justice and I figured out that they he careers involved would not be something I want to make living off of, so here I am. I consider myself tech savvy and have been interested in IT or cyber security when I was much younger, but I realize it\u2019s a lot more than what the average person believes and \u201centry level\u201d jobs in this field aren\u2019t entry level to any working person in other fields.\n\nI\u2019ve done a bit of research and a good community college near me in a offering a AAS in cyber security. From what I\u2019ve gathered it seems that while this would definitely help me get a job, to make some real money I should aim to get a 4yr degree in IT. \n\nEither way, my main question is do you all think that the AAS would be worth it for someone looking to find a career? Or should I go back to school entirely and dedicate myself to learning IT?\nAlso I gathered that you can always get certs and take tests but a degree is better?\nThank you for your patience as I\u2019m pretty much a novice to this.","upvotes":4,"user_id":"perfectcell34"},{"content":"New in Ransomware: Seth-Locker, Babuk Locker, Maoloa, TeslaCrypt, and CobraLocker","created_at":1612970245.0,"id":"lgoe42","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgoe42/new_in_ransomware_sethlocker_babuk_locker_maoloa/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"ajokewaitingtohappen"},{"content":"Anyone have any recommendations for any cybersecurity internships in the greater Seattle area?","created_at":1612969256.0,"id":"lgo5u4","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgo5u4/anyone_have_any_recommendations_for_any/","subreddit":"cybersecurity","title":"Long time lurker, first time poster. I am currently looking for an internship for my degree requirement and am trying to apply to as many as I can. If anyone has any suggestions I would appreciate it!","upvotes":2,"user_id":"Haley12358"},{"content":"Has my data been exposed?","created_at":1612967650.0,"id":"lgnsqm","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgnsqm/has_my_data_been_exposed/","subreddit":"cybersecurity","title":"Out of my wonders, I looked up my name on google. We all did it as some point of our lives. Eventually I found this website called peekyou.com It's the first site that pops up after searching my name up. When I open it, there's a picture of me that I checked I no longer use on any social media, all residence details as the state where I live. I tried searching up my sibling.m, yet no peekyou.com data or any details. Thanks!\ud83d\ude01","upvotes":1,"user_id":"vasoo44"},{"content":"Best phones for security?(de-googled or Linux phone)","created_at":1612963104.0,"id":"lgmo7r","n_comments":15,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/lgmo7r/best_phones_for_securitydegoogled_or_linux_phone/","subreddit":"cybersecurity","title":"So I was going to get the Pixel 5. But the further I get into my cyber security studies the more I want to distance myself from big tech.\n\nDo any of you have recommendations for privacy focused smart phones? Best OS to run on it? Or any other things I should know?","upvotes":9,"user_id":"CrowCyber"},{"content":"Update: HelloKitty Ransomware Behind CDPR Cyberattack","created_at":1612954014.0,"id":"lgk5g2","n_comments":11,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/lgk5g2/update_hellokitty_ransomware_behind_cdpr/","subreddit":"cybersecurity","title":"","upvotes":168,"user_id":"deadbroccoli"},{"content":"Web Authentication and Authorization Zine: Security topics in a new way.","created_at":1612953375.0,"id":"lgjyoy","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgjyoy/web_authentication_and_authorization_zine/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"r0hi7"},{"content":"Question Regarding Patching and Compromising our Network","created_at":1612945287.0,"id":"lghicf","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lghicf/question_regarding_patching_and_compromising_our/","subreddit":"cybersecurity","title":"This maybe a stupid question but...\n\nI am confused about how an attacker could exploit our network. \n\nWe only have a public facing VPN server, but everything else is behind the firewall.\n\nIsn't it theoretically correct that no one can reach our internal servers, thus not being able to compromise them? So why even patch? \n\nOr should we worry about a compromised endpoint(laptop) where the attacker has credentials, and they can pivot from there, hence that is how they get in our network?\n\nFor some reason i am thinking only about how they would get in externally through the firewall.\n\nAny input appreciated.","upvotes":1,"user_id":"akimbjj77"},{"content":"Chinese Military Personnel Charged with Equifax Hack","created_at":1612945176.0,"id":"lghh17","n_comments":36,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lghh17/chinese_military_personnel_charged_with_equifax/","subreddit":"cybersecurity","title":"","upvotes":241,"user_id":"ProudVod"},{"content":"Misterious devices connected to my computer's Bluetooth.","created_at":1612944100.0,"id":"lgh4hf","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgh4hf/misterious_devices_connected_to_my_computers/","subreddit":"cybersecurity","title":"My Bluetooth headphones were not working with my PC today, so I checked my Bluetooth devices to solve the problem, and I saw this: \n\n\n\\- 17 Devices with the name \"MT5655\\_LA(IP Adress)\" all with the same name, but with different IP \n\\- 2 \"LG\" Brand devices (I do not have any LG products) \n\\- 1 Device named \"WIN-5KUAL0SRPQP: Administrator:\" \n\n\nPlease reply to this post if you know what it is. \nThanks in advance.","upvotes":1,"user_id":"Cool_Abrocoma"},{"content":"Networking Diploma or Computer Science? For cybersecurity","created_at":1612943827.0,"id":"lgh0z7","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgh0z7/networking_diploma_or_computer_science_for/","subreddit":"cybersecurity","title":"Not sure if this already got asked but here I go. I'm leaning on the networking diploma because it's more affordable, 3 years, prepares me for certs like CCNA, Security + etc but i've read some that says computer science degree is more preferred by employers and that it teaches you more on how computer work but it is more expensive although there is an option for specialization network security.","upvotes":1,"user_id":"hades_of_"},{"content":"INE and ELearnSecurity or a College Certificate Program","created_at":1612941664.0,"id":"lggbbg","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lggbbg/ine_and_elearnsecurity_or_a_college_certificate/","subreddit":"cybersecurity","title":"Hi, to preface, I have been researching info on what to learn, what certs to go for, and I have also come here to view posts that might be related to my situation, but none are so clear. I have no IT job experience but in the past I have done C++, python and javascript programming and web dev though nothing advanced. \n\nSo without further adue, there is a certification program at a college I am interested in. It would prepare me for the Security+ and CEH. While it has some vouchers it will end up costing almost 3k for the whole thing. I am weighing this against the INE and ELearn platform and getting the EJPT and eventually the ECPPTv2. I heard they are all good to have but I have no real guidance, and I want a job and I want to exercise my passion on computers that would prepare me. I have no certs otherwise. I am willing to spend the 3k on either. If you have a suggestion on any other path I would love to be goven that info. Thank you for reading.","upvotes":2,"user_id":"sukae"},{"content":"Today is Safer Internet Day: The UN agency believes Safer Internet Day can be an opportunity to reimagine a safer world for children online through prioritizing and protecting their physical and mental well-being.","created_at":1612940614.0,"id":"lgfyrh","n_comments":1,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lgfyrh/today_is_safer_internet_day_the_un_agency/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"dannylenwinn"},{"content":"Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government","created_at":1612940554.0,"id":"lgfxxg","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lgfxxg/iranian_cyber_groups_spying_on_dissidents_others/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"bassambadis"},{"content":"Devices I dont recognize on all accounts","created_at":1612939660.0,"id":"lgfn45","n_comments":4,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lgfn45/devices_i_dont_recognize_on_all_accounts/","subreddit":"cybersecurity","title":"Yo my friend just got a new phone and recently wiped her laptop. She made a new gmail and a new facebook because she kept getting logins she didn't recognize as well as multiple devices she didn't recognize. \n\nAfter getting new everything these new devices keep appearing. She had her new Facebook account for a week and there are already 5 different phones logged in to her account. Can someone reccomend a course of action? Is there a paid service I could use? We dont really know what to do.\n\n First time postin 1here dont know the rules so if I broke any sorry about that.","upvotes":0,"user_id":"speedstickoceansurf"},{"content":"Finishing up ccna, which cert should I go after next to help me in my hacking and cybersecurity journey?","created_at":1612936258.0,"id":"lgeg9i","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lgeg9i/finishing_up_ccna_which_cert_should_i_go_after/","subreddit":"cybersecurity","title":"Hey guys,\n\nJust wanted to hear some thoughts. \n\nI am currently finishing up my ccna and plan on taking the exam in a few weeks. \n\nWhat certs would you recommend going after next to help aid me in my learning path, as well as showing my skills from a professional skillset? I know that OSCP is a highly credible cert, however, I feel as though that might be a little too advanced for my level of where I am at. I was advised to stay away from anything comp tia related. \n\nThanks in advance!","upvotes":1,"user_id":"Alternative-Fox6236"},{"content":"The Precious Necessity of Online Anonymity","created_at":1612935740.0,"id":"lge9j6","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lge9j6/the_precious_necessity_of_online_anonymity/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"Urbinaut"},{"content":"Cybersecurity newbie wants to learn","created_at":1612935526.0,"id":"lge6v6","n_comments":9,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lge6v6/cybersecurity_newbie_wants_to_learn/","subreddit":"cybersecurity","title":"I've always been fascinated with cybersecurity and I wanna start learning basic stuff on my own. Problem is I don't know where to start. Do I have to learn how to code? If so, which language to begin with?","upvotes":1,"user_id":"DankMasterKirin"},{"content":"Recommendations For Best Book On CyberSecurity For Beginners?","created_at":1612934462.0,"id":"lgdsrg","n_comments":5,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lgdsrg/recommendations_for_best_book_on_cybersecurity/","subreddit":"cybersecurity","title":"When I say beginner I mean a complete beginner who's not even familiar with terminology. There is an overload of courses/information on the internet. I think I'd like to start with a book for basic terminology and go from there. Any recommendations? Or even internet sources that are good for people that are green!","upvotes":8,"user_id":"PowerPantyGirl"},{"content":"Researcher hacks Microsoft, Apple, more in novel supply chain attack","created_at":1612932573.0,"id":"lgd2gk","n_comments":1,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lgd2gk/researcher_hacks_microsoft_apple_more_in_novel/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Joxxifer"},{"content":"Crackpot Cryptography and Security Theater","created_at":1612931994.0,"id":"lgcvc9","n_comments":0,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/lgcvc9/crackpot_cryptography_and_security_theater/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"speckz"},{"content":"NIST released a new guidance, SP 800-172, to help defend against state-sponsored hackers (advanced persistent threats).","created_at":1612929680.0,"id":"lgc0mn","n_comments":3,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/lgc0mn/nist_released_a_new_guidance_sp_800172_to_help/","subreddit":"cybersecurity","title":"","upvotes":35,"user_id":"nist"},{"content":"DNS log query online","created_at":1612927126.0,"id":"lgb139","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lgb139/dns_log_query_online/","subreddit":"cybersecurity","title":"Do you know other DNS log sites that show DNS queries made like dnslog.cn or pingb.in ?\nI'm trying to create a list of sites that provide this service and can be suspicious.\nThanks in advance","upvotes":0,"user_id":"n00n00n"},{"content":"Tracking the Hackers","created_at":1612925344.0,"id":"lgabrr","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lgabrr/tracking_the_hackers/","subreddit":"cybersecurity","title":"[Tracking the Hackers](https://cacm.acm.org/news/250426-tracking-the-hackers/fulltext) \\- A technical feature article on the SolarWinds Hack, including expert commentary on the coming fallout and dangers.\n\n [\\#cybersecurity](https://www.linkedin.com/feed/hashtag/?keywords=cybersecurity&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [#solarwinds](https://www.linkedin.com/feed/hashtag/?keywords=solarwinds&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176&lipi=urn%3Ali%3Apage%3Ad_flagship3_feed_hashtag%3B0cd83661-872c-4eac-81cd-396a401efddb) [\\#solarwindshack](https://www.linkedin.com/feed/hashtag/?keywords=solarwindshack&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#sunburst](https://www.linkedin.com/feed/hashtag/?keywords=sunburst&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#infosec](https://www.linkedin.com/feed/hashtag/?keywords=infosec&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#security](https://www.linkedin.com/feed/hashtag/?keywords=security&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#cyberattack](https://www.linkedin.com/feed/hashtag/?keywords=cyberattack&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#databreach](https://www.linkedin.com/feed/hashtag/?keywords=databreach&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#cybercrime](https://www.linkedin.com/feed/hashtag/?keywords=cybercrime&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#geercom](https://www.linkedin.com/feed/hashtag/?keywords=geercom&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176) [\\#datasecurity](https://www.linkedin.com/feed/hashtag/?keywords=datasecurity&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A6764933256635826176)","upvotes":2,"user_id":"geercom1"},{"content":"A weird warning against password managers","created_at":1612923072.0,"id":"lg9g01","n_comments":53,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/lg9g01/a_weird_warning_against_password_managers/","subreddit":"cybersecurity","title":"I recently had a discussion where I advocated for the use of password managers with randomly generated strong passwords as a better alternative to reusing passwords and similar nasty habits.\n\nI received a comment saying that password managers are \"the least secure option\". The commenter backed this up by saying that two of her college professors have been hacked and their password managers broken into. They were allegedly both told by \"security experts\" that the safest method is to remember passwords and enter them from memory. I have no idea who these \"experts\" were or what kind of password manager the professors were using. But I have a strong suspicion that they were just storing credentials in their browsers, because the commenter also argued that \"it's easy for a hacker to access autofill\".\n\nI countered by saying that yes, not well secured password managers can be a security risk. However, using a \"proper\" application (e.g. Keepass) and following the recommendations for securing your database will have benefits that will outweigh problems with having to remember credentials for many systems, services, websites etc. (which leads to those bad habits like reusing passwords).\n\nI would like to ask security experts what their stance on this is. Do you also see password managers as the worst option for managing credentials?","upvotes":44,"user_id":"smjsmok"},{"content":"How to correctly simulate an APT attack?","created_at":1612922990.0,"id":"lg9erb","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg9erb/how_to_correctly_simulate_an_apt_attack/","subreddit":"cybersecurity","title":"Is there any fully prepared virtual machines for simulating APT attacks? Or what is the proper way to simulate APT?","upvotes":1,"user_id":"bdogdogbs"},{"content":"Automatic Penetration Test Framework","created_at":1612922860.0,"id":"lg9cvg","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg9cvg/automatic_penetration_test_framework/","subreddit":"cybersecurity","title":"Hi everyone! Hope you are doing great during this hard time!\n\nI'm writing here because I would like to let all of you know that I've just published on github my open source framework for doing an automatized penetration test!\n\nI'm a 19 y/o student, so there may be some errors, because I'm still learning, but in my opinion it's a solid base with a good object oriented structure.\n\nI've been working on this project for about 30+ hours, and I would like you to help improve this project if you want!\n\nBye and have a nice day! <3\n\nlink for the repo: [Simo56/PenetrationTestingAutomatized](https://github.com/Simo56/PenetrationTestingAutomatized)","upvotes":12,"user_id":"simo56772"},{"content":"I found a trojan on my mom's laptop, I think I might have deleted it, but I want to be sure it's gone before she starts using it again","created_at":1612922843.0,"id":"lg9cmg","n_comments":9,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lg9cmg/i_found_a_trojan_on_my_moms_laptop_i_think_i/","subreddit":"cybersecurity","title":"I found a trojan on my mothers computer, today, it was found by windows defender, after that I instantly removed that via Defender, it was on a crack keygen of Corel, now I want to know of it's gone so my mom can start using it again. How can I know it's gone\n \nAlso it may be unrelated, but after a LENGTHY windows update it started asking for cortana and data sharing options, like Cortana, ads and etc of Windows. And I had to accept OOTB server options, the provider was Microsoft Corporation, so I accepted it, and the PC simply would not start if I did not accept that, so I accepted it, to see what would happen, I denied everything Microsoft related from the Windows start\n \nThe Defender is saying that the threat was removed, but that's defender, how can I be sure","upvotes":2,"user_id":"GlockMat"},{"content":"Dear Governments: Don\u2019t Make Parents Raise Kids in a World without Encryption","created_at":1612922757.0,"id":"lg9bcr","n_comments":53,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lg9bcr/dear_governments_dont_make_parents_raise_kids_in/","subreddit":"cybersecurity","title":"","upvotes":326,"user_id":"Creative_Ad_v1"},{"content":"Hackers tried poisoning town after breaching its water facility","created_at":1612919765.0,"id":"lg84vn","n_comments":1,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lg84vn/hackers_tried_poisoning_town_after_breaching_its/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"TheMildEngineer"},{"content":"Hackers try to contaminate Florida town's water supply through computer breach","created_at":1612917489.0,"id":"lg79d2","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lg79d2/hackers_try_to_contaminate_florida_towns_water/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"ifly83"},{"content":"Redirect notice","created_at":1612916401.0,"id":"lg6uk1","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg6uk1/redirect_notice/","subreddit":"cybersecurity","title":"What is redirect notice.\nThe previous page is sending you to\n\nIs it malware website","upvotes":3,"user_id":"GurTime5511"},{"content":"Opportunity for Cybersecurity PM in Czech","created_at":1612916303.0,"id":"lg6t7k","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg6t7k/opportunity_for_cybersecurity_pm_in_czech/","subreddit":"cybersecurity","title":"Hey guys, my org is looking for a Cybersecurity/Cloud Network Security PM in Czech rep. \n\n\nPlease feel free to reach out to me for some info via DM for more information. Feel free to forward this to your friends and colleagues and former colleagues in C.R \n\n\nThank you","upvotes":5,"user_id":"bodfox"},{"content":"Cybersecurity professionals, what made you want to enter the field, and how did you start?","created_at":1612914749.0,"id":"lg680z","n_comments":14,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg680z/cybersecurity_professionals_what_made_you_want_to/","subreddit":"cybersecurity","title":"Lots of posts asking how to get into the field(I was one of them) but I was curious about the human side of it. Did you start in tech? What was your motivation? What was life like outside of the job when you were making your way in? All that good stuff.","upvotes":6,"user_id":"iamexplodinggod"},{"content":"Cyberpunk 2077 Game Source Code Stolen in a Ransomware Attack","created_at":1612914641.0,"id":"lg66ls","n_comments":1,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/lg66ls/cyberpunk_2077_game_source_code_stolen_in_a/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"harshsharma9619"},{"content":"Lucifer - Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More","created_at":1612913857.0,"id":"lg5w8i","n_comments":5,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lg5w8i/lucifer_powerful_penetration_tool_for_automating/","subreddit":"cybersecurity","title":"","upvotes":64,"user_id":"jpc4stro"},{"content":"Hacker attempts to poison US water supply. Crazy.","created_at":1612912458.0,"id":"lg5ee9","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lg5ee9/hacker_attempts_to_poison_us_water_supply_crazy/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Dangohango"},{"content":"I'd like to find out more from MSP and System Admins - are there many on here so that I can run a poll. Just a Y for yes if you are one would be great! thanks","created_at":1612910941.0,"id":"lg4upr","n_comments":2,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lg4upr/id_like_to_find_out_more_from_msp_and_system/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"cupriferouszip"},{"content":"with respect to the r/cybersecurity i would like to invite to be part of additional newborn community https://www.reddit.com/r/SecOpsDaily/","created_at":1612909292.0,"id":"lg4b7q","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lg4b7q/with_respect_to_the_rcybersecurity_i_would_like/","subreddit":"cybersecurity","title":"our new born community goal is to share SECOPS experience news and ideas i myself in the industry of telecommunication over 20y now and in cybersecurity over 5y most of them leading SECOPS would love to have you come and share and enrich the community","upvotes":0,"user_id":"falconupkid"},{"content":"Cyberpunk 2077 Developers CD Projekt Red Hacked","created_at":1612908343.0,"id":"lg3zyr","n_comments":0,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/lg3zyr/cyberpunk_2077_developers_cd_projekt_red_hacked/","subreddit":"cybersecurity","title":"","upvotes":16,"user_id":"MelodicRice7902"},{"content":"7-zip encryption","created_at":1612907345.0,"id":"lg3oil","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lg3oil/7zip_encryption/","subreddit":"cybersecurity","title":"I have an encrypted compressed 7z file that contains an executable file. As far as I knew 7-zip had to decrypt it and extract the unencrypted copy version of the file to the system temp folder to run/open the file properly without extracting it to any particular destinations. My questions are: Will 7-zip implement the same method if the compressed file is in a removable device and can the copy of the file in temp folder be recovered?\n\nThanks for any information.","upvotes":0,"user_id":"Cold_Confidence1750"},{"content":"Is attack on water cyberWAR?","created_at":1612906868.0,"id":"lg3jh3","n_comments":1,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lg3jh3/is_attack_on_water_cyberwar/","subreddit":"cybersecurity","title":"Is cybersec attack on water true cyberWAR?","upvotes":0,"user_id":"cypersecurity"},{"content":"The SolarWinds Breach. What it means to us Cybersecurity Professionals","created_at":1612906344.0,"id":"lg3e3d","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lg3e3d/the_solarwinds_breach_what_it_means_to_us/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"davidalbertozam"},{"content":"What in your opinion is the best 2FA authenticator app?","created_at":1612905633.0,"id":"lg36qw","n_comments":12,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg36qw/what_in_your_opinion_is_the_best_2fa/","subreddit":"cybersecurity","title":"I have heard Authy is a very good alternative to Google Authenticator?\n\nWhat does everyone else?","upvotes":6,"user_id":"uselesslemming"},{"content":"Is there creative aspect of cybersecurity that AI couldn\u2019t replace humans in?","created_at":1612901323.0,"id":"lg21az","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lg21az/is_there_creative_aspect_of_cybersecurity_that_ai/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"VolcanicGaming16"},{"content":"Top Books For Hacker","created_at":1612899205.0,"id":"lg0xx1","n_comments":0,"percentage_upvoted":0.29,"permalink":"/r/cybersecurity/comments/lg0xx1/top_books_for_hacker/","subreddit":"cybersecurity","title":"[https://burpoverflow.medium.com/top-books-for-a-hacker-6a12cfd83c27](https://burpoverflow.medium.com/top-books-for-a-hacker-6a12cfd83c27)","upvotes":0,"user_id":"BurpOverflow"},{"content":"CD PROJEKT RED gaming studio hit by ransomware attack","created_at":1612896568.0,"id":"lg0c2m","n_comments":7,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lg0c2m/cd_projekt_red_gaming_studio_hit_by_ransomware/","subreddit":"cybersecurity","title":"","upvotes":147,"user_id":"deadbroccoli"},{"content":"CD Projekt Red says it was hacked but won't pay the ransom","created_at":1612892670.0,"id":"lfz1xa","n_comments":82,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lfz1xa/cd_projekt_red_says_it_was_hacked_but_wont_pay/","subreddit":"cybersecurity","title":"","upvotes":497,"user_id":"Killco_Joe"},{"content":"GCIH Virtual Labs","created_at":1612889226.0,"id":"lfybfi","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lfybfi/gcih_virtual_labs/","subreddit":"cybersecurity","title":"Hi,\n\nmy company has asked me to prepare for GCIH, however they are going to pay only the exam attempt. Since as of today the test includes some practical questions, that require the use of a virtualized environment. Do you have an idea if there are any virtual labs around (free or at a convenient price), that resembles the ones at the exam?","upvotes":1,"user_id":"D00mGuy21"},{"content":"Threat Hunting Use Case library","created_at":1612887381.0,"id":"lfxxh6","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfxxh6/threat_hunting_use_case_library/","subreddit":"cybersecurity","title":"Hi all,\n\nI am starting to work on creating threat hunting/threat intel capabilities in company I work for. One of the points I am struggling at is about how to store threat hunting use cases. \n\nI am wondering how you guys are doing it? \n\nAre you using Excel, confluence, sharepoint, maybe some other opensource/commercial tool for it?","upvotes":2,"user_id":"Neur0m"},{"content":"Masters - MCA or Cyber Security","created_at":1612886468.0,"id":"lfxq1b","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfxq1b/masters_mca_or_cyber_security/","subreddit":"cybersecurity","title":"Hello,\n\nI am an IT professional with 15+ experience in Networking & Cyber Security and I come from India. I pursued a 3 year course - BBA from Distance Learning University. I have plans to pursue a master's now and later settle abroad (US. Canada or Australia).\n\n I am not sure what to pursue, shall I go for MCA or Masters in CyberSecurity. Which has better career opportunities. Personally want to improve my career in Cyber Security.\n\n Any insight would be greatly appreciated.\n\nThank you.","upvotes":2,"user_id":"techno_it"},{"content":"I know the chances of my device being hacked by fake AirPods are slim. But i was just wondering, IF they were hacking me, do they have to be currently connected to do so? Or do they just have to be connected once?","created_at":1612885753.0,"id":"lfxkeu","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lfxkeu/i_know_the_chances_of_my_device_being_hacked_by/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"AManOfStories5904"},{"content":"Microsoft to Alert Office 365 Users About Active APT Campaigns","created_at":1612879730.0,"id":"lfw5lx","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfw5lx/microsoft_to_alert_office_365_users_about_active/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"harshsharma9619"},{"content":"IT","created_at":1612879267.0,"id":"lfw1cp","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfw1cp/it/","subreddit":"cybersecurity","title":"Is there any free or reasonably priced IT programs/courses you guys recommend for beginners?","upvotes":3,"user_id":"akMillly"},{"content":"Crack a software using OllyDbg | Reverse Engineering Tutorial","created_at":1612875516.0,"id":"lfv1ns","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfv1ns/crack_a_software_using_ollydbg_reverse/","subreddit":"cybersecurity","title":"OllyDbg is a widely used tool for reverse engineering. Reverse engineering is breaking things down to see how it works. OllyDbg can be used to find bugs in a program, troubleshoot it and run its specific parts to see how it functions. \n\n>Refer to the link below to learn more about Reverse Engineering and to see a tutorial on how to crack a software using OllyDbg. \n> \n>[https://www.youtube.com/watch?v=57n9-aYdn2o](https://www.youtube.com/watch?v=57n9-aYdn2o)","upvotes":4,"user_id":"FishermanWitty8173"},{"content":"Standards Bodies Working Groups","created_at":1612871401.0,"id":"lftw00","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lftw00/standards_bodies_working_groups/","subreddit":"cybersecurity","title":"I am trying to learn about what standards bodies exist and the working groups behind them.\n\nOWASP\n\nIEEE \n\nWho else?","upvotes":1,"user_id":"0x0b4dc0d3"},{"content":"Why is Python the language that most people recommend learning when it comes to cybersec and ethical hacking?","created_at":1612870448.0,"id":"lftlzs","n_comments":9,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lftlzs/why_is_python_the_language_that_most_people/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"Alternative-Fox6236"},{"content":"Corrupted BIOS/firmware Attack?","created_at":1612867516.0,"id":"lfsq7a","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfsq7a/corrupted_biosfirmware_attack/","subreddit":"cybersecurity","title":"How can I be sure that my computer does not have a Corrupted Bios/firmware attack? If the Bios verificationTool doesn't support this old of a model, is their any another tools or ways to check?\n\nCan you get a firmware attack from trying to boot a LiveUSB? \n\nI was trying out different ISO's from a multiboot that I made a while back and I verifyed the hashs and GPG signatures of every linux one. Except for one, Androidx84. I could only check the hash(SHA256) only(No sig). When I booted, it booted to a black screen and never loaded. The Bios Screen boots and everything looks same as When I got it and before, but it is a used PC.","upvotes":1,"user_id":"Tech_Temp00110001"},{"content":"PLEASE HELP!","created_at":1612867431.0,"id":"lfspao","n_comments":16,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfspao/please_help/","subreddit":"cybersecurity","title":"My head has been SPINNING thinking about all sorts of different schools recently. I'm a senior that lives in Tennessee and I'm about to graduate HS. I would love to go into cyber security or something related as I love computers! There is a community college near me, called Roane State, that offers a 2 year Associate of Applied Science degree in Cyber Defense. The program would give me what looks like some helpful certifications and during my second year, I can have an opportunity at an internship. \n\nAs for costs, it will cost me at least basically nothing bc of federal aid and my TN Promise. So, cost completely disregarded, would you say this program is worth it?\n\nHere is the program and all the certifications I would get: https://www.roanestate.edu/?10982-Computer-Information-Technology-Program-Cyber-Defense\n\nAny help would be GREATLY appreciated!","upvotes":2,"user_id":"ryanmasseyftw"},{"content":"2FAS App and its backup","created_at":1612857507.0,"id":"lfpka7","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfpka7/2fas_app_and_its_backup/","subreddit":"cybersecurity","title":"Are you by chance using the app? They have introduced cloud backup for iOS, and it works well as for now. But how do you compare to Authy? Any experiences?","upvotes":1,"user_id":"SaraStone844"},{"content":"I am a high school in a research class studying cyber security methods. I know I have already posted my survey here, but if those of you who have not taken it could then it would be majorly appreciated.","created_at":1612854158.0,"id":"lfoev3","n_comments":1,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/lfoev3/i_am_a_high_school_in_a_research_class_studying/","subreddit":"cybersecurity","title":"[https://forms.gle/RhfjTNZPKRfnuW62A](https://forms.gle/RhfjTNZPKRfnuW62A)","upvotes":2,"user_id":"29495757"},{"content":"https://www.theverge.com/2021/2/8/22273170/hackers-water-treatment-facility-florida-hacked-chemical-levels-changed","created_at":1612851130.0,"id":"lfnc88","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lfnc88/httpswwwthevergecom20212822273170hackerswatertreat/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"send2s"},{"content":"One guy saw my private messages on IG?!pls help","created_at":1612849994.0,"id":"lfmx58","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lfmx58/one_guy_saw_my_private_messages_on_igpls_help/","subreddit":"cybersecurity","title":"Hey guys! \n I need your help...one of my \"friends\" breached into my private messages with my girlfriend on Instagram even though I thought that I was the only one to have my password. so I'm curious how could he see all of my messages? (maybe something with my IP?) The only thing I suspect is that he sent me some links for youtube videos in the past and he just told me that some guys helped him to see all of my messages on Instagram and he said that he could even take messages from my discord so I'm confused and I'm feeling very unsecured at this point...pls help","upvotes":0,"user_id":"_Reblox_"},{"content":"Police: Hacker Breached Florida Treatment Plant to Poison the Water Supply","created_at":1612849469.0,"id":"lfmq5l","n_comments":121,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lfmq5l/police_hacker_breached_florida_treatment_plant_to/","subreddit":"cybersecurity","title":"","upvotes":495,"user_id":"andyholla84"},{"content":"Advice on how to prepare for a Cybersecurity and Information Assurance Degree Program?","created_at":1612846930.0,"id":"lflrca","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lflrca/advice_on_how_to_prepare_for_a_cybersecurity_and/","subreddit":"cybersecurity","title":"Hi, I\u2019m starting a Cybersecurity and Information Assurance Bachelor\u2019s program at Western Governors University in a couple months.\n\n*(While I have next to no experience in this field, I\u2019m not looking for stuff about how to decide if CS/IA is for me but I\u2019ll definitely read and appreciate any answers regarding that.)*\n\nWhat I am hoping to get advice on is how I should prepare to enter this study so as to not go in cold. What are some good things to read and/or be doing to start making a foundation to build off of. Or just general advice for stuff to be reading/looking at/doing before starting and during the program as supplementary work. \n\n*Or any advice that you would say is pertinent but is not covered in those questions!* \n\nI am both nervous and excited, and I want to do whatever I can to get the most out of this and do the best I can in this.","upvotes":3,"user_id":"jlansden"},{"content":"New phishing attack uses Morse code to hide malicious URLs","created_at":1612845760.0,"id":"lflb3o","n_comments":6,"percentage_upvoted":0.91,"permalink":"/r/cybersecurity/comments/lflb3o/new_phishing_attack_uses_morse_code_to_hide/","subreddit":"cybersecurity","title":"","upvotes":56,"user_id":"ryanmercer"},{"content":"Python Design Patterns with Joe McCray | Mentor Moment","created_at":1612842154.0,"id":"lfjx8b","n_comments":1,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lfjx8b/python_design_patterns_with_joe_mccray_mentor/","subreddit":"cybersecurity","title":"","upvotes":27,"user_id":"davidalbertozam"},{"content":"Threat Intelligence","created_at":1612840356.0,"id":"lfj8o3","n_comments":8,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/lfj8o3/threat_intelligence/","subreddit":"cybersecurity","title":"Hi Everyone, I have an interview coming up for a threat intelligence analyst role - what kind of technical questions can I expect to be asked? And what are some key skills you would think someone in this role should have?","upvotes":11,"user_id":"Malwarenaut"},{"content":"Fake Links","created_at":1612837176.0,"id":"lfi0uj","n_comments":1,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lfi0uj/fake_links/","subreddit":"cybersecurity","title":"How can I recognize if the link sent to me a fake link that will lead to hack my device or it will navigate me to a certain website?","upvotes":0,"user_id":"K5ZIAJ"},{"content":"Crack","created_at":1612835682.0,"id":"lfhg44","n_comments":5,"percentage_upvoted":0.22,"permalink":"/r/cybersecurity/comments/lfhg44/crack/","subreddit":"cybersecurity","title":"Guys, how to hack a laptop?, which application in kali should I use to help me hack a laptop?","upvotes":0,"user_id":"K5ZIAJ"},{"content":"Hack Chat - Live conversations features real-life Red Team and Blue Team community leaders who are transforming the industry. Tune in as host Marco Figueroa and our guests dive deeper into how cybersecurity practitioners around the globe can refine their craft.","created_at":1612835510.0,"id":"lfhdtl","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfhdtl/hack_chat_live_conversations_features_reallife/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Cyberthere"},{"content":"Password cracking","created_at":1612832428.0,"id":"lfg7ht","n_comments":4,"percentage_upvoted":0.13,"permalink":"/r/cybersecurity/comments/lfg7ht/password_cracking/","subreddit":"cybersecurity","title":"Guys, do any of you know how to crack a WiFi password without need of word lists?, like by using John?","upvotes":0,"user_id":"T-F-V-H"},{"content":"IBM offers $3M in grants to school districts fighting cyberattacks","created_at":1612831441.0,"id":"lfftqe","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lfftqe/ibm_offers_3m_in_grants_to_school_districts/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"PhilHallUSA"},{"content":"Deloitte Cybersecurity consulting VS PayPal IT risk Governance Compliance Analyst","created_at":1612830727.0,"id":"lffk3g","n_comments":16,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lffk3g/deloitte_cybersecurity_consulting_vs_paypal_it/","subreddit":"cybersecurity","title":"Hi I\u2019m a college student. I\u2019m trying to decide between working for Big4 (Deloitte PwC EY)Cybersecurity consulting VS PayPal Risk Governance Compliance job. Which job will better for my career?\n\nBig 4 offer is in San Fran and pays 40 an hour no overtime. Paypal pays around 50 dollars an hour in San Jose. At Big4, I will have to work 70-80 hours a week with bad work life balance. Paypal is better for work life balance and pay. \n\nBig 4 job will be a lot of making PP slides. But I can try out multiple projects from cyber strategy, privacy, implementation and forensics across different industries. For PayPal, I will be placing missing controls and analyzing line of defense and doing GRC work in fintech. I know Paypal is a great big tech company for software engineers, but I don\u2019t know if it\u2019s good for risk compliance jobs.\n\nWhich job do you think is better careerwise for a college student? Which offer should I take? Thank you!","upvotes":0,"user_id":"HistoricalBee6940"},{"content":"Enhance your ADFS infrastructure with a Strong Authentication solution","created_at":1612830415.0,"id":"lffg1y","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lffg1y/enhance_your_adfs_infrastructure_with_a_strong/","subreddit":"cybersecurity","title":"Any solution that provides mixed OTP and FIDO-FIDO2 authentications along with Voice Biometrics for ADFS?","upvotes":0,"user_id":"priyanka7june"},{"content":"This is how we lost control of our faces","created_at":1612820311.0,"id":"lfbydo","n_comments":0,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lfbydo/this_is_how_we_lost_control_of_our_faces/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"mgc092"},{"content":"GCIH Lab Questions","created_at":1612818660.0,"id":"lfbh1z","n_comments":6,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lfbh1z/gcih_lab_questions/","subreddit":"cybersecurity","title":"Hi,\n\nI'm about to start preparing GCIH, however I've heard that, as of today, the exam includes some questions that require using a virtual lab. From the official documentation I haven't understood how many they should be, if they will still end in multiple choices and their weigh compared to the theoretical questions.","upvotes":2,"user_id":"D00mGuy21"},{"content":"Hola VPN","created_at":1612818331.0,"id":"lfbdp0","n_comments":16,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfbdp0/hola_vpn/","subreddit":"cybersecurity","title":"Hey guys. I\u2019m freaking out a little bit here. Apologies if this is the wrong place to post but I recently read some articles about a service I had used called Hola VPN.\n\nAround four days ago I was about to reinstall it, and I did. That\u2019s when I realised it was a peer to peer service and I got freaked out. I read a few articles about how it turns your computer into an exit node, and even worse how people can use your IP and information to commit a crime, and it can be traced back to you.\n\nThis really frightened me as someone who has used Hola on and off a few times. I\u2019m currently attempting to get proof i\u2019ve had it on my PC because i\u2019m really worried I could get in trouble. I\u2019m using disc drill in order to get it. Is this a stupid idea, am i being paranoid? Please help.","upvotes":1,"user_id":"d3s3rt3agle"},{"content":"A full reverse engineering analysis of the emotet trojan","created_at":1612818091.0,"id":"lfbbb7","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfbbb7/a_full_reverse_engineering_analysis_of_the_emotet/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"01ttouch"},{"content":"Watchful eyes of Artificial Intelligence - Healthcare Data Security using AI","created_at":1612817819.0,"id":"lfb8ed","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfb8ed/watchful_eyes_of_artificial_intelligence/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"josephbellwn"},{"content":"A Pentester\u2019s Guide to WebSocket Pentesting","created_at":1612817251.0,"id":"lfb2y5","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lfb2y5/a_pentesters_guide_to_websocket_pentesting/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"ju1i3k"},{"content":"Top 5 Bug Bounty Programs to Watch in 2021","created_at":1612816197.0,"id":"lfasz0","n_comments":1,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lfasz0/top_5_bug_bounty_programs_to_watch_in_2021/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"KeyDutch"},{"content":"Virtualizing","created_at":1612815441.0,"id":"lfalzw","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lfalzw/virtualizing/","subreddit":"cybersecurity","title":"Can virtualize Kali linux or Ubuntu on a macbook m1? (I'm still learning these os/distributions, any help is appreciated).","upvotes":1,"user_id":"akMillly"},{"content":"How do banks use the feature where they ask for specific characters from your password?","created_at":1612813352.0,"id":"lfa35n","n_comments":13,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lfa35n/how_do_banks_use_the_feature_where_they_ask_for/","subreddit":"cybersecurity","title":"If you password is hashed and then sent to be authenitcated. How do they check your specific charachers?\n\nFor example a 'normal' site with requre your password, encrypt it then check the two encryptions to make sure that they match. But if you are only sending part of the password how does that work?","upvotes":1,"user_id":"BizarreAndroid"},{"content":"Abusing Google Chrome extension syncing for data exfiltration and C&C","created_at":1612812404.0,"id":"lf9v6s","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf9v6s/abusing_google_chrome_extension_syncing_for_data/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"jpc4stro"},{"content":"What important vulnerabilities have we discovered recently?","created_at":1612812148.0,"id":"lf9t3x","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf9t3x/what_important_vulnerabilities_have_we_discovered/","subreddit":"cybersecurity","title":"Looking to research further into a cyber security vulnerability and wanted to know what people on here consider an important vulnerability from the past year or two.","upvotes":1,"user_id":"smitht73"},{"content":"Automating Society Report 2020 - big brother is watching.. more and more...","created_at":1612809245.0,"id":"lf95ic","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf95ic/automating_society_report_2020_big_brother_is/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"iwhistle_net"},{"content":"Cyber security threats and measures for eCommerce companies in 2021 - Secure Triad","created_at":1612808849.0,"id":"lf92fq","n_comments":0,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/lf92fq/cyber_security_threats_and_measures_for_ecommerce/","subreddit":"cybersecurity","title":"","upvotes":11,"user_id":"chelsea_walker"},{"content":"Which is the best cyber security channel/group on Telegram?","created_at":1612807282.0,"id":"lf8ppu","n_comments":6,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lf8ppu/which_is_the_best_cyber_security_channelgroup_on/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"Aromatic_Ad6841"},{"content":"Is there a more effective way to test for which browsers vulnerable to Double X-Frame-Options Clickjacking","created_at":1612805422.0,"id":"lf8b38","n_comments":1,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lf8b38/is_there_a_more_effective_way_to_test_for_which/","subreddit":"cybersecurity","title":"Hello all,\n\nI heard that when a website response with 2 X-Frame-Options headers like below\n\n`X-Frame-Options: SAMEORIGIN`\n\n`X-Frame-Options: SAMEORIGIN`\n\nThen some browsers will combine these headers into\n\n`X-Frame-Options: SAMEORIGIN, SAMEORIGIN` \n\nthen this response is still vulnerable to ClickJacking\n\n\\-------\n\nHowever, as far as I know latest version of browsers already fix this issue. So I want to check among the below browser version, if any of them is vulnerable to this.\n\nChrome 70+, Firefox 70+, Safari 12+, Opera 64+, Edge 15+\n\n\\------- Question --------\n\nMy plan is to install some browser versions on a VM and test from here, but it is time consuming. Do you know of a better way to do this, look up browser changelog? some emulator (refer free)?...","upvotes":5,"user_id":"trieulieuf9"},{"content":"How to protect yourself on public Wi-Fi?","created_at":1612803516.0,"id":"lf7vu1","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lf7vu1/how_to_protect_yourself_on_public_wifi/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Hece"},{"content":"Cracking windows Ntlm hash but I don\u2019t have a password","created_at":1612802368.0,"id":"lf7mzx","n_comments":11,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf7mzx/cracking_windows_ntlm_hash_but_i_dont_have_a/","subreddit":"cybersecurity","title":"So pretty much I\u2019m trying to crack my own windows ntlm hashes I got after doing a password dump through metasploit with hashcat but I\u2019m having trouble because I don\u2019t have a windows password I ever enter/ed I only ever set and entered a windows pin, there are various hashes I got for administrator/my account/ others (no other users are on the system). Please help haha been stuck on this for a while now (also I\u2019ve tried my pin in hashcat and it hasn\u2019t worked either).","upvotes":1,"user_id":"Global-Industry-4085"},{"content":"SolarWinds attack: Cybersecurity experts share lessons learned","created_at":1612800668.0,"id":"lf79qs","n_comments":35,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lf79qs/solarwinds_attack_cybersecurity_experts_share/","subreddit":"cybersecurity","title":"","upvotes":322,"user_id":"Saikothasan"},{"content":"Cybersecurity Weekly Report","created_at":1612800627.0,"id":"lf79f5","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf79f5/cybersecurity_weekly_report/","subreddit":"cybersecurity","title":"What are some of the best way to give a weekly cybersecurity report for management? \n\nA report that is too short might seems that the department is not doing work while a report that is too long might seems that we have weak cybersecurity defence. What should be the best way to report if you are the CISO of the company such that we allow management enough visibility without too much technical jargon?","upvotes":3,"user_id":"Icy_Drive523"},{"content":"SOC 2 Audit Readiness Checklist","created_at":1612799469.0,"id":"lf6zp2","n_comments":1,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lf6zp2/soc_2_audit_readiness_checklist/","subreddit":"cybersecurity","title":"A [SOC 2 report](https://ip.a-lign.com/soc-2-readiness-checklist) can demonstrate to your customers that your business has elevated its information security controls to protect their valuable data from risk. That\u2019s why you need to be ready to meet the highest standards when the time comes for your SOC 2 examination.\u00a0","upvotes":2,"user_id":"sainathaddweb"},{"content":"Career change","created_at":1612798797.0,"id":"lf6ucy","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf6ucy/career_change/","subreddit":"cybersecurity","title":"Hey guys,\n\nI'm 42 and currently a network tech at a telecommunications company. I've always been interested in cybersecurity and have decided to start studying and training for certs to try to work my way towards a security job. I'm confident with the right training and education and I can do the work. What worries me is if my age will hinder me from getting hired. I know most companies are probably looking for younger talent.","upvotes":3,"user_id":"No-Calligrapher9076"},{"content":"Encryption and Decryption with OpenSSL and gpg | TryHackMe","created_at":1612797015.0,"id":"lf6g1x","n_comments":0,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lf6g1x/encryption_and_decryption_with_openssl_and_gpg/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"MotasemHa"},{"content":"Strategic Industry Reports","created_at":1612796565.0,"id":"lf6ca6","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lf6ca6/strategic_industry_reports/","subreddit":"cybersecurity","title":"I am looking for copies of 2020 or 2021 InfoSec industry reports from the following entities and the like:\n\n* Forbes\n* Juniper\n* Gartner\n* Forrester\n* Verizon Security\n\nDoes anyone have access to such reports that can/will share?","upvotes":1,"user_id":"0x0b4dc0d3"},{"content":"Old wifi router","created_at":1612796438.0,"id":"lf6b63","n_comments":3,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lf6b63/old_wifi_router/","subreddit":"cybersecurity","title":"I found an old WI-FI router while dumpster diving and I was wondering if their is anyway to modify for pen-testing.","upvotes":2,"user_id":"ferretspirit"},{"content":"Is this a scam? Or am i at risk?","created_at":1612795916.0,"id":"lf66p6","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lf66p6/is_this_a_scam_or_am_i_at_risk/","subreddit":"cybersecurity","title":"So i was on a website on my iOS phone and all of a sudden pop-ups for my device being at risk came up. When i closed my browser the messages went away so i am guessing it was a scam website trying to get me to click something, but i wanted to ask here.","upvotes":0,"user_id":"eighty-9"},{"content":"Neighbor connecting on my network through my devices","created_at":1612794474.0,"id":"lf5ul2","n_comments":27,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lf5ul2/neighbor_connecting_on_my_network_through_my/","subreddit":"cybersecurity","title":"Hey guys! I need your help regarding a problem with my network that involves my neighbor.\n\nI noticed that my next door neighbor/s (our houses were built side by side) are able to connect to my network no matter how many times I change the password. It would seem that they would wait for me to connect my devices such as my phone and laptop to my network. I would get diconnected for a few seconds then it goes back to normal like nothing happened. Whenever I turn off the internet on my devices, whatever music they are playing loudly stops and I hear them coming down the stairs furiously (every.single.time)\n\nThey do not show up in the router which led me to believe that they are spoofing my mac addresses. I confirmed this when I turned on the mac whitelist and somehow I am the one who got booted off the network. Also, since they do not show up, I can't get proof.\n\nI already did all of the basic stuff like picking a very long and complicated password as well as making sure the wps is turned off on my router and still nothing.\n\nSorry for the long post. Hope someone can help me on what to do.\n\n\nEDIT:\n\nThank you so much guys! I've tried hiding my SSID and relocated my router farthest from their direction. So far so good. I haven't been disconnected yet. I'll keep on observing just in case. I will also research everything that you guys listed here and continue to tweak and test to improve my network security.\n\nFor those who gave me detailed advice and suggestions, thank you very much for taking the time to help me with my problem. I really appreciate it. This post has been very insightful and I've learned a lot from you guys. I hope the information here could also help others.","upvotes":6,"user_id":"rookietech"},{"content":"What virus is this and how can I get rid of it?","created_at":1612791045.0,"id":"lf501k","n_comments":10,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lf501k/what_virus_is_this_and_how_can_i_get_rid_of_it/","subreddit":"cybersecurity","title":"I am studying computer science so you can use more technical instructions.\n\nI was browsing the web and I accepted some cookies, after which pictures of chinese children and n-u-d-e men started appearing on the screen and moving around, the antivirus got closed automatically and there didn't seem to be any new software installed.\n\nAfter blocking permissions from pirating sites (yeah I know pirating is illegal but I admit it) and deleting the cookies, the images stopped appearing and now everything seems to be normal.\n\nIs this behaviour known? Is my security compromised? Has a virus been installed in my computer and if so, how can I get rid of it?\n\nI'd rather not format the machine, but it is a possibility. I have all my passwords written in a text document and I've stored the documen in a 2TB HDD and deleted the file from the computer, is my HDD now compromised too?\n\n​\n\nThank you in advance.","upvotes":1,"user_id":"Noriel_Sylvire"},{"content":"Rate my career and where and what should I work on to get more gigs as a InfoSec Jobs?","created_at":1612790324.0,"id":"lf4ta1","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lf4ta1/rate_my_career_and_where_and_what_should_i_work/","subreddit":"cybersecurity","title":"Hello All, \n\nThis is my LinkedIn :[https://www.linkedin.com/in/mohamad-ghannoum/](https://www.linkedin.com/in/mohamad-ghannoum/)\n\nI want to grow in my career as an InfoSec. And I want to know what am I missing to start working on Certs / Education / Tools .. !\n\nI am familiar with the following Platforms: Vectra, Crowd Strike, Next-Gen Firewall / Routers Palo Alto, I am familiar with Policies and firewall policies. \n\nI am currently working as a security engineer and will be working to get my GSEC. \n\nI have CEH, CHFI, and Security analysis from ECCouncil. \n\nI have 5+ years in full-stack development. \n\nI would like to know your opinions about what things I might work on to get more Jobs and higher-paid positions in this domain! \n\nThank you for your time!","upvotes":2,"user_id":"Morpheus_mmg"},{"content":"A Hacker's Story: Kevin David Mitnick","created_at":1612789246.0,"id":"lf4iqo","n_comments":3,"percentage_upvoted":0.36,"permalink":"/r/cybersecurity/comments/lf4iqo/a_hackers_story_kevin_david_mitnick/","subreddit":"cybersecurity","title":"Kevin David Mitnick was once on the wrong side of the law and has hacked into many companies including Sun Microsystems and Motorola but now he is a security consultant and runs a successful security company. If you are interested to know more about Kevin, here is a video you can watch. \n\n[https://youtu.be/ayPCAXFiiHg](https://youtu.be/ayPCAXFiiHg)","upvotes":0,"user_id":"FishermanWitty8173"},{"content":"Question about Apple ID Security","created_at":1612785580.0,"id":"lf3g9j","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lf3g9j/question_about_apple_id_security/","subreddit":"cybersecurity","title":"I had signed into my Apple ID on a public display iMac computer at the Apple Store back in 2012 in order to do an in store reservation for a new iPhone (back then, if you walked into an Apple Store to buy a new iPhone, they required you to sign into your Apple ID on one of the public display computers in the store to reserve the iPhone). \n\n I remember making sure that I signed out of my Apple ID on that computer, clearing the browser cache, history and cookies, and also restarting that computer after I had signed in. Since then, I cannot recall any suspicious activity in my Apple ID account but my concern is that someone could have signed into my Apple ID and been taking my personal information from my Apple ID (such as iMessages, Photo Stream, iCloud Drive, Find my iPhone locations etc...) since then without doing anything that would cause me to become suspicious that someone is accessing my Apple ID such as changing my password or making purchases. I also did turn on two step verification sometime in 2014 and then upgraded to two factor authentication sometime in 2017 so there was a period of 2 years (from 2012 to 2014) when my account was only protected by my password only and someone could have just signed in without me knowing and taken my personal information from my Apple ID. I currently have two factor authentication enabled on my Apple ID. Since turning on two factor verification and then upgrading to two factor authentication, I have not received any messages that I can recall stating that someone is trying to sign into my account. Also, this was also the only time I have ever used a public computer to sign into my Apple ID so it was a one time thing.\n\nI have a few questions regarding the security of my Apple ID from this event that I will list below:\n\n1) I am wondering whether or not there is a chance that my Apple ID password could have been compromised due to that public display iMac in the Apple Store having a software key logger, hardware key logger, or even some other software, spyware or virus that monitors that computer? If there is a chance, would it be a low or high chance?\n\n2) Is there anything I can do to see if someone else has ever signed into my Apple ID and if so, whether or not they have taken any personal information and data such as iMessages, Photo Stream, iCloud Drive etc... from my Apple ID?\n\n3) In a case like this with everything I have mentioned above, would you recommend that I change the password for my Apple ID or is the chance of the password being compromised so low that it is not worth the hassle of changing the password and updating the password on all my Apple devices?\n\n4) Would it be possible for someone to still be accessing my Apple ID without me knowing even with two factor authentication enabled?\n\n5) Since my Apple ID was protected by only a password when I had signed into the Apple Store computer in 2012 and it was 2 years later in 2014 that two step verification was available and I started using it which I then later upgraded to two factor authentication in 2017, is it likely that someone would have accessed my Apple ID and my personal information in my Apple ID in this 2 year time period?\n\n6) Are the public display computers at the Apple Store generally pretty safe from tampering such as key loggers, malicious software etc...?\n\n7) Given everything that I have mentioned above, is my Apple ID password being compromised something that I should legitimately be worried about in a case like this where I signed into a public display iMac at an Apple Store once or am I just worrying too much?\n\nThank you so much for your help. I know this is a long post so I greatly appreciate all of your efforts to help me.","upvotes":1,"user_id":"Think-Bumblebee7077"},{"content":"Concerned after installing chrome plugin","created_at":1612781101.0,"id":"lf24k2","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lf24k2/concerned_after_installing_chrome_plugin/","subreddit":"cybersecurity","title":"I installed the chrome plugin Vidyo for an appointment, and was concerned about it being malware. I checked Event Viewer to see any events, but honestly don't know how to read it. What kind of information should I be looking for? I noticed these privelages for Special Logon: \n\n SeAssignPrimaryTokenPrivilege\n \t\t\tSeTcbPrivilege\n \t\t\tSeSecurityPrivilege\n \t\t\tSeTakeOwnershipPrivilege\n \t\t\tSeLoadDriverPrivilege\n \t\t\tSeBackupPrivilege\n \t\t\tSeRestorePrivilege\n \t\t\tSeDebugPrivilege\n \t\t\tSeAuditPrivilege\n \t\t\tSeSystemEnvironmentPrivilege\n \t\t\tSeImpersonatePrivilege\n \t\t\tSeDelegateSessionUserImpersonatePrivilege\n\nAnd also noticed a regular Logon task that says this:\n\n This event is generated when a logon session is created. It is generated on the computer that was accessed.\n The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.\n\nThe thing is I haven't restarted my computer or anything for the past several hours, and that was about 20 minutes ago.\n\n​\n\nDoes anyone have any information on this, or is there anything else I should look for?","upvotes":0,"user_id":"dnlaua"},{"content":"Barcode Scanner App on Google Play infects 10 million users with one update","created_at":1612780518.0,"id":"lf201m","n_comments":31,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lf201m/barcode_scanner_app_on_google_play_infects_10/","subreddit":"cybersecurity","title":"","upvotes":163,"user_id":"jlonso"},{"content":"this is how Apples Tracking Transparency works","created_at":1612775270.0,"id":"lf0f5p","n_comments":1,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lf0f5p/this_is_how_apples_tracking_transparency_works/","subreddit":"cybersecurity","title":"","upvotes":16,"user_id":"cimexpect"},{"content":"What qualifies as \"Computer Science or Related Degree\"?","created_at":1612768169.0,"id":"ley6rn","n_comments":3,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/ley6rn/what_qualifies_as_computer_science_or_related/","subreddit":"cybersecurity","title":"I see this on almost every Cybersecurity position. I currently hold a BS in Health Informatics. Courses involved a semester of networking, computer science, databases etc. but it's not a Computer Science degree. The degree got me into my current technical role that also listed \"Computer Science or related degree\", but I'm wondering if what's considered a related degree is dependent on the employer. \n\nIf I go after certs, do I have a chance at my application qualifying or is a masters in Comp Sci, Information Systems, or Cybersecurity something I should aim for? I've read a masters in Cyber isn't worth it unless you've been working in the field for years and have a specific need. \n\nThanks!","upvotes":9,"user_id":"CHIPPENDALESIXNINE"},{"content":"Can someone track me down from Instagram?","created_at":1612767895.0,"id":"ley3fw","n_comments":11,"percentage_upvoted":0.17,"permalink":"/r/cybersecurity/comments/ley3fw/can_someone_track_me_down_from_instagram/","subreddit":"cybersecurity","title":"On Instagram, I have a meme account with a few hundred followers. I followed a load of people and then unfollowed them because that\u2019s the strategy I use to get followers. One person I followed then unfollowed posted a violent threat on their story directed towards me because I unfollowed them. \n\nThis person only has a couple of followers. I didn\u2019t have any personal info on this meme account. Is it possible that they could track me down? I\u2019m paranoid about this.","upvotes":0,"user_id":"tthrowawayy45"},{"content":"SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.","created_at":1612764718.0,"id":"lewxe0","n_comments":2,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lewxe0/sans_instructors_have_built_more_than_150_open/","subreddit":"cybersecurity","title":"","upvotes":192,"user_id":"jpc4stro"},{"content":"Equity","created_at":1612763742.0,"id":"lewl8a","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lewl8a/equity/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"gibson_mel"},{"content":"Is 7zip encrypted archive sufficient for storing tax documents in Google Drive?","created_at":1612763477.0,"id":"lewhz4","n_comments":14,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lewhz4/is_7zip_encrypted_archive_sufficient_for_storing/","subreddit":"cybersecurity","title":"I prefer storing documents digitally in the cloud so that I don't have to worry about making backups. For storing tax documents that have my SSN, is locking them in a 7zip archive with a randomly generated long password strong security?","upvotes":1,"user_id":"Eldereon"},{"content":"Interview with a LockBit ransomware operator","created_at":1612760089.0,"id":"levazi","n_comments":2,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/levazi/interview_with_a_lockbit_ransomware_operator/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"Mac_Hertz"},{"content":"Cyber chief Chris Krebs: \u2018You find out who your friends are\u2019 The tech security expert on being fired by Trump \u2014 and why we are struggling to keep up with the hackers","created_at":1612759990.0,"id":"lev9sw","n_comments":2,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lev9sw/cyber_chief_chris_krebs_you_find_out_who_your/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"coolbern"},{"content":"Australian Legal Privacy Breach January 2021: Allens victim of high-profile cyber attack. Client data was compromised after a file-sharing system designed by California-based cloud company Accellion was accessed illegally earlier this month","created_at":1612758879.0,"id":"leuw2f","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/leuw2f/australian_legal_privacy_breach_january_2021/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"kirbyIDau"},{"content":"Does anyone know what a .fun url means???","created_at":1612756247.0,"id":"letynx","n_comments":3,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/letynx/does_anyone_know_what_a_fun_url_means/","subreddit":"cybersecurity","title":"I've been getting web connections from the following website:\n\n[https://dicancele.fun/](https://dicancele.fun/)\n\n[https://aexperiod.fun/](https://aexperiod.fun/)\n\nThis is a connection I have not seen before and was wondering if anyone else has seen a similar thing","upvotes":0,"user_id":"x_Benji_x"},{"content":"A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets","created_at":1612754446.0,"id":"letbs4","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/letbs4/a_spyware_vendor_seemingly_made_a_fake_whatsapp/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"Snardley"},{"content":"Debilitating the Host OS with Whonix","created_at":1612753392.0,"id":"lesy65","n_comments":5,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lesy65/debilitating_the_host_os_with_whonix/","subreddit":"cybersecurity","title":"I need to utilize Whonix for research and I will go to the cafe everytime I need to use Whonix. My worry is that when I go to the cafe and connect my PC my MAC address and \"Ubuntu\" will match my home WiFi data making my TOR use recognizable and that I am going to the internet cafe to shroud it. I would prefer not to change my Host OS' MAC address everytime I connect. Is there an approach to disable my Host OS and use Whonix exclusively? So it would appear as though the solitary association being made is Whonix and not my Host OS as well? I would prefer not to run a VPN on my Host OS and I need it arrangement so the Host OS doesn't actually associate with the WiFi by any means ever. I intend to utilize VirtualBox on Ubuntu yet on the off chance that there is more secure virtualization programming for Ubuntu kindly advise me. Qubes is not possible on my equipment. TAILS isn't feasible for me to utilize on the grounds that I need to download programs to speak with different activists. Whonix is the lone possibility. I'm dealing with certain touchy stories and my threat model is quite high. Using TOR in my country can result in jailing.","upvotes":2,"user_id":"hamiltonetar"},{"content":"My Android phones keep getting hacked. Now I want to learn how to defend myself.","created_at":1612752874.0,"id":"lesrf7","n_comments":14,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lesrf7/my_android_phones_keep_getting_hacked_now_i_want/","subreddit":"cybersecurity","title":"What are some resources you'd recommend for someone who wants to learn about Android security? Where should I start? My phones have been hacked multiple times. I use a VPN, run Malwarebytes, try not to download random apps, etc. Now I want to know how to dig into the guts of the phone. Write and tweak code. Use hacking-related software. Understand how sophisticated attacks against smartphones work so that I can defend myself. I'm beginning to get familiar with Unix-based operating systems in my free time. Any suggestions for a noob who wants to dive deep into the Android security rabbithole?","upvotes":0,"user_id":"magicfeistybitcoin"},{"content":"My Affair With ISIS: Death Threats, De-Anonymization, and Phishing Links","created_at":1612752528.0,"id":"lesn1t","n_comments":3,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/lesn1t/my_affair_with_isis_death_threats_deanonymization/","subreddit":"cybersecurity","title":"","upvotes":41,"user_id":"Claude_Pope5645"},{"content":"Relaying 101 - everything NTLM relay","created_at":1612752424.0,"id":"leslqy","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/leslqy/relaying_101_everything_ntlm_relay/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"The-Luemmel"},{"content":"Malware Detection using Fuzzy Yara Rules","created_at":1612752223.0,"id":"lesj4d","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lesj4d/malware_detection_using_fuzzy_yara_rules/","subreddit":"cybersecurity","title":"I am currently doing a dissertation/project and below is the description of the project\n\nYara rules are one of the most popular and widely used methods for malware detection. Yara rules basically describe patterns that identify particular strains or entire families of malware. Its success or failure is dependent on the quality of rules employed for malware triaging. Yara rules define everything in binary logic, either true or false, which may lead to inaccuracy in malware detection. Fuzzy inference systems use fuzzy rules to reason, where fuzzy rules extend the traditional binary logic to infinite valued logic, which therefore can be used to address the drawbacks of Yara rules. This project aims to develop a prototype fuzzy Yara rule system for malware detection using publicly available datasets. (python)\n\nWhat i did so far is creating a web application built using django to detect malicious URL(s) which include phishing/social engineering/malware infected URL(s) as I have only done the web user interface only and for the database I planned to get from github but not using VirusTotal API or should I just use their API? I am really lost right now :(\n\nAnyone could just guide me just the brief of what to do will be good enough as the implementation is the hardest for me","upvotes":3,"user_id":"AlcoholSwab__"},{"content":"Cyber Skyline TalentScreen Tips?","created_at":1612749950.0,"id":"lerple","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lerple/cyber_skyline_talentscreen_tips/","subreddit":"cybersecurity","title":"Hey all,\n\nI'm applying with an employer that uses Cyber Skyline to vet candidates. I've got a few SANS certs completed and a lot of general knowledge on toolsets, security principles, etc, but I want to start on the right foot. All they say in the invite email is to have something like Kali ready to go. Does anyone have any pointers on things to review/practice before starting the screen? It's only a couple hours once I start it.","upvotes":2,"user_id":"neodymiumphish"},{"content":"Immersive Labs","created_at":1612749432.0,"id":"lerin4","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lerin4/immersive_labs/","subreddit":"cybersecurity","title":"Hi guys! So I have a .edu account with Immersive Labs and I am really digging the intro lab I am doing right now. Does anyone know if I get full access to the other labs? Thanks!","upvotes":1,"user_id":"DaddyDayCare404"},{"content":"virus from a website I didn't visit ?","created_at":1612747777.0,"id":"leqye5","n_comments":2,"percentage_upvoted":0.38,"permalink":"/r/cybersecurity/comments/leqye5/virus_from_a_website_i_didnt_visit/","subreddit":"cybersecurity","title":"Hey,\n\n​\n\nThis morning I got a trojan during naviguation on a secure website (history website that I often visit without issue). \n\n​\n\nI didn't had unknown website currently open at this specific moment. This is disturbing because kaspersky told me it was a high level threat trojan.\n\n​\n\nHere what I got :\n\nType :\tCheval de Troie\n\nNom :\tHEUR:Trojan-Downloader.Script.SLoad.gen\n\nExactitude :\tAnalyse heuristique\n\nNiveau de menace :\t\u00c9lev\u00e9\n\nType d'objet :\tFichier\n\nNom de l'objet :\tFirefox.js\n\nChemin de l'objet :\t[https://rock.core-thought.com/topic/category.php?a=250&p=201d6efb6832bc254f7a2d852081d4cf&s=604658//data0000//](https://rock.core-thought.com/topic/category.php?a=250&p=201d6efb6832bc254f7a2d852081d4cf&s=604658//data0000//)\n\nMD5 : (not sure if I can share)\n\nRaison :\tMachine learning","upvotes":0,"user_id":"Dystopia-3D"},{"content":"Signal ignores proxy censorship vulnerability, bans researchers","created_at":1612741918.0,"id":"leoz5m","n_comments":20,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/leoz5m/signal_ignores_proxy_censorship_vulnerability/","subreddit":"cybersecurity","title":"","upvotes":286,"user_id":"zr0_day"},{"content":"Strengthening Zero-Trust Architecture","created_at":1612736855.0,"id":"lenfwl","n_comments":1,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/lenfwl/strengthening_zerotrust_architecture/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"WalkureARCH"},{"content":"Harden your Network against Network Intrusions using Suricata","created_at":1612732883.0,"id":"lembty","n_comments":4,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/lembty/harden_your_network_against_network_intrusions/","subreddit":"cybersecurity","title":"","upvotes":19,"user_id":"creativeboy7"},{"content":"Eletrobras, Copel energy companies hit by ransomware attacks","created_at":1612729769.0,"id":"lellap","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lellap/eletrobras_copel_energy_companies_hit_by/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"ccamp612"},{"content":"Security measures","created_at":1612723275.0,"id":"lek75g","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lek75g/security_measures/","subreddit":"cybersecurity","title":"Hey, guys so recently I got malware on my pc due to having nox gaming emulator but since then I have gotten a new hard drive and fresh install of windows and I have put some means in place to detect any future malicious applications on my pc, I am a person who regularly downloads sketchy software off the net so I put this 3 software in place to help me from getting a virus I wanted to know if you guys could tell me if they are good.\n\n1. Bitdefender Home Edition\n2. Glasswire\n3. Malwarebytes\n\nAny feedback and recommendations would be appreciated thanks.","upvotes":0,"user_id":"wetkebab_"},{"content":"What\u2019s a good laptop for a student?","created_at":1612722039.0,"id":"lejyet","n_comments":17,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lejyet/whats_a_good_laptop_for_a_student/","subreddit":"cybersecurity","title":"So I\u2019ve started my first module and have recently sold my pc, leaving me without one. I chose to sell the pc so that I can get the portability of a laptop while studying. \n\nAt this moment in time, I\u2019m just confused about what to go for. I\u2019ve got my eye on the 2020 MacBook Air or a HP Envy x360 15\u201d, although I\u2019ve heard the latter has horrible build quality. I am sort of leaning towards the MacBook because I get a student discount via the university too.\n\nWhat laptops would be recommended for a student that will last the course of my degree, while being relatively affordable. \n\nMy budget is ~\u00a3800 but my absolute max is \u00a31000.","upvotes":0,"user_id":"iamjeli"},{"content":"Where to start with Intrusion Detection on the cheap for very small networks?","created_at":1612721987.0,"id":"lejy1m","n_comments":27,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/lejy1m/where_to_start_with_intrusion_detection_on_the/","subreddit":"cybersecurity","title":"Small entities are also in need of IDS, where to start?\n\nAre there any switch-on-minimal-config-and-it-works options out there? Something cheap/free and easy to maintain?\n\nThink about SOHO, small shops and organizations with only a couple of users. They too have sensitive information on their network, in storage and in transit. They too use all kind of devices on their network including IoT stuff such as thermostats, camera's, remotes and VPN's and whatever else. Generally they are not IT literate enough to understand all that gibberish and don't have much resources (read: knowledge/time/money) to spend in that kind of protection. But as they read the newspapers about the many hacks and malware proliferating they become increasingly aware and conscious that malicious people out there what a to take a bite.\n\nA FW, virus and malware scanner is not enough anymore.","upvotes":13,"user_id":"OnTheChooChoo"},{"content":"The Great Suspender Chrome extension used by millions was malware","created_at":1612721558.0,"id":"lejv0i","n_comments":2,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lejv0i/the_great_suspender_chrome_extension_used_by/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"GeneloJ"},{"content":"Demo: Abusing Favicons for fingerprinting","created_at":1612717595.0,"id":"lej37d","n_comments":0,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/lej37d/demo_abusing_favicons_for_fingerprinting/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"hnikret"},{"content":"A Second SolarWinds Hack Deepens Third-Party Software Fears","created_at":1612716470.0,"id":"leiv43","n_comments":6,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/leiv43/a_second_solarwinds_hack_deepens_thirdparty/","subreddit":"cybersecurity","title":"","upvotes":214,"user_id":"meatlicious"},{"content":"Insider Threat Study - See below details","created_at":1612638484.0,"id":"ldvp3d","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ldvp3d/insider_threat_study_see_below_details/","subreddit":"cybersecurity","title":"\\*\\*SEEKING PARTICIPANTS \nYou can access the survey here: [https://lnkd.in/gbfASE8](https://l.facebook.com/l.php?u=https%3A%2F%2Flnkd.in%2FgbfASE8%3Ffbclid%3DIwAR2rMMqCuVr_vawQUWiJ_ALuQUVH-HlcgJSsko4Q1t9-BbWFv8On-UhopMU&h=AT2b-6bP_Rkxt94CobMgLENfdVLj-NgnDggGImFz7TMph6oO9k0GZwhQHdbQD_Ejzp6AUOiWBauew9m6u7FJ27UK1DK3WULil84CcFwJOZrQErXLfIO2cbVAQMSuv9anh7W-&__tn__=-UK-y-R&c[0]=AT0HxiOnAOh4Ak4iY7RR63ZKq_zWtyKdstQ8otEGnvV-6bGwPrUQ6zRVaaVlpiM1fwsSOlQZBBzOigXbpYE8NpRlmY2G6IG7tqTGrA5xL52ds30pkbWNpJdkPpBBDt2RX_akIuvEw9g3rdmUEiFz1Gx1TD9knz8D6d4oN0w2_7zJ0v09jC4h8p78HqRlGpknid3XgS8)\n\nDeakin University researcher\u2019s Ms Tayla Ewens (Student Researcher), Dr Loch Forsyth (Principal Researcher) and Dr Jeromy Anglim (Associate Researcher) invite you to take part in a project being conducted as part of the Masters of Psychology (Organisational) degree. This study has received Deakin University ethics approval (HEAG-H 214 2020).\n\nParticipation is voluntary and any information you provide is treated as confidential and private. Participation involves completing an online survey estimated to take approximately 20 minutes to complete.\n\nWhen opening the survey, you will be provided with further information about the research project, including information on how to contact the Principal Researcher should you have any queries or concerns.","upvotes":1,"user_id":"tlouise13"},{"content":"WhatsApp verification code hack","created_at":1612710627.0,"id":"leho0i","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/leho0i/whatsapp_verification_code_hack/","subreddit":"cybersecurity","title":" Yesterday one of my close friends fell victim to the scam where she sent a verification code to someone purporting to be a friend. My friend contacted a mutual friend via Messenger to say not to fall for the same trap. Thankfully I set up the two-step verification code at that point. I never received a message asking for a verification code but I did reply to one of her messages. Next thing I know I was logged out of my account with messages saying that I had requested my verification code.\n\nThere was a flurry of SMS messages and phone calls; only one from 'WhatsApp' and others from all sorts of own numbers with generated codes. At that point, I wasn't too sure what was going on and I'm pretty sure I put at least one of these fake codes into my WhatsApp when asking for the verification code. Is that likely to have done anything? I'm thinking of phone cloning.\n\nI'm still locked out of my WhatsApp and every time the timer resets and I try to put in what looks like the valid code it tells me that I have recently requested a code and that it won't work again and it resets the timer. I also keep getting emails with instructions to turn off the two-step verification. As far as I know this means that they are still trying to get into my WhatsApp but have been unable to. However, this means that I can't get into WhatsApp either.\n\nUnfortunately there is no WhatsApp live chat or anything like that. I sent them an email but from previous experience, they can take over 48 hours to reply (shocking).\n\n**Does anyone have any idea what I should do? Will I need to delete the account?**\n\n[https://www.forbes.com/sites/zakdoffman/2020/01/25/whatsapp-users-beware-this-stupidly-simple-new-hack-puts-you-at-riskheres-what-you-do/?sh=418c37ef1d76](https://www.forbes.com/sites/zakdoffman/2020/01/25/whatsapp-users-beware-this-stupidly-simple-new-hack-puts-you-at-riskheres-what-you-do/?sh=418c37ef1d76)","upvotes":0,"user_id":"vvardle"},{"content":"Can I use XMLHttpRequest and this chrome extension to fix the problem that can't execute the code in the secondary window with a different domain through the console of the first window in javascript?","created_at":1612697924.0,"id":"leeh2t","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/leeh2t/can_i_use_xmlhttprequest_and_this_chrome/","subreddit":"cybersecurity","title":" [https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf](https://chrome.google.com/webstore/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf)\n\nI wanna open Spotify in another tab, and click the target artist, that's it.\n\n let elements;\n let element_text;\n let artistname = 'Hans Zimmer';\n let spotify_window = window.open('https://open.spotify.com/search/Hans%20Zimmer');\n \n //I thought it's becaue the window hadn't loaded, but it didn't work\n setTimeout(function () {\n }, 5000);\n \n elements = spotify_window.document.querySelectorAll('._45331a50e3963ecc26575a06f1fd5292-scss._3957b7dd066dbbba6a311b40a427c59f-scss:not(.good-one)');\n alert(elements[0]);\n //always undefine which is wrong\n \n for (let element of elements) {\n element_text = element.innerText;\n if (element_text == artistname) {\n element.click();\n break;\n }\n \n }\n\n Also, if I execute the following code in that tab's console, it worked \n\n let elements;\n let element_text;\n let artistname = 'Hans Zimmer';\n \n elements = document.querySelectorAll('._45331a50e3963ecc26575a06f1fd5292-scss._3957b7dd066dbbba6a311b40a427c59f-scss:not(.good-one)');\n alert(elements[0]);\n //always undefine which is wrong\n \n for (let element of elements) {\n element_text = element.innerText;\n if (element_text == artistname) {\n element.click();\n break;\n }\n \n }\n\nsee:\n\n[https://ibb.co/PGn9cG4](https://ibb.co/PGn9cG4)\n\nthen it clicked and jumped to the page\n\n[https://ibb.co/n6CPmvy](https://ibb.co/n6CPmvy)","upvotes":2,"user_id":"hwpcspr"},{"content":"Someone took a pic of me on Omegle","created_at":1612697516.0,"id":"leecvu","n_comments":10,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/leecvu/someone_took_a_pic_of_me_on_omegle/","subreddit":"cybersecurity","title":"I was on Omegle earlier and someone took a pic of me. Idk if I should be worried or not but I am a little scared. Should I be worried and if so what should I do? Also, some girl put my IP in the chat and I looked and it was correct she didn't put anything else. Should I be scared?","upvotes":0,"user_id":"Front_Beautiful7053"},{"content":"ThreatStack Brings Security Observability to AWS EC2","created_at":1612694899.0,"id":"ledkx9","n_comments":0,"percentage_upvoted":0.66,"permalink":"/r/cybersecurity/comments/ledkx9/threatstack_brings_security_observability_to_aws/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"TheMildEngineer"},{"content":"Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites","created_at":1612694844.0,"id":"ledke7","n_comments":1,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/ledke7/unpatched_wordpress_plugin_codeinjection_bug/","subreddit":"cybersecurity","title":"","upvotes":10,"user_id":"TheMildEngineer"},{"content":"resources of web security for beginners","created_at":1612693221.0,"id":"led2at","n_comments":2,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/led2at/resources_of_web_security_for_beginners/","subreddit":"cybersecurity","title":"what are the best resource to study web security as beginners","upvotes":8,"user_id":"tech_12345"},{"content":"Password Dumps on Dark Web","created_at":1612689061.0,"id":"lebrjq","n_comments":3,"percentage_upvoted":0.29,"permalink":"/r/cybersecurity/comments/lebrjq/password_dumps_on_dark_web/","subreddit":"cybersecurity","title":"Hey guys.. I would like to know if there is a Darkweb location that where I could find password dumps from a particular site.. thoughts?","upvotes":0,"user_id":"Commercial_Ad_84"},{"content":"Just getting into it","created_at":1612686938.0,"id":"leb218","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/leb218/just_getting_into_it/","subreddit":"cybersecurity","title":"Hey guys I'm just looking into learning cybersecurity and coding. I'm completely new to this, so I was wondering does it matter what OS I use (Mac vs Windows)? Also is there any programs, books, courses you would? Any tips and info is much appreciated. Thank you.","upvotes":6,"user_id":"akMillly"},{"content":"I wanted to start learning Cyber security post Mechanical Engineering degree but it seems there's a lot of regrets here?","created_at":1612686158.0,"id":"leasss","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/leasss/i_wanted_to_start_learning_cyber_security_post/","subreddit":"cybersecurity","title":"When I say regrets here I mean the topic ''can't find a job with my cyber security degree'' comes up a lot and I've been here only for a few minutes.\n\nI can't find a position as a mechanical engineer graduate. I really just wanted to expand my skill set and thought Cybersecurity was pretty cool but I guess if I can only half ass it then no point huh.","upvotes":1,"user_id":"DM_If_Feeling_Sad"},{"content":"Turn to RSS Feeds to Regain Control of the World Wide Web","created_at":1612685534.0,"id":"lealss","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lealss/turn_to_rss_feeds_to_regain_control_of_the_world/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"mgc092"},{"content":"Password Managers vs Security","created_at":1612683205.0,"id":"le9u2m","n_comments":29,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/le9u2m/password_managers_vs_security/","subreddit":"cybersecurity","title":"did i hear that one of the password managers was shipping information back to the mothership that it shouldn't lately? that seems like a basic problem with them which is: what is under the hood in their code? at least if it's implemented as an extension you'd have the javascript to look at (even if you needed to decompile it after they minimize it). this isa big problem with third parties having access to your passwords is that they might not have your interest in mind.\n\ni continue to believe that sites generating their own keypairs on the client and only ever sending the public key to the server is far more secure for logins. in that case it is the site itself that has access rather than a third party who doesn't necessarily have your interests in mind. see for an explanation and code:\n\n[https://out.mtcc.com/hoba-bis/](https://out.mtcc.com/hoba-bis/)","upvotes":0,"user_id":"emasculine"},{"content":"Is it really impossible to get a job in cybersecurity?","created_at":1612683082.0,"id":"le9sp1","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le9sp1/is_it_really_impossible_to_get_a_job_in/","subreddit":"cybersecurity","title":"I'm working on my CompTIA trio now, was wondering what the point of it all is if I cannot find a job. I'm really passionate about this field and wanting to get out of my current job (warehouse management). Not quite sure if it would be better to focus on becoming a fullstack dev etc. \n\n​\n\nFor reference I have no issue working helpdesk for a year or so, have no prior IT related experience but was planning on working up my skills/certs before applying to anything. Thanks","upvotes":6,"user_id":"LONGANDPOINTLESSNAME"},{"content":"User profile isolation on Windows 10","created_at":1612681748.0,"id":"le9cwi","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le9cwi/user_profile_isolation_on_windows_10/","subreddit":"cybersecurity","title":"How much user profile isolation is possible on Windows 10?\n\n I'm mainly wondering, if there are multiple users on one computer and one of them is very reckless and gets malware or a virus, would limited windows permissions for that user and user profile isolation be enough to stop other Windows users in the same PC from being affected? What can I do to make users as isolated as possible besides removing admin privileges from them?","upvotes":1,"user_id":"Genorel"},{"content":"Opensource DLP solution for homelab and practice","created_at":1612680512.0,"id":"le8xhi","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le8xhi/opensource_dlp_solution_for_homelab_and_practice/","subreddit":"cybersecurity","title":"Hello All,\n\nI am looking for a free or open source DLP solution for homelab and practice. I need this to demonstrate during a presentation. Any feedback on possible options would be greatly appreciated.","upvotes":1,"user_id":"uskwarrior"},{"content":"Computer sabotage for total control of devices","created_at":1612680360.0,"id":"le8voq","n_comments":1,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/le8voq/computer_sabotage_for_total_control_of_devices/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"cbuth"},{"content":"For those of you who are worried about getting into cyber security right after college with no experience...","created_at":1612676631.0,"id":"le7m3l","n_comments":32,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/le7m3l/for_those_of_you_who_are_worried_about_getting/","subreddit":"cybersecurity","title":"It is possible!!!!!\n\nI'm sure many of you trying to get into the field have seen this comment a billion times \"entry level cyber security is not entry level IT\" or \"even with a degree you are going to have to start at help desk\". \n\nI'm in my senior year and after seeing stuff like that I got super down. I was like what's the point of school if I can't even get in the field I spent 4 years studying for. I was ready to just accept that even though I love and breath cyber security that it would not be in my future for some time and that help desk was the direction I needed to go. Even though I was down I still applied to every SOC analyst job I could fine. \n\nI knew there was no hope going for security engineer or incident response but I thought maybe I can still get into a SOC analyst position. Well today I just got a job offer for one! \n\nI guess I just wanted to let others who are in the same situation as me know that it is possible!! So don't feel discouraged to apply you never know who might take you on!","upvotes":109,"user_id":"charzilla139"},{"content":"The Great Suspender Chrome extension used by millions was malware","created_at":1612674054.0,"id":"le6q5c","n_comments":8,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le6q5c/the_great_suspender_chrome_extension_used_by/","subreddit":"cybersecurity","title":"","upvotes":52,"user_id":"jpc4stro"},{"content":"Is Grc.com shieldsup safe to use?","created_at":1612671878.0,"id":"le5ywu","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le5ywu/is_grccom_shieldsup_safe_to_use/","subreddit":"cybersecurity","title":"The website looks kinda dated. Is the site actually safe to use.","upvotes":6,"user_id":"Happybutsadpenguin"},{"content":"Vendor that hosts HIPAA suggesting this...","created_at":1612668901.0,"id":"le4xch","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le4xch/vendor_that_hosts_hipaa_suggesting_this/","subreddit":"cybersecurity","title":"So, question. This seems incredibly stupid & insecure of a thing for someone to suggest. They hold HIPAA information for clients on their website. Could anyone tell me why this isn't ridiculous? Am I missing something?\n\nThe Protected View in office alone seems like it would open up an all new attack vector from Internet, Untrusted Locations, and Outlook files.\n\nFYI: I didn't implement this option for my client, I simply added the Domain Name to the Site-To-Zone Trusted Sites list as it does the same thing but just for that specific site...\n\n​\n\n​\n\n# Rubex \u2013 How do I turn off \"Protected View\" in the Office suite products/Sandbox Mode in Adobe? [Follow](https://efilecabinethelp.zendesk.com/hc/en-us/articles/360038290291-Rubex-How-do-I-turn-off-Protected-View-in-the-Office-suite-products-Sandbox-Mode-in-Adobe-/subscription.html)\n\n\ud83d\udcf7 [Curtis Nash](https://efilecabinethelp.zendesk.com/hc/en-us/profiles/390986742832-Curtis-Nash)\n\n* 10 months ago\n* Updated\n\nIn an effort to resolve issues with a failure to save changes when checking out a document that comes from Office, or is a PDF, the following steps may be performed:\n\n**Turn off \"Protected View\" in Office** \n1. Open an Office program (Excel, Word, etc.) and go to File, select Options.\n\n2. Select Trust Center, then select Trust Center Settings.\n\n3. Select the Protected View tab, then uncheck every box that displays, and select OK to apply the changes, then restart Office.\n\n**Turn off \"Sandbox Mode\" in Adobe** \n1. Open Adobe, select Edit, then select Preferences.\n\n2. Under the Security (Enhanced) tab, make sure that \"Enable protected mode at startup\", found under Sandbox Protections section, is unchecked.\n\n3. Uncheck \"Enable Enhanced Security\" under the Enhanced Security section, then select OK to apply the changes and restart the PDF program.\n\n* [Facebook](https://www.facebook.com/share.php?title=Rubex+%E2%80%93+How+do+I+turn+off+%22Protected+View%22+in+the+Office+suite+products%2FSandbox+Mode+in+Adobe%3F&u=https%3A%2F%2Fefilecabinethelp.zendesk.com%2Fhc%2Fen-us%2Farticles%2F360038290291-Rubex-How-do-I-turn-off-Protected-View-in-the-Office-suite-products-Sandbox-Mode-in-Adobe-)\n* [Twitter](https://twitter.com/share?lang=en&text=Rubex+%E2%80%93+How+do+I+turn+off+%26quot%3BProtected+View%26quot%3B+in+the+Office+suite+products%2FSandbox+Mode+in+Adobe%3F&url=https%3A%2F%2Fefilecabinethelp.zendesk.com%2Fhc%2Fen-us%2Farticles%2F360038290291-Rubex-How-do-I-turn-off-Protected-View-in-the-Office-suite-products-Sandbox-Mode-in-Adobe-)\n* [LinkedIn](https://www.linkedin.com/shareArticle?mini=true&source=eFileCabinet&title=Rubex+%E2%80%93+How+do+I+turn+off+%22Protected+View%22+in+the+Office+suite+products%2FSandbox+Mode+in+Adobe%3F&url=https%3A%2F%2Fefilecabinethelp.zendesk.com%2Fhc%2Fen-us%2Farticles%2F360038290291-Rubex-How-do-I-turn-off-Protected-View-in-the-Office-suite-products-Sandbox-Mode-in-Adobe-)","upvotes":2,"user_id":"AlphaWolf13MS"},{"content":"Hi guys does anyone recommend good iso 27001 lead auditor courses","created_at":1612665084.0,"id":"le3k86","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le3k86/hi_guys_does_anyone_recommend_good_iso_27001_lead/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"areemsa"},{"content":"Security comparison of various router operating systems","created_at":1612664838.0,"id":"le3h7e","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le3h7e/security_comparison_of_various_router_operating/","subreddit":"cybersecurity","title":"The following (desktop or embedded) operating systems can be used to operate a router (routing, firewalling, VPN, DNS): \n\n* pfsense and OpenWRT are among open source embedded operating systems. \n\n* Companies have their own proprietary closed source operating systems such as EdgeOS, RouterOS, etc. \n\n* There is also desktop operating systems Linux and windows, with much larger footprint.\n\nPurely from the security perspective, what\u2019s the best router operating system? The hardware could be embedded or a thin client.\n\nThere are differences in terms of design focus, OS update frequency, open sourceness, insecure features etc among these options. Debian for instance is heavily reviewed. On the other hand it doesn\u2019t not specialize in networking.","upvotes":1,"user_id":"chaplin2"},{"content":"First time I've seen this... a malware attachement in HTML that used MORSE CODE to bypass mailfilters","created_at":1612662754.0,"id":"le2q3v","n_comments":5,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/le2q3v/first_time_ive_seen_this_a_malware_attachement_in/","subreddit":"cybersecurity","title":"","upvotes":36,"user_id":"speckz"},{"content":"Help, local network server running background for years","created_at":1612660710.0,"id":"le203i","n_comments":7,"percentage_upvoted":0.72,"permalink":"/r/cybersecurity/comments/le203i/help_local_network_server_running_background_for/","subreddit":"cybersecurity","title":"Help, I have been owned, have a sketchy unwanted server running in the local network\n\nAlmost lost my crypto wallet, was able to save it, and then realized my entire local network is compromised, different admins and weird hard drive mounted disks, Mac big sur and high Sierra, used little snitch to sniff out and later rules were applied to block domains coming from routers manufacturers security services, was able to unmount disk server using some terminal commands but lacking enough experience to do a sweep, please guide me in direction to gain privacy back and secure network","upvotes":3,"user_id":"PalpitationCapital79"},{"content":"Have I been hacked? An unknown username is auto-populating for several websites on my iPhone","created_at":1612660386.0,"id":"le1wbm","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/le1wbm/have_i_been_hacked_an_unknown_username_is/","subreddit":"cybersecurity","title":"A random username is auto-populating on [Petco.com](https://petco.com/) (includes a first and last name followed by several numbers). I then checked the [target.com](https://target.com/) login page and a different username is auto-populated as well. I have had credit card info saved on these sites in the past. Unfortunately, I cannot currently remember my own username/email used since I have a few. I also have a couple credit cards so not certain which one was saved, but nothing seems unusual on my statements at the moment.\n\nOf note, I had an iPhone stolen a couple months ago when I forgot it in an Uber. It did have a password, but small chance it could have been guessed. Could this be related?\n\nI'm wondering if I should call my debit/credit card companies and have new cards sent out, or if I'm over-reacting ...","upvotes":0,"user_id":"hlj20"},{"content":"School lab has people run Open-audIT in a VM that provides no information?","created_at":1612659769.0,"id":"le1oc3","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/le1oc3/school_lab_has_people_run_openaudit_in_a_vm_that/","subreddit":"cybersecurity","title":"I'm doing a lab assignment for school that wants me essentially to create a discovery and view features in Open-audIT, but all that I'm seeing for results is unidentified workstations and a couple switches. This is supposedly to learn about controls that can be monitored and applying features from Open-audIT to make that possible? But if I'm seeing no information populate, how can I do that? I asked the prof and he told me \"that's expected because it's a VM, so there's not much information in there to begin with\".","upvotes":2,"user_id":"bassbeater"},{"content":"New Evasive Techniques Used by GitHub Spawned CinaRAT/QuasarRAT","created_at":1612657959.0,"id":"le116l","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/le116l/new_evasive_techniques_used_by_github_spawned/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"kyle4beantown"},{"content":"FREE TRAINING month of February - Cybrary select premium courses (see below)","created_at":1612657032.0,"id":"le0pt9","n_comments":56,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/le0pt9/free_training_month_of_february_cybrary_select/","subreddit":"cybersecurity","title":"**Cybrary** is making some of their most popular premium courses available\u00a0for **free\u00a0all month long**! **Through February 28th**, accelerate your professional development growth with any (or all!) of the following **nine courses**:\n\n* [CISSP](https://go.cybrary.it/n0Ba0Ri03kDV0IS0Y700Y62)\n* [CCSP](https://go.cybrary.it/c0203kaB0VDS07YIj0YS600)\n* [CISO](https://go.cybrary.it/a0300V07kB0Y00kITSD62aY)\n* [Insider Threats](https://go.cybrary.it/JS3VBk0U7I0Dl6Y0Ya00020)\n* [Cloud Architecture Foundations](https://go.cybrary.it/z0kY3YV0002SDV67Bam0I00)\n* [Zero Trust Networks](https://go.cybrary.it/A60n02BS30DY7ak00V0W0YI)\n* [Identity Access Management in AWS](https://go.cybrary.it/v02Y0D6X0YVIBao7S03k000)\n* [AWS Certified Cloud Practitioner](https://go.cybrary.it/uYD000YS2V0Y0p036akBI70)\n* [Advanced Malware Analysis: Redux](https://go.cybrary.it/hVa7Z2S00B000kY6D030IqY)\n\n Woo-hoo -- hard to go wrong with free training!!! Enjoy!!!\n\n(Login to Cybrary, click on link above, you should see \"Enroll\" button, then you can watch all of the videos)","upvotes":515,"user_id":"L1SABEE"},{"content":"What do you think \ud83e\udd14 It's gonna be B2B?","created_at":1612656818.0,"id":"le0n8e","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/le0n8e/what_do_you_think_its_gonna_be_b2b/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"DrellyRios"},{"content":"Why it\u2019s important to not have repeating passwords","created_at":1612654478.0,"id":"ldzv7u","n_comments":1,"percentage_upvoted":0.56,"permalink":"/r/cybersecurity/comments/ldzv7u/why_its_important_to_not_have_repeating_passwords/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"MikeA01730"},{"content":"FREE - Linux Command Line Help Book","created_at":1612650453.0,"id":"ldymhw","n_comments":2,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/ldymhw/free_linux_command_line_help_book/","subreddit":"cybersecurity","title":"UK Link - [https://www.amazon.co.uk/Linux-Command-Line-Helpful-Books-ebook/dp/B08MDS4FB9/ref=sr\\_1\\_1?dchild=1&keywords=Linux+Command+Line+Help+Book&qid=1612621499&sr=8-1](https://www.amazon.co.uk/Linux-Command-Line-Helpful-Books-ebook/dp/B08MDS4FB9/ref=sr_1_1?dchild=1&keywords=Linux+Command+Line+Help+Book&qid=1612621499&sr=8-1)\n\nFor any other Amazon Stores just get the title and search it on Amazon in your country.","upvotes":2,"user_id":"zCreed96CftE"},{"content":"phone wants explorer.exe to establish connection to Chinese ip when plugged via USB. legit?","created_at":1612648316.0,"id":"ldy0h3","n_comments":20,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/ldy0h3/phone_wants_explorerexe_to_establish_connection/","subreddit":"cybersecurity","title":"Hey there,\ntoday i recognized some some strange things:\n\nYesterday i installed Comodo Firewall on my pc and set the rules to notify for every connection going in and out. Today i connected my Huawei P10 (stock rom) vie USB3 to charge. I din't switch to data transfer mode. The firewall gave me alerts, that explorer.exe wants toget a connection to IPs, located in China.It's reproducable, whenever i connect the phone to pc over usb.\n\nCan somebody confirm this / know about this?\nthe ips are:\n36.110.213.84\n180.163.251.149","upvotes":12,"user_id":"xarl_marks"},{"content":"To anti-virus or not to anti-virus. I'm getting mixed signals.","created_at":1612647401.0,"id":"ldxs08","n_comments":14,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/ldxs08/to_antivirus_or_not_to_antivirus_im_getting_mixed/","subreddit":"cybersecurity","title":"This may seem like a silly question but are you guys still using AV, and if so which? I usually go with Norton, but have gone with AVG of late. But I've also heard that Windows Defender isn't that terrible either. Just looking for opinions from the experts.","upvotes":5,"user_id":"texhater"},{"content":"More fleeceware on Google Play","created_at":1612646294.0,"id":"ldxhzx","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/ldxhzx/more_fleeceware_on_google_play/","subreddit":"cybersecurity","title":"[https://traced.app/2021/02/05/come-on-google-rip-out-this-rip-off-wallpaper/](https://traced.app/2021/02/05/come-on-google-rip-out-this-rip-off-wallpaper/)\n\nRaises again the idea of greyware - there's no malicious code or anything, but it's clearly ethically wrong to charge a $200 / \u00a3180 annual subscription just for some phone wallpaper?! I think Google should make subscription models for apps more obvious on the Play Store page. Buyer beware and all that, but some buyers are more vulnerable to scams like this and probably need a bit of handholding...","upvotes":1,"user_id":"CheapEditorial"},{"content":"data leak","created_at":1612644338.0,"id":"ldx0bx","n_comments":14,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ldx0bx/data_leak/","subreddit":"cybersecurity","title":"absolutely no clue if this is the right place for this but i got a message from google saying my passwords were part of a data leak. i\u2019m changing them all now but do i have anything to worry about or could it just be fine","upvotes":4,"user_id":"chakrazzzz"},{"content":"Horizontal Privilege Escalation with SUID and SSH | TryHackMe Advent of Cyber 1 Day 8","created_at":1612637701.0,"id":"ldvit5","n_comments":0,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/ldvit5/horizontal_privilege_escalation_with_suid_and_ssh/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"MotasemHa"},{"content":"Best techniques to hide on the net?? (other than Tor)","created_at":1612633937.0,"id":"ldu6np","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ldu6np/best_techniques_to_hide_on_the_net_other_than_tor/","subreddit":"cybersecurity","title":"Premise: I know you\u2019re never full anonymous with ANY technique.\n\nI\u2019ve to make a research for university on topic \u201cAnonymous communications\u201d. \nI\u2019ve to present some techniques to hide on the net other than Tor.\nThe only technique I know apart from Tor is Domain Fronting.\nDoes someone know other approaches or techniques?","upvotes":0,"user_id":"SmokeyShark_777"},{"content":"Rookie inquiry","created_at":1612628920.0,"id":"ldt6eg","n_comments":5,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ldt6eg/rookie_inquiry/","subreddit":"cybersecurity","title":"Hey all I hope you are having a good day,\n\nGetting straight to the point, I'm an upcoming computer science freshman, and currently I have a lot of free time till then. I am very interested in Cybersecurity and hoping to pursue it as a career, I have pretty ok knowledge with computer science (basics of programming, algorithms, data management and security) and my goal is to ultimately expand that. I'm hoping you guys would give me a guideline on where to start, what do I need to learn, what do I need to aim for and some rookie mistakes I need to avoid.\n\nThanks In Advance","upvotes":0,"user_id":"Zeuuss11"},{"content":"False alarm or actual malware?","created_at":1612628211.0,"id":"ldt17e","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldt17e/false_alarm_or_actual_malware/","subreddit":"cybersecurity","title":"Ok so today I uncovered something, now I have Avast mobile, the thing regularly scans and it comes back clean, but today I got an alert saying it picked up an issue, it said \" malware detected \" . Do y'all know what com.android.secretcode is ? I tried looking it up and nothing came up, strangely I ran another antivirus called kaspersky, it came back clean.","upvotes":1,"user_id":"lgarcia77021"},{"content":"[Fuzzing with AFLplusplus] How to fuzz a binary with no source code on L...","created_at":1612620957.0,"id":"ldrgj4","n_comments":2,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/ldrgj4/fuzzing_with_aflplusplus_how_to_fuzz_a_binary/","subreddit":"cybersecurity","title":"","upvotes":94,"user_id":"secgeek"},{"content":"DevSecOps after CISSP","created_at":1612620399.0,"id":"ldrbw8","n_comments":4,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/ldrbw8/devsecops_after_cissp/","subreddit":"cybersecurity","title":"Fellows,\n\nNeed some mid-career guidance. Please see my qualifications:\n\n* CISSP\n* Cybersecurity: worked for a few months in Incident Response, GRC, Application Security\n* AWS: Certified and comfortable working on the AWS ecosystem\n* Passion: I love writing code and often develop web apps on my own using Java/Javascript (Node and Express)\n\nPreferences for a Job:\n\n* Should be able to do it remotely\n* Does not involve 3-4 meetings throughout the day\n* Does not involve tasks similar to network administrators e.g. configuring firewalls, accounts\n* Obviously pays very nicely :)\n\nAssumption:\n\n* Upskilling is not an issue for me\n\nPossible jobs that I have in mind but pretty much open:\n\n* DevOps\n* DevSecOps/Application Security\n* GRC\n* Cloud Security Consultant\n* Cloud Developer/Engineer and then eventually AWS Solutions Architect\n\nPlease share your experiences.","upvotes":4,"user_id":"JR_CISSP"},{"content":"Question about google account security","created_at":1612616326.0,"id":"ldqbjm","n_comments":4,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/ldqbjm/question_about_google_account_security/","subreddit":"cybersecurity","title":"Hi.\n\nI have set up up 2-factor authentication on my google account (password + phone push notification). So far, so secure.\n\nHOWEVER, google recommends that I provide a \"recovery\" email or phone number, in case I am locked out of my account. This would seem to completely negate 2FA, and expose my account via the back door to anybody who can access either 1. My recovery email or 2. My SIM.\n\nIn reference to 1. above, I could of course enable my recovery email account with 2FA, but then I need a third email account to recover that second account, a fourth account to recover the third account, ad infinitum.\n\nIn reference to 2. above, all someone needs to do is get hold of my SIM, and they can then gain access to my account, with not even my password being required. So much for 2FA!\n\nIs this summary correct, or am I missing something? If you have 2FA enabled, is the recovery process itself also 2FA?\n\nThanks","upvotes":2,"user_id":"emptybuilding"},{"content":"[PSA] - Please Uninstall The Great Suspender (Chrome Plugin): New maintainer is probably malicious \u00b7 Issue #1263","created_at":1612615094.0,"id":"ldq01z","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ldq01z/psa_please_uninstall_the_great_suspender_chrome/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"NoobAck"},{"content":"Can I set up packet sniffer at a Tor exit node and sniff packets to a website I host?","created_at":1612613730.0,"id":"ldpn8e","n_comments":8,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ldpn8e/can_i_set_up_packet_sniffer_at_a_tor_exit_node/","subreddit":"cybersecurity","title":"- I am doing a school project and trying to explore different avenues of vulnerabilities on Tor and possibly tracking users. After some research, I have come to the conclusion that I should be able to host a Tor exit node, and also host a website. I would ideally love to be able to make my own victim computer target the exit node and use it to get to the target website but I believe thats not possible. I really do not want to sniff legitimate traffic and would love to set up a victim and host but I dont believe its possible.","upvotes":0,"user_id":"BeigeSofa"},{"content":"As an ongoing target of sophisticated hackers, should I pursue the CEH certification?","created_at":1612613649.0,"id":"ldpmgp","n_comments":9,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/ldpmgp/as_an_ongoing_target_of_sophisticated_hackers/","subreddit":"cybersecurity","title":"As mentioned in a previous post to this sub earlier tonight, I'm a frequent target of malicious hackers who can be quite sophisticated. They've doxxed me, corrupted my laptops and my smartphones, eavesdropped on my phone conversations and leaked those to the darknet, breached an email account to leak very private information, and leaked \"revenge porn\", which they shamed me for in absolutely massive numbers after a troll farm became involved. Recently, they gained access to my main email address and deleted everything in the inbox. This has been going on for six years now. It's been hell. I'm serious about doing what it takes to defend myself.\n\nI was planning on becoming a self-taught web developer over the next few years, but I'm equally interested in programs that will lead to the CEH certification. I know that certificates aren't everything, and I don't expect this particular one to be easy, more like an enormous commitment, but I learn quickly and I'm determined as hell. I'm aware that hacking in the real world isn't nearly as glamorous as in movies or shows like Mr. Robot. I'm patient. I can tolerate boredom and repetitive tasks and unglamourous work, and while I'm autistic and awkward, I know how to be polite and professional. Part of what draws me to the ethical hacking field is the necessity of constant learning. Another part is sheer curiosity. I'm indifferent to any \"hacker mystique\". Would it be a good idea to take the program?","upvotes":0,"user_id":"magicfeistybitcoin"},{"content":"SitePoint discloses data breach after stolen info used in attacks","created_at":1612611568.0,"id":"ldp22k","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ldp22k/sitepoint_discloses_data_breach_after_stolen_info/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"nerdDragon07"},{"content":"Snowden exercise scene","created_at":1612611011.0,"id":"ldow04","n_comments":4,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/ldow04/snowden_exercise_scene/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"Maultron123"},{"content":"Advice for a not-for-profit carrying out highly secure work.","created_at":1612605384.0,"id":"ldn81s","n_comments":7,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ldn81s/advice_for_a_notforprofit_carrying_out_highly/","subreddit":"cybersecurity","title":"Hi Reddit\n\nThis will be a long post - it's on behalf of a not-for-profit so please consider donating a reply :-)\n\nI'm now working for an organisation where security and privacy are paramount. I am not very advanced when it comes to this and I'm currently recruiting for a Cyber Security Consultant - but the organisation is growing quickly and I need to put in place whatever measures I can right now.\n\nI have:\n\n1. Changed my operating system from Windows 10 to Ubuntu as a daily driver. For operational tasks I use Linux CSI using Virtual Box.\n2. Created policy that prevents files from being saved onto a local disc. At the conclusion of each day everything is deleted or uploaded to the cloud. We use Tresorit for our cloud storage because of their end-to-end encryption and no logs policy.\n3. I have invested in ESET Protect which is running on Linux.\n4. I use TOR wherever possible.\n5. All applications have 2FA enabled.\n6. I have a Lenovo ThinkPad which has a cover over the webcam - this is always covered up unless I'm on a video call.\n7. I try my best to only use open source software wherever possible.\n8. Email is hosted through Proton Mail.\n9. All volunteers are trained on our security policies and procedures.\n\nWhat else can I do in order to harden up our system as much as possible. I understand that it is impossible to guarantee any method will work 100% - but I really do have a duty of care to make sure our data is absolutely secure and accounted for,\n\nThe introduction of these policies and procedures have not been popular amongst the other volunteers who don't understand why we cannot continue using Slack and haven't yet mastered Linux - but it really is a position requirement.\n\nI have a few questions -\n\n1. What else can I do to safeguard our computers?\n2. Is running a Virtual Machine (Azure) more secure than a physical workstation?\n3. Are there any highly secure online collaboration suites around with end-to-end encryption and no logs policy?\n4. I would like to clean and reset each computer after every business day. Anything important should be in the cloud and not on a local hard drive. Is there any software that does this automatically for me?\n5. If I am working in Linux CSI through Virtual box - is it still possible to get viruses and malware on the physical computer itself?\n6. My volunteers love Slack and it has become our organisation's primary communication tool (shudder) - Slack claim to have end-to-end encryption, in your opinion is this application acceptable to hold onto?\n\nI really appreciate your responses - thank you!","upvotes":2,"user_id":"oz2usa"},{"content":"Getting in the door","created_at":1612604836.0,"id":"ldn27j","n_comments":8,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/ldn27j/getting_in_the_door/","subreddit":"cybersecurity","title":"I went to school for Computer Science two years never finished so I basically don\u2019t know anything I\u2019m 27 so I\u2019m crunched for \u201ctime\u201d and I wanted to know if a CompTIA cert is good enough to get working in CyberSecurity. If so which certs?","upvotes":17,"user_id":"BiggBaddWolfe"},{"content":"Cybersecurity Certification ATC","created_at":1612604765.0,"id":"ldn1h6","n_comments":2,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ldn1h6/cybersecurity_certification_atc/","subreddit":"cybersecurity","title":"I am about to graduate with a computer science degree and am wanting to get into cyber security. What should I know and/or do to get into this work field? \n\n\nThe local college offers a \"Certification Cybersecurity ATC\". It consists of 4 classes;\n\n* Introduction to Digital Forensics\n* Incident Response & Handling\n* Security Management Practices\n* Computer System Forensics\n\nIs this a good certification or is there something else I should look into.","upvotes":2,"user_id":"jiffydominguez"},{"content":"I was doxxed. Now I'm a target of malicious hackers. Which security skills should I hone?","created_at":1612600863.0,"id":"ldlt5k","n_comments":3,"percentage_upvoted":0.38,"permalink":"/r/cybersecurity/comments/ldlt5k/i_was_doxxed_now_im_a_target_of_malicious_hackers/","subreddit":"cybersecurity","title":"Besides changing my name, moving to a new country, and staying offline forever. I've been an ongoing target of certain hacking groups after my emails were leaked in 2015. I've become known online and offline. My laptops and phones have been compromised. This stupid shit needs to end. \n\nI want to learn how to defend myself. I'm an entrepreneur. I'm treating myself as the owner of a small business that's been subjected to relatively advanced attacks. (If \"advanced\" sounds ambiguous, I mean that a VPN, Malwarebytes, and a password manager aren't going to solve the problem.) Which security-related skills should I focus on? I'm willing to study for certifications that would make these people's lives harder. I'm already teaching myself about OS hardening and network security, but I have a long way to go.","upvotes":0,"user_id":"magicfeistybitcoin"},{"content":"Running a (honeypot) fake power plant on the internet for a month","created_at":1612598978.0,"id":"ldl6pj","n_comments":4,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/ldl6pj/running_a_honeypot_fake_power_plant_on_the/","subreddit":"cybersecurity","title":"","upvotes":150,"user_id":"hviniciusg"},{"content":"SOC Analyst","created_at":1612596104.0,"id":"ldk86t","n_comments":11,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/ldk86t/soc_analyst/","subreddit":"cybersecurity","title":"Hi Security Community,\n\nCurrently a undergrad in cyber and networking, working towards my security + and CYSA+ and trying to land a SOC analyst role. There is a lack of info and clarity of what SOC analyst does. If anyone in this community is currently working or have worked as a SOC analyst, I would really appreciate it if you could give me a detailed oversight of what kind tasks you carry out and what security tools you would use in a SOC centre or what kind of work is involved in a typical SOC centre. This info will really help me out guys. To let you know I'm already aware of such things as such as SIEMs and it's architecture. Looking forward to your comments.\n\nThank You","upvotes":6,"user_id":"Aggravating-Reason-6"},{"content":"Geeni smart doorbells, cameras riddled with flaws, research finds - CyberScoop","created_at":1612592536.0,"id":"ldiy25","n_comments":0,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/ldiy25/geeni_smart_doorbells_cameras_riddled_with_flaws/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"techietraveller84"},{"content":"Q&A on VPN and TOR - Tips, Misconceptions, Truth","created_at":1612592274.0,"id":"ldiurm","n_comments":0,"percentage_upvoted":0.38,"permalink":"/r/cybersecurity/comments/ldiurm/qa_on_vpn_and_tor_tips_misconceptions_truth/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"WalkureARCH"},{"content":"How concerning is it when you receive a password request email?","created_at":1612592014.0,"id":"ldir1x","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ldir1x/how_concerning_is_it_when_you_receive_a_password/","subreddit":"cybersecurity","title":"What is the best practice when receiving 'forgot your password?' emails?\n\nI generally ignore them as it appears that whoever has tried, wasn't able to acquire it. \n\nBut a part of me feels that person may come back for more.","upvotes":1,"user_id":"MrAux"},{"content":"A people counter that didn't add up, and the dangers of the COVID IoT boom","created_at":1612584935.0,"id":"ldg670","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldg670/a_people_counter_that_didnt_add_up_and_the/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"julian88888888"},{"content":"Hacked but can't identify source or how many accounts at threat","created_at":1612584731.0,"id":"ldg3no","n_comments":9,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldg3no/hacked_but_cant_identify_source_or_how_many/","subreddit":"cybersecurity","title":"I've never had something like this. I don't use a VPN or an antivirus.\n\nI got multiple emails of someone logging in to my Amazon, Twitch, Instagram, eBay, LinkedIn... and I believe many more accounts were accessed by someone or some app, that I didn't permit.\n\nNow here's the thing, they did nothing and I can't even find the source. Some of these accounts have multiple emails, so I the only way would be if they had my google account and used passwords saved by Chrome, or if they accessed my computer which they didn't.\n\nMy google account was safe and has Two Step Verification enabled, and no one ever logged in other than my computer and phone.\n\nIs there any way I could identify the source of this breach? I can't do anything if I don't even know how they got it. I have activated 2 step verification on most of my accounts but I don't know how many were accessed.","upvotes":1,"user_id":"Pirrateking"},{"content":"The transportation sector needs a standards-driven, industry-wide approach to cybersecurity","created_at":1612583368.0,"id":"ldfkn0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ldfkn0/the_transportation_sector_needs_a_standardsdriven/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"zr0_day"},{"content":"Plex Media servers are being abused for DDoS attacks","created_at":1612583228.0,"id":"ldfiw0","n_comments":11,"percentage_upvoted":0.95,"permalink":"/r/cybersecurity/comments/ldfiw0/plex_media_servers_are_being_abused_for_ddos/","subreddit":"cybersecurity","title":"","upvotes":85,"user_id":"zr0_day"},{"content":"Google Cloud Developer's Cheat Sheet [10800x7200]","created_at":1612579789.0,"id":"lde6hg","n_comments":3,"percentage_upvoted":0.91,"permalink":"/r/cybersecurity/comments/lde6hg/google_cloud_developers_cheat_sheet_10800x7200/","subreddit":"cybersecurity","title":"","upvotes":27,"user_id":"DCGMechanics"},{"content":"Pen Test","created_at":1612578655.0,"id":"lddr0u","n_comments":4,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lddr0u/pen_test/","subreddit":"cybersecurity","title":"What is a good pen testing application I can use to test a network. Fine if it costs some money, just nothing too crazy. I found [https://pentest-tools.com/](https://pentest-tools.com/). Is that good? Is there something better? Thanks!","upvotes":1,"user_id":"gavishapiro"},{"content":"VPN Recommendations","created_at":1612576307.0,"id":"ldctg6","n_comments":4,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/ldctg6/vpn_recommendations/","subreddit":"cybersecurity","title":"I've been helping a small company go through an ISO audit, but have been getting stuck on which VPN to recommend. They're a relatively small (\\~10 employees) and need a VPN that connects to a SIEM and want one with an out of the box integration. So far everything I've found either doesn't meet the logging requirements, has no integrations, or has high license minimums. Do y'all have any recommendations?","upvotes":1,"user_id":"NotAnEquistarian"},{"content":"Thinking of starting a career in cyber security","created_at":1612574314.0,"id":"ldc0uz","n_comments":5,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ldc0uz/thinking_of_starting_a_career_in_cyber_security/","subreddit":"cybersecurity","title":"I just moved to florida and looking for a career change. I've always been interested in computers and technology I'm a huge gamer so I know a little bit of dealing with computers, but what process do you guys recommend I go through to start. Should I go to an actual college to learn or find like a 12 months course school ?","upvotes":0,"user_id":"alienpoop_"},{"content":"New Phishing attack vector---Emails sent to personal email addresses that appear to be from the\"Company CEO\"","created_at":1612574156.0,"id":"ldbyqs","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldbyqs/new_phishing_attack_vectoremails_sent_to_personal/","subreddit":"cybersecurity","title":"Started to see Phishing emails from \"Company CEO\" Got a moment? Give me your cell number to text you as I need you to complete a task for me.\n\nAnybody else seeing these? Emails are going to employees personal email addresses.","upvotes":2,"user_id":"infinityprime"},{"content":"I'm going to create and publish a free course. Which topic would you like to see?","created_at":1612574002.0,"id":"ldbwlx","n_comments":2,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/ldbwlx/im_going_to_create_and_publish_a_free_course/","subreddit":"cybersecurity","title":"Title says it all. I have a background in software engineering and now I do full-time App and Infrastructure security. Here are a couple of topics I am considering.\n\n* Build a EDR (endpoint detection & response) product (client & server) from scratch for Windows endpoints. Also learn how to build logic to detect malicious & anomalous behavior\n* Building a CI/CD pipeline (Github, AWS and Kubernetes) and automating security controls throughout the pipeline\n* Building a external scanning service that performs Vuln, App and Domain scanning and prettifies the output in a nice web UI\n\nOr any other suggestion!\n\n​\n\nThanks","upvotes":3,"user_id":"skywalker_1391"},{"content":"Is Configure Defender Legit?","created_at":1612573868.0,"id":"ldbuoy","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldbuoy/is_configure_defender_legit/","subreddit":"cybersecurity","title":"Hello Everyone, \n\nI have recently started seeing posts about Configure Defender from github and how it makes your windows defender settings alot better when you set it to high.\n\nIs this legit? I have not been able to find alot of information about it online. \n\nAny insight on this would be appreciated.\n\nThanks","upvotes":1,"user_id":"_22s"},{"content":"Enterprise Password Manager recommendations","created_at":1612573620.0,"id":"ldbqsz","n_comments":13,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/ldbqsz/enterprise_password_manager_recommendations/","subreddit":"cybersecurity","title":"In a recent assessment, we were dinged for allowing users to store passwords in their browsers. We do not have an enterprise password solution currently and it is likely there is cross-contamination of people's personal and work passwords. I'm sure that's very common in most organizations.\n\nWe evaluated a couple of \"enterprise\" password solutions and found one where the UI was pretty unworkable and the second requires a manual transfer of passwords through an unencrypted CSV during initial import.\n\nBasically, these two would be worse (to us) than just letting them store in the browsers. We have a shared services user community and a general user community. The general user community would be at the low to moderate technical level - so we'd want to implement something relatively user friendly - as user friendly as just letting them store their work password next to their facebook password.\n\nRecommendations? I realize this was a ding on a security audit, but don't want to implement some enormous mousetrap that would roll out poorly and not be used by the user population anyway.\n\nWe can't be the first company in this spot. Ideas?","upvotes":4,"user_id":"fakened"},{"content":"How could i better secure my accounts ?","created_at":1612573320.0,"id":"ldbmc1","n_comments":2,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ldbmc1/how_could_i_better_secure_my_accounts/","subreddit":"cybersecurity","title":"So yesterday i checked my telegram account and i got a message from the telegram team that someone from not so far has accesed my accoint and i only recall ever using it on my freshly installed linux wich shouldnt have any trace of viruses of keyloggers and today ive noticed that a crypto trading app i was using was missing its finger and pattern id and when i checked it had a login from the same place as my telegram account, does anyone have an idea how they could be doing this ? My knly guess is my phone and so far i have tried changing passwords but who knows when he might strike next and it might cause some financiaey trouble","upvotes":0,"user_id":"humblespacemerchant"},{"content":"\"The cybersecurity education problem\" - a look at why today's education solutions may not be doing the industry justice","created_at":1612572369.0,"id":"ldb8km","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldb8km/the_cybersecurity_education_problem_a_look_at_why/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"privat3duck3y"},{"content":"Quizlet Sec + 501","created_at":1612572033.0,"id":"ldb3r6","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ldb3r6/quizlet_sec_501/","subreddit":"cybersecurity","title":"Hey Guys whats the best Security + 501 study cards on Quizlet","upvotes":0,"user_id":"jajudua"},{"content":"Security with VPN while using private DNS","created_at":1612571210.0,"id":"ldasve","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ldasve/security_with_vpn_while_using_private_dns/","subreddit":"cybersecurity","title":"Hello all! This may be a pretty basic question but figured I would ask! As of right now I am using a double hop wireguard VPN configuration with Mullvad, instead of using their DNS I am using my personal set up I configured with NextDNS. Would this be making my connections less secure by not using their DNS setup and using my own?","upvotes":2,"user_id":"F0r3kn0wn"},{"content":"Is there a program I can use to scan PCs across my network for viruses and malware?","created_at":1612570184.0,"id":"ldafct","n_comments":10,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/ldafct/is_there_a_program_i_can_use_to_scan_pcs_across/","subreddit":"cybersecurity","title":"I'm looking for a way to scan every PC on my network without actually having to sit at each PC and run the program. Does something like this exist?","upvotes":1,"user_id":"Knoebi3"},{"content":"Cyber Security is the \"Silent Protector of Revenue\" - How to correctly frame the role of Cyber Security for the decision-makers? -","created_at":1612568948.0,"id":"ld9yv4","n_comments":4,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ld9yv4/cyber_security_is_the_silent_protector_of_revenue/","subreddit":"cybersecurity","title":"Hi, \n\nthis is a subject which is very near to my heart, the framing of \"what exactly Cyber Security does\" for the company is a hard question, here is my article on the subject.\n\n[https://www.boardish.io/the-old-cyber-sales-process-is-dead-long-live-cyber-security-as-a-protector-of-the-revenue/](https://www.boardish.io/the-old-cyber-sales-process-is-dead-long-live-cyber-security-as-a-protector-of-the-revenue/)","upvotes":2,"user_id":"EM217"},{"content":"Android Pentesting | Insecure Logging & Storage + Setup Genymotion & pidcat - Pt. 02","created_at":1612567975.0,"id":"ld9m9p","n_comments":1,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/ld9m9p/android_pentesting_insecure_logging_storage_setup/","subreddit":"cybersecurity","title":"","upvotes":12,"user_id":"LuD1161"},{"content":"Should I log users in if they enter valid login info in registration form?","created_at":1612567809.0,"id":"ld9k2r","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ld9k2r/should_i_log_users_in_if_they_enter_valid_login/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"essadek"},{"content":"Modifying Telegram's \"People Nearby\" feature to pinpoint people's homes","created_at":1612567512.0,"id":"ld9gd3","n_comments":7,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/ld9gd3/modifying_telegrams_people_nearby_feature_to/","subreddit":"cybersecurity","title":"","upvotes":344,"user_id":"BaguetteWasTaken"},{"content":"My story (at least as I see it)","created_at":1612567011.0,"id":"ld99y9","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ld99y9/my_story_at_least_as_i_see_it/","subreddit":"cybersecurity","title":"Hi all, it\u2019s not really a technical post, just something I wanted to share. I have been hacked for many years, if I check sites for leaked passwords I can see various account passwords going back years, now I am not just talking about the actual account and password or common variations for credential stuffing, I am talking about made up accounts with various puns on the passwords or on me, actual accounts created in my name or using my name as a password/password as a name etc. There are countless of these, Now as a little backstory, I was sort of aware of being hacked for years, I was astronomically hated/bullied/mocked in the company (IT mostly) I work for (which worked as a vicious cycle as I grew more and more resentful, people regularly made comments hinting at knowing embarrassing things about me, referencing things I would have said or done in private, and in general laugh at me quite openly, but at the same time literally anybody and everybody would just gaslight me if I would ask them if that is indeed what was happening, which worked in that I would doubt whether that particular person was aware (Eventually some of it showed up in my friend group as well the two have some overlap.) and as messed up I was in the head also try to just ignore it, try not notice it or I don\u2019t know \u201cwish it away\u201d. Basically a constant state of shock/disbelief/numbness with jolts of anger and a whole lot of denial. At the same time I always felt that the level of invasion into my life known by this many people would surely result in someone coming forward, but I think instead it gotten so bad (and a fun past-time for so many) that basically no one dares or cares to let me know. (Or they just think I deserve it and that\u2019s that) I feel trapped (which I am sure is the goal of it), any attempts to regain any privacy is immediately circumvented by people with technical skills and dedication to continue to screw with me, and with not knowing who are the people manipulating me (or themselves manipulated) around me it seems that regaining any form of life is impossible. So I guess a lesson to not have horrible password security/ mental issues and not let things got out of hand. For me that seems to be many many years past, but wanted it off my chest and of course would be great to hear others thoughts on it.","upvotes":1,"user_id":"Away_Insurance9104"},{"content":"Wireshark - (Capture and Protocol Filters)","created_at":1612566903.0,"id":"ld98h2","n_comments":0,"percentage_upvoted":0.96,"permalink":"/r/cybersecurity/comments/ld98h2/wireshark_capture_and_protocol_filters/","subreddit":"cybersecurity","title":"","upvotes":106,"user_id":"burdin271"},{"content":"How secure is LANSchool Air?","created_at":1612566032.0,"id":"ld8wik","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/ld8wik/how_secure_is_lanschool_air/","subreddit":"cybersecurity","title":"LANSchool Air is a program that is permanently installed on our school issues Chromebooks and just by doing a Google search on it I found a WikiHow page on how to bypass it (which I thought was hilarious), and I also found out \"the vast array of features Lanschool has are *very* open to abuse. Malicious users can steal usernames and passwords using the keystroke logger, harass students via chat, and even control keyboard and mouse input.\" I was hoping someone could investigate this program to see if it is safe for my school to be using. If this is not the appropriate subreddit my apologies, please feel free to redirect me.","upvotes":4,"user_id":"LiveFromMumsBasement"},{"content":"Online banking... Cyber tips (and laughs) for the masses","created_at":1612563485.0,"id":"ld81io","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ld81io/online_banking_cyber_tips_and_laughs_for_the/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Mac_Hertz"},{"content":"Open Source Tool SecretScanner to Detect Secrets and Reduce Attack Surface","created_at":1612563006.0,"id":"ld7vxx","n_comments":0,"percentage_upvoted":0.77,"permalink":"/r/cybersecurity/comments/ld7vxx/open_source_tool_secretscanner_to_detect_secrets/","subreddit":"cybersecurity","title":"In addition to Vulnerabilities, secrets form an important part of your attack surface. Leakage of secrets can put your organization into serious security risk. In this blog post, we discuss about how to manage your secrets.\n\n[https://medium.com/deepfence-cloud-native-security/detecting-secrets-to-reduce-attack-surface-3405ee6329b5](https://medium.com/deepfence-cloud-native-security/detecting-secrets-to-reduce-attack-surface-3405ee6329b5)\n\nWe have also released an open source tool [SecretScanner](https://github.com/deepfence/SecretScanner) to scan container images and hosts for finding any potential secrets automatically before deploying your cloud native workloads.\u00a0","upvotes":7,"user_id":"swarup_uiuc"},{"content":"Dangerzone is it any good?","created_at":1612560123.0,"id":"ld703c","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ld703c/dangerzone_is_it_any_good/","subreddit":"cybersecurity","title":"Hello everyone, I have been looking into more tools that I can use to keep my browsing more secure and safe. A friend of mine had recommended I use Dangerzone to clean any pdf before I open them to read, I am always looking for online books about Cyber Security. Has anyone used this program? and is it any good. Thanks.","upvotes":0,"user_id":"Silverdrive"},{"content":"Vectra COGITO DETECT","created_at":1612554855.0,"id":"ld5mmn","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ld5mmn/vectra_cogito_detect/","subreddit":"cybersecurity","title":"Hello everyone,\n\nNew siem just logged in our mssp which is vectra,\n\nCan someone suggest use cases and key indicators to send end users?\n\nPlz help .","upvotes":1,"user_id":"Somechords77"},{"content":"How to make sure your phone isn't hacked","created_at":1612553434.0,"id":"ld5ap2","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/ld5ap2/how_to_make_sure_your_phone_isnt_hacked/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"iamjohnlenn"},{"content":"7 Ways to Secure your Social Media Accounts | Cyber Security","created_at":1612553068.0,"id":"ld57oo","n_comments":5,"percentage_upvoted":0.74,"permalink":"/r/cybersecurity/comments/ld57oo/7_ways_to_secure_your_social_media_accounts_cyber/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"TechKeyPH"},{"content":"How do I get managed CrowdStrike and Minerva or similar next-generation anti-virus and anti-evasion software?","created_at":1612552892.0,"id":"ld5677","n_comments":3,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/ld5677/how_do_i_get_managed_crowdstrike_and_minerva_or/","subreddit":"cybersecurity","title":"Looking for companies in the US I can get this from without a long term contract for a single or few devices.","upvotes":0,"user_id":"xprmtxud"},{"content":"Ubuntu Level of security","created_at":1612552851.0,"id":"ld55u0","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/ld55u0/ubuntu_level_of_security/","subreddit":"cybersecurity","title":"Considering how Microsoft had the _NSAKEY scandal.\n\nHow secure is Ubuntu as an OS? Do they hold bug bounties or anything similar to test their security? \n\nIs the security of Ubuntu satisfactory or are there better alternatives?","upvotes":1,"user_id":"Informal_Swordfish89"},{"content":"Azure Sentinel best KQL","created_at":1612544139.0,"id":"ld37r3","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ld37r3/azure_sentinel_best_kql/","subreddit":"cybersecurity","title":"Been tasked with finding out some decent and useful KQLs for Azure Sentinel to see new alerts and what info I can get displayed, had a look at github but nothing seems to be relevant.\n\nAnyone use any useful queries?","upvotes":1,"user_id":"prawn2"},{"content":"Cybersecurity in the Healthcare Sector During COVID-19","created_at":1612537598.0,"id":"ld1s52","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ld1s52/cybersecurity_in_the_healthcare_sector_during/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"meeetnoor"},{"content":"Logged into someone else's Instagram on my personal laptop's browser without me knowing about it or giving my laptop to anyone","created_at":1612534491.0,"id":"ld11uh","n_comments":15,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ld11uh/logged_into_someone_elses_instagram_on_my/","subreddit":"cybersecurity","title":"Hey ! I have a personal windows laptop that I use for my everyday stuff. I do not use Instagram. Today I tried to open a url to instagram to see a post and noticed that there were some notifications. This took me by susprise because I have never had an Instagram account. Nor have I ever logged in to it via my chrome browser.\n\nImmediately, I clicked on \"My Profile\" and I can see information about the page, the registered email and phone number. I can also see added contact numbers and can't find mine in the list. The login locations are far away from where I live.\n\nI am very confused about my current situation now. I have never screen shared my system. I use this for my development. I am not aware how someone could login to their insta through my browswer without physically having access to it. What could be happening and how concerned should I be at this point ? I am logged in to chrome using my personal email which is registered with my banks and some other accounts.\n\nEdit : I've run a malware bytes scan it found nothing ","upvotes":9,"user_id":"nh1922"},{"content":"Cyber Risk Scenario You Fear the Most","created_at":1612526040.0,"id":"lcys6a","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcys6a/cyber_risk_scenario_you_fear_the_most/","subreddit":"cybersecurity","title":"So I\u2019ve been spending a lot of time with cyber risk experts thinking about scenarios that will ruin a company if they are realized. For me, it\u2019s a pressure valve at a oil refinery getting hacked and over pressurizing the whole joint, causing an explosion with mushroom clouds, loss of life, pollution, etc. Quantifying the impact could be in the billions. So my question is what scenario are you most fearful of?","upvotes":2,"user_id":"BeanofLife"},{"content":"How do I completely remove a chrome extension?","created_at":1612522632.0,"id":"lcxqwv","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lcxqwv/how_do_i_completely_remove_a_chrome_extension/","subreddit":"cybersecurity","title":"Today I download a file, which was marked as a threat but I thought it was normal because it was for Minecraft. I will wipe my entire hard drive so that won\u2019t be the problem but, when I went to chrome it added an extension. I immediately deleted it and that was it. Do you still have all my personal data? And how do I complete get rid of it?","upvotes":0,"user_id":"Joemommagayguy"},{"content":"A terrible product no one should ever use, FootfallCam 3D","created_at":1612517476.0,"id":"lcvzbp","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcvzbp/a_terrible_product_no_one_should_ever_use/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"julian88888888"},{"content":"malware stills after factory reset?","created_at":1612517419.0,"id":"lcvylz","n_comments":2,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lcvylz/malware_stills_after_factory_reset/","subreddit":"cybersecurity","title":"my data its being roob meanwile im in wifi or usingdata its could be network sniffing or what?","upvotes":0,"user_id":"Menendez01478"},{"content":"Need a free beginners pen-testing course","created_at":1612515944.0,"id":"lcvgxo","n_comments":6,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/lcvgxo/need_a_free_beginners_pentesting_course/","subreddit":"cybersecurity","title":"Hey all, I\u2019ve been interested in cyber security for a while now so I started a month or so ago. I\u2019ve been bouncing from YouTube video to YouTube video but I\u2019m pretty lost. I found a course at ine.com called \u2018Penetration Testing Prerequisites\u2019 and it hasn\u2019t been helping too much. Any suggestions? Thank you","upvotes":10,"user_id":"nighthde"},{"content":"Understanding Cloud Misconfigurations \u2014 With Pizza and Lego","created_at":1612515601.0,"id":"lcvcfr","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lcvcfr/understanding_cloud_misconfigurations_with_pizza/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"ajokewaitingtohappen"},{"content":"Cyber security team - Looking for group training ideas","created_at":1612515251.0,"id":"lcv86k","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcv86k/cyber_security_team_looking_for_group_training/","subreddit":"cybersecurity","title":"I work in a cyber security team for a large retailer and as per of an engagement initiative we can arrange a group training session. \n\nThe group ranges from experienced operations staff (CISSP certified etc.), GRC specialists, and IAM specialists, to more entry level administration staff that provision and terminate accounts. \n\nGiven the broad range of experience I am struggling to identify a group training topic that will have value to the most members, without boring the more advanced or taking above the understanding of newer administrators. \n\nAny ideas?","upvotes":2,"user_id":"jon_gin"},{"content":"Password managers","created_at":1612512384.0,"id":"lcu8qg","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcu8qg/password_managers/","subreddit":"cybersecurity","title":"In the experience of someone in the Cyber field as well as any users that have tested, worked with, or use password managers what do you recommend and why? Also do you recommend them to the everyday person who has a lot of accounts?\n\n From my research I have noticed two that are highly effective which would be KeePassX and Bitwarden when I went into my research I wanted to make sure that they had good standards, security, encryption, and where open source.","upvotes":1,"user_id":"Phzzyy"},{"content":"Female escort review site data breach affects 470,000 members","created_at":1612511664.0,"id":"lctz69","n_comments":89,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lctz69/female_escort_review_site_data_breach_affects/","subreddit":"cybersecurity","title":"","upvotes":363,"user_id":"techietraveller84"},{"content":"Need help/advice to protect my phone from police Oppression","created_at":1612511049.0,"id":"lctrek","n_comments":16,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lctrek/need_helpadvice_to_protect_my_phone_from_police/","subreddit":"cybersecurity","title":"Hi, \n\nI live in Tunisia, and in the past few weeks has been a rise up of new protests against the government and police brutality ([link](https://foreignpolicy.com/2021/02/04/tunisia-protests-arab-spring-2011-revolution-police-brutality-ben-ali-black-lives-matter/) if you're interested), and today they arrested **minors** from highschool simply because they made [this caricature](https://i.imgur.com/pmpqPoa.png) (it refers to the leader of the strongest islamic party in the country) \n\n \n\nAnyways, \n\nthe problem here is that the police, **ignoring all of our laws**, as soon as they arrest you, they take your phone and start investigating it, reading your messages and checking your gallery, and they try to find a way to arrest you if they found any relationship between you and the current protest. \n\nHere is where I need your help:\n\n\nIs there an Android launcher or App that can do the following \"show a fake profile\" on demand ? for example user can enter a code like \"vol-up, vol-down, vol-down, vol-up\" quickly, and the phone will completely shows a brand new launcher hiding a list of chosen apps and gallery albums ? \n\nOr maybe enter a \"new profile\" if a certain pin pattern is entered ? \n\n \n\nIf this is not possible, \n\nThen what are the best ways to **own a phone** and express all you want with it among friends and social media, but also keep it all hidden if it gets confiscated ?\n\n \n\nThanks!","upvotes":7,"user_id":"skeptical_mofo"},{"content":"How can I sweep my house/network for bugs/spyware","created_at":1612510248.0,"id":"lctgrh","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lctgrh/how_can_i_sweep_my_housenetwork_for_bugsspyware/","subreddit":"cybersecurity","title":"Please delete if this is off topic or the wrong place to ask. A family member is going through a messy divorce. She believes her ex husband has either bugged her home or installed spyware on her computer. Her evidence being she bought the computer after they separated yet some of the ex husbands passwords show up as auto complete. He also asked her about her new home despite her purchasing it without telling anyone in my family or her friends. Every time he comes over he spends an odd amount of time in her bathroom right away (minimum 20 minutes) Any way she could she if there is a bug in her home or something on her network? Thanks","upvotes":2,"user_id":"JMR1996"},{"content":"Pro-Ocean: Rocke Group\u2019s New Cryptojacking Malware","created_at":1612509806.0,"id":"lctb7o","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lctb7o/proocean_rocke_groups_new_cryptojacking_malware/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"phinbob"},{"content":"CompTia Sec+ Exam help","created_at":1612500844.0,"id":"lcpu5m","n_comments":21,"percentage_upvoted":0.79,"permalink":"/r/cybersecurity/comments/lcpu5m/comptia_sec_exam_help/","subreddit":"cybersecurity","title":"My work is looking to put me through the CompTia Security+ exam. What\u2019s the best resources to practice? \n\nAm I allowed notes in the exam such as CherryTree? I tend use CherryTree to write, take screenshots etc, will be fairly screwed if I can\u2019t use it! HELP!\n\n\ud83c\udf64","upvotes":15,"user_id":"prawn2"},{"content":"How to get started with exploit development","created_at":1612500413.0,"id":"lcpo2r","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lcpo2r/how_to_get_started_with_exploit_development/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"hviniciusg"},{"content":"Is RemotePC by IDrive safe to use?","created_at":1612499993.0,"id":"lcpi4d","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcpi4d/is_remotepc_by_idrive_safe_to_use/","subreddit":"cybersecurity","title":"I need help / advice. \nTLDR -> Need to remote control a pc and it needs to be safe, does this product work?\n\nBackground: I'm currently operating a small business where security is extremely important. We have the occasional need to remote in and control a desktop pc. \nI currently pay through the nose for 3 machine license of \"GoToMyPC\" but as our needs have increased we now need more the 3 PCs. \n*Note: we also use gotomypc to transfer files, but it's very slow. \n\nI need a product that's secure, safe, trustworthy. I need it to be on 5-10 machines, but only max of 3 concurrent users.(most of the time just one user)\n\nI find lots of glowing reviews about RemotePC but no real articles on it.\n\nEdit: RemotePC apparently lacks features I require. It did work but not exactly as described. The only way to get the features was buy the enterprise edition. \n\nEdit2: I purchased a license of splashtop and I'm currently testing it, so far results look promising.","upvotes":1,"user_id":"Clevername123x"},{"content":"Starting Edge Creates 2 Websites, one is DDG (my usual homepage) other is a page with Traffic-pixel.com as domain then as it loads turns into Google.com","created_at":1612498810.0,"id":"lcp15i","n_comments":15,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcp15i/starting_edge_creates_2_websites_one_is_ddg_my/","subreddit":"cybersecurity","title":"So starting from yesterday, when I start Microsoft Edge I noticed 2 websites would open, and this [traffic-pixel.com](https://traffic-pixel.com) which quickly just turns into google caught my eyes. I don't know what's going on and see this as a security threat. How you guys can help me clean it up! Any help is appreciated.","upvotes":2,"user_id":"ChickenFeetJob"},{"content":"Suspicious Connections","created_at":1612497966.0,"id":"lcoox7","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lcoox7/suspicious_connections/","subreddit":"cybersecurity","title":"Hi there!\nJust got a new PC and I run a Minecraft server. To connect with the server I use FileZilla. However, my pic came with 1 year of McAfee security, and it keeps on telling me it blocked over 38,000 suspicious connections to my TCP ports, all of which seem to have started with I installed FileZilla. I have not had anything like this on my previous PCs with FileZilla, but then again I never used McAfee. Is this normal and a scare tactic to keep using the software, or has FileZilla somehow made me vulnerable?","upvotes":0,"user_id":"Ultraviolet134"},{"content":"Gcih materials during test","created_at":1612497616.0,"id":"lcojo3","n_comments":10,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lcojo3/gcih_materials_during_test/","subreddit":"cybersecurity","title":"This is my first with SANS and I'm excited about the open book portion. What am I actually allowed to have during the test? IE: AM I ALLOWED to open my excel spreadsheet or Google? Anyone have any experience testing remotely?","upvotes":3,"user_id":"stigmatas"},{"content":"What is a good virus protector/VPN you guys recommend? Doesn\u2019t have to be free","created_at":1612495678.0,"id":"lcnrqp","n_comments":7,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lcnrqp/what_is_a_good_virus_protectorvpn_you_guys/","subreddit":"cybersecurity","title":"I currently don\u2019t run a virus protector on my day to day computer running windows 10, I don\u2019t particularly download anything off the internet unless it\u2019s for school or via steam. But after taking a few cyber security courses I have taken the interest in a VPN and a virus protector for my computer. Any suggestions would be much appreciated","upvotes":0,"user_id":"SeniorWaugh"},{"content":"Looking for good tools for creating \"fuzzing strings\" for web application specifically.","created_at":1612493683.0,"id":"lcmy06","n_comments":1,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lcmy06/looking_for_good_tools_for_creating_fuzzing/","subreddit":"cybersecurity","title":"I have never tried using a tool that generates these fuzzing before usually i just use a list of weird strings that i got from seclists, but i saw a video about radamsa and was suprised of how good it is but i don't know how effective it would be against web applications(since thats what i do) and there are also many more fuzzers like it so i wondered if anyone has tried creating wordlists for fuzzing using them and had good outcomes ? \nNote that i mean tools that GENERATE fuzzing strings not actually fuzz the http request.","upvotes":3,"user_id":"secondgun"},{"content":"Change passwords after removing Great Suspender?","created_at":1612493095.0,"id":"lcmpnk","n_comments":8,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lcmpnk/change_passwords_after_removing_great_suspender/","subreddit":"cybersecurity","title":"I'm a longtime user of the Great Suspender Chrome plug-in and only recently learned about its suspicious changes made in the Fall. I've removed it from Chrome. My question is: should I be worried about my passwords? I use a password manager (which I accessed thru Chrome); should I change only my master password, or my other passwords as well? (Also, let me know if this is the wrong subreddit for this question)","upvotes":32,"user_id":"col-dax"},{"content":"With cyberattacks, is there a huge abyss between the capabilities of a terrorist organization and a nation state? Is that gap economical, structural, knowledge...? What is the chance that in the future terrorists can close that gap and could carry out a Stuxnet or Solarwinds for example?","created_at":1612492763.0,"id":"lcmkvg","n_comments":11,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lcmkvg/with_cyberattacks_is_there_a_huge_abyss_between/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Matkionni"},{"content":"New paper on the cost of running a bug bounty program of last resort","created_at":1612492300.0,"id":"lcmegz","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcmegz/new_paper_on_the_cost_of_running_a_bug_bounty/","subreddit":"cybersecurity","title":"The paper makes the economic case for a centralized Bug Bounty Program of Last Resort to cover critical open-source projects and smaller vendors, and anyone else who cannot fund them. Improving vulnerability discovery will also deplete zero-day arsenals.\n\n[https://techzoom.net/whitepaper/bug-bounty-reloaded/](https://techzoom.net/whitepaper/bug-bounty-reloaded/)","upvotes":1,"user_id":"Oliver-Brimsecurity"},{"content":"Former CPA and financial analyst looking to make a career shift to cybersecurity - looking for advice","created_at":1612491992.0,"id":"lcma7v","n_comments":9,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/lcma7v/former_cpa_and_financial_analyst_looking_to_make/","subreddit":"cybersecurity","title":"Hey everybody,\n\nThe title says it all. I am a former CPA who worked in public accounting, then transitioned to becoming a financial analyst at a major insurance company. \n\nI was laid off this past august and with all the time I have had off, I put a lot of thought into transitioning into a cybersecurity career path. \n\nI know cybersecurity isn't an entry level job but I wanted some input on what to consider when going down this path. My biggest concern is deciding to go down this path, and then I realize it isn't for me. \n\nI would really just like to know if you guys would recommend taking the jump and maybe some things to consider that I have not thought about. \n\nAny advice you could provide would be greatly appreciated. \n\nthanks!","upvotes":4,"user_id":"Alternative-Fox6236"},{"content":"Getting into Cyber Security with a a Degree in Biology","created_at":1612491193.0,"id":"lclz7b","n_comments":14,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lclz7b/getting_into_cyber_security_with_a_a_degree_in/","subreddit":"cybersecurity","title":"I can't seem to find any information online about getting a job in cyber security with a Bachelors in Biology, given that you've either self taught yourself the skills required for cyber security or acquired them some other way. Can anyone provide any insight into how difficult this is and the nuance of it?","upvotes":6,"user_id":"Dry_Platform2126"},{"content":"How to easily analyze a Word macro virus?","created_at":1612491109.0,"id":"lcly2y","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcly2y/how_to_easily_analyze_a_word_macro_virus/","subreddit":"cybersecurity","title":"I'm just your average IT tech. One of my users got and apparently opened a Word doc with a macro virus. The question placed before me now is, how can we tell what the macro attempted to do?\n\nOpening the file shows some well obfuscated code. Some Googling doesn't reveal any novice-level ways of determining the payload. Are there any web sites that can deobfusctae VBA code? Maybe a free behavior analysis tool/site?\n\nI don't have the time nor the knowledge to become an expert security analyst, unfortunately. I understand if this is not possible.\n\nThanks.\n\n\\[EDIT\\] Just re-discovered [any.run](https://any.run). This should do the trick, thanks for looking. \\[/EDIT\\]","upvotes":1,"user_id":"marklein"},{"content":"Is my group chat being hacked? WhatsApp security code of multiple people in a rather big group chat changed multiple times.","created_at":1612490419.0,"id":"lclnwn","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lclnwn/is_my_group_chat_being_hacked_whatsapp_security/","subreddit":"cybersecurity","title":"I am a member of a rather big group chat and because I have security notifications enabled noticed that the security code of some people has changed over the time of a few days. Sometimes multiple times in a row for the same number.\n\nA few days ago the security code for a number changed twice. Then it changed for another number, also twice.\n\nThree days later the code changed for another number, this time four times in a row.\n\nIs it possible that someone is hacking members of the chat using the identity of other members?\n\nOr is there any other explanation for this?\n\n​\n\nI do know that the code changes as soon as you switch to a new phone and use whatsapp on it but that doesn't explain why the code changes so many times in a row. I've never seen this happening before.","upvotes":1,"user_id":"cizizen"},{"content":"Is RTC Video PnP Listener a threat/spyware ? Please help","created_at":1612489224.0,"id":"lcl6yu","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcl6yu/is_rtc_video_pnp_listener_a_threatspyware_please/","subreddit":"cybersecurity","title":"\nThis program is sometimes preventing my Win10 PC from shutting down. I've searched the internet and there is no conclusive answer on where does this come from. Im really scared since this might be some sort of spyware. Please advise","upvotes":2,"user_id":"lolahil"},{"content":"Is it better to create a new email address if your email address is on HIBP?","created_at":1612489216.0,"id":"lcl6uy","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcl6uy/is_it_better_to_create_a_new_email_address_if/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"kautica0"},{"content":"Resource Help:","created_at":1612488964.0,"id":"lcl3da","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcl3da/resource_help/","subreddit":"cybersecurity","title":"What are the resources (books/links) that you might suggest\n\n1. Android Application Development\n2. Android Application Testing\n3. Reverse Engineering (deaktop apps{win | lin | mac} / android)\n4. Web Application Development\n5. Web Application Testing\n\n\nPlease dont suggest the following books:\n- The hackers play book\n- Web app testing 101 \nThese are known widely. Need some resources which will be easy for beginners to get a grasp.\nThank you <3 !","upvotes":2,"user_id":"cyberwr3nch"},{"content":"RDS over Azure App Proxy","created_at":1612488897.0,"id":"lcl2g1","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lcl2g1/rds_over_azure_app_proxy/","subreddit":"cybersecurity","title":"Generally I understand the risks of exposing Microsoft RDS to the public Internet especially in regards to the EternalBlue and other vulns. \n\nWhat about exposure via Azure App Proxy where access is behind the AAD authentication and available on the azure my apps portal? Obviously there\u2019s some authentication protections, conditional access and MFA I can enforce as mitigations, but assuming all that was off...is it the same as Just exposing RDS?","upvotes":1,"user_id":"cantstopworkinghelp"},{"content":"Rioters Had Physical Access to Lawmakers\u2019 Computers. How Bad Is That?","created_at":1612488873.0,"id":"lcl21o","n_comments":7,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/lcl21o/rioters_had_physical_access_to_lawmakers/","subreddit":"cybersecurity","title":"","upvotes":18,"user_id":"wewewawa"},{"content":"Tips as a new analyst","created_at":1612487292.0,"id":"lckfrj","n_comments":9,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/lckfrj/tips_as_a_new_analyst/","subreddit":"cybersecurity","title":"Hello all,\n\nI recently was hired as a Cyber Defense Analyst II and work In an ESOC at my work. I have no experience besides a bachelors in CyberSecurity. This week has been my first week of training and it\u2019s a bit overwhelming. Could anyone give me some tips on what to focus on learning as a new analyst that helped you, or things you wish you would\u2019ve known more about? I can\u2019t help but have a bit of intimidation and imposter syndrome thinking I should already know a lot of this stuff. I work mainly with Splunk. Thank you! \n\nBest,\n\nSeth","upvotes":3,"user_id":"SPLITDECISI0N"},{"content":"Cyber security boot camp is this worth it?","created_at":1612487161.0,"id":"lckdwb","n_comments":8,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lckdwb/cyber_security_boot_camp_is_this_worth_it/","subreddit":"cybersecurity","title":"Looking into Vanderbilt cyber security boot camp. It's 12k total with classes Monday and Wednesday 630pm.-930 pm and on Saturday. \n\nIs it worth it to pay for and complete this course? \n\nIf I do will there be a job waiting for me like I have read in the internet?\n\nIs it a decent salary? \n#help","upvotes":0,"user_id":"yesitsmemeitis"},{"content":"Can my OpenVPN client connecting to a different server have its credentials stolen?","created_at":1612485468.0,"id":"lcjovs","n_comments":3,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lcjovs/can_my_openvpn_client_connecting_to_a_different/","subreddit":"cybersecurity","title":"\nSo i recently restored my raspberry pi from a backup image then tried to connect to my OpenVPN server. the connection was successful, but i could not see the tun interface being created. after some troubleshooting it turned out my config file was using an old IP address that someone else might now have control over. could the person managing this IP have the ability to sniff out the my client's credentials? i tried a couple of times before i was able to change to my new server IP.","upvotes":1,"user_id":"4i1anl"},{"content":"In your opinion, who is the best/all-rounded cyber security firm?","created_at":1612484842.0,"id":"lcjfub","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lcjfub/in_your_opinion_who_is_the_bestallrounded_cyber/","subreddit":"cybersecurity","title":"Are any of the larger more well known folks worth their salt in their niche realm? Crowdstrike, zscaler, cloudflare, ping identity, etc?...\n\nPerhaps focusing more on mobile and corporate cloud infrastructure..\n\nI want to participate in the growth of cyber security industry but am not an expert in this area.. But I suspect a lot of the public firms are over exaggerating their capabilities... Everything is AI/ML\n\nTIA :)","upvotes":0,"user_id":"blurpyanny"},{"content":"SOC Analyst Role","created_at":1612484772.0,"id":"lcjetz","n_comments":14,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/lcjetz/soc_analyst_role/","subreddit":"cybersecurity","title":"I am interested in the SOC analyst role and I want to know how I can learn some of the required pre-requisites. Is there any type of class or online lessons for an entry level soc role? I have a security+ and I am currently a cyber security intern. Any info is appreciated.","upvotes":7,"user_id":"Green_Machine565"},{"content":"Anyone done the SANs SEC488? Cloud Security Essentials","created_at":1612483479.0,"id":"lciwg0","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lciwg0/anyone_done_the_sans_sec488_cloud_security/","subreddit":"cybersecurity","title":"Just wondered was it good if you done it.","upvotes":3,"user_id":"chickenlicken09"},{"content":"I'm just a regular person, average threat level. Should I be running a real time malware scanner? If not then how often should I manually scan for malware? What's the best free option to regularly use?","created_at":1612482504.0,"id":"lciip1","n_comments":93,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/lciip1/im_just_a_regular_person_average_threat_level/","subreddit":"cybersecurity","title":"","upvotes":151,"user_id":"TheRavenSayeth"},{"content":"Incident Response Certification","created_at":1612480665.0,"id":"lchtxz","n_comments":4,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lchtxz/incident_response_certification/","subreddit":"cybersecurity","title":"Hello,\n\nI'm looking for certifications regarding incident response and threat hunting.\n\n \n\nRecommandations ?\n\n \n\nWhat do you think about https://elearnsecurity.com/ ?\n\n \n\nThanks","upvotes":4,"user_id":"vpccisco"},{"content":"Apparently, this is 'unbreakable'","created_at":1612479149.0,"id":"lcha1h","n_comments":0,"percentage_upvoted":0.62,"permalink":"/r/cybersecurity/comments/lcha1h/apparently_this_is_unbreakable/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"-Just-Send-It-"},{"content":"Don't use functions as callbacks unless they're designed for it","created_at":1612476187.0,"id":"lcga5r","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lcga5r/dont_use_functions_as_callbacks_unless_theyre/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Moist-Toes"},{"content":"SOC 2: The Definitive Guide","created_at":1612475605.0,"id":"lcg3c2","n_comments":3,"percentage_upvoted":0.61,"permalink":"/r/cybersecurity/comments/lcg3c2/soc_2_the_definitive_guide/","subreddit":"cybersecurity","title":" The [SOC 2 audit](https://a-lign.com/resources/soc-2-the-definitive-guide/) is an extremely popular form of cybersecurity audit, used by a rapidly growing number of organizations to demonstrate they take cybersecurity and privacy seriously.","upvotes":6,"user_id":"sainathaddweb"},{"content":"Android devices ensnared in DDoS botnet","created_at":1612472356.0,"id":"lcf3nx","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lcf3nx/android_devices_ensnared_in_ddos_botnet/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"LogicalRiver"},{"content":"Should tech companies be responsible for what they're products are used for?","created_at":1612471307.0,"id":"lcet4e","n_comments":9,"percentage_upvoted":0.53,"permalink":"/r/cybersecurity/comments/lcet4e/should_tech_companies_be_responsible_for_what/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"L_4_2"},{"content":"Capture the Flag Sites","created_at":1612468836.0,"id":"lce646","n_comments":3,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lce646/capture_the_flag_sites/","subreddit":"cybersecurity","title":"Hi!\n\nDo you guys have sites to recommend about CTF's?","upvotes":1,"user_id":"leanprs"},{"content":"Where can I get the latest security alerts/news?","created_at":1612464647.0,"id":"lcd6mr","n_comments":11,"percentage_upvoted":0.74,"permalink":"/r/cybersecurity/comments/lcd6mr/where_can_i_get_the_latest_security_alertsnews/","subreddit":"cybersecurity","title":"I like to stay aware of cyberthreats going on in the world like ransomware attacks, exploits/vulnerabilities, etc. \n\nIs there a recommended source which I can sign up and get a quick overview of top items?\n\nIdeally, I'm looking for notification timing as opposed to details.\n\nSo far the best thing I've found is creating a Twitter which sends me an email periodically with popular security tweets. Curious what others are using. Also for the record I don't work in security, but I do work with the security teams.","upvotes":7,"user_id":"GhostNoteSymphonies"},{"content":"Is malwarefox legit?","created_at":1612463746.0,"id":"lccz67","n_comments":2,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lccz67/is_malwarefox_legit/","subreddit":"cybersecurity","title":"So i was looking for an anti-malware program for my friend cuz he... lets just say doesn't care about cybersecurity and gets malware on his pc a LOT. And i came across this program called Malwarefox, but when i search for reviews there arent any, or its a bunch of fake reviews. Google doesn't bring up anything but the malwarefox website. And their youtube account only has 3k subs, and every vid promotes malwarefox. Also their comments are always positive (kinda SUS tbh). Should i trust malwarefox, or should i stick with malwarebytes.","upvotes":1,"user_id":"NandiRedstone"},{"content":"Reviewing Public Exploits: CVE-2019-8943 Image Worpress remote code execution","created_at":1612462419.0,"id":"lccok2","n_comments":0,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lccok2/reviewing_public_exploits_cve20198943_image/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"PaulJawosky"},{"content":"CTF and ARG","created_at":1612461036.0,"id":"lccdh2","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lccdh2/ctf_and_arg/","subreddit":"cybersecurity","title":"Hello guys! I would really appreciate it if you could check out our Competition and consider taking part. http://cohesion.ieeencu.tech\n\nThank you.","upvotes":1,"user_id":"DV-0039"},{"content":"I paid my phone bill which somehow bypassed my 2FA? (Telstra)","created_at":1612459899.0,"id":"lcc4mo","n_comments":3,"percentage_upvoted":0.65,"permalink":"/r/cybersecurity/comments/lcc4mo/i_paid_my_phone_bill_which_somehow_bypassed_my/","subreddit":"cybersecurity","title":"When I went to go pay for my phone bill via Paypal, (which I have enabled 2FA) it processed my payment basically instantly without asking for 2FA. Should I be concerned with this? Usually when I pay for things using other applications, it will ask me for the 2FA code on Google Authenticator.","upvotes":4,"user_id":"aspx-"},{"content":"3 new SolarWinds vulnerabilities including RCE in Orion platform","created_at":1612454390.0,"id":"lcatgr","n_comments":2,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/lcatgr/3_new_solarwinds_vulnerabilities_including_rce_in/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"gianinix"},{"content":"THE STATE OF RANSOMWARE: 2020\u2019s Catch-22","created_at":1612452827.0,"id":"lcag8v","n_comments":0,"percentage_upvoted":0.66,"permalink":"/r/cybersecurity/comments/lcag8v/the_state_of_ransomware_2020s_catch22/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"ajokewaitingtohappen"},{"content":"I witnessed something horrible on Omegle, the famous website for video chatting with random strangers. I am worried and scared that something might\u2019ve saved onto my MacBook hard drive or disk. Please read.","created_at":1612452807.0,"id":"lcag0k","n_comments":6,"percentage_upvoted":0.2,"permalink":"/r/cybersecurity/comments/lcag0k/i_witnessed_something_horrible_on_omegle_the/","subreddit":"cybersecurity","title":"A few days ago, I was on the famous talk-to-random person website called \u201cOmegle. I was just casually video chatting with many strangers from the U.S. and talked about music, rappers, and what not. A few hours into the website, I was still talking to people and I eventually got bored with on a conversation that I was having with another user, so I skipped them. I then waited for another random user to pop up and the next thing I saw on the new person/user\u2019s screen was that of a man committing obscene acts with what looked to be a little girl. I immediately closed the site and I was in complete shock by the very graphic thing that I had just seen. I don\u2019t know if it was a simulated video or an actual user committing such obscene acts, but it was still extremely shocking for me to have seen that. A thing that disgusts me so much is that there are many gross men out there doing that kind of stuff to innocent children. I am also extremely worried that the cache from that users\u2019 screen on Omegle would possibly save onto my computers hard disk and files. Never in my life would I ever look, download, or possess child pornography in my computer, ever. It is just sickening that there are many people out there who do so. I have read many stories on Quora and Reddit about how people have gotten into trouble with the law by accidentally looking at it. I haven\u2019t been able to eat and sleep due to being anxious of not knowing whether any cache from that user\u2019s screen on Omegle was saved onto my laptops hard drive. What was supposed to be a nice evening talking and playing music to random strangers on Omegle, turned out to be a horrifying evening of witnessing a man committing and obscenity to a child. I also cannot sleep and eat because what I saw on that user\u2019s screen was just simply shocking and sickening. I am extremely worried as to what can happen. I have searched many pages with attorneys\u2019 answers on similar situations and concerns of other people, but there isn\u2019t a very clear one. I have searched countless Quora and Reddit articles about similar situations but none as close as my situation. I want to resume on with my regular stress/worry-free life I had before witnessing such an obscenity on Omegle. I want an answer to my question/extreme concern. I want to start eating and get sufficient sleep and not have this worrying lingering in my mind 24/7. I would appreciate any answers, please. I am worried, and I cry every day from thinking about what happened. As a precautionary act, I contacted NCMEC (National Center for Missing & Exploited Children), and I told them about what I had witnessed on Omegle. Hopefully, something can be done about the website and it\u2019s controls over obscene and graphic acts. I would still like answers to my concerns and worries. These worries are taking over my life at the moment and I am literally worried/extremely anxious if there\u2019s something in my computer. I am also worried that I may get in to conflicts with law enforcement because of this. As mentioned before, I would never in my life try to intentionally watch and posses obscenities of children. I am a college student and I have big goals for the future and I don\u2019t want my life ruined because of some sick perverted man who popped up on my screen committing such obscene and disgusting acts. Please, any answers or advice towards my situation would extremely appreciated. \n\nThank you.","upvotes":0,"user_id":"jlrmn26"},{"content":"Looking to move towards a cybersecurity role from an email security profession, does anyone here have good guides to learn about the Cyber Kill Chain, common/well known malware attacks and cyber attacks, other information for building a solid ground in the field?","created_at":1612443186.0,"id":"lc7x92","n_comments":4,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/lc7x92/looking_to_move_towards_a_cybersecurity_role_from/","subreddit":"cybersecurity","title":"Let me know if you think there are other areas I should be looking into as well, and as always, thank you in advance for any assistance!","upvotes":3,"user_id":"pamplem0usse-"},{"content":"Android incoming connections","created_at":1612443042.0,"id":"lc7vrv","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lc7vrv/android_incoming_connections/","subreddit":"cybersecurity","title":"Any way to block all incoming connections? Not rooted device","upvotes":0,"user_id":"asifal2071"},{"content":"Help with network security and Remote Desktop","created_at":1612442463.0,"id":"lc7pjc","n_comments":12,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lc7pjc/help_with_network_security_and_remote_desktop/","subreddit":"cybersecurity","title":"This is a bit of a two parter that relates to network security. First, I\u2019m looking for advice on the best, easiest way to secure my home network. I\u2019ve read encrypted routers are a good start but I want to make sure my network is very secure and don\u2019t much about them. \n\nThe second bit of advice I\u2019m looking for is advice on Remote Desktop. I don\u2019t do anything that needs to be his but privacy is privacy and I don\u2019t like the idea of people being able to poke around my network and devices. Since the pandemic I\u2019ve been working from home on my device that has Remote Desktop software installed on it by the company I work for. Is it possible that they can A) access my network, files, devices that are connect...? B) If so is there a way I can keep that from happening? C) Is there anyway to check if someone has been on my network outside of my home if they are using that access point?","upvotes":0,"user_id":"loblablaa"},{"content":"Data leak found (300k+ dump) - How to proceed?","created_at":1612440027.0,"id":"lc6yqx","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc6yqx/data_leak_found_300k_dump_how_to_proceed/","subreddit":"cybersecurity","title":"Hello,\n\n​\n\nI am analyst, and I\u00b4ve found a leak on the infrastructure from a company. This leak allows to dump the whole database with over 300k clients private home address, phone, email and some more information. Now I am wondering what I should do. Of course I want to get a reward for my finding. \n\n​\n\n**How should I proceed in this situation?** \n\n​\n\n​\n\nGreetings,\n\nX","upvotes":1,"user_id":"3quity"},{"content":"Looking to begin a career in IT","created_at":1612439281.0,"id":"lc6qty","n_comments":9,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lc6qty/looking_to_begin_a_career_in_it/","subreddit":"cybersecurity","title":"Hi, recently I have been looking at apprenticeships in IT. I know some basics but definitely have a lot to learn. Cyber security is something that i want to look into long term but im finding it difficult to find apprenticeships in this area. \nI was wondering whether its recommended to begin as say an apprentice IT support technician and work my way up towards cyber security?\nI have also seen lots online about traineeships where i pay for a course and am 'guaranteed' a good job after the training is done. This seems a bit dodgier than an apprenticeship but if its a viable option im happy to pay for these courses.\nI have also been recommended to maybe self learn Java script or something similar to give myself a head start. Would this be beneficial when heading towards cyber security? Any information would be great! Thanks :)","upvotes":0,"user_id":"alienatly"},{"content":"entering the realm of cyber security and it","created_at":1612435589.0,"id":"lc5kd6","n_comments":11,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc5kd6/entering_the_realm_of_cyber_security_and_it/","subreddit":"cybersecurity","title":"i just enrolled myself in a 5 week program with a company to hopefully get a career in it at some point anyway its one course a week to certify me in a few different things. i am on day 3 of the 5 weeks and i am in information overload. i am so overwhelmed with all of this new information. what helps you memorize acronyms defaults and ranges? did anyone else feel like this too starting out in the it field?","upvotes":1,"user_id":"WatzGlow"},{"content":"My first Video on Antivirus Bypass using Shellter :)","created_at":1612435503.0,"id":"lc5jcg","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc5jcg/my_first_video_on_antivirus_bypass_using_shellter/","subreddit":"cybersecurity","title":"[https://www.youtube.com/watch?v=zPmFdgnCuyk](https://www.youtube.com/watch?v=zPmFdgnCuyk)","upvotes":1,"user_id":"thedhinchak"},{"content":"Federated cloud application","created_at":1612434713.0,"id":"lc59os","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc59os/federated_cloud_application/","subreddit":"cybersecurity","title":"Can someone help me understand how does the Identity and Access Management looks like in a federated cloud model.","upvotes":2,"user_id":"PavanKumar23"},{"content":"New Malware Hijacks Kubernetes Clusters to Mine Monero","created_at":1612434635.0,"id":"lc58tb","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc58tb/new_malware_hijacks_kubernetes_clusters_to_mine/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"TheMildEngineer"},{"content":"Five things I learned about SAML from studying a realistic example","created_at":1612416149.0,"id":"lbyodp","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lbyodp/five_things_i_learned_about_saml_from_studying_a/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"kgilpin72"},{"content":"CySA+ or AZ-500","created_at":1612426972.0,"id":"lc2o9h","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc2o9h/cysa_or_az500/","subreddit":"cybersecurity","title":"I just passed my CompTIA Sec+ , and right now I am looking for my next certification . Any recommendations between those two ? My major is Cyber Security Analyst. Thanks .","upvotes":1,"user_id":"Former-Mouse5567"},{"content":"Agent Tesla ramps up its game in bypassing security walls, attacks endpoint protection","created_at":1612431322.0,"id":"lc45j0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lc45j0/agent_tesla_ramps_up_its_game_in_bypassing/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"wewewawa"},{"content":"Binary exploit","created_at":1612430961.0,"id":"lc410o","n_comments":1,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lc410o/binary_exploit/","subreddit":"cybersecurity","title":"I was going through this wonderful site and https://gtfobins.github.io and while trying in an intentionally vulnerable practice server, it works for Sudo privilege. \n\nsudo rsync -e 'sh -c \"sh 0<&2 1>&2\"' 127.0.0.1:/dev/null\n\nI know it has exploited rsync binary locally but I am not clear about what this is doing in effect. In short since I can\u2019t explain this myself, I have not understood this. Anyone has any insight? Thanks.","upvotes":2,"user_id":"Creepy-Trust-9581"},{"content":"More exploitable flaws found in SolarWinds software, says cybersecurity firm","created_at":1612430180.0,"id":"lc3rpb","n_comments":15,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lc3rpb/more_exploitable_flaws_found_in_solarwinds/","subreddit":"cybersecurity","title":"","upvotes":182,"user_id":"wewewawa"},{"content":"Car Hacking with Craig Smith","created_at":1612429176.0,"id":"lc3etp","n_comments":0,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lc3etp/car_hacking_with_craig_smith/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"security_explained"},{"content":"Free Threat Hunting Online training by Active Countermeasures (4-hr course)","created_at":1612428407.0,"id":"lc35oe","n_comments":24,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lc35oe/free_threat_hunting_online_training_by_active/","subreddit":"cybersecurity","title":"I'm doing training with BHIS this week, and they mentioned this free one-day course for Cyber Threat Hunting from Active Countermeasures.\n\n[https://register.gotowebinar.com/register/4808828865481561872](https://register.gotowebinar.com/register/4808828865481561872)\n\nTue, Feb 23, 2021 11:00 AM - 4:00 PM EST\n\nI know it's during the week, but they usually record their sessions, so if you're signed up for it, a link to the recording usually follows within 48 hrs.","upvotes":310,"user_id":"L1SABEE"},{"content":"Requesting recommendations for security software for my children's new computers.","created_at":1612423289.0,"id":"lc1dl0","n_comments":16,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/lc1dl0/requesting_recommendations_for_security_software/","subreddit":"cybersecurity","title":"**Background.**\n\nMy little girls are turning 9 and 14 this month. \n\nAs a present for all of the hard work and sacrifice they have done this past year with homeschooling and isolation, I wanted to get them their very own computers. \n\nWhile they both have school-issued Chromebooks, and the oldest has an old laptop that is on its last leg, neither of them actually have their own PC.\n\nSo I decided to change that, I got them both identical basic PC's, nothing special, but good enough to run some basic steam games, Minecraft, Raft, etc. \n\nI currently have the whole house using NextDNS through the router, with the kids having their own massively locked down profile managed via the installer from the company. \n\nI have a basic background in IT and support but have been out of the game for a while, so let us assume I have zero, and let's start there. \n\n---\n\n**Details.**\n\nComputers.\n\nRefurbed Dell Optiplex 3020 MT.\n\n* I7-4590S quad\n* 16 gigs of ram\n* 1TB hard drive\n* Windows 10 Pro preinstalled. \n\n**Hopeful Requirements.**\n\n* I would like to be able to remotely monitor and observe my children's computers, protect them from online scammers, and worse.\n* Remotely operate/take over the computer if needed for safety or support.\n* Create daily backup images in order to be able to restore the machine if they mess something up (preferably remotely managed). \n* Perhaps have everything sandboxed?\n* Windows-based. \n* As cheap as possible. (Blew the budget on these so not exactly flush ya know).\n* Anything else I may not be thinking of. \n\n---\n\nIf there are better subreddits for this request please let me know, I am happy to post there. \n\nThank you all in advance for any ideas or options.","upvotes":1,"user_id":"flyingwolf"},{"content":"Malware analysis / Cisco Webex","created_at":1612422830.0,"id":"lc17mq","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lc17mq/malware_analysis_cisco_webex/","subreddit":"cybersecurity","title":"I have a CISCO Webex on my laptop. But these days, people not invited to meetings overhear the conversations of other videoconferences. \n\n\nI suspect malware. I'd love to hear thoughts and tips to fix this.","upvotes":0,"user_id":"Kali_nerd"},{"content":"Do courses on udemy or any websites actually teach you how to learn or is it constantly being outdated","created_at":1612420446.0,"id":"lc0bgt","n_comments":10,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lc0bgt/do_courses_on_udemy_or_any_websites_actually/","subreddit":"cybersecurity","title":"Where would you even go to start learning in general?","upvotes":3,"user_id":"AnotherSin0"},{"content":"Is Wireshark the best way to do this?","created_at":1612418556.0,"id":"lbzm9s","n_comments":10,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lbzm9s/is_wireshark_the_best_way_to_do_this/","subreddit":"cybersecurity","title":"We have 20 specific Windows servers that are not configured to use only secure cipher suites.\n\nWe can reconfigure than to remove all TLS 1.1, 1.0 and other weak protocols. However, before making the changes, we want to know what, if anything is using those weak protocols to connect to those servers so that we don't break things.\n\nIs running Wireshark on each server the best way to do this? If so, what's the best filter to configure that lets us see who/what is connecting to those servers with weak protocols so we can tell them to fix their connections on their side before we disable it on our side?","upvotes":4,"user_id":"rancho100"},{"content":"A New Linux Malware Targeting High-Performance Computing Clusters","created_at":1612416704.0,"id":"lbyvzf","n_comments":8,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lbyvzf/a_new_linux_malware_targeting_highperformance/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"WalkureARCH"},{"content":"Is it necessary to drop \"attack\" packets from reserved IP addresses in a firewall?","created_at":1612414299.0,"id":"lbxwxx","n_comments":4,"percentage_upvoted":0.82,"permalink":"/r/cybersecurity/comments/lbxwxx/is_it_necessary_to_drop_attack_packets_from/","subreddit":"cybersecurity","title":"It seems like an obvious fundamental question, but I'm wondering if there are critical security issues with the following config for Linux (Debian / Ubuntu) servers that are hosting proxies and DNS on multiple public-facing IPs + ports.\n\nThe firewall config is completely open with the exception of a hashlimit on SSH ports.\n\nI think it prevents all common attacks to the server (UDP flooding, brute force logins, etc) while still allowing packets with local source IPs. A simple script to monitor \"unreplied\" conntrack flows in real-time would also be a good addition to this setup.\n\nI'm open to hearing your ideas as to why this wouldn't work in practice.\n\n​\n\n/etc/sysctl.conf\n\n # Values in [ ] brackets are dynamically created\n \n fs.file-max = 1000000\n fs.suid_dumpable = 0\n kernel.core_uses_pid = 1\n kernel.hung_task_timeout_secs = 2\n kernel.kptr_restrict = 2\n kernel.msgmax = 65535\n kernel.msgmnb = 65535\n kernel.printk = 7 7 7 7\n kernel.sem = 404 256000 64 2048\n kernel.shmall = [kernel.shmall]\n kernel.shmmax = [kernel.shmmax]\n kernel.shmmni = 32767\n kernel.sysrq = 0\n net.core.default_qdisc = fq\n net.core.dev_weight = 100000\n net.core.netdev_max_backlog = 1000000\n net.core.optmem_max = [net.core.optmem_max]\n net.core.rmem_default = [net.core.rmem_default]\n net.core.rmem_max = [net.core.rmem_max]\n net.core.somaxconn = 65535\n net.core.wmem_default = 256000000\n net.core.wmem_max = 256000000\n net.ipv4.conf.all.accept_redirects = 0\n net.ipv4.conf.all.accept_source_route = 0\n net.ipv4.conf.all.arp_ignore = 1\n net.ipv4.conf.all.bootp_relay = 0\n net.ipv4.conf.all.forwarding = 0\n net.ipv4.conf.all.rp_filter = 1\n net.ipv4.conf.all.secure_redirects = 0\n net.ipv4.conf.all.send_redirects = 0\n net.ipv4.conf.all.log_martians = 0\n net.ipv4.icmp_echo_ignore_all = 0\n net.ipv4.icmp_echo_ignore_broadcasts = 0\n net.ipv4.icmp_ignore_bogus_error_responses = 1\n net.ipv4.ip_forward = 0\n net.ipv4.ip_local_port_range = 1024 65000\n net.ipv4.ipfrag_high_thresh = 64000000\n net.ipv4.ipfrag_low_thresh = 32000000\n net.ipv4.ipfrag_time = 10\n net.ipv4.neigh.default.gc_interval = 50\n net.ipv4.neigh.default.gc_stale_time = 10\n net.ipv4.neigh.default.gc_thresh1 = 32\n net.ipv4.neigh.default.gc_thresh2 = 1024\n net.ipv4.neigh.default.gc_thresh3 = 2048\n net.ipv4.route.gc_timeout = 2\n net.ipv4.tcp_adv_win_scale = 2\n net.ipv4.tcp_congestion_control = htcp\n net.ipv4.tcp_fastopen = 2\n net.ipv4.tcp_fin_timeout = 2\n net.ipv4.tcp_keepalive_intvl = 2\n net.ipv4.tcp_keepalive_probes = 2\n net.ipv4.tcp_keepalive_time = 2\n net.ipv4.tcp_low_latency = 1\n net.ipv4.tcp_max_orphans = 100000\n net.ipv4.tcp_max_syn_backlog = 1000000\n net.ipv4.tcp_max_tw_buckets = 100000000\n net.ipv4.tcp_mem = [net.ipv4.tcp_mem]\n net.ipv4.tcp_moderate_rcvbuf = 1\n net.ipv4.tcp_no_metrics_save = 1\n net.ipv4.tcp_orphan_retries = 0\n net.ipv4.tcp_retries2 = 1\n net.ipv4.tcp_rfc1337 = 0\n net.ipv4.tcp_rmem = [net.ipv4.tcp_rmem]\n net.ipv4.tcp_sack = 0\n net.ipv4.tcp_slow_start_after_idle = 0\n net.ipv4.tcp_syn_retries = 2\n net.ipv4.tcp_synack_retries = 2\n net.ipv4.tcp_syncookies = 0\n net.ipv4.tcp_thin_linear_timeouts = 1\n net.ipv4.tcp_timestamps = 1\n net.ipv4.tcp_tw_reuse = 0\n net.ipv4.tcp_window_scaling = 1\n net.ipv4.tcp_wmem = [net.ipv4.tcp_wmem]\n net.ipv4.udp_rmem_min = 256000000\n net.ipv4.udp_mem = [net.ipv4.udp_mem]\n net.ipv4.udp_wmem_min = 256000000\n net.netfilter.nf_conntrack_max = 1000000\n net.netfilter.nf_conntrack_tcp_loose = 0\n net.netfilter.nf_conntrack_tcp_timeout_close = 10\n net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10\n net.netfilter.nf_conntrack_tcp_timeout_established = 10\n net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 10\n net.netfilter.nf_conntrack_tcp_timeout_last_ack = 10\n net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 10\n net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 10\n net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10\n net.nf_conntrack_max = 1000000\n net.ipv6.conf.all.accept_redirects = 0\n net.ipv6.conf.all.accept_source_route = 0\n net.ipv6.conf.all.disable_ipv6 = 0\n net.ipv6.conf.all.forwarding = 0\n net.ipv6.ip6frag_high_thresh = 64000000\n net.ipv6.ip6frag_low_thresh = 32000000\n vm.dirty_background_ratio = 10\n vm.dirty_expire_centisecs = 10\n vm.dirty_ratio = 10\n vm.dirty_writeback_centisecs = 100\n vm.mmap_min_addr = 4096\n vm.overcommit_memory = 0\n vm.swappiness = 0\n\n​\n\n/etc/bind9/named.conf.options\n\n # Values for $dnsRecursionIps, $sourceIp and $destinationIp are set dynamically\n \n options {\n allow-query { 127.0.0.1; };\n allow-recursion { 127.0.0.1; };\n auth-nxdomain yes;\n directory \"/var/cache/bind\";\n dnssec-enable yes;\n dnssec-must-be-secure mydomain.local no;\n dnssec-validation yes;\n empty-zones-enable no;\n filter-aaaa-on-v4 yes;\n listen-on { ' . $sourceIp . '; ' . $destinationIp . '; };\n max-cache-size 1;\n max-cache-ttl 1;\n max-ncache-ttl 1;\n pid-file \"/var/run/named/named.pid\";\n query-source address ' . $destinationIp . ';\n rate-limit {\n \terrors-per-second 2;\n \tipv4-prefix-length 32;\n \tnodata-per-second 2;\n \tnxdomains-per-second 2;\n };\n reserved-sockets 32764;\n resolver-query-timeout 2;\n tcp-clients 10;\n };\n\n​\n\n/lib/systemd/system/bind9.service\n\n [Unit]\n Description=BIND Domain Name Server\n Documentation=man:named(8)\n After=network.target\n [Service]\n ExecStart=/usr/sbin/named -f -c /etc/bind/named.conf -4 -S 40000 -u bind\n User=root\n Group=root\n [Install]\n WantedBy=multi-user.target\n\n​\n\n/etc/default/bind9\n\n RESOLVCONF=yes\n OPTIONS=\"-f -c /etc/bind/named.conf -4 -u bind 32764\"\n\n​\n\nsquid.conf\n\n # Compiled from source, using basic nsca_auth\n \n [acl_list]\n access_log none\n balance_on_multiple_ip off\n cache deny all\n cache_mem 256 MB\n cache_log /dev/null\n cache_replacement_policy heap LFUDA\n cache_swap_high 2\n cache_swap_low 1\n client_db off\n client_lifetime 2 seconds\n client_persistent_connections off\n connect_timeout 2 seconds\n dns_nameservers [dns_ips]\n dns_retransmit_interval 2 seconds\n dns_timeout 2 seconds\n dns_v4_first on\n forward_max_tries 2\n forward_timeout 2 seconds\n half_closed_clients off\n logfile_rotate 0\n log_icp_queries off\n maximum_object_size 0 MB\n maximum_object_size_in_memory 0 KB\n max_open_disk_fds 0\n memory_cache_shared off\n memory_pools off\n memory_replacement_policy heap LFUDA\n netdb_filename none\n persistent_connection_after_error off\n quick_abort_max 0 KB\n quick_abort_min 0 KB\n range_offset_limit 0\n read_timeout 2 seconds\n request_timeout 2 seconds\n server_persistent_connections off\n shutdown_lifetime 8 seconds\n vary_ignore_expire on\n visible_hostname proxy\n write_timeout 2 seconds","upvotes":10,"user_id":"willstaffordparsons"},{"content":"Zoom","created_at":1612412931.0,"id":"lbxcwn","n_comments":7,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lbxcwn/zoom/","subreddit":"cybersecurity","title":"Question: Zoom. \n\n\\[1\\] How do I best protect myself from threats while using the site or installed program (I guess they call them \"Apps\" (hand quotes)?\n\n\\[2\\] How significant is the the threat in regards to the collection of data already stored in China on servers and how credible is the decision to move zoom servers to the US to limit exposure to the initial over-seas hosting and data collection?\n\nMany - many thanks to anyone for their input :)","upvotes":1,"user_id":"sackuporpackup"},{"content":"Math or Physics?","created_at":1612412528.0,"id":"lbx7a2","n_comments":2,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lbx7a2/math_or_physics/","subreddit":"cybersecurity","title":"Hi! \n\nWhich discipline complements / is a good extension to learn?","upvotes":1,"user_id":"leanprs"},{"content":"Internships?","created_at":1612410334.0,"id":"lbwave","n_comments":2,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lbwave/internships/","subreddit":"cybersecurity","title":"Looking for a part-time, remote internship in cybersecurity. Is there such a thing? Is there a site that has a focus on cyber gigs/interships? I've got a ton of IT/telecom experience, but am starting a Masters program in cyber security, so I'd like to get a little more experience in that niche.","upvotes":2,"user_id":"ChristianPirate"},{"content":"Guys should I been freaking out?","created_at":1612409345.0,"id":"lbvwn4","n_comments":2,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lbvwn4/guys_should_i_been_freaking_out/","subreddit":"cybersecurity","title":" Microsoft Defender ATP is detecting yesterday's Chrome update as a backdoor\n\n[`https://www.zdnet.com/article/microsoft-defender-atp-is-detecting-yesterdays-chrome-update-as-a-backdoor/`](https://www.zdnet.com/article/microsoft-defender-atp-is-detecting-yesterdays-chrome-update-as-a-backdoor/)","upvotes":5,"user_id":"apln3to"},{"content":"Malicious vectors trying to disrupt Covid-19 vaccine distributions across the world","created_at":1612408722.0,"id":"lbvn7j","n_comments":0,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/lbvn7j/malicious_vectors_trying_to_disrupt_covid19/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"sanepushkar"},{"content":"College","created_at":1612407569.0,"id":"lbv5vs","n_comments":9,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lbv5vs/college/","subreddit":"cybersecurity","title":"Hey I am going to go to college for cyber security analysis and I was wondering Which of the scores would be the best in your opinions, university of Texas, University of West Florida or American military University. I am still doing my research but from what I can see the University of West Florida is by far the best due to their NSA certification and upon graduation you are given a CAE and or CDE certificate. They also allow you to study for a minor at the same time and get a minor as well. But in your opinions which of these are the best for their accreditations, certifications, and overall learning in general?","upvotes":0,"user_id":"Phzzyy"},{"content":"State auditor's office clashes with file transfer service provider after breach","created_at":1612405189.0,"id":"lbu6dd","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lbu6dd/state_auditors_office_clashes_with_file_transfer/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"WebLinkr"},{"content":"Best book ???","created_at":1612405056.0,"id":"lbu4e6","n_comments":2,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lbu4e6/best_book/","subreddit":"cybersecurity","title":"Your kind advise , what is the best cyber security book ?","upvotes":0,"user_id":"Neo_Stan"},{"content":"CD Projekt Warns Cyberpunk 2077 Mods Pose a Security Risk","created_at":1612405001.0,"id":"lbu3kf","n_comments":9,"percentage_upvoted":0.74,"permalink":"/r/cybersecurity/comments/lbu3kf/cd_projekt_warns_cyberpunk_2077_mods_pose_a/","subreddit":"cybersecurity","title":"","upvotes":15,"user_id":"andyholla84"},{"content":"What do you think is Babuk Locker's next move","created_at":1612404762.0,"id":"lbtzo5","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lbtzo5/what_do_you_think_is_babuk_lockers_next_move/","subreddit":"cybersecurity","title":"So I am keeping an eye on Babuk Locker. It seems to be pretty active right now.\n\nIt just targeted Serco who's doing Britain's covid tracking [https://www.infosecurity-magazine.com/news/global-government-outsourcer-serco/](https://www.infosecurity-magazine.com/news/global-government-outsourcer-serco/?utm_content=153021449&utm_medium=social&utm_source=linkedin&hss_channel=lcp-2741671).\n\nThat article quoted this blog which details some of Babuk Locker's history and TTPs [https://blog.cyberint.com/babuk-locker](https://blog.cyberint.com/babuk-locker).\n\nMy question is what comes next? Who's the next target?","upvotes":1,"user_id":"Devin_Devop"},{"content":"Reviewing Public Exploits: CVE-2019-8943 Image Worpress remote code execution","created_at":1612404239.0,"id":"lbtrhw","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbtrhw/reviewing_public_exploits_cve20198943_image/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"David-hawk"},{"content":"GISP vs CISSP?","created_at":1612402161.0,"id":"lbswj1","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbswj1/gisp_vs_cissp/","subreddit":"cybersecurity","title":"I\u2019m about to take my GISP via SANS training. \n\nAnyone have opinions/experience on how well preparing for the GISP will help me prepare for the CISSP?\n\nThanks in advance.","upvotes":0,"user_id":"biggestassiduous"},{"content":"Young Talent vs Proven Skills Blog Post","created_at":1612399187.0,"id":"lbro2a","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lbro2a/young_talent_vs_proven_skills_blog_post/","subreddit":"cybersecurity","title":"How do we improve the hiring process and the quality of the talent that we attract? \n\n\nI touch on this a bit in my latest blog post. Please check it out at the link below. \n\n\nPlease remember to Like, Comment & Share if you enjoy the post.\n\n​\n\n[https://www.joesecurityblog.com/blog/young-talent-vs-proven-skills](https://www.joesecurityblog.com/blog/young-talent-vs-proven-skills)","upvotes":0,"user_id":"jsouth489"},{"content":"CISSP AMA - What is it? What does it mean for my career? How can I get it?","created_at":1612395499.0,"id":"lbq855","n_comments":36,"percentage_upvoted":0.95,"permalink":"/r/cybersecurity/comments/lbq855/cissp_ama_what_is_it_what_does_it_mean_for_my/","subreddit":"cybersecurity","title":"Hi all,\n\nThanks to /u/ReckedExe for their AMA on Security Consulting. If you missed it, you can check it out here: [https://www.reddit.com/r/cybersecurity/comments/l6527t/ama\\_series\\_security\\_consultant/](https://www.reddit.com/r/cybersecurity/comments/l6527t/ama_series_security_consultant/)\n\nThis week, the AMA is on CISSP. What does it mean to you, what does it mean for your career? What do you need to do to get a CISSP, what are the struggles with studying. Our two responders have a CISSP cert and are looking forward to answering your questions. Now unfortunately I was unable to get a hold of anyone from ISC2 - hopefully I can line that up in the future. \n\nTwo responders have participated previously in our AMA series - [/u/heyitsmegannnn](https://www.reddit.com/u/heyitsmegannnn/) and [/u/nurotoukai](https://www.reddit.com/u/nurotoukai/) both participated in the Security Analyst AMA here: [https://www.reddit.com/r/cybersecurity/comments/ke9odi/we\\_are\\_security\\_analysts\\_ask\\_us\\_anything](https://www.reddit.com/r/cybersecurity/comments/ke9odi/we_are_security_analysts_ask_us_anything/). \n\n* [/u/nuroktoukai](https://www.reddit.com/u/nuroktoukai/) \\- Security Analyst / Penetration tester with over six years of experience. Has the CISSP and OSCP. \n* [/u/HeyItsMegannnn](https://www.reddit.com/u/HeyItsMegannnn/) \\- Meg is the Cyber Security Incident Response Manager at Tech Data Corporation. She has a Master of Science degree in Cybersecurity, and holds CISSP and Security+ certifications. Alongside her passion for Incident Response, she is an SME in SAP security, having been selected to speak at SAP\u2019s Sapphire Now conference. Meg also enjoys making educational Cybersecurity videos on Youtube.\n* /u/yyc-reddit is a Security Analyst dual-certified in CISSP and SSCP with over 10 years of experience. They\u2019ve primarily worked with ISPs and within the Health Care industry.","upvotes":35,"user_id":"Oscar_Geare"},{"content":"Windows Patches coming back as \"Not Applicable to this machine\" when trying to patch found vulnerabilities. Nessus Scan Question","created_at":1612395173.0,"id":"lbq3lx","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbq3lx/windows_patches_coming_back_as_not_applicable_to/","subreddit":"cybersecurity","title":"Nessus (New Software to Me) is showing me some vulnerabilities that reside in the environment. To remediate them, I try to apply the appropriate Microsoft patch to the machine. However, 90% of the time, I'm getting the error that the patch isn't applicable to that machine.\n\n​\n\nFor example, i have half a dozen machines listed with this vulnerability.\n\n> KB4580328: Windows 10 Version 1709 October 2020 Security Update \n> \n>Description \n> \n>The remote Windows host is missing security update 4580328 or 4577041. It is, therefore, affected by multiple vulnerabilities \n> \n> \n> \n>The remote host is missing one of the following rollup KBs : - 4580328 \n> \n>C:\\\\Windows\\\\system32\\\\ntoskrnl.exe has not been patched. \n> \n>Remote version : 10.0.16299.1087 \n> \n>Should be : 10.0.16299.2166\n\nWhen i manually checked those machines, the required updates were not installed. When i deployed them with out patch mgmt software, I got the Not Applicable message. I manually downloaded the patches and tried to install them individually on the machines, again get the Not Applicable message.\n\n​\n\nChecking the machines, I see that the listed file is indeed the incorrect version.\n\n​\n\nMy question(s) is/are:\n\n* Based upon the scans from Nessus, how often are there false positives?\n* In an instance like this, when my patch mgmt software tells me there are no missing patches for \"X\" machine, but Nessus states there is an open vulnerability due to a missing patch from running a credentialed scan, how would you remedy this situation?\n\n​\n\nI have found out on a few other vulnerabilities from Nessus that upgrading the Windows 10 OS to a newer version is the only thing that would fix a found vulnerability. Even if the \"missing\" patch(s) were applied successfully. \n\n​\n\nI am still trying to wrap my head around Nessus in combined with my other tools.","upvotes":0,"user_id":"outerlimtz"},{"content":"Intel Military to Cyber Security","created_at":1612393400.0,"id":"lbpfhs","n_comments":13,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lbpfhs/intel_military_to_cyber_security/","subreddit":"cybersecurity","title":"I am currently a USMC reservist, my MOS (military occupational specialty) is SIGINT (Signal Intelligence) Officer. Which basically means I advise commanders on the employment of SIGINT assets in support of information gathering and information operations and activities. We also work on counterintelligence and human intelligence. I hold a SSBI/T5 clearance. \n\nI am fairly new to the cyber security community, and have worked on the basics of C++ and Python through Codecademy so far, I am a firm believer that I can be self-taught to do anything.\n\n My main question is what are the best positions I can obtain in Cyber Security with the skills I posses? And what kind of certifications would I need to obtain first?","upvotes":7,"user_id":"fredyarnanda"},{"content":"New Raspberry pi 4 and no ideas\ud83e\udd37\u200d\u2642\ufe0f","created_at":1612392434.0,"id":"lbp2jv","n_comments":10,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lbp2jv/new_raspberry_pi_4_and_no_ideas/","subreddit":"cybersecurity","title":"Hello everyone I\u2019m getting into cyber security pretty hardcore lately it\u2019s so much fun! Tryhackme has been where I spend a lot of my time. \n\nSo recently I received a raspberry pi 4 and immediately I knew I wanted to do something along the lines of an attack on my own stuff maybe my network or something on my network that I own to get some more experience maybe do a write up of my experience. My only problem is my not sure what I should do.\n\nWould anyone have any good cyber security projects that I may try to some ideas from? Thank you I hope you all have a great day","upvotes":4,"user_id":"agent0range9"},{"content":"Rate my security/privacy? Constructive feedback welcomed!","created_at":1612386743.0,"id":"lbn7uh","n_comments":17,"percentage_upvoted":0.73,"permalink":"/r/cybersecurity/comments/lbn7uh/rate_my_securityprivacy_constructive_feedback/","subreddit":"cybersecurity","title":"So! I bought a new computer recently. It\u2019s nothing special, but it\u2019s nice and new and I want to keep it that way. I have also grown tired of my internet footprint (social media presence, etc) and have been pretty concerned about the large corps tracking and selling your data lately. If a hacker got into something of mine, they wouldn\u2019t find anything interesting - I don\u2019t have anything to hide, but I do have pictures of family and friends that I wouldn\u2019t want to have floating around everywhere. But I digress, I mean, that\u2019s why we\u2019re all here, amirite?\n\nI am NOT a IT guy. I can hold my own in basic computer functions, but this actually has been really interesting to me as of late. Just hoping you all can read the steps below that I\u2019ve taken and offer any suggestions on how to improve. Thanks!\n\nRate from 1-10. \n- 1 = Zuckerburg has a key to my front door.\n- 10 = The NSA invited me to be a keynote speaker at their next conference.\n\n\u2014\u2014\u2014\n\n- Set up fingerprint reader for desktop access\n- Purchased McAfee (established settings + firewall enabled)\n- Use McAfee VPN every time I\u2019m using the computer\n- Have the McAfee scanner for internet downloads and also the green checkmark to verify safe sites.\n- Changed from using Chrome/Firefox/Edge/Explorer to using Brave internet browser (also did this on iPhone and iPad, and work computer as much as possible [certain programs require certain browsers])\n- To access the Brave browser on the iPhone/IPad, I have to type in a 6 digit passcode.\n- Changed from using Google search engine to Startpage.com. (Also did this on iPhone and iPad)\n- Created new encryptable email address with Protonmail (currently still have gmail account, but set up email forwarding and have been using the new account for all emails moving forward. Looking to delete gmail account eventually)\n- The Protonmail app is also installed on iPhone and iPad. There is a 4 digit passcode I installed in order to access my emails.\n- I bought an external hard drive (\u201cEHD\u201d) a while ago and never set the thing up. I finally did over the weekend, backed up all my computer data on it and also uploaded all pictures from my iPhone to it.\n- Organized my Google Drive to permanently delete unneeded and \u201cshould not have been on there in the first place\u201d data. Currently have it downloaded to my desktop but will put it on the EHD tomorrow.\n- I also have a work laptop that I put a bunch of personal info on because I didn\u2019t have a personal computer at the time. That is in the process of downloading to the EHD now. Obviously not a lot I can go on that computer due to organizational settings.\n- Downloaded VeraCrypt. Still understanding how to use it, but want to encrypt the EHD and also encrypt any files/folders before re-uploading them to Google Drive.\n- Deleted cache, cookies, and saved passwords from Brave, and will be doing the same for other browsers. I haven\u2019t done it yet, but I believe McAfee also has a password manager that I will download to safeguard and create stronger passwords. If they don\u2019t have it, I will get it elsewhere.\n- Deleted Twitter, Snapchat, and Instagram accounts. Never used them to begin with. Still have Facebook, but set the privacy settings to what I believe are the strictest a while ago. If I had to get rid of that, it wouldn\u2019t bother me that much.\n- Changed settings on iPhone and iPad to just show \u201cNotification\u201d instead of the message contents.\n- Got a new case with flap cover for my iPhone, lol\n\n\u2014\u2014\u2014\u2014\n\nThat\u2019s everything I can think of right now. If I remember anything else, I\u2019ll put it in the comments below. \n\nFWIW, the iPhone and iPad are company owned. I work for a Fortune 500 engineering company. \n\nLike I said, I\u2019m not an IT guy, but it\u2019s been pretty interesting to me lately and also awakening how cavalier I\u2019ve been. Some of this may definitely be overkill, but once I started, I started thinking even more. \n\nThanks for the help!","upvotes":7,"user_id":"MrGiggles124"},{"content":"Unlocking the Mysteries of the Fed\u2019s New CMMC Requirement","created_at":1612384713.0,"id":"lbmn9v","n_comments":1,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/lbmn9v/unlocking_the_mysteries_of_the_feds_new_cmmc/","subreddit":"cybersecurity","title":"There\u2019s a lot of uncertainty around the Cybersecurity Maturity Model Certification (CMMC). In this episode of Security on Cloud, Tony Bai, Director of Federal Practice Lead at A-LIGN, joined us to\u00a0explain the CMMC framework, its importance, and why it\u2019s being introduced. Tony shares insight on how CMMC applies to Controlled Unclassified Information (CUI) and the requirements by the Department of Defense (DOD). Learn about the various levels of CMMC the assessment process for certification. Tune in as we discuss what CMMC compliance is, what the requirements are, how it compares to NIST 800-171, who needs to obtain [CMMC certification](https://securityboulevard.com/2021/02/unlocking-the-mysteries-of-the-feds-new-cmmc-requirement/), and so much more.\u00a0\u00a0","upvotes":5,"user_id":"sainathaddweb"},{"content":"SolarWinds Orion & Serv-U FTP for Windows have 3 more vulns. POC landing Jan 9th.","created_at":1612380420.0,"id":"lblkc4","n_comments":0,"percentage_upvoted":0.72,"permalink":"/r/cybersecurity/comments/lblkc4/solarwinds_orion_servu_ftp_for_windows_have_3/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"Nominativedetermined"},{"content":"My Netgear Nighthawk X6 R8000 closed all my ports until I updated firmware","created_at":1612379519.0,"id":"lblcjo","n_comments":2,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lblcjo/my_netgear_nighthawk_x6_r8000_closed_all_my_ports/","subreddit":"cybersecurity","title":"I tried to launch a game where i port forward and my friends join me but nothing was working. I went to check my router and everything looks fine, ports open, the firewall is allowing connections. Everything looks fine. Except the little firmware update available button at the top. \nI said whatever I'll update it and see if that fixes it and low and behold IT DID. \n\n\nMy router did not tell me i have to update to fix something that wasn't an issue yesterday. I spent an hour or so troubleshooting and **I just wanted to put this little event out there so people know.** \nWhy did Nighthawk push an update event and make it lock my ports at all?? \nWHY DIDN'T IT TELL ME WHAT IT DID?? \nI don't want my router security to be messed with.\n\nAlso note, since the update my entire router's page is demanding i get their app to control my router and is advertising their \"netgear armor.\" How annoying.","upvotes":0,"user_id":"twopointinfinity"},{"content":"Kalitorify- Transparent proxy through the TOR Network | Kali2020","created_at":1612378082.0,"id":"lbl06f","n_comments":1,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/lbl06f/kalitorify_transparent_proxy_through_the_tor/","subreddit":"cybersecurity","title":"","upvotes":54,"user_id":"ag0023"},{"content":"Application security - reading code & finding flaws","created_at":1612376203.0,"id":"lbkl6q","n_comments":20,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/lbkl6q/application_security_reading_code_finding_flaws/","subreddit":"cybersecurity","title":"I will soon have an interview where one of the tasks will be reading code & identifying security flaws (web application most likely). Any ideas how can I prepare for this sort of practical question? Also, do you have any good application security materials I could learn from? Any tips appreciated.","upvotes":25,"user_id":"Coldlike"},{"content":"Top 10 most promising AI projects to watch in 2021","created_at":1612374735.0,"id":"lbk8lr","n_comments":1,"percentage_upvoted":0.69,"permalink":"/r/cybersecurity/comments/lbk8lr/top_10_most_promising_ai_projects_to_watch_in_2021/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"KeyDutch"},{"content":"I was connected to someone's wifi without notice, what are the possible repercussions?","created_at":1612373253.0,"id":"lbjwka","n_comments":6,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lbjwka/i_was_connected_to_someones_wifi_without_notice/","subreddit":"cybersecurity","title":"So when i was boarding a bus, i got connected to a wifi( not a public one, on someone else's phone it seems) but I don't recognise it and it requires password. Then i chose forget password and when I tried to join again just to make sure it couldn't work. What on earth is going on? Is this going to compromise my cybersecurity?","upvotes":0,"user_id":"9892819190000lo"},{"content":"Today\u201cs 10USD donation goes to Pi-hole ....after already blocking +500 unsolicited queries in the first half hour. >23%","created_at":1612371553.0,"id":"lbjibp","n_comments":57,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lbjibp/todays_10usd_donation_goes_to_pihole_after/","subreddit":"cybersecurity","title":"","upvotes":346,"user_id":"knerzel"},{"content":"No hologram on my Alpha AWUS036NHA wireless adapter?","created_at":1612366115.0,"id":"lbibcp","n_comments":9,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lbibcp/no_hologram_on_my_alpha_awus036nha_wireless/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"WinterFondant"},{"content":"Sudo App Bug Let Hackers Have Full System Access in Linux & macOS","created_at":1612365631.0,"id":"lbi7dc","n_comments":6,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lbi7dc/sudo_app_bug_let_hackers_have_full_system_access/","subreddit":"cybersecurity","title":"","upvotes":16,"user_id":"harshsharma9619"},{"content":"How to break into the field (pun intended)","created_at":1612362241.0,"id":"lbheju","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lbheju/how_to_break_into_the_field_pun_intended/","subreddit":"cybersecurity","title":"If I\u2019m studying something at school that\u2019s irrelevant to cyber security and about to graduate, how long should I expect to take until I break into cyber security? What path?","upvotes":1,"user_id":"Roam_S"},{"content":"Router security test","created_at":1612361114.0,"id":"lbh49c","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lbh49c/router_security_test/","subreddit":"cybersecurity","title":"Is there a series of steps to take to check if there is malware affecting a router? WiFi and admin passwords are long random passwords and encryption is not the issue. But I would still like a series of steps to check if there is an issue with a home router","upvotes":1,"user_id":"asifal2071"},{"content":"Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise","created_at":1612359085.0,"id":"lbgl8c","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lbgl8c/magento_web_skimmers_piggyback_in_ongoing_costway/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"william-harvey-07"},{"content":"Looking for advice...","created_at":1612358017.0,"id":"lbgb65","n_comments":8,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lbgb65/looking_for_advice/","subreddit":"cybersecurity","title":"Good evening/ morning everybody,\n\nCurrently I am working full time and have followed this subreddit for sometime. I have read in countless articles and from this subreddit that cyber security is in high demand. Right now I have a 10 month old and work full time and was looking at the cybersecurity program at Western Governors. The program looks great since the tuition isn\u2019t as high as other schools and says that you can get your degree as little as 12 months and have 15 certifications upon completion. I have some computer science experience since that was my major before switching to accounting. I want a career where I feel like I\u2019m actually making a difference and not just going through the motions. Looking for any insight or advice you guys have. Thank you in advance!","upvotes":1,"user_id":"bmp53"},{"content":"Target account hack .. then not so much?","created_at":1612356984.0,"id":"lbg02g","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbg02g/target_account_hack_then_not_so_much/","subreddit":"cybersecurity","title":"Hey all. So I'm a little baffled. We logged onto [Target.com](https://Target.com) today (we usually just use the app). While in there updating password etc as a matter of routine, it showed current and recent logins. To my horror, I saw one from earlier today in Brussels (I live in USA). I immediately revoked the login, changed pass and called customer care, who couldn't tell me much (least of all the specific IP address), except to say that while they were in the app, they were luckily not in the RedCard portion (Target offers a discount scheme where you can link a debit card to their store card and get discounts). In fact, he said we'd never even set up the management of said card. So I set that up too and put on a load of alerts and verifications. Happy in my security, I decided to see if the website noted me logging in from my phone browser (wifi on) and app on my phone (wifi was hanging, so I switched back to phone data). 2 new logins popped up - one in Oregon (wifi - not where I am in US!) and one in ... Brussels (my phone - from a US phone carrier)! I did log in this morning on app from my phone, which now explains Brussels, but why in the hell is it detecting these random places? It lists the correct location for my desktop login (using the very same wifi?!) Location I'm in currently is not using a VPN or anything. Any thoughts as to why this might be?","upvotes":0,"user_id":"unbrokenstreamof"},{"content":"My eset antivirus flagged a file \u201cUnconfirmed 830655.crdownload\u201d but I did the same scan with other anti viruses and found no threats","created_at":1612356285.0,"id":"lbft2v","n_comments":5,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lbft2v/my_eset_antivirus_flagged_a_file_unconfirmed/","subreddit":"cybersecurity","title":"I did a scan on my Android with Bitdefender security and it found no malware, I did one with Avast security still no malware, did one with Malwarebytes and there was still no malware but when I downloaded this anti virus called eset security and I scanned it showed a file named \u201cUnconfirmed 830655.crdownload\u201d The file showed to be last modified on 18Dec. Is this a virus and what harm could it cause?","upvotes":0,"user_id":"lolahil"},{"content":"Recommendation for learning cyber security tools","created_at":1612354402.0,"id":"lbf92u","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbf92u/recommendation_for_learning_cyber_security_tools/","subreddit":"cybersecurity","title":"What would you guys recommended is better to get PRACTICAL, hands-on experience for cyber security and cyber security tools/concepts?\n\nDo u recommend:\n\n1- over the wire\n2- try hack me\n3- cybrary.it\n4- other?\nAnyone have any luck with any of these?\n\nThanks in advance","upvotes":0,"user_id":"morepeasplz"},{"content":"Cybersecurity or IT manager","created_at":1612350743.0,"id":"lbe4v5","n_comments":9,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/lbe4v5/cybersecurity_or_it_manager/","subreddit":"cybersecurity","title":"Okay so I'm still looking into my career as I get out of highschool and into college. My question is should I go for IT manager or cybersecurity. I'm a person who likes to be moving around and working rather than sitting at a desk all day. My question is what is a day like working in cybersecurity what are the task assigned to you and what is it you do on a daily basis? I dont know much about cybersecurity in that aspect i know a bit about the work but not much to really go off of. I'm still looking for my career so nothing is set in stone.","upvotes":4,"user_id":"ContractIcy1280"},{"content":"Got a 2nd interview for a cybersecurity intern","created_at":1612347534.0,"id":"lbd4r5","n_comments":31,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/lbd4r5/got_a_2nd_interview_for_a_cybersecurity_intern/","subreddit":"cybersecurity","title":"EDIT: I got an email today (2/5) saying that I got the job! \n\n\nHello all,\n\nI managed to have gotten a 2nd interview for a cybersecurity intern in the D.C area.\n\nFull-Time (40 hours a week)\n\nPay range is $2500-$3500 monthly (negotiable)\n\nNo benefits :(\n\nDuration of internship is 4-6 months, starting during the first week of March\n\nThe date of the 2nd interview is 2/4, Thursday, at 3PM ET.\n\n**Key Role:**\n\n* Cybersecurity evaluation of our company posture.\n* Understanding the basic concepts behind certification process\n* Develop and author cybersecurity policies.\n* Additional duties as required.\n\n**Qualifications:**\n\nIdeal candidate would be IT or Cybersecurity students working on their bachelor\u2019s or masters.\n\nIn addition to working in ISO certification selected candidates also get to have fun and learn more about drones and autonomy.\n\n​\n\nThe first interview went well (it was with the VP of the company). The second interview I have is with the CEO. What sort of things should I look out for during my 2nd interview?","upvotes":26,"user_id":"LordCommanderTaurusG"},{"content":"What is the most secure and efficient way to manage passwords?","created_at":1612341269.0,"id":"lbb3o3","n_comments":10,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lbb3o3/what_is_the_most_secure_and_efficient_way_to/","subreddit":"cybersecurity","title":"After being notified of a password being compromised I want to get serious about cyber security. What is the best solution to managing passwords and protecting my online data?","upvotes":0,"user_id":"AnyInfluence4"},{"content":"How hard is it to make it into the SFS program?","created_at":1612335836.0,"id":"lb99lf","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb99lf/how_hard_is_it_to_make_it_into_the_sfs_program/","subreddit":"cybersecurity","title":"I am currently in a junior high school but want to pursue this method of going to college and graduating, however the SFS program seems pretty competitive to get into and I would say I'm average (3.7 weighted GPA). If anyone here has been accepted into the program, what is it like? And what do you think my odds are of getting into the program? \n\n​\n\nP.S. One of the things I (hope) I have going for me is that I have some experience programming sites, simpler applications in python, and games in C#.","upvotes":1,"user_id":"ThelLingo"},{"content":"Work Environment Model","created_at":1612334176.0,"id":"lb8nqc","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb8nqc/work_environment_model/","subreddit":"cybersecurity","title":"Hi\n\nLooking to know what environment would the following be considered as ie BYOD, COPE etc.\n\nCompany buys new joiners a laptop all software used is cloud based so no virtual environment like cotrix required","upvotes":1,"user_id":"ethical_security"},{"content":"Ransomware gangs made at least $350 million in 2020","created_at":1612330234.0,"id":"lb70n3","n_comments":0,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lb70n3/ransomware_gangs_made_at_least_350_million_in_2020/","subreddit":"cybersecurity","title":"","upvotes":13,"user_id":"jpc4stro"},{"content":"Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency - sources","created_at":1612329811.0,"id":"lb6tfu","n_comments":2,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/lb6tfu/exclusive_suspected_chinese_hackers_used/","subreddit":"cybersecurity","title":"","upvotes":42,"user_id":"wewewawa"},{"content":"Profiling a Netwalker affiliate- Threat actor insight!","created_at":1612329674.0,"id":"lb6r93","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb6r93/profiling_a_netwalker_affiliate_threat_actor/","subreddit":"cybersecurity","title":"\nThe first named threat actor in the Netwalker takedown is an affiliate charged with illegally obtaining more than $27.6 million from ransomware attacks.\n\nName: Sebastien Vachon-Desjardins,\nNationality: Canadian\nAge: 34\nProffessional profile: \n- More than 8 years of experience in the IT field\n- Experience from troubleshooting & issue resolution\n- Remote Assistance using Remote Desktop etc.\n- Extensive Incident Management experience \n\nCriminal history:\n- Three years in prison (2015) for selling drugs \n\nWhat can we learn from this? \nThe simple reality is that any individual with a criminal mindset and average IT-skills can potentionally make tens of million US dollars by becoming an affiliate to ransomware groups. \n\nConclusion:\n1. We need to hunt down the cyber criminals and bring them to justice. It\u00b4s too easy to make an enormous amount of money by attacking organizations. We must make it less attractive by heavily increasing the risk of getting caught.\n\n2. Organisations that gets targeted by cyber criminals must begin to report the crimes so that law enforcement get access to evidence. \n\n3. Dont pay! There are companies such as us that can usually restore your data without paying ransom and possibly also find the threat actor.","upvotes":1,"user_id":"rampante19"},{"content":"First Red Team Instance at Work, need some guidance!","created_at":1612329516.0,"id":"lb6p2p","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb6p2p/first_red_team_instance_at_work_need_some_guidance/","subreddit":"cybersecurity","title":"Evening Folks,\n\nSo, next week I\u2019ve been given a task of pentesting an azure windows machine next week. Now, I do have ampful pentest experience, but I don\u2019t think I\u2019ve done much work again azure machines. \n\nWould my exploits and enumeration be evolved around azure and finding exploits within how the machine is set up with azure or does it just work like a VM (azure is the vm for example) and I attack the windows machine.\n\nI\u2019m being given a public IP and that\u2019s it.\n\nThis is all for the purpose of logs and data for our SOC and SIEM. Nothing malicious.\n\nThanks guys! Any help is much appreciated.","upvotes":1,"user_id":"prawn2"},{"content":"New To Coding/Cyber Security","created_at":1612328245.0,"id":"lb680r","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb680r/new_to_codingcyber_security/","subreddit":"cybersecurity","title":"I just turned 18 and I\u2019ve always been intrigued by coding and cyber security but I don\u2019t know where I should start and what coding language I should start learning. Where should I start ?","upvotes":1,"user_id":"DaKiddCrazy"},{"content":"Need POINTERS.....for Spear Phishing Drills","created_at":1612327601.0,"id":"lb5yw5","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb5yw5/need_pointersfor_spear_phishing_drills/","subreddit":"cybersecurity","title":"Hey y'all. I'm a full-time cybersecurity student working IT for a small business. Our workforce is small, but almost entirely remote. So our attack surface is wide, distributed, and could do with some reinforcement.\n\nOne thing I'd like to do is start running sporadic phishing drills to increase employee threat awareness/preparedness.\n\nAs I'm still very much a novice in regards to offensive techniques, I'm not really sure where to start. I've read a lot about the benefits of this type of training but not so much how to actually execute it. Anyone have suggestions for good places to find HTML email or landing page templates? How does one go about attaining a harmless tracking link or making fake email addresses? \n\nI'm a decent coder so I'd prefer open-source, customizable tools that would make the process educational for me, but if anyone knows a free, automated service, I'd be open to that as well. Thanks in advance and excuse the pun in my post's title \ud83d\ude36\u200d\ud83c\udf2b\ufe0f","upvotes":2,"user_id":"meisterdoodle"},{"content":"Best practices for transparently-encrypted external hard drives?","created_at":1612326609.0,"id":"lb5l55","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb5l55/best_practices_for_transparentlyencrypted/","subreddit":"cybersecurity","title":"I've got an external hard drive (8TB) filled with videos. My attack scenario: preventing illegal search and seizure and fishing expeditions by law enforcement. My use case: personal video library served up by Plex. Platform: Microsoft Windows 10 Pro.\n\nI'm aware of Bitlocker, but I'm not sure I can trust it not to have backdoor access. I've heard of Veracrypt, but I don't know if that's still considered a best practice/tool for disk encryption.\n\nI'm also running automated backups of the data on that external disk to another external disk of the same size. Those backups are encrypted at the application layer (by Arq backup), so I don't need disk-level encryption there - just on the source disk itself.\n\nWhat's a good tool that's maintained, audited/trustworthy and efficient for transparently encrypting/decrypting files on that external disk? What's the best practice these days? It's been years since I last looked at this.","upvotes":2,"user_id":"prophet-of-dissent"},{"content":"Hard coded user/root user","created_at":1612326327.0,"id":"lb5h78","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb5h78/hard_coded_userroot_user/","subreddit":"cybersecurity","title":"\nIs there way in redhat Linux, where you prevent even root to create new user accounts? Require this for a reason: basically only two users hard fixed: admin and root. Would need to prohibit creation of any other users even by root.","upvotes":1,"user_id":"Sophia_crawford"},{"content":"SonicWall zero-day exploited in the wild","created_at":1612325455.0,"id":"lb54nd","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb54nd/sonicwall_zeroday_exploited_in_the_wild/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"wewewawa"},{"content":"Master's degree in cybersecurity? certifications? or MBA in IT management?","created_at":1612323827.0,"id":"lb4hfl","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb4hfl/masters_degree_in_cybersecurity_certifications_or/","subreddit":"cybersecurity","title":"Hi Everyone,\n\nI just finished my BAS in cybersecurity. I'm planning on starting a Master's degree in cybersecurity right away. After some research, I've narrowed it down to two options, Liberty University and WGU. These are the final options because of cost, flexibility and courses/certs they offer.\n\nIf you already have experience on the field. What do you guys think/recommend? What's more valuable to a potential employer, Master's degree or certifications?\n\nThanks!","upvotes":1,"user_id":"amoreno_IT"},{"content":"Noscript Settings - What do they mean, which to enable / disable?","created_at":1612322469.0,"id":"lb3xpj","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb3xpj/noscript_settings_what_do_they_mean_which_to/","subreddit":"cybersecurity","title":"When using noscript one has the option to enable / disable options for the default browsing experience.\n\nNow, since i browse the Internet with hopefully enough common sense to not click on every suspicious link i find, how can i safeguard myself against malware that infects my system by simply visiting a website (eg. drive-bys)?\n\nMore specifically, what settings in noscript would i have to set for my default browsing experience to be as safe as possible, whilst still being usable?\n\nMy current default settings are only frame and fetch turned on, everything else turned off. And with these two settings, i don't even really know what they do. \n\nAny help is greatly appreciated.","upvotes":1,"user_id":"allthistooshallpass"},{"content":"Best cities for Canadian starting out in industry?","created_at":1612322418.0,"id":"lb3x04","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb3x04/best_cities_for_canadian_starting_out_in_industry/","subreddit":"cybersecurity","title":"I would like to hear from professionals in the industry what cities in Canada are good for people starting out in the industry (fresh out of uni with computer science degree)? \n\nLooking for a good mix of job prospects, salaries and living costs. \n\nAny smaller cities with good job prospects?","upvotes":1,"user_id":"kermodeh"},{"content":"TryHackMe - Good Option?","created_at":1612322140.0,"id":"lb3t2m","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lb3t2m/tryhackme_good_option/","subreddit":"cybersecurity","title":"Hi!\n\nTryHackMe is a good option to learn, or there's better environments that can be used / accessed?","upvotes":2,"user_id":"leanprs"},{"content":"Hospitals Suffer New Wave of Hacking Attempts [WSJ]","created_at":1612321370.0,"id":"lb3hxu","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb3hxu/hospitals_suffer_new_wave_of_hacking_attempts_wsj/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"WebLinkr"},{"content":"2021 Trends / Companies to Watch","created_at":1612321083.0,"id":"lb3dk9","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lb3dk9/2021_trends_companies_to_watch/","subreddit":"cybersecurity","title":"What trends / innovative companies are you most excited about in the upcoming year(s)?\n\nBackground: my career has been primarily in sales strategy / operations in the B2B SAAS space but I'm really interested in potentially pivoting + exploring the cybersecurity industry further. Beyond the initial question, also open to other resources for dipping my toes in this new area!","upvotes":0,"user_id":"dwightgaltfan6"},{"content":"Ransomware Groups Have Earned More Than $350 Million in 2020","created_at":1612320590.0,"id":"lb36ny","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb36ny/ransomware_groups_have_earned_more_than_350/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"harshsharma9619"},{"content":"A new Pump And Dump Hack? | My Robinhood Trading Controversy Theory","created_at":1612319680.0,"id":"lb2tsp","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/lb2tsp/a_new_pump_and_dump_hack_my_robinhood_trading/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"davidalbertozam"},{"content":"Safe and secure email services?","created_at":1612318529.0,"id":"lb2ddd","n_comments":9,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/lb2ddd/safe_and_secure_email_services/","subreddit":"cybersecurity","title":"Hey everyone. I\u2019ve been using gmail just about my whole life because of how easy and convenient it has been. However the lack of data progression at google has made me want to get all my data away from them. I was wondering if anyone here could teach me about another email service provider(I don\u2019t care if it is a subscription or not) that is known for its security.","upvotes":1,"user_id":"wesleystokes"},{"content":"Security researchers today uncovered new delivery and evasion techniques adopted by #AgentTesla remote access trojan (RAT) to get around defense barriers and monitor its victims.","created_at":1612317361.0,"id":"lb1vqu","n_comments":0,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/lb1vqu/security_researchers_today_uncovered_new_delivery/","subreddit":"cybersecurity","title":"https://thehackernews.com/2021/02/agent-tesla-malware-spotted-using-new.html","upvotes":7,"user_id":"maharmah"},{"content":"Analyzing DNS Data Exfiltration with Wireshark | TryHackMe Advent of Cyber 1 Day 6","created_at":1612317268.0,"id":"lb1ugj","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lb1ugj/analyzing_dns_data_exfiltration_with_wireshark/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"MotasemHa"},{"content":"Grammarly for business","created_at":1612315130.0,"id":"lb0yxt","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lb0yxt/grammarly_for_business/","subreddit":"cybersecurity","title":"Just wanted some general thought on using grammaely for business. How secure it is, how it is implementing, and is there any major benefits over other spell checkeckers?","upvotes":1,"user_id":"MrJohn117"},{"content":"Hey fellows question from a newish network defense guy","created_at":1612310639.0,"id":"laz203","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/laz203/hey_fellows_question_from_a_newish_network/","subreddit":"cybersecurity","title":"I run security onion at work and the network tech swears he\u2019s setup a span port on the switch for me to monitor and the server tech swears the ESXI stack is configured properly to receive the traffic. I know I\u2019ve set up secOnion to catch the traffic on the virtual NIC correctly, but I get no traffic and when I run TCPDUMP on the promiscuous NIC I only see ARPs. Is there a way I can set my laptops NIC to promiscuous mode so I can test the span port directly? Cut out the ESXI and virtualizations. Just to confirm the switch is configured. If it is I can redirect my issues with server team, however if nothing comes across the span then I can address networking. Also I can\u2019t just do it myself as I\u2019m not authorized to make any changes to networking equipment or servers. Running Windows 10 on a dell 5580 if it matters \nThanks","upvotes":1,"user_id":"CoolishReagent"},{"content":"Vulnerability Scanner Options","created_at":1612308449.0,"id":"lay5h7","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lay5h7/vulnerability_scanner_options/","subreddit":"cybersecurity","title":"I'm looking for a light duty internal vulnerability scanner, sub 500 assets. I'm moderately familiar with Nessus and Rapid 7 but mostly ignorant of the other options. My wishlist isn't huge and would include the ability to notate discovered items, get some intelligence on which ones have known active exploits along with ease of exploit. Are any other small environment people using a solution they're happy with?","upvotes":1,"user_id":"isoaclue"},{"content":"Why do people opt for Yubikeys over things like Nitrokey or Solokey?","created_at":1612306831.0,"id":"laxgsv","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/laxgsv/why_do_people_opt_for_yubikeys_over_things_like/","subreddit":"cybersecurity","title":"The average person is unlikely to use most of the advanced features like Yubikey OTP.","upvotes":1,"user_id":"TheRavenSayeth"},{"content":"Netgain ransomware incident impacts local governments","created_at":1612305804.0,"id":"lax17c","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lax17c/netgain_ransomware_incident_impacts_local/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"TheMildEngineer"},{"content":"New Linux malware steals SSH credentials from supercomputers","created_at":1612305700.0,"id":"lawzps","n_comments":19,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/lawzps/new_linux_malware_steals_ssh_credentials_from/","subreddit":"cybersecurity","title":"","upvotes":485,"user_id":"TheMildEngineer"},{"content":"Azure Security Architecture","created_at":1612305207.0,"id":"lawspr","n_comments":0,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/lawspr/azure_security_architecture/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"Charlie-B"},{"content":"IOCs Validation","created_at":1612303265.0,"id":"law2t5","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/law2t5/iocs_validation/","subreddit":"cybersecurity","title":"Hey there,\n\n\nI have been searching for a while and did not find any results. Please share with me anything that could support to solve this issue\n\n\nI have a list of IOCs, and I need a way to search for all of them and to make sure they are not legitimate file, So we can block them without affecting the business.\n\nAll what I found is that i need to search one by one like the one in VT.\n\n\nThanks","upvotes":1,"user_id":"kenpachi69_"},{"content":"Free webinar about ZeroTrust and best practices for access right management","created_at":1612303059.0,"id":"law03r","n_comments":0,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/law03r/free_webinar_about_zerotrust_and_best_practices/","subreddit":"cybersecurity","title":"Have you got trust issues \ud83d\ude09? Join our webinar featuring Sami Laiho, and learn about ZeroTrust and access right management! \n\nRead more and sign up \ud83d\udc49 [https://centero.fi/en/centero-webinar-ft-sami-laiho-feb-2021/](https://centero.fi/en/centero-webinar-ft-sami-laiho-feb-2021/)","upvotes":4,"user_id":"KP_76"},{"content":"What are the SOC 2 Trust Services Criteria?","created_at":1612302480.0,"id":"lavtc3","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lavtc3/what_are_the_soc_2_trust_services_criteria/","subreddit":"cybersecurity","title":" The [SOC 2 audit](https://a-lign.com/what-are-the-soc-2-trust-services-criteria/) process includes 5 categories of Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy.","upvotes":0,"user_id":"sainathaddweb"},{"content":"START Hack is back\ud83d\udc68\u200d\ud83d\udcbb\ud83d\udcbe\ud83d\udc69\u200d\ud83d\udcbb!","created_at":1612301738.0,"id":"lavkr1","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lavkr1/start_hack_is_back/","subreddit":"cybersecurity","title":"From the **19th to the 21st of March**, 600+ coders from all over the world will gather **online** to celebrate technology and push innovation forward in one, continent-spanning event!\n\nDuring a **weekend of fun** **and coding** you will be able to listen to interesting keynotes by experienced techies (e.g. **Massimo Banzi, Founder Arduino**) and work on challenging cases from partners such **Microsoft, Accenture & Co**.\n\nCases this year will include **Healthcare, Fintech, Mobility, Urban Innovation and the Future of Work.**\n\nAs a cherry on top, you'll get a **free ticket to** **START Summit 2021,** Europe's biggest student-led conference for technology and entrepreneurship. Take the opportunity and build a strong network in Europe's startup ecosystem.\n\nSee you at [START Hack](http://starthack.eu/?utm_campaign=Hack%20-%20Reddit&utm_source=reddit&utm_medium=social)!","upvotes":0,"user_id":"Vivid_Butterscotch81"},{"content":"Looking for Professional Organizations","created_at":1612300394.0,"id":"lav61q","n_comments":2,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/lav61q/looking_for_professional_organizations/","subreddit":"cybersecurity","title":"Hello.\n\nI am working on a B.S. in Cybersecurity and should be graduating around October 2021. Can anyone recommend professional organizations that I can check out and possible join?\n\n​\n\nThank you","upvotes":0,"user_id":"JDrisc3480"},{"content":"Can my landlord pull or view files from my pc?","created_at":1612296071.0,"id":"lau06u","n_comments":3,"percentage_upvoted":0.36,"permalink":"/r/cybersecurity/comments/lau06u/can_my_landlord_pull_or_view_files_from_my_pc/","subreddit":"cybersecurity","title":"I had a couple of questions, I share an internet connection with my landlord. He claims he's not good with computers, and that they don't don't even own a desktop pc... but I turned my network discovery on one day as I was going to quickly send something over the network to my one pc in the living room and saw 4 desktops pc's and a NAS and a few other things.. none of them mine. I immediately shut it off after that, but It made me a little uneasy...\n\nI am aware they can monitor network traffic if they have access further up the chain which they do.\n\nSo I use a Nord VPN to counter this while browsing the internet, doing banking etc.\n\nBut ultimately I am wondering does this mean they can potentially pull files from my pc hard drive? Like tax pdfs, or some of my designs for some products I am working on and plan on patenting?\n\nAnd what about accessing things like my microphone or Webcam?\n\nAnd my phone is on this network, does that mean they have access to data on it other than the traffic from websites as well?\n\nJust wondering if I would be better off shelling out the extra cash for a dedicated setup but don't know the extent of the control it gives them.\n\nPlease advise.","upvotes":0,"user_id":"TheFinancialLaw"},{"content":"budget friendly wireless adapters that support monitor mode and packet injection?","created_at":1612294651.0,"id":"latniu","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/latniu/budget_friendly_wireless_adapters_that_support/","subreddit":"cybersecurity","title":"Are there any wireless adapters that cost less than the Alfa AWUS036NHA ? i'm a beginner, so i'm not sure if i have to invest so much. \n\nI don't seem to find TP-Link TLWN722N V1 anymore on amazon.\n\nis Generic AR9271 802.11n reliable?","upvotes":0,"user_id":"WinterFondant"},{"content":"The Empire Strikes Back Against Ransomware","created_at":1612293306.0,"id":"latbxw","n_comments":2,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/latbxw/the_empire_strikes_back_against_ransomware/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"AXEL_Network"},{"content":"Secure Browser Storage: The Facts","created_at":1612288138.0,"id":"las5k7","n_comments":0,"percentage_upvoted":0.7,"permalink":"/r/cybersecurity/comments/las5k7/secure_browser_storage_the_facts/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"andychiare"},{"content":"PII of Over 1.6 Million Washington Citizens Breached in Accellion Attack","created_at":1612283712.0,"id":"lar5gw","n_comments":2,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lar5gw/pii_of_over_16_million_washington_citizens/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"harshsharma9619"},{"content":"New Big Scam 'Virtual Tours Live' - heavily advertised via Facebook!","created_at":1612282632.0,"id":"laqwv3","n_comments":0,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/laqwv3/new_big_scam_virtual_tours_live_heavily/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"Revyon"},{"content":"Help. I have Virtual box running Kali Linux I was on WiFi but now it\u2019s saying my wifi isn\u2019t working tips I\u2019m connected to bridge","created_at":1612270345.0,"id":"lant3s","n_comments":3,"percentage_upvoted":0.2,"permalink":"/r/cybersecurity/comments/lant3s/help_i_have_virtual_box_running_kali_linux_i_was/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"tyos_2"},{"content":"WGU CyberSecurity Degree","created_at":1612269773.0,"id":"lann4r","n_comments":28,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/lann4r/wgu_cybersecurity_degree/","subreddit":"cybersecurity","title":"Has anyone gone through with this? I've heard GREAT things!","upvotes":0,"user_id":"Away-Stress"},{"content":"Did I visit an impersonator domain?","created_at":1612268631.0,"id":"lanbfa","n_comments":3,"percentage_upvoted":0.17,"permalink":"/r/cybersecurity/comments/lanbfa/did_i_visit_an_impersonator_domain/","subreddit":"cybersecurity","title":"I visited a website to read an article and noticed (after clicking on a link to another article) that it did not use https, the website started with www. I then typed the exact same URL and it brought me to what I think is the legitimate website, since chrome said it was secure. Did I visit an outdated version of the website or was I just scammed?","upvotes":0,"user_id":"SweatyPhilosopher578"},{"content":"Gap assessment of Azure Sentinel","created_at":1612267015.0,"id":"lamtko","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/lamtko/gap_assessment_of_azure_sentinel/","subreddit":"cybersecurity","title":"How to addresses the gaps in the existing Azure Sentinel to ensure that collects appropriate correlational data, analysis, logs, events and provides best practices to get the most value out of current SIEM investment?","upvotes":0,"user_id":"securitygusf"},{"content":"Data breach exposes 1.6 million Washington unemployment claims","created_at":1612263659.0,"id":"lalsvx","n_comments":13,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/lalsvx/data_breach_exposes_16_million_washington/","subreddit":"cybersecurity","title":"","upvotes":243,"user_id":"TheMildEngineer"},{"content":"Need help with study technique for Security +","created_at":1612263491.0,"id":"lalqxv","n_comments":9,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lalqxv/need_help_with_study_technique_for_security/","subreddit":"cybersecurity","title":"Hi all I have been studying for my Security + 501 exam for several months. I work full time and I usually get through 2-3 hours of study time a day. I have studied through the books twice written notes for all the objectives watched professor messer which I think its great. I am struggling to retain information on a few domains. Any suggestions on material that can spread the load more I plan on taking this exam by the end of March 21.","upvotes":6,"user_id":"jajudua"},{"content":"Certain apps and Cyber Attacks","created_at":1612261827.0,"id":"lal8tj","n_comments":4,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lal8tj/certain_apps_and_cyber_attacks/","subreddit":"cybersecurity","title":"I was cyber attacked through an app. The user pretty much threatened me and I don't know how much information they know or what they will do with it. For particular apps such as paypal, snapchat, venmo and instagram, is there any real danger to being friends with someone on one or two of these apps? These apps store most of my basic info such as my name, birthday, phone number, etc. Will simply being \"friends\" with someone on these apps allow them to access basic personal information?","upvotes":0,"user_id":"hendrixcii"},{"content":"i think i may have been hacked","created_at":1612261324.0,"id":"lal3a1","n_comments":5,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/lal3a1/i_think_i_may_have_been_hacked/","subreddit":"cybersecurity","title":" \n\nso, the other day i was looking for something in appdata and i found a folder that was created on the 29th of january, 2021. i didnt created and i do not know what did. it is a random string of many letters( evsvudwacymgglpcmmbecdwm). i don't remember downloading or execeuting any new programs, applications etc. has anyone had this or does anyone know what it is?\n\nin event viewer, in application, i have event id 16394, Offline downlevel migration succeeded, just a minute after the folder was created. After that i got \"Successfully scheduled Software Protection service for re-start at (id)\". What is this?\n\ni was looking in the security tab of event viewer, and there was a logon and a special logon half a minute before, and im not sure it was me. (user: n/a)\n\nabout a minute after this was in my administrative evnts: MDM ConfigurationManager: Command failure status. Configuraton Source ID: (the id), Enrollment Type: (FamilySafety), CSP Name: (AppLocker), Command Type: (Clear: first phase of Delete), Result: (./Vendor/MSFT/AppLocker/FamilySafety/FamilySafetyGroup). im so worried, can someone help???\n\n​\n\nsorry if this isnt the right sub, but im very scared","upvotes":0,"user_id":"froggyos"},{"content":"Are Udemy courses really a viable source to study some parts of cybersecurity in?","created_at":1612260562.0,"id":"lakunt","n_comments":31,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/lakunt/are_udemy_courses_really_a_viable_source_to_study/","subreddit":"cybersecurity","title":"Basically Im trying to get started in cybersecurity and would like to know if udemy is a place to start","upvotes":65,"user_id":"FeelsFcknGoodMan"},{"content":"Pentesting","created_at":1612253195.0,"id":"laibzk","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/laibzk/pentesting/","subreddit":"cybersecurity","title":"Hi There \n\nI am a new bee to cyber security and wanting to become a PenTester, I am undergoing a training in Cyber Security at the moment in local TAFE, Can someone Please advice the best Pentesting tools to master and prepare towards interview point of view, I have Kali Linux in VM and did some testing with \" JUICESHOP OWASP \" and what else. your valuable adivce will shape my career in a long run and much appriciated\n\nthanks in advance.","upvotes":1,"user_id":"armsbabu1708"},{"content":"State Sponsored Hackers Attack US-Based Cybersecurity Researchers","created_at":1612251252.0,"id":"lahmf4","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lahmf4/state_sponsored_hackers_attack_usbased/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"identifythisbook"},{"content":"CSX Fundamentals vs Sec+. Which one should a newb pursue 1st?","created_at":1612250998.0,"id":"lahjam","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lahjam/csx_fundamentals_vs_sec_which_one_should_a_newb/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"OrganizerPrime"},{"content":"Can you fool LoJack for laptops with a router that's set up with VPN connection (L2TP connection)?","created_at":1612241589.0,"id":"ladt7k","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ladt7k/can_you_fool_lojack_for_laptops_with_a_router/","subreddit":"cybersecurity","title":"Through Bios, WiFi driver is disabled. There is no WWAN driver installed.","upvotes":1,"user_id":"OhhHahahaaYikes"},{"content":"Is Your Computer BIOS Safe? Unveiling TrickBot\u2019s New Module","created_at":1612240994.0,"id":"ladjz0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/ladjz0/is_your_computer_bios_safe_unveiling_trickbots/","subreddit":"cybersecurity","title":"TrickBot existed as early as 2016 known to steal bank credentials. Over the years, Trickbot added different tricks/module to its arsenal to make it more complicated. In the last quarter of 2020, we encountered TrickBot\u2019s module with the capability to access UEFI/BIOS and dubbed as \u2018TrickBoot\u2019.\n\nThe new module executes from a thread where the main activity of Trickboot happens.\n\nSince the rest of this post has screenshot, I am including the link to the blog: [https://labs.vipre.com/is-your-computer-bios-safe-unveiling-trickbots-new-module/](https://labs.vipre.com/is-your-computer-bios-safe-unveiling-trickbots-new-module/)","upvotes":7,"user_id":"Tough-Grapefruit-323"},{"content":"Beginner Course","created_at":1612240960.0,"id":"ladje8","n_comments":2,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/ladje8/beginner_course/","subreddit":"cybersecurity","title":"I am about to go to college for Cybersecurity and are totally new to it. I would like to get a head start by getting to know the basics and maybe even more. What are some good courses, books, or any resource that could get me started?","upvotes":6,"user_id":"Smalltiger3"},{"content":"Is it useless to get a bachelor's in Cyber Security along with certifications? Or should I only do one or the other?","created_at":1612240087.0,"id":"lad6fs","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/lad6fs/is_it_useless_to_get_a_bachelors_in_cyber/","subreddit":"cybersecurity","title":"I've been wanting to get into the field for a while. Not sure exactly what I want to do, but I wanna do something with cybersecurity. Can someone point me in the right direction? Thank you.","upvotes":1,"user_id":"SlipknotFan314"},{"content":"So this bank is using the memberID as an internal identifier and I think their security is garbage. Please confirm or tell me I'm overreacting!","created_at":1612238230.0,"id":"lacf25","n_comments":3,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/lacf25/so_this_bank_is_using_the_memberid_as_an_internal/","subreddit":"cybersecurity","title":"Hello all, I work with software infrastructure but not necessarily this topic. I'm looking for whether this \"is inherently bad\" and maybe why or why not. To me it seems bad\n\n​\n\nI learned a medium-sized bank in the NE of USA is using their member number as an account number with a default increment. ex: memberID+i where i starts at 0 for your first account, incrementing from there for any subsequent account.\n\n​\n\nThis is bad for two reasons to me, 1. Anyone who sees the account # will have your internal identifier (member id) and 2. Anyone who has your member ID will have your bank account number.\n\n​\n\nThe memberID was used for online banking, recently (1.5yr) changed to require a userID. The (I'm pretty sure) userID simply gets translated to the memberID in the background. This was implemented as a security measure, anyone who didn't do this was unable to use online banking. Any online banking will timeout after 3 or 6 months and require re-signup (important)\n\n​\n\nI decided to link my account to a service, the service required me to log into online banking through their portal. My old credentials worked just fine, despite being 2 years inactive and using the memberID as login. The old password also worked, which means both their userID and password change requirements were bypassed.\n\n​\n\nBonus: Everytime they call someone internal, they give the account by the same ID over the phone... in a crowded branch\n\n​\n\nAm I losing my head, or is my bank being shit with security? Cheers","upvotes":2,"user_id":"somename000"},{"content":".","created_at":1612236590.0,"id":"labr1t","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/labr1t/_/","subreddit":"cybersecurity","title":"Good evening or good morning \nI am searching for a source to study compTIA security+ \nI am fine with youtube and books","upvotes":0,"user_id":"SatisfactionPowerful"},{"content":"Supplementary reads and news sources?","created_at":1612236372.0,"id":"labnum","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/labnum/supplementary_reads_and_news_sources/","subreddit":"cybersecurity","title":"Hello! I'm currently half way through my Bachelors and will be taking my Security + exam in about 2 weeks. I would really like to dive into cyber security more on my 'off' hours. What are some of your favorite reads right now? And what are your favorite news sources for cyber security? Thanks a bunch! :)","upvotes":2,"user_id":"Spacefrog04"},{"content":"COVID-19 Impact on Cybersecurity | Reducing CyberSecurity Incidents","created_at":1612235366.0,"id":"lab8st","n_comments":0,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/lab8st/covid19_impact_on_cybersecurity_reducing/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"davidalbertozam"},{"content":"What companies can I get CrowdStrike or similar next-generation anti-virus and Minerva or similar anti-evasion software from?","created_at":1612234665.0,"id":"laaxup","n_comments":2,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/laaxup/what_companies_can_i_get_crowdstrike_or_similar/","subreddit":"cybersecurity","title":"For a single or few devices. Companies in the United states. I don't do anything weird on my devices and mostly go to safe places on the internet and I might not be compromised, just need this so I can put my worries to rest and live in peace. I would prefer it if I didn't have to be in a long contract and can just use these two on a month-to-month basis or for a short period of time. I think I'm looking for managed services companies that offer these two managed. Thank you.","upvotes":0,"user_id":"xprmtxud"},{"content":"Need some advice on the best countries for cybersecurity jobs.","created_at":1612233625.0,"id":"laaide","n_comments":1,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/laaide/need_some_advice_on_the_best_countries_for/","subreddit":"cybersecurity","title":"I'm currently a freshman studying Network and computer security engineering (5 year program), basically cybersecurity and electrical engineering at once (alot of circuit studying). I've made up my mind and i won't be settling in my home country (high unemployment rates and not a good future for my major) I wanted to know what are the best countries for cybersecurity jobs in Europe, and what do you guys think about pursuing a career in the US or Australia?","upvotes":2,"user_id":"traceast"},{"content":"Google says I have a Compromised password for 1.1.1.1 - I don't even know what that site is!","created_at":1612233092.0,"id":"laaa2x","n_comments":6,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/laaa2x/google_says_i_have_a_compromised_password_for/","subreddit":"cybersecurity","title":"Got an email today saying some of my passwords were exposed in a non-Google data breach. However when I ran the Password Checkup only one password shows as being compromised and it's for the site [1.1.1.1](https://1.1.1.1) which I hadn't even heard of before today!\n\nAny idea what's going on? when I click to change the password it just goes to their website (some kind of DNS service. Also when I click to view the password it's not one I'd ever use... so I'm a little bit confused...","upvotes":0,"user_id":"chevy88uk"},{"content":"Encryption","created_at":1612231058.0,"id":"la9fib","n_comments":3,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/la9fib/encryption/","subreddit":"cybersecurity","title":"Is there an USB Stick that is capable of acting as password for my computer? The stick should act as password just by plugging it in","upvotes":2,"user_id":"VGNS_Nilz"},{"content":"I am looking for a tool to manage vulnerability's, track exceptions, etc. that can import data from tenable of nessues. Any recommendations appreciated.","created_at":1612231019.0,"id":"la9exi","n_comments":5,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/la9exi/i_am_looking_for_a_tool_to_manage_vulnerabilitys/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"fragmonk3y"},{"content":"Securing a cell phone","created_at":1612230564.0,"id":"la9884","n_comments":13,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/la9884/securing_a_cell_phone/","subreddit":"cybersecurity","title":"Not sure if this is the right place or not, but wondering if anybody has tips for securing a cell phone. To start my wife and I have the Samsung Galaxy S10e phone and we're happy with them and just got them paid off and have no desire right now to get a newer phone. We both have ProtonVPN on there which works well. I believe there's some sort of native encryption on there which I'm curious about as well as a Samsung backup. I'm wondering if anybody has used these before or if they have any information on how well it works, issues, etc. While we might not be anybody special we have been robbed in the past and I'd like to protect our phones since people can get you that way. I'd also like to know if there's a good pop-up blocker for phones as well. I use uBlock Origin on my desktop, but that doesn't appear to be available on my phone. Any info is great. Thanks in advance.","upvotes":0,"user_id":"wmjsn"},{"content":"Need help with marketing in the Cyber Security space","created_at":1612229020.0,"id":"la8ki5","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/la8ki5/need_help_with_marketing_in_the_cyber_security/","subreddit":"cybersecurity","title":"I run a small marketing agency and we noticed a trend of clients, quite a few are cybersecurity companies. The likes of Cisco, Fireeye, OpenText, etc. These are obviously bigger companies but we want to be able to help our small companies who need help with marketing in this space. \n\nAnyone here a marketer in the cyber space or perhaps on the sales side of things that is willing to share what you think are the most essential marketing efforts to prioritizing in 2021? This could be branding, web design, SEO, content, social, etc. \n\nWith Cyber threats being on a rise and with all of us working from home, we really are passionate about empowering cyber companies of all sizes to create a safe digital landscape.\n\nAny feedback here is much appreciated!","upvotes":0,"user_id":"Accomplished_Two_403"},{"content":"Info security versus cyber security?","created_at":1612225224.0,"id":"la6yry","n_comments":19,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/la6yry/info_security_versus_cyber_security/","subreddit":"cybersecurity","title":"Silly question - is there a major difference between these two categories especially in terms of major(education). I assume information is less technical while cyber focuses more on the hands on portion of the work?\n\n\nThanks","upvotes":9,"user_id":"czarnabluza"},{"content":"Phishing attack, need advice. Long post.","created_at":1612224263.0,"id":"la6k84","n_comments":2,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/la6k84/phishing_attack_need_advice_long_post/","subreddit":"cybersecurity","title":"Ok so I'm a total idiot. I'm not in the cyber security field or anything related. Yesterday I received an email from Apple saying that I chose this email to replace my Apple ID. I have another email address that I rarely use that actually is my Apple ID. The email had two links, one to verify that it was me that requested that and the other to change my password if that wasn't me. I should have known better but like a fool I followed the link to change password and entered the Apple ID and password. I was then prompted to answer the security questions but got them wrong. I contacted the real Apple and attempted to change my password on their site and on my actual iPhone but when I tried to change password was told that I needed to change the security questions and when I tried to do that it said that there wasn't sufficient information to change them. \n\nThe Apple support confirmed that the sender email was not a legitimate Apple email address and recommended turning on two factor authentication on my phone which I was not able to do, basically I got a generic \"Not able to turn on two factor authentication at this time\" message when I tried to do so. We started to go through the process of recovering the Apple ID but hit a wall because I got locked out of the account for 24 hours they said I guess due to trying to change the password/security questions too much. I was given a case number and was told to try again tomorrow. I haven't tried to sign into it today but the last time I tried yesterday the password still worked. I'm currently signed into my iPhone with that Apple ID. \n\nI tried to remove my card information that is linked to the account but to no avail. I went on a separate device and froze the card and changed passwords for many of my logins. I will call Apple support again later today and see where that goes. I'm looking for advice on what steps I should take next please.\n\nEdit #1.\nI have a couple specific questions as well. \n\n#1. Is my phone compromised? It's an older iPhone, I was told by Apple support yesterday based on the serial number that it's probably an IPhone 5. Is my wifi network compromised?\n\n#2. Should I contact the police? I understand this may be overreacting and there's not much they can do but my main concern is that I don't know who may have access to the Apple ID and what they may do with it, they may use it for nefarious purposes and I don't want that coming back on me. They probably can't do much but can at least document that the Apple ID was compromised?","upvotes":1,"user_id":"Sampsonsimpson315"},{"content":"Partner Up for Learning","created_at":1612222547.0,"id":"la5u0x","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/la5u0x/partner_up_for_learning/","subreddit":"cybersecurity","title":"Hello everyone, hope you doing well. I wanna share the discord server for the people who search for learning partners. You can join server to find a partner for learning any topics you are interested in. \n\nHere is the link for the server:\n\nhttps://discord.gg/ayeGrsaSG2","upvotes":0,"user_id":"heisenbug403"},{"content":"Masters Info Sec at Colorado Technical University.","created_at":1612220781.0,"id":"la541s","n_comments":0,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/la541s/masters_info_sec_at_colorado_technical_university/","subreddit":"cybersecurity","title":"Hey community,\n\nHas anyone studies info sec masters at above mention university?Just want to know their experience throughout the program\n\nThank u.","upvotes":2,"user_id":"Taiwan004"},{"content":"theHarvester hide banner?","created_at":1612220266.0,"id":"la4w8x","n_comments":2,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/la4w8x/theharvester_hide_banner/","subreddit":"cybersecurity","title":"Is it possible to hide banner in `theHarvester`? I don't see any option in it.\n\n \u250c\u2500\u2500(kali\u327fkali)-[~]\n \u2514\u2500$ theHarvester -h \n \n *******************************************************************\n * _ _ _ *\n * | |_| |__ ___ /\\ /\\__ _ _ ____ _____ ___| |_ ___ _ __ *\n * | __| _ \\ / _ \\ / /_/ / _` | '__\\ \\ / / _ \\/ __| __/ _ \\ '__| *\n * | |_| | | | __/ / __ / (_| | | \\ V / __/\\__ \\ || __/ | *\n * \\__|_| |_|\\___| \\/ /_/ \\__,_|_| \\_/ \\___||___/\\__\\___|_| *\n * *\n * theHarvester 3.2.2 *\n * Coded by Christian Martorella *\n * Edge-Security Research *\n * cmartorella@edge-security.com *\n * *\n ******************************************************************* \n \n \n usage: theHarvester [-h] -d DOMAIN [-l LIMIT] [-S START] [-g] [-p] [-s] [--screenshot SCREENSHOT] [-v]\n [-e DNS_SERVER] [-t DNS_TLD] [-r] [-n] [-c] [-f FILENAME] [-b SOURCE]\n \n theHarvester is used to gather open source intelligence (OSINT) on a company or domain.\n \n optional arguments:\n -h, --help show this help message and exit\n -d DOMAIN, --domain DOMAIN\n Company name or domain to search.\n -l LIMIT, --limit LIMIT\n Limit the number of search results, default=500.\n -S START, --start START\n Start with result number X, default=0.\n -g, --google-dork Use Google Dorks for Google search.\n -p, --proxies Use proxies for requests, enter proxies in proxies.yaml.\n -s, --shodan Use Shodan to query discovered hosts.\n --screenshot SCREENSHOT\n Take screenshots of resolved domains specify output directory: --screenshot\n output_directory\n -v, --virtual-host Verify host name via DNS resolution and search for virtual hosts.\n -e DNS_SERVER, --dns-server DNS_SERVER\n DNS server to use for lookup.\n -t DNS_TLD, --dns-tld DNS_TLD\n Perform a DNS TLD expansion discovery, default False.\n -r, --take-over Check for takeovers.\n -n, --dns-lookup Enable DNS server lookup, default False.\n -c, --dns-brute Perform a DNS brute force on the domain.\n -f FILENAME, --filename FILENAME\n Save the results to an HTML and/or XML file.\n -b SOURCE, --source SOURCE\n baidu, bing, bingapi, bufferoverun, certspotter, crtsh, dnsdumpster, duckduckgo,\n exalead, github-code, google, hackertarget, hunter, intelx, linkedin, linkedin_links,\n netcraft, otx, pentesttools, projectdiscovery, qwant, rapiddns, securityTrails, spyse,\n sublist3r, threatcrowd, threatminer, trello, twitter, urlscan, virustotal, yahoo\n \n \u250c\u2500\u2500(kali\u327fkali)-[~]\n \u2514\u2500$","upvotes":1,"user_id":"w0lfcat"},{"content":"Is it best to remove my recovery phone number and recovery email from my Google/Gmail account if I already have TOTP/hardware 2FA setup?","created_at":1612220156.0,"id":"la4ur7","n_comments":1,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/la4ur7/is_it_best_to_remove_my_recovery_phone_number_and/","subreddit":"cybersecurity","title":"I've seen some things about [SIM swapping and possibly even email hi-jacking](https://www.youtube.com/watch?v=T384SXIDCoY). I want to mitigate the risk of these, but I also don't want to get totally locked out of my account if something weird happens.","upvotes":5,"user_id":"TheRavenSayeth"},{"content":"SonicWall zero-day exploited in the wild","created_at":1612219688.0,"id":"la4odn","n_comments":20,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/la4odn/sonicwall_zeroday_exploited_in_the_wild/","subreddit":"cybersecurity","title":"","upvotes":333,"user_id":"TheMildEngineer"},{"content":"Hackers Compromised NoxPlayer to Send Malicious Update For Spying","created_at":1612219256.0,"id":"la4ifz","n_comments":0,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/la4ifz/hackers_compromised_noxplayer_to_send_malicious/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"harshsharma9619"},{"content":"Career advice","created_at":1612217784.0,"id":"la3zwf","n_comments":6,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/la3zwf/career_advice/","subreddit":"cybersecurity","title":"Hi everyone,\n\nI\u2019m sure everyone on here see\u2019s a post like this once a week or so I\u2019m sure. I am in need of some advice to anyone currently trying to get into or currently in the industry. \n\nI missed my opportunity to go college and university for a {long sob story insert here} that I won\u2019t bore you with. I\u2019m a UK resident, 23 years of age and can\u2019t afford to go university now. What options do have? How do I go about getting what I need and what do I need ?\n\nThanks in advance everyone!!","upvotes":2,"user_id":"MisguidedLlama"},{"content":"Fair bit of traffic to Russian IPs, possible issue?","created_at":1612216542.0,"id":"la3k90","n_comments":8,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/la3k90/fair_bit_of_traffic_to_russian_ips_possible_issue/","subreddit":"cybersecurity","title":"Hi all,\n\nI have been trying to track down a network issue recently. I downloaded Colasoft Capsa to try and see if I had a broadcast storm on my network. When doing so, I went over to a packet tracing tab in the software and noticed a bunch of traffic coming from Russian geolocated IP addresses. I am wondering if this is something I should be concerned with. They all seem to originate from the svchost.exe process. [Here's a picture](https://i.imgur.com/a4klQ3x.png)The list has been filtered to only show the Russian IPs in this picture.\n\n​\n\nAny thoughts? Do I have an issue here?","upvotes":1,"user_id":"Tanky321"},{"content":"FreakOut Malware Campaign Targets Linux Devices - NetSec.News","created_at":1612216190.0,"id":"la3g8z","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/la3g8z/freakout_malware_campaign_targets_linux_devices/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Lincoln21234456"},{"content":"Takedown of a phishing website?","created_at":1612214982.0,"id":"la32a3","n_comments":3,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/la32a3/takedown_of_a_phishing_website/","subreddit":"cybersecurity","title":"A few days ago a friend of mine shared a link with me that they were concerned about after receiving it via a text message telling them a card had been added to one of their Apple devices.\n\nAfter I followed the link and looked into the source code I found a link referencing code from a seemingly reputable Github repository containing code used to build credit card forms and to validate any input. \n\nI was wondering if there was any way this information combined with a report from the owner of the Github repository could be used to issue a takedown on the site?","upvotes":0,"user_id":"AniMark159"},{"content":"Help Me","created_at":1612214408.0,"id":"la2vuu","n_comments":2,"percentage_upvoted":0.14,"permalink":"/r/cybersecurity/comments/la2vuu/help_me/","subreddit":"cybersecurity","title":"someone with experience, in cybersecurity that can help me ?\n\nI want to enter the are but I need a base!","upvotes":0,"user_id":"m4scotee"},{"content":"WIRESHARK","created_at":1612211242.0,"id":"la1ynp","n_comments":8,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/la1ynp/wireshark/","subreddit":"cybersecurity","title":"Please is Wireshark still useful. I want to start learning it, but I don't know if there are better alternatives.","upvotes":1,"user_id":"HowSmart"},{"content":"[Fuzzing with AFLpluspls] Installing AFLPlusplus and fuzzing a simple C ...","created_at":1612210290.0,"id":"la1pso","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/la1pso/fuzzing_with_aflpluspls_installing_aflplusplus/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"secgeek"},{"content":"Please help quick!","created_at":1612205539.0,"id":"la0j1b","n_comments":10,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/la0j1b/please_help_quick/","subreddit":"cybersecurity","title":"Somebody please help me get my accounts back!\n\nI\u2019m struggling and so tired, I\u2019ve tried many reboots and reinstalls... progress gets made but it gets worse again! I don\u2019t have any money except an eBay gift card for $100 I need help! Nothing is saving so I\u2019m assuming whoever this is, is watching and changing what I\u2019m doing right after me!\nI HAVE PRIVATE INFO and not too worried about any leaks bc I it\u2019s more of school/work items- and videos/pics I\u2019d prefer not to lose but it\u2019s okay, just need advice and guidance!\n\nI\u2019m sorry if I\u2019m not clear enough but all of my accounts passwords private info have been leaked, maybe over 100 accounts on different websites. I don\u2019t wanna go more into details but I cannot access any of my items without problems. Somebody is in my network nearby fainting access to all my information. PLEASE HELP","upvotes":0,"user_id":"mattymattmateo09"},{"content":"I don't understand Microsoft's (Virtual) Smart Cards.","created_at":1612201740.0,"id":"l9zmoo","n_comments":11,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l9zmoo/i_dont_understand_microsofts_virtual_smart_cards/","subreddit":"cybersecurity","title":"I get that the 'something you have' factor in MFA generally has to be represented by data. It's not actually the physical presence of the token generator in my hand that authenticates me, it's the codes it generates which in turn is generated by software that in theory could be duplicated, as all data generation can. But it's a good representation, because as long as the code generation is unique to each device most attacks actually require physical access to the device. \n\nBut the smart cards Microsoft wants us to use to secure sensitive domain accounts, they seem to be nothing more than a certificate or keys? Is there any challenge or generation in this process?\n\nIf it's a static piece of data, how does it matter if it's on a chip or in my head? It's still just a password. \n\nIt's easy to understand how my access card works for authentication to get physical access to the building, because cloning the card or hacking the card reader kinda requires physical contact. But the authentication between a client PC and a domain controller is pretty remote from any physical presence - so how do you know that the piece of data coming from the smart card actually came from the smart card?\n\nWhat am I not getting here?\n\nAlso the virtual smart cards Microsoft is touting don't seem to be virtual so much as just permanently stuck to the motherboard of a computer.","upvotes":1,"user_id":"MummiPazuzu"},{"content":"VPN Always On or Not?","created_at":1612197485.0,"id":"l9ymn8","n_comments":2,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/l9ymn8/vpn_always_on_or_not/","subreddit":"cybersecurity","title":"Morning all\n\nI am just after a general consensus on VPN\u2019s. \n\nI currently have it installed on my phone and laptop and set to Auto connect on public wifi only. \n\nDo people use or recommend having them on all the time? Even on my mobile data and my personal home wifi? \n\nDoes it cause issues with some apps on the phone etc?\n\nThoughts welcome.","upvotes":0,"user_id":"zaka_7"},{"content":"Strong interest but not sure how to start","created_at":1612195671.0,"id":"l9y7o4","n_comments":9,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/l9y7o4/strong_interest_but_not_sure_how_to_start/","subreddit":"cybersecurity","title":"Hey everyone! So, I have a strong interest in cybersecurity, but I have no idea how or where to start. I graduate my undergrad in May, and I've been thinking of exploring cybersecurity before applying to grad school. I have experience in programming. I took a C++ course, I'm teaching myself python, HTML, CSS, javascript. It's definitely not extensive experience, but I'm not completely in the dark.\n\nMy ideal goal was to try and get a summer internship to explore my career interest more, but it seems highly unlikely now. Still, I want to try and learn more so I can see if this is something that I actually want to do or just something that I've just glamorized in my head.\n\nDoes anyone have any specifics on where to start? What do I need to start with? Books, articles, videos, courses? \n\nI've also been looking at bootcamps. If anyone has experience with it, I'd like to hear your experience with it.","upvotes":5,"user_id":"pokemonsigncomp"},{"content":"SANS Training","created_at":1612195265.0,"id":"l9y3xv","n_comments":8,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l9y3xv/sans_training/","subreddit":"cybersecurity","title":"I have created a community for users who wish to get into sans training or want to talk to others or get help learning stuff \n\n[https://discord.gg/RnnAENQ3Ta](https://discord.gg/RnnAENQ3Ta)","upvotes":0,"user_id":"Legitimate-Ad-8888"},{"content":"Looking for cybersecurity advice for a friend in need","created_at":1612192988.0,"id":"l9xkvy","n_comments":11,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l9xkvy/looking_for_cybersecurity_advice_for_a_friend_in/","subreddit":"cybersecurity","title":"Hey everyone, hoping you can help me help a friend in need. So this friend of mine has been experiencing some concerning cyber security issues and I was hoping for some advice. First her PayPal account was hacked and for some strange reason the hacker set up a business account inside her account. Then her instagram was hacked and they added posts for a bunch of coupons. First off, can anyone explain why hackers would do this sort of thing? It just doesn\u2019t make any sense to me! She was also locked out of her FB account after someone got in and changed the email associated with it. She uses the BitWarden password manager but she hadn\u2019t changed the passwords on these accounts because she doesn\u2019t use them often, but she's working to replace all her weak passwords with strong randomly generated codes. Another thing that happened to her was while recording a voice memo a strange watermark appeared on her phone. Is that likely just a software glitch or is there any chance that was another security compromise?? The only piece of advice I had for her besides using a password manager to create really strong randomly generated passwords was to possibly use a service like IdentifyForce. What do people think of that service? Is it worth the money? Are there better services out there? Or are the services like this a waste of money?","upvotes":0,"user_id":"mrtorrence"},{"content":"Yubikey","created_at":1612183782.0,"id":"l9v4b9","n_comments":5,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/l9v4b9/yubikey/","subreddit":"cybersecurity","title":"Has anyone encountered any issues formatting Yubikey as an additional login device for logging onto a WIN10 OS?\n\nI would like to set it up, but I am concerned that I may lock myself completely out of my laptop.","upvotes":7,"user_id":"iXFlows"},{"content":"Rice University 24 week Cyber Security Boot Camp","created_at":1612183275.0,"id":"l9uz3n","n_comments":5,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l9uz3n/rice_university_24_week_cyber_security_boot_camp/","subreddit":"cybersecurity","title":"Has anyone ever experienced this boot camp? I would love to go, but would like to see if anyone has any info/tips about the camp.","upvotes":1,"user_id":"Away-Stress"},{"content":"I tracked the 26th Jan Indian Farmer Protests through Snapchat using OSINT","created_at":1612182867.0,"id":"l9uusw","n_comments":0,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/l9uusw/i_tracked_the_26th_jan_indian_farmer_protests/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"Illustrious_Ad_4480"},{"content":"I am trying to automate a netcat connection.","created_at":1612181093.0,"id":"l9ubnu","n_comments":3,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l9ubnu/i_am_trying_to_automate_a_netcat_connection/","subreddit":"cybersecurity","title":"Hello everyone, I need some guidance. I am looking to write a python script that will connect to a remote server using netcat and can read the terminal output as well as provide input. For example I want to connect to the server, once connection is established the server asks the user to input their name, I would like the script to enter the name. Any advice is greatly appreciated and if I should use a different language to do this please let me know","upvotes":0,"user_id":"reddit_user2319"},{"content":"What does your average working day look like in this field?","created_at":1612179064.0,"id":"l9tp9f","n_comments":4,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l9tp9f/what_does_your_average_working_day_look_like_in/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"CaesarPT"},{"content":"Safety of IP cameras","created_at":1612175486.0,"id":"l9sl0m","n_comments":5,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l9sl0m/safety_of_ip_cameras/","subreddit":"cybersecurity","title":"Hello. New to this sub. Apologies if I ask something that\u2019s been recently covered.\n\nI have a cheap Chinese IP camera on my home network. I understand that even the cheap ones are fairly sophisticated with built-in web servers, etc. \n\nShould I be concerned that this product is on my home network and could send my network information back to another country or the manufacturer? \n\nMy worst case concern is that from my IP address they can probably determine my router brand and model. Assuming there are known vulnerabilities on my router, I\u2019m concerned that that they have a leg up on hacking my home network (with my network credentials) and then all my PCs on my network. \n\nAm I being paranoid and are there steps I should take to reduce my risk? \n\nThanks...","upvotes":0,"user_id":"housespeciallomein"},{"content":"Is this a stupid strategy?","created_at":1612174953.0,"id":"l9sf2r","n_comments":8,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l9sf2r/is_this_a_stupid_strategy/","subreddit":"cybersecurity","title":"Is it high risk for me to input all my users and passwords on a google docs sheet on a gmail account that's solely being used for that purpose?\n\nI assume if I haven't visited any sites with that email, I'd be at not much risk or vulnerable to phish attempts. \n\nIs this feasible? I'm well aware there are online services that would require you to pay monthly to secure your encrypted password on a database.","upvotes":2,"user_id":"LarryMueler"},{"content":"NXM Hack Update","created_at":1612174605.0,"id":"l9sb4h","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9sb4h/nxm_hack_update/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"HipsterDjinn"},{"content":"Books to read?","created_at":1612170352.0,"id":"l9qydp","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9qydp/books_to_read/","subreddit":"cybersecurity","title":"I\u2019ve made it through some final round interviews for SOC Analyst and I am anticipating 1 or 2 job offers. I was wondering what books would be good to read to prepare me for the role or any other books that are good for anyone entering the infosec field?","upvotes":3,"user_id":"Late-Homework"},{"content":"Can telegram chats with username only track our IP? I\u2019m being threatened by a guy I chatted with","created_at":1612168926.0,"id":"l9qhii","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l9qhii/can_telegram_chats_with_username_only_track_our/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"MXB45"},{"content":"Free University of Wisconsin\u2013Madison Cybersecurity Bootcamp - In the Dark with Linux","created_at":1612165378.0,"id":"l9pbbx","n_comments":22,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/l9pbbx/free_university_of_wisconsinmadison_cybersecurity/","subreddit":"cybersecurity","title":"Free 2 hour workshop \u201cIn the Dark with Linux: Learning and Applying Cybersecurity Today,\u201d led by lead instructor Wesley Phillips.\n\n\nWhen: February 18, 2021, 5:30 PM \u2013 7:30 PM CST\n\n\nTo learn more and to register:\nhttps://www.eventbrite.com/e/in-the-dark-with-linux-learn-and-apply-cybersecurity-today-workshop-tickets-134443442957?aff=ebdssbeac\n\nEDIT / UPDATE:\n\nI am not the vendor of this nor am I affiliated with this in any way. I came across this on the internet and thought it would be worth sharing, for those who may be interested.\n\nAlso, it appears to be sold out now","upvotes":228,"user_id":"V0ltRabbit"},{"content":"Sudo Vulnerability","created_at":1612161394.0,"id":"l9nyjc","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l9nyjc/sudo_vulnerability/","subreddit":"cybersecurity","title":"\n\nDo anyone know how to exploit CVE 2021-3156 Sudo exploit ? I ran the testing script (from Redhat site) into my RHEL server and it is vulnerable. I am trying this on a server that does not have gcc compiler. What I am looking is exact demonstration of this vulnerability (from low privileged shell going to root directly). \nSomething like this: \nhttps://github.com/stong/CVE-2021-3156 is not work for me since I don\u2019t have gcc on that server. Any insights ?","upvotes":0,"user_id":"Creepy-Trust-9581"},{"content":"Russian hack brings changes, uncertainty to US court system","created_at":1612156673.0,"id":"l9m9g9","n_comments":3,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/l9m9g9/russian_hack_brings_changes_uncertainty_to_us/","subreddit":"cybersecurity","title":"","upvotes":32,"user_id":"julian88888888"},{"content":"Question about third party programs used for proctoring","created_at":1612155743.0,"id":"l9lxlf","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9lxlf/question_about_third_party_programs_used_for/","subreddit":"cybersecurity","title":"Hello! I hope this post will be allowed and if I'm in the wrong place I'm so sorry. I am a part time student and my university (and others across the country) is using a proctoring service which has caused some data privacy concerns. It is called Honor lock, a chrome extension. The faq and privacy statements are somewhat vague or are contradictory to what some students are experiencing. I am not as tech savvy these days as I once was and was hoping maybe someone could better explain if this extension is truly a concern or is everyone overreacting? Thanks!","upvotes":1,"user_id":"neverendingtasklist"},{"content":"Exploit CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)","created_at":1612155179.0,"id":"l9lpt0","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9lpt0/exploit_cve20213156_heapbased_buffer_overflow_in/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"saifuddinamri"},{"content":"How to track down malicious DNS traffic on Windows Systems?","created_at":1612154955.0,"id":"l9lmtu","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9lmtu/how_to_track_down_malicious_dns_traffic_on/","subreddit":"cybersecurity","title":"I am struggling with this question for some time now. Since Windows is bloated with features no one needs, or Microsoft want's dont want's you to know, it's hard to find answers on your own without insider knowledge.\n\nMainly I am a Debian guy and I only use Windows for fun. But things can drive you crazy sometimes, when you know something is wrong and \"basic\" tools are not good enough.\n\nFar back in the past, when Microsofts Defender was pure garbage, I used Kaspersky, Malwarebytes, CC Cleaner and such stuff... But after Microsoft started to develop Security in a more positive way, Tools like Kaspersky & Co. became obsolete, due to performance issues. Microsoft / Windows enthusiasts, encouraged me to remove these tools and recommended the new Bitdefender.\n\nLong story short... For some days now, I realise, that my Windows is making weird stuff.\n\nWhile I write this down here (**with Internet**), my Windows 10 Enterprise Edition, shows me that I am **not connected to the Internet**. Some Applications run normally, some others like spotify, tell me I am offline.\n\nMy OPNsense Firewall in turn tells me another story. When I check my Suricata and Maltrail Logs, I can clearly see, that on Port 53 UDP, at times when I use my Windows, some Bad traffic is going on.\n\n Suricata:\n 2021-01-31T21:30:07.034089+01002027863blocked WAN 192.168.178.22 Port 23650 DST 193.0.14.129 Port 53 ET INFO Observed DNS Query to .biz TLD \n Maltrail:\n 204.42.254.5 (anyns.pch.net)openresolverproject.org\tmass scanner\n\nI already tried the following:\n\n1. ipconfig /flushdns\n2. netsh int ip reset\n3. Running MSERT.exe (Microsoft Scanner)\n4. Malwarebytes\n5. Windows Defender Offline Scanner.\n\nNothing has worked so far.\n\nI also checked my registry if it was a Windows Bug from 2020. Nada...\n\nComputer\\\\HKEY\\_LOCAL\\_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\NlaSvc\\\\Parameters\\\\Internet: EnableActiveProbing=1\n\nAny recommendations on this? I already had a similar issue, almost a year ago. The only way that helped, was wiping the disk and reinstall Windows. But doing that every year... well.. thats no fun and totally annoying after the 100th time since my Windows 98 introduction.\n\nSince I am a Systemadministrator for Windows and Linux, I can't throw Windows into the trash, since the needed applications dont run on Linux.\n\nI am thankful for any help!","upvotes":1,"user_id":"G4njaWizard"},{"content":"Two British Mensa directors quit over cyber security concerns.","created_at":1612153921.0,"id":"l9l95v","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l9l95v/two_british_mensa_directors_quit_over_cyber/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Killco_Joe"},{"content":"[threat]","created_at":1612150913.0,"id":"l9k4ad","n_comments":4,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l9k4ad/threat/","subreddit":"cybersecurity","title":"i think my router has been hacked and all the connected devices. i am thinking someone hacked through my phone to the router. my phone had a bug, where chrome was uploading/downloading loads of things by itself. then my ps4 and laptop suddenly get really low download speeds after i got this bug on my phone. the thing is, is that i have had really slow download speeds ever since (8 months). could this be a router attack??","upvotes":0,"user_id":"mrgrit1995"},{"content":"SpamCop domain expired/parked","created_at":1612148308.0,"id":"l9j4jt","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9j4jt/spamcop_domain_expiredparked/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"satyenshah"},{"content":"I\u2019m so confused with my career path","created_at":1612146109.0,"id":"l9ia53","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9ia53/im_so_confused_with_my_career_path/","subreddit":"cybersecurity","title":"I\u2019m so confused with my career path.\n\nSo over the past few years I have tried everything. I went to college for 2 years and changed my major multiple times. Then I took a job as a flight attendant because I love travel. I\u2019m honestly such an introvert though, and recently because of covid I was furloughed and I\u2019m lost again. I\u2019ve applied to several sales jobs but I just can\u2019t do it because I don\u2019t have the personality for it. I want to work in tech so I applied to finish my degree, mostly to have as a back up or to use in the future. Now I\u2019m just stuck between choosing an online IT degree or trying cyber security but I\u2019m terrified I\u2019m not doing it right or I\u2019m going to fail.","upvotes":1,"user_id":"shanmickk"},{"content":"Certifications","created_at":1612145869.0,"id":"l9i6uv","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9i6uv/certifications/","subreddit":"cybersecurity","title":"Is it possible to get certifications, without a college degree, and still make a decent annual salary? I hear mixed things all the time. But what brought me back to this was when a mutual friend studied for a COMPTIA certification & then got hired at the first place they applied to. If anyone has just went about it the certification way, please feel free to share your story. Thanks!","upvotes":2,"user_id":"glojoy"},{"content":"Bypassing SQL Filters and Reverse Engineering to Root | HackTheBox Charon","created_at":1612145060.0,"id":"l9hvd9","n_comments":0,"percentage_upvoted":0.82,"permalink":"/r/cybersecurity/comments/l9hvd9/bypassing_sql_filters_and_reverse_engineering_to/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"MotasemHa"},{"content":"What should a person do if they give their zip code and name to an unknown person?","created_at":1612143613.0,"id":"l9hbel","n_comments":2,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l9hbel/what_should_a_person_do_if_they_give_their_zip/","subreddit":"cybersecurity","title":"So, I have been so stupid that I uploaded a picture of an amazon advertisement on a discord server, but did not notice that my name and zip code was visible as: \"deliver to (name)-(City) (zip code)\". The moment I noticed it, I deleted the picture of course, but someone had taken a screenshot of that(for different reasons, though). So, my question is, what precautions should I take now, to avoid wrong consequences? Can people track my purchases now, if they want? Also, if they know my discord activity and certain interests of mine, will this, coupled with the above two information leak my identity to people?\n\nSince I don't know anything about cyber security, I am worried about it, and thus this type of question, even though I could have googled it, I can't understand what most of the search results try to say.","upvotes":0,"user_id":"True_earth_"},{"content":"Seeking guidance in persuit of a career in cybersecurity.","created_at":1612143419.0,"id":"l9h8rr","n_comments":3,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l9h8rr/seeking_guidance_in_persuit_of_a_career_in/","subreddit":"cybersecurity","title":" \n\nI love IT related stuff, especially cybersecurity focused. My first ever DefCon that I watched was DefCon 16 and I\u2019ve had a special interest for security related topics in IT ever since. I\u2019ve always had an on and off experience, back in the day I messed around with BackTrack 2 and in cracking Wi-Fi passwords with John the Ripper, some RFID transportation card hacking and did some manual SQLi on some websites and messed around with Nmap, Wireshark, a bit of Metasploit but nothing to be proud of. I\u2019ve only read a few books in the past like the Nmap manual, an SQLi book, the Metasploit\u2019s handbook and that\u2019s pretty much it.\n\nI don\u2019t have a degree in Computer Science and I don\u2019t know how to code in any language. Lately I\u2019ve been thinking about learning Python and after learning Python I was thinking of going into assembly language to learn how to debug exploits and have a better understanding of how certain exploits work and how the computer interacts with them. I just don\u2019t know which book to start with.\n\nI don\u2019t have any work experience in any kind of IT related field and not having a degree in CS worries me. I was thinking of taking every core CompTIA course, starting with ITF+, then A+, then Network+, then Security+ and then either going for the PenTest+ or the OSCP.\n\nI was thinking of starting with all those CompTIA courses in hopes of being able to get a job in the IT field using those certifications as well as gaining networking knowledge for the pentesting courses. My idea is to take those CompTIA courses to help make out for my lack of CS degree and apply to jobs using those certificates while studying and doing the courses at the same time because I don\u2019t think I will be able to immediately find a job in the cybersecurity field without previous networking job experience.\n\nTLDR: I am thinking of starting with every core CompTIA course and apply for a job with those certificates and then either doing PenTest+ or the OSCP while messing around with HTB machines prior to that.","upvotes":3,"user_id":"natinhoo"},{"content":"Info Sec at Fanshawe College; Canada","created_at":1612137977.0,"id":"l9f8x5","n_comments":3,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9f8x5/info_sec_at_fanshawe_college_canada/","subreddit":"cybersecurity","title":"Hey Community, \n\nI trust you all well. Just checking; has anyone here done Info Sec/Cyber Sec programme at fanshawe college in canada. Just want to know the experience and if the College is reputable to get a job.\n\nThanks","upvotes":1,"user_id":"Taiwan004"},{"content":"Unmotivated in ctf's","created_at":1612132950.0,"id":"l9dkms","n_comments":11,"percentage_upvoted":0.73,"permalink":"/r/cybersecurity/comments/l9dkms/unmotivated_in_ctfs/","subreddit":"cybersecurity","title":"Getting stuck in some ctf challenges .Most often discourages me and destroys my motivation.It hurts me a lot ..... then I am not able to complete that challenge..how can I solve this problem ?? ..... Does relying on walkthrough in situations turn out to be harmful for me ?? .. I like ctf a lot..but this one problem bothers me a lot ... how can i fix this problem ..\n\nPlz help me friends.......iam so disappointed.....\n\nSorry for my bad english....","upvotes":5,"user_id":"NANDUZZZZZ"},{"content":"Neighbours Seem to Have Tapped My Phone","created_at":1612129601.0,"id":"l9ckxk","n_comments":4,"percentage_upvoted":0.18,"permalink":"/r/cybersecurity/comments/l9ckxk/neighbours_seem_to_have_tapped_my_phone/","subreddit":"cybersecurity","title":"Hi .. I'm posting to ask advice about what to do if you think your phone has been tapped. I am being stalked by my former neighbours and they have indicated to me with loud comments that they know who I am speaking with, what videos I'm watching, and what notes I'm writing on my phone. They'll read out the text verbatim sometimes, and sing the songs that I am listening to. They'll say the names of the people I'm speaking to aloud. Does anyone have any idea how I can figure out how they've done this, or how I can trace it back to them?","upvotes":0,"user_id":"annie_1992"},{"content":"What steps should I take once my laptop has been stolen?","created_at":1612120351.0,"id":"l9ad1w","n_comments":8,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l9ad1w/what_steps_should_i_take_once_my_laptop_has_been/","subreddit":"cybersecurity","title":"I have changed all super important passwords (bank accounts etc). Am I right in assumming that if they cannot get past my Windows password, they cannot get access to my web browser which might include saved passwords? But that they can simply rip out the hard drive and have access to all my files?","upvotes":6,"user_id":"PaulNorman"},{"content":"How do I check whether a URL contains hidden malware or not?","created_at":1612114727.0,"id":"l994wg","n_comments":8,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l994wg/how_do_i_check_whether_a_url_contains_hidden/","subreddit":"cybersecurity","title":"A few days ago I was approached by a suspicious person who asked me for help in 'hacking the CCP', but instead he gave me links to a Thai website and a Chinese dissident website as target.\n\nAt the same time I got some password reset request emails in my inbo which I really didn't do, and one of them has a receipt from last year related to a Chinese VPN service. In it contained a link which I've accidentally entered when trying to Google it.\n\nIt was mlycc[.]com, and I'm still feeling paranoid despite the 'timeout error' there, and even after I have locked down my computer by doing multiple full-system virus scans, and had put that url to common virus checkers.\n\nHere are the screenshots as proofs:\n\n* https://cdn.discordapp.com/attachments/158862609175543808/804984007271120916/Capture.PNG\n\n* https://cdn.discordapp.com/attachments/158862609175543808/804984195017474058/reset.PNG\n\nSo, here i want some advice and help to conclusively determining whether that url contains malware or not, in the wake of [North Korean hackers had been caught using similar methods](https://www.forbes.com/sites/thomasbrewster/2021/01/26/google-warning-north-korean-hackers-breach-windows-and-chrome-defenses-to-attack-security-researchers/).","upvotes":1,"user_id":"Elsa-Fidelis"},{"content":"What are the most common and useful programming languages when thinking of starting a career in cyber security?","created_at":1612112544.0,"id":"l98nk3","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l98nk3/what_are_the_most_common_and_useful_programming/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"x17ed-600"},{"content":"My Lightweight Cryptography for IoT lecture videos, hope you enjoy","created_at":1612112303.0,"id":"l98lfj","n_comments":1,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/l98lfj/my_lightweight_cryptography_for_iot_lecture/","subreddit":"cybersecurity","title":"","upvotes":12,"user_id":"opnerkal"},{"content":"Is there any way someone can log into your accounts without the passwords or access to 2FA/MFA? And if so how can you protect yourself against it?","created_at":1612111240.0,"id":"l98d0l","n_comments":8,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l98d0l/is_there_any_way_someone_can_log_into_your/","subreddit":"cybersecurity","title":"Is cookie stealing malware a thing? Can someone login with stolen cookies from your computer? Thank you.","upvotes":1,"user_id":"xprmtxud"},{"content":"CDC website built by Deloitte at a cost of $44M is abandoned due to bugs","created_at":1612110143.0,"id":"l9844h","n_comments":43,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/l9844h/cdc_website_built_by_deloitte_at_a_cost_of_44m_is/","subreddit":"cybersecurity","title":"","upvotes":543,"user_id":"Sibillycwey"},{"content":"Simulating SQL Injection Exploitation Using Reinforcement Learning","created_at":1612109134.0,"id":"l97w3p","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l97w3p/simulating_sql_injection_exploitation_using/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"Angela_white32"},{"content":"Is Headfreaks.dk safe ? (Stax reseller)","created_at":1612106104.0,"id":"l976tj","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l976tj/is_headfreaksdk_safe_stax_reseller/","subreddit":"cybersecurity","title":"They are reseller of Stax headphones in Europe in Denmark\n\nhttps://stax-international.com/distributors/europe/\n\nThey have a facebook page https://m.facebook.com/headfreaks.eu/\n\nBut what is weird for me is that I do not see \"Terms & Conditions\" or \"Privacy Policy\" section at the bottom of the page \n\nThere are just a \"Contact\" section \n\n\nWhat do you think ?","upvotes":0,"user_id":"Jallbalath"},{"content":"New Year, New Version of DanaBot | Proofpoint US","created_at":1612102294.0,"id":"l968rc","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l968rc/new_year_new_version_of_danabot_proofpoint_us/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"WalkureARCH"},{"content":"vsRisk alternative?","created_at":1612098433.0,"id":"l956aa","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l956aa/vsrisk_alternative/","subreddit":"cybersecurity","title":"Hi all\n\nSo, I'm studying InfoSec and for one assignment I need to do a 27001-compliant risk assessment. The recommended software according to the textbook is vsRisk. Now, it does have a 2-week free trial, but I'm looking for something more long term. Preferably something free or cheap, if that is even possible.\n\nAny recommendations?","upvotes":1,"user_id":"PSyCHoHaMSTeRza"},{"content":"Am I at risk of being compromised?","created_at":1612094767.0,"id":"l94381","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l94381/am_i_at_risk_of_being_compromised/","subreddit":"cybersecurity","title":"So with the news of a exploited flaw within apples systems or whatever it was, apple encouraged its user to update in order to patch the threat.\nNow I would have updated immediately if I wasn\u2019t stopped by my 2013 iPad mini 2 which has the latest version of 12.51. I\u2019ve never had any sensitive information to this iPad (I have my assets on my computer and whatnot) but I would hate to have my iPad compromised.","upvotes":0,"user_id":"Commandant_Poop"},{"content":"How do you all like to hear about the latest products?","created_at":1612094059.0,"id":"l93vdk","n_comments":13,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/l93vdk/how_do_you_all_like_to_hear_about_the_latest/","subreddit":"cybersecurity","title":"Hi all! Marketer here. I just landed a new job in a cybersecurity firm (coming from the Automated Speech Recognition world) and the first thing they want me to do is send out some cold emails to generate interest in their solution.\n\n I have a distinct feeling that you all hate that kind of stuff. Is that much true?\n\n If so, where do you hear about the latest cool and useful cybersecurity tools? I need some direction before I say this is a terrible idea. \n\nThank you a ton in advance!","upvotes":14,"user_id":"gaudiocomplex"},{"content":"65535 port / protocol / service / description PDF","created_at":1612093278.0,"id":"l93mse","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l93mse/65535_port_protocol_service_description_pdf/","subreddit":"cybersecurity","title":"Started looking up different ports, found [adminsub.net's](https://www.adminsub.net/tcp-udp-port-finder) tcp/udp port finder. They credited [this](http://www.bekkoame.ne.jp/~s_ita/port/port1-99.html) Japanese website which had a pretty extensive list. This might be stretching a tiny bit out of the scope of /r/cybersecurity, but the services/descriptions do list known malware/exploits/vulnerabilities etc. \n\nThe Japanese website also hosts a .CSV format. However, when I threw it into pandas the entries which were listed as a range of ports didn't come through in my Jupyter Notebook. Because of that I copied the table and made a [PDF](https://docdro.id/tXq1IT8) for anyone else who likes to have a downloadable copy of stuff to read.\n\n​\n\nHere's the python code if you want to play with that:\n\nimport pandas as pd\n\npd.set\\_option('display.max\\_rows', None, 'display.max\\_columns', None)\n\ncsv = '[http://www.bekkoame.ne.jp/\\~s\\_ita/port/port.csv](http://www.bekkoame.ne.jp/~s_ita/port/port.csv)'\n\ndf = pd.read\\_csv(csv)\n\ndf","upvotes":0,"user_id":"lastpete"},{"content":"Data Security on Mobile Devices","created_at":1612089753.0,"id":"l92jmz","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l92jmz/data_security_on_mobile_devices/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"antdude"},{"content":"How many hours a per day do you guys study cybersec?","created_at":1612083646.0,"id":"l90m0d","n_comments":17,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/l90m0d/how_many_hours_a_per_day_do_you_guys_study/","subreddit":"cybersecurity","title":"\n\n[View Poll](https://www.reddit.com/poll/l90m0d)","upvotes":3,"user_id":"leanprs"},{"content":"Threat Intelligence - Python","created_at":1612081870.0,"id":"l900yb","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l900yb/threat_intelligence_python/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"lal309"},{"content":"\"Serious\" vulnerability found in Libgcrypt, GnuPG's cryptographic library","created_at":1612077022.0,"id":"l8yd6w","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8yd6w/serious_vulnerability_found_in_libgcrypt_gnupgs/","subreddit":"cybersecurity","title":"","upvotes":15,"user_id":"upofadown"},{"content":"Securing my VPN server","created_at":1612076663.0,"id":"l8y8m4","n_comments":1,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l8y8m4/securing_my_vpn_server/","subreddit":"cybersecurity","title":"I recently set up an AWS Lightsail server running Debian 10 and I have installed Algo ([https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)) so I can use the server as a private VPN. In order to connect to my server through WireGuard, I have to open up UDP ports 500, 4500, and 51820. I have a general understanding of the dangers of opening ports, and I want to make sure that my server is well secured. Are there any specific dangers to opening up those ports so I can connect to them using ikev2? How do I make sure that people won't be able to gain access to my server by attacking its open ports?","upvotes":3,"user_id":"BrainFried32"},{"content":"Does going to college for 2 years or more matter anymore? Or are boot camps for certificates all you need?","created_at":1612074314.0,"id":"l8xegk","n_comments":10,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l8xegk/does_going_to_college_for_2_years_or_more_matter/","subreddit":"cybersecurity","title":"I'm still fairly new to all this and don't know all the terminology\n\nBut I tried to go back to school for cyber security which would take 2 years or more and I've put it on hold because I don't have the money for the time for it \n\nBut I've gotten ads from uci about a 6 month boot camp course and I've read others who said they never went to school, just self taught and boot camps and landed great careers\n\nTo save time, what should I do?","upvotes":6,"user_id":"GiveMeYourBussy"},{"content":"Need advice on what my next step in cyber security should be","created_at":1612073466.0,"id":"l8x3ul","n_comments":6,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8x3ul/need_advice_on_what_my_next_step_in_cyber/","subreddit":"cybersecurity","title":"Hello everyone,\nI guess this question is for the people who are already experienced in the field of cyber security. \nBackground on me, i did my batchelors in cyber security. I have been working in an well known MNC from past 2 years as a security analyst. I majorly work with Logs, SIEM profile to be exact and my work is more theoretical than technical, meaning i mostly analyse stuff and create reports on my observations (reviewing logs from firewall etc). So my main question where do i go from here, and which certifications should i persue ? A lot of people tell me to go for OSCP, but is it really worth it ? And also i dont want to be bound by logs for my career, i would like to explore more, so my main question is in which direction should i move ? Should i go for OSCP or should i stay in blue side and do some other certificate ? If so which one would you recommend ?","upvotes":1,"user_id":"Stella_Morientes"},{"content":"Cyber security path suggestions","created_at":1612072931.0,"id":"l8wx0o","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8wx0o/cyber_security_path_suggestions/","subreddit":"cybersecurity","title":"Hello cybersecurity community, \n\nThis is my first post on reddit. I am writing to you guys to get your suggestions and tips to launch my career in Cybersecurity and achieve my maximum potential. Here is my background:\n\nI do not have a degree in IT. However i have 3.5 years of experience working at different technical support desks which involved troubleshooting vendor specific system setups (hardware/software), Microsoft Products (Basic L1 Azure) and recently I've been drafted to work and troubleshoot Ios and apple products. \n\nIn last 3.5 years this company has had different \"clients\" come and go and all my progress that i made on a full blown support desk was lost as the client went and i was back to ground zero everytime. This just happened again this month with a client who is was a CSP provider and we all are again going to train to troubleshoot random Ios and apple issues.\n\nNow i have cleared Az900 and now trying to complete CompTia Security+ and then plan on going to get Az500 or CompTia CySA+ or CompTia PenTest+. I am also planning to learn Splunk and Wireshark so that i can atleast get my hands wet with some of the tools used by professionals on daily basis.\n\nI do face a few challenges as i need to keep working to keep a roof over my head and at the same time i need to complete these certs. I have basic to intermediate computer knowledge and i am not a complete novice in terms of computers.\n\nAny guidance on how should I further proceed and advance in this field will be highly appreciated and I thank you for the time you took to read this post.\n\nSorry for the long post\n\nP.S - I am living in Canada and trying to secure SOC level 1 position as my first target.","upvotes":1,"user_id":"Alone-Muscle2402"},{"content":"Google deploys Chrome mitigations against new NAT Slipstreaming attack","created_at":1612070741.0,"id":"l8w4qk","n_comments":0,"percentage_upvoted":0.93,"permalink":"/r/cybersecurity/comments/l8w4qk/google_deploys_chrome_mitigations_against_new_nat/","subreddit":"cybersecurity","title":"","upvotes":11,"user_id":"wewewawa"},{"content":"I just got my security+ certification and was wondering if I could get any jobs.","created_at":1612070335.0,"id":"l8vzjp","n_comments":4,"percentage_upvoted":0.83,"permalink":"/r/cybersecurity/comments/l8vzjp/i_just_got_my_security_certification_and_was/","subreddit":"cybersecurity","title":"I am still in high school, but I would like to get a little bit of experience within cybersecurity and was wondering if it were ever possible to get a part time job in any category with just this certification?","upvotes":4,"user_id":"grassygrandma"},{"content":"Virus name wiht song \" Deorro - Five Hours\"","created_at":1612064632.0,"id":"l8tu2a","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l8tu2a/virus_name_wiht_song_deorro_five_hours/","subreddit":"cybersecurity","title":"Hey, I am doing homework for school about cybersecurity and I wanted to include an example of a \"fun\" virus/ ransomware. I think I remember a virus with the song \"Five-hour Deorro\" does anyone remember the name of the virus because I've been looking for an hour and I can't find it. \n\nOr does anyone have other ideas of a \"funny\" virus I could use to teach teens to beware when downloading thing on the internet,","upvotes":1,"user_id":"Silax04"},{"content":"2 members of household had their Icloud details compromised within days","created_at":1612062752.0,"id":"l8t42p","n_comments":2,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/l8t42p/2_members_of_household_had_their_icloud_details/","subreddit":"cybersecurity","title":"Hey, I'm clearly vulnerable somewhere, two members of my family (same household) had their iclouds logged into from random countries. Luckily they have 2FA and changed passwords but it still spooked me as the accounts aren't linked in anyway whatsoever, using different email addresses and passwords on each.\n\nAny tips would be grand, the emails don't show on haveibeenpwned and no dodgy links have been clicked.","upvotes":2,"user_id":"BadJungleratm"},{"content":"Help with Malware VM Deployment (Educational)","created_at":1612062649.0,"id":"l8t2lq","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8t2lq/help_with_malware_vm_deployment_educational/","subreddit":"cybersecurity","title":"I have been trying to find a malware that i can download and install on a virtual machine so I can use it to as a demo for a cybersecurity presentation to get students interested in CS.\n\nI was thinking of a ransomware or something more visual that would show the process of what it is doing.\n\nKeep in mind, i will be downloading this into a VM created by me and deploying it for academic purposes. The OS doesn't matter, could be for windows or linux, I'm more interested in it being visual.\n\nCould anyone provide any guidance as to how to deploy it and where i might be able to find a malware with the features described above?","upvotes":0,"user_id":"DaGalius"},{"content":"Found a vulnerability. What should I do?","created_at":1612060743.0,"id":"l8sbrs","n_comments":10,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8sbrs/found_a_vulnerability_what_should_i_do/","subreddit":"cybersecurity","title":"I have found a security vulnerability in my laptop.\nIt is leaking the voice or any sound around it, it cam be heard over radio.\nWhat should I do? Wondering if I could get some money (more than the value of laptop) from the manufacturer.","upvotes":0,"user_id":"guestyest"},{"content":"I am creating a \"Cyber Security\" educational box to help adolescents learn about cybersecurity and I need help.","created_at":1612060239.0,"id":"l8s4sc","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8s4sc/i_am_creating_a_cyber_security_educational_box_to/","subreddit":"cybersecurity","title":"Good Afternoon,\n\nI am a senior student at Mizzou's College of Engineering, I am currently enrolled in a Capstone class and while I could've done one of the other meaningless project ideas proposed by the professor, three friends and myself have decided we want to create a learning environment/ sandbox mode raspberry pi to help middle and high schoolers become interested in cybersecurity. We've decided to try and make this as user-friendly as possible and we plan on utilizing Raspberry pi's plethora of attachments, hats, and accessories to show the user either their actions have succeeded or failed. We've decided that it would probably be best if we kept away from the command line interface as that would require the user to have prior Unix/Linux background knowledge, and we want to jump right into attention-grabbing and inspiring commands and \"such\". We don't plan on explaining to high schoolers how to DDOS call of duty lobbies but we also don't want to bore them (*I was once a highschooler with mild AHDH too*). The system will most likely consist of a few raspberry pi's and maybe an IOT device or two all connected on a local network that can be interacted with. We're playing with the \"red team blue team\" idea but were not sure if that would be the appropriate way to introduce students to cyber security.\n\nSo with this being said, if anyone has constructive criticism, ideas, or input on the matter my teammates and I are highly appreciative.","upvotes":14,"user_id":"BallisticxPro"},{"content":"Websites with malformed name","created_at":1612059690.0,"id":"l8rwzq","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8rwzq/websites_with_malformed_name/","subreddit":"cybersecurity","title":"Today I opened a website (Firefox), and my muscle memory kicked in and I typed the wrong website address. The website prompts to redirect me a few times, and finally it landed upon some ip address, in that website it looks similar to Apple website, with Apple logo, writings etc, and modals keep popping up about antivirus malware and say that my pc is compromised.\n\nI know this is definitely a fake website, so I proceed back, and I tried to remember what I typed so quickly that it was wrong, and I typed the wrong website again on purpose, but every time I type the website it goes to redirect me to different websites, not the same everytime, sometimes legit website, sometimes scammy website.\n\nHow do these work? Btw I'm an SWE (fullstack web) so you can explain to me using software lingo.\n\nIf I have to imagine, the owner of say \"[ma1f0rmedsite.com](https://ma1f0rmedsite.com)\" bought that domain name, and then run a server, and then just proceed to random redirect me to different websites that \"hired\" that malformed site for redirect service? Is this correct or there's more things than that?\n\nWhat do I need to caution after visiting such sites, is there cookies/localstorage etc related stuffs that I need to know of?","upvotes":1,"user_id":"HipsterDjinn"},{"content":"Did I get \"Juice Jacked\"?","created_at":1612059202.0,"id":"l8rq89","n_comments":11,"percentage_upvoted":0.72,"permalink":"/r/cybersecurity/comments/l8rq89/did_i_get_juice_jacked/","subreddit":"cybersecurity","title":"Hey everyone, not sure who I should report this to or what to do, so please help. Here is what went down:\n\nLast night, a group of friends and I (all college students) went out to a restaurant. A girl our age came up to our table promoting her \"start-up company,\" where if we used their portable chargers for 5-30 minutes, they would give us $15. Obviously, this sounded too good to be true, but two of my friends did it and came back with $15 in cash. A few more of us went to go try it out, and we had to download the app, put in our credit card information, and they gave us a portable charger. Now this is where things got even more shady.\n\nA man in a jacket speaking Chinese on the phone to someone (sounded very frantic) was this girl's \"boss.\" She did not have the $15, but he came saying he would pay it out of his pocket. So, we went back to our seats and after 5 minutes went up to the girl, and she seemed very uneasy. She did not have the money and said she would go find her boss. She asked us where we were sitting, we pointed to our seats, and after that we never saw them the rest of the night. We asked the waiter about it, and he told us they paid the restaurant $400 to set up inside.\n\nI believe they were \"juice jacking\" college students who didn't know better and just wanted some free cash basically. Maybe it wasn't that serious, but here is why I believe they were hacking us in some way:\n\n1) Dealt in **all cash** for the $15 reward\n\n2) Shady app with one review, and **no mention** of the company on the internet except their website\n\n3) Had to plug in our phone to their portable charger for a **minimum/certain amount of time** (5-30 minutes)\n\n4) Boss sounded very **frantic**; girl working for him seemed very **uneasy** and uninformed\n\n5) They paid $400 and gave out $15 per student (25 students max) and **basically lost money**, but most importantly:\n\n6) They **did not advertise** their start-up\n\nI believe that if they were really trying to promote a start-up they would tell us things like \"Look for our chargers around campus!\" \"Tell your friends about our app!\" etc. Ultimately, I found this all very shady and was wondering if anyone knows anything about this or what I should do. I have erased and restarted my phone completely. The company's information is below:\n\nCompany Name : Electra Charger\n\nWebsite : [https://electracharger.com/#/home](https://electracharger.com/#/home)\n\nEmail : [support@electracharger.com](mailto:support@electracharger.com)","upvotes":3,"user_id":"Sprikly"},{"content":"How to work around a major issue?","created_at":1612056884.0,"id":"l8qsy2","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8qsy2/how_to_work_around_a_major_issue/","subreddit":"cybersecurity","title":"My major is math, and I am finishing a minor in CS. I\u2019m in my last year of undergrad. I was prepping for data analytics, but cyber security has been of interest to me for various reasons. What can I do if I want to make the transition over to cyber security?","upvotes":2,"user_id":"Roam_S"},{"content":"Bitwarden or Dashlane?","created_at":1612056808.0,"id":"l8qrup","n_comments":8,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l8qrup/bitwarden_or_dashlane/","subreddit":"cybersecurity","title":"Hi all! \n\nAny advice on which password manager to pick between Dashlane and Bitwarden? Not too fussed about the subscription price for Dashlane, but would appreciate some input from anyone who's tried one or the other (or both) - and how that experience turned out.\n\nThanks!","upvotes":2,"user_id":"rh0bes"},{"content":"Need advice on cert path please","created_at":1612056288.0,"id":"l8qkmz","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8qkmz/need_advice_on_cert_path_please/","subreddit":"cybersecurity","title":"Hi All,\n\nI'm looking to switch careers and become a penetration tester. Before I ask my question I thought I'd give some insight about me first to see if that helps give me more of a clear path in terms of which certifications I should go after.\n\nCurrently I'm a business analyst at a some what large software company. My day is focused around helping plan out custom functionality for an enterprise level application for a company that does over a billion in revenue a year. In addition to that I help set up and configure a lot of the tools that this software uses. I spend a lot of time remoting into different servers, setting up APIs and creating listening services with IIS to send data back and forth. \n\nI'm not a full blown developer, but it definitely helps that I have built plenty of websites (wordpress with php and sites from scratch) and know JS reasonably well. That's I think what gave me the edge to getting this role I'm currently in now for the past 2 years, but I'll admit I knew nothing about networking when I got into this job. I took it upon myself to study up and have been preparing to take the Network+ for the past three months now. I think at this point I'm pretty much ready to take it, but still a little nervous because I don't want to blow 300 bucks since I still end up getting around a 74-80% of Jason Dion's network+ practice exams. \n\nThe other day I was watching an interview with Neil Bridges, and he was saying that folks that want to get into this field should look at eLearnings's eJPT, get that cert, then do a ton of hackthebox/tryhackme boxes for experience, then network to find your first career.\n\nSo now I'm sitting here thinking to myself. Should I be continuing to study the different types of ethernet and 802.x standards so I can pass this network+ test that will likely not assist me in getting a pen test job, or should I just get right into the eJPT cert and just focus more of my time getting hands on experience? I'm torn because I've been in the IT world now for about 8 years and it sounds like Network+ is really to show that you have the chops to make it in IT, but I think I could mostly prove that I have the chops today and would be just fine in an interview. \n\nThere is still a part of me that at least wants to get this Network+ cert since I've spent so much fricken time learning and reading Mike Myers book, but at the same time I want the quickest path to changing my career because I'm antsy and I know this is still going to take a few years before I land that first solid job. \n\nSo what do you think? Any advice would be greatly appreciated!","upvotes":1,"user_id":"aggrevatedknowledge"},{"content":"Is HUAWEI 4G Router safe to use?","created_at":1612054259.0,"id":"l8prvb","n_comments":12,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l8prvb/is_huawei_4g_router_safe_to_use/","subreddit":"cybersecurity","title":"I needed to get a 4G data hub/dongle because I live in a rural area in the U.K. and can\u2019t get fast broadband.\n\nThe ISP sent me a HUAWEI 4G Router 3 Pro, but I\u2019m wondering if it\u2019s safe to use. I don\u2019t know a lot about cyber security but I\u2019ve seen in the news that several countries including the U.S. and U.K. have banned Huawei from building the 5G infrastructure in their respective countries because it could be passing information to the Chinese state.\n\nDoes this mean that Huawei is an untrustworthy company, could there be a back door in this router\u2019s firmware or am I being paranoid? Even if there was a back door, would using a VPN help?\n\nHere is the router that I have:\nhttps://consumer.huawei.com/uk/smart-home/4g-router-3pro\n\nWould appreciate your advice. Thanks.","upvotes":1,"user_id":"Throwaway-93628192"},{"content":"My Lightweight Cryptography for IoT lecture videos, hope you enjoy","created_at":1612052841.0,"id":"l8p7r5","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8p7r5/my_lightweight_cryptography_for_iot_lecture/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"forgottenlance"},{"content":"Connecting to cyber security recruiters","created_at":1612051579.0,"id":"l8oqm9","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8oqm9/connecting_to_cyber_security_recruiters/","subreddit":"cybersecurity","title":"Hey can some help me to get connected to hr and recruiters for cyber security company in Singapour i am only 17 years old just finished my CEH will be doing OSCP next preparing for that if someone can connect me to the recruiter i can be in contact with them so that i can get to know the requirements for the job so as per that will prepare my skills and then it will be easy for me to get into the corporate world \n\nFeel free to contact me [linked-in profile](http://linkedin.com/in/junaidkhan-pathan-3407631a7)","upvotes":0,"user_id":"Junaidkhan2004"},{"content":"Next CyberSec Certification Advise.","created_at":1612051437.0,"id":"l8oooc","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8oooc/next_cybersec_certification_advise/","subreddit":"cybersecurity","title":"Hey community.\n\nI am new to Palo Alto Network certification and i would like to persue one. I already have Comptia Network+, Security+ and CySA+. What other advance certification can i do from Palo Alto networks after acquiring the fore mentioned Certification.\n\nThank you in advance","upvotes":0,"user_id":"Taiwan004"},{"content":"MBA vs Cybersecurity?!","created_at":1612050686.0,"id":"l8oegg","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8oegg/mba_vs_cybersecurity/","subreddit":"cybersecurity","title":"Recently started as a cyber security technician mostly because of my clearance even though I do not have much technical experience. I am currently studying for my Security + and will be pursuing my masters soon. I am faced with two options. 1. I can earn a masters in cyber security for free due to my employer. 2. Pursue and MBA and pay some out of pocket. I want to stay in the general cyber sector but would like to move towards the business side if it. Any suggestions?","upvotes":13,"user_id":"Aleafe1234"},{"content":"If you could work for any company or organization, which would you choose?","created_at":1612045854.0,"id":"l8mum7","n_comments":8,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/l8mum7/if_you_could_work_for_any_company_or_organization/","subreddit":"cybersecurity","title":"I now have the top certs, lots of experience, and like most others, I live this life... day and night. \n\nI\u2019ve had offers. I\u2019m stuck with an ethical dilemma. Whom should I help, and who doesn\u2019t deserve it. \n\nAmazon for example... product after product would come to \u201cpatch\u201d. Some couldn\u2019t be patched because they didn\u2019t spend an extra 50\u00a2 for a better chip on a $90 product. I won\u2019t work for them....\n\nDuring the last presidential term, I was not even considering a government position for obvious reasons, but now I am interested in that. At the end of the day, I want to do what helps people the most. I don\u2019t care about the money.\n\nSometimes I wonder if I would be better as an activist for privacy... or is it better to join big tech so I have even closer eye to what\u2019s happening... where\u2019s the rule book on this lol?\n\nI\u2019m white hat only. I didn\u2019t consider every entity that\u2019s \u201cprofessional\u201d all white hat... not when you sell products you know don\u2019t have security, like a secuirty camera. That\u2019s bordering red/grey in my eyes. \n\nAll feedback is welcomed. Thank you in advance. I rarely ask a question on social media... its only when it appears that google can\u2019t provide the best data I need. \n\nPs. Red team, blue team, whatever... I know more than enough to fill a role in an organization and do great in that position. I am always learning, and always will be. I can learn what I need to learn to do whatever is recommended. I self teach, and I learn fast. \n\nWhere would you work, not work, and why? I don\u2019t want to help the wrong people. I\u2019ll be helpful, and I want to make sure I\u2019m really \u201chelping\u201d all of us. \n\nThank you again in advance \ud83d\ude4f\ud83c\udffc\n\n[View Poll](https://www.reddit.com/poll/l8mum7)","upvotes":3,"user_id":"just0liii"},{"content":"Palo Alto Networks vs Juniper?","created_at":1612040782.0,"id":"l8lbiu","n_comments":7,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8lbiu/palo_alto_networks_vs_juniper/","subreddit":"cybersecurity","title":"Hey community, \n\nWhich of these two organization have more reputable Cyber sec certifications?\n\nThank you","upvotes":0,"user_id":"Taiwan004"},{"content":"where can i find rootkits?","created_at":1612037524.0,"id":"l8kg01","n_comments":9,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l8kg01/where_can_i_find_rootkits/","subreddit":"cybersecurity","title":"i'm trying to see how rootkits work, so i tried installing LilyOfTheValley in a VM, but everytime i try to hide a process the kernel kills my rootkit process. \n\ncould you pls provide some sources to rootkits \\[ for both windows and linux ( ubuntu ) \\] ? i tried searching them online but i'm not able to find any !\n\nthanks in advance,","upvotes":0,"user_id":"WinterFondant"},{"content":"Printer suddenly started to print some of neighbour's documents.","created_at":1612037050.0,"id":"l8kbk3","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8kbk3/printer_suddenly_started_to_print_some_of/","subreddit":"cybersecurity","title":"Hello everybody \n\nFirst of all sorry for bad english. \n\nSo this is what happened to me yesterday : In the middle of the day, my printer who was in sleep mode, started to print some pages. No one in on my house could have done that and I'm sure about it.\n\n3 pages were printed before i pressed the stop. And those were clearly my neighbour's some old documents because they had his name on it. When I saw this, I assumed my neighbour somehow connected to my printer and printed them, because he had our wifi password.\n\nSo, I went to him and explained the situation. To which he responded that he didn't do that. He also confirmed that those are his docs but said that he doesn't recognise them and he has no idea how those documents got printed because he doesn't have them in his pc. \n\nMy guess is he is lying and accidently printed those on my printer, to which he is not supposed to have any access. \n\nNow I'm worried about my cybersecurity. And don't know what to do and where to address this problem. \n\n\\- Where can I get more help about this? Is there any forums or other platforms where someone could help me? I'm worried about my cybersecurity. And suspect my neighbour of spying on me. \n\n\\- Is it dangerous to give his wifi password to his neighbours? and what can they do with it ? \n\n​\n\nThanks.","upvotes":0,"user_id":"Aggravating-Ad9830"},{"content":"Is a network like Silicon Valley\u2019s \u201cnew internet\u201d secure enough that a country can have online elections?","created_at":1612035685.0,"id":"l8jz7e","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l8jz7e/is_a_network_like_silicon_valleys_new_internet/","subreddit":"cybersecurity","title":"I was wondering whether if Richard\u2019s network would be secure enough for a country to successfully have elections on it without worrying about the results being tampered with.","upvotes":2,"user_id":"ImFromRwanda"},{"content":"Networking - OSI Model","created_at":1612034764.0,"id":"l8jr5p","n_comments":5,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/l8jr5p/networking_osi_model/","subreddit":"cybersecurity","title":"","upvotes":33,"user_id":"burdin271"},{"content":"OSCP \u2194 CEH","created_at":1612033010.0,"id":"l8jb0y","n_comments":7,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l8jb0y/oscp_ceh/","subreddit":"cybersecurity","title":"What is the difference between OSCP and CEH? the curriculum seems similar but on the certification-map completely different [https://www.reddit.com/r/cybersecurity/comments/e23ffz/security\\_certification\\_progression\\_chart\\_2020/?utm\\_source=share&utm\\_medium=web2x&context=3](https://www.reddit.com/r/cybersecurity/comments/e23ffz/security_certification_progression_chart_2020/?utm_source=share&utm_medium=web2x&context=3)","upvotes":0,"user_id":"M4rt1n88"},{"content":"How To Secure Your Business?","created_at":1612030680.0,"id":"l8iqtk","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l8iqtk/how_to_secure_your_business/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"isabelapix"},{"content":"I believe I have found a shady RX scam being hosted on the domain of a Louisiana sheriff\u2019s office.","created_at":1612024657.0,"id":"l8hgxc","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l8hgxc/i_believe_i_have_found_a_shady_rx_scam_being/","subreddit":"cybersecurity","title":"Hello there, I\u2019m sorry to be making a dumb post like this in a community I\u2019m not a part of. But I wasn\u2019t sure where I should post this. \n\nI\u2019m currently having a relapse in insomnia as I\u2019ve had issues with it in the past and just out of curiosity I googled \u201cAMBIEN\u201d just to research it\n\nI\u2019m just sort of bored sitting next to my wife while she\u2019s asleep and I\u2019m scrolling through Google images and I came across a link to a clearly bogus pharmacy selling ambient \u201cNO PRESCRIPTION NEEDED\u201d all over it. \n\nI\u2019m sure we\u2019ve all seen these websites around before. It looks like something I would have made in high school web development. It seemed pretty average for an obvious scam site but I looked at the HTML link at the top of my screen and it read this:\n\nhttps://feen.us/n7ks1y.jpeg\n\n(link is to an image, I\u2019m not posting a link to the site as I\u2019m not sure if that\u2019s okay on this sub)\n\nIt seemed as if it was a phishing link to me at first. Like \u201cFranklin sheriff\u201d was some Canadian pharmacy I wasn\u2019t aware of. So I decided to just google it, and found that it\u2019s actually the official website for the sheriff\u2019s office in Winnsboro, Louisiana. Franklin Parrish must be the county or possibly it\u2019s a multi town village like they have here in New England.\n\nI\u2019m assuming someone out there has compromised a server and used it to host a scam on their domain?\n\nTL;DR I think a sheriff\u2019s office in Louisiana is accidentally hosting a fake online pharmacy and they tried to sell me ambien \n\nImages for context \n\nScam site:\n\nhttps://feen.us/52820u.jpeg\n\nSheriffs site:\n\nhttps://feen.us/0cbg81.jpeg\n\nThese two sites being recommended on google right next to each-other: \n\nhttps://feen.us/di5mje.jpeg","upvotes":3,"user_id":"ZagTheWag"},{"content":"How to Hack & Secure Computer Networks","created_at":1612024516.0,"id":"l8hfx6","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l8hfx6/how_to_hack_secure_computer_networks/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"icssindia"},{"content":"How risky is it to rely on Google Chrome's password manager?","created_at":1612023610.0,"id":"l8h963","n_comments":21,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8h963/how_risky_is_it_to_rely_on_google_chromes/","subreddit":"cybersecurity","title":"I save 600+ id/passwords on Google Chrome. I also sync them across devices. \n\nThen I heard about a guy on the internet that says he's lost all his cryptocurrency deposits by a hacker because his Google Chrome was compromised. He even had 2FA activated but the hacker somehow could change the password and block the access of the owner. \n\nI never thought this could be possible until now. Now I'm starting to worry that this kind of security breach can happen to me. \n\nWhat is the best possible practice to prevent this? Is there any good alternative/practice to make my personal info more secure than Google Chrome's default password manager?","upvotes":10,"user_id":"JeffreyChl"},{"content":"How would you score my password's safety?","created_at":1612023149.0,"id":"l8h5vz","n_comments":33,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8h5vz/how_would_you_score_my_passwords_safety/","subreddit":"cybersecurity","title":"Hi guys, \n\nI've been trying to keep up with the best cybersecurity practice not to use the same ID/Password on every single website. However, this automatically gets very tricky when you start to have 100+ ID/passwords. \n\nThere are some centralized solutions like password managers like the one that comes with Chrome browser but I don't know how secure that can be. After all, you rely on a single breakpoint which is your Google Account. \n\n​\n\nI came up with my own practice like the following. \n\nID: I use one or two emails \n\nPW: I made a simple password creation rule like this. Say I'm joining Reddit:\n\nid: [hello@gmail.com](mailto:helloworld@gmail.com)\n\npw: worldRDT45@\n\n​\n\npw = 'world' + 1st, 3rd (R, D) and the last letter (T) of the website capitalized + '45@'\n\n​\n\nThis allows me to have a different password on every single website but still make it simple enough for me to remember. \n\nHow would you rate this password creation practice? Can it be safer than two-factor authentication and using password managers?","upvotes":0,"user_id":"JeffreyChl"},{"content":"How safe is it really to use a Password manager?","created_at":1612020809.0,"id":"l8gn9s","n_comments":9,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l8gn9s/how_safe_is_it_really_to_use_a_password_manager/","subreddit":"cybersecurity","title":"Iean, if someone steals your passwords, you are going to lose ALL your accounts.","upvotes":1,"user_id":"havvat"},{"content":"What are the most recognised & rigorous online Cybersecurity certifications? (for the purpose of getting a job without a university degree?)","created_at":1612020310.0,"id":"l8gj64","n_comments":14,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/l8gj64/what_are_the_most_recognised_rigorous_online/","subreddit":"cybersecurity","title":"What are the most recognised institutions and certifications for cybersecurity that could get someone a job in the field? Are there any that are at the same level of recognition as a university degree?\n\n​\n\nThanks!","upvotes":6,"user_id":"rickrule34"},{"content":"Android security video","created_at":1612018339.0,"id":"l8g2lr","n_comments":0,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/l8g2lr/android_security_video/","subreddit":"cybersecurity","title":"A pretty nice video I came across on youtube:\nhttps://youtu.be/dMWEym0KPcA","upvotes":2,"user_id":"asifal2071"},{"content":"What\u2019s the future of cyber security?","created_at":1612016022.0,"id":"l8fhxv","n_comments":9,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l8fhxv/whats_the_future_of_cyber_security/","subreddit":"cybersecurity","title":"It seems bleak with the advent of AI","upvotes":1,"user_id":"Roam_S"},{"content":"Help","created_at":1612015535.0,"id":"l8fdh1","n_comments":9,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l8fdh1/help/","subreddit":"cybersecurity","title":"I was trying to get to a website on my iPad mini 2 iOS 12 and instead of typing \u201cmenshealth.com\u201d I typed \u201cmenshalth.com\u201d and it redirected me to a bunch of websites then my browser closed (Firefox) I got on again and wiped the cookies and data but I\u2019m still scared out of my mind that I have a virus please help me!","upvotes":0,"user_id":"Commandant_Poop"},{"content":"Working across departments","created_at":1612009226.0,"id":"l8dma4","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l8dma4/working_across_departments/","subreddit":"cybersecurity","title":"I am fresh grad started Job as a SOC Analyst Level 1 at a big services based company i am interested in Cloud Security so should I need to work at Cloud department at a part time or learn it by myself?\n\nAny advice will be helpful.","upvotes":0,"user_id":"securitygusf"},{"content":"A stranger on xbox live sent me where my city is.","created_at":1612007086.0,"id":"l8cz30","n_comments":9,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/l8cz30/a_stranger_on_xbox_live_sent_me_where_my_city_is/","subreddit":"cybersecurity","title":"A stranger sent me my city and state. I'm assuming they got it through a IP pulling software or something. I don't know too much about IP's and all that type of stuff. My question is what can they do with my ip? Can they find my home address? I'm kinda paranoid because all this security stuff scares me.","upvotes":10,"user_id":"wMANDINGUSw"},{"content":"Facebook Ad Services Let Anyone Target US Military","created_at":1611925575.0,"id":"l7jyat","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7jyat/facebook_ad_services_let_anyone_target_us_military/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"BraveBosom"},{"content":"I created a blog to share what I'm learning","created_at":1611959547.0,"id":"l7tx7n","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l7tx7n/i_created_a_blog_to_share_what_im_learning/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"TheCyberSecurityGuy"},{"content":"Does a New User Account Carry Over Malware/Keyloggers?","created_at":1612001576.0,"id":"l8b8ig","n_comments":3,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l8b8ig/does_a_new_user_account_carry_over/","subreddit":"cybersecurity","title":"If I create a new user account on my Macbook can malware like keyloggers from the administrator and/or other accounts still operate on the new account? I'm trying to learn how to securely manage online banking and other such sensitive information. Apologies if this is basic. I've tried searching online and on Reddit and can't find this information.","upvotes":0,"user_id":"Puga6"},{"content":"How do I prove someone was in my PC and monitoring/recording my activity for the better part of three years? Tried all \"basic\" security measures with no luck in preventing the breach.","created_at":1612000484.0,"id":"l8ave1","n_comments":6,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l8ave1/how_do_i_prove_someone_was_in_my_pc_and/","subreddit":"cybersecurity","title":" \n\nSo basically it started with a breach of security, but ended with full on cyberstalking and harassment for the fun of it I guess. I had enough knowledge in cybersecurity to catch it, but lacked the skills to prevent and further prove it. It was someone who I met online and thought was a friend, but as the years went on it devolved into this person becoming toxic and making it obvious what he had been up to, to fuck with me. I have since had to leave my friend group online, because no one believed what was happening and I had to completely start over. I tried VPN's, anti-keylogging software, new accounts, new passwords, anti-root wear kits, etc... All with no effect on what happened. It went even as far as breaching my phone and somehow he gained access to my phone conversations. How do I prevent this from happening again and if I can, how do I prove with evidence that this guy did all this. I can tell people until I am blue in the face that he knew stuff about me that no one knows and cornered me multiple times to harass me, but I need the data to back it up.","upvotes":1,"user_id":"Spectre6657"},{"content":"What cyber jobs are there that are not strictly IT related but maybe more policy focused? I come from an International Relations background on security.","created_at":1611998645.0,"id":"l8a8ue","n_comments":16,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/l8a8ue/what_cyber_jobs_are_there_that_are_not_strictly/","subreddit":"cybersecurity","title":"I'm interested in security but not sure if cyber is for me. I do enjoy keeping up with the news and would like to keep doing that in my career, but I don't think I'm a big fan of a very technical cyber job. What are other options? I was looking within the intelligence community things like counterterrorism which I have a passion for. Ultimately I'm trying to find something that allows me to keep up with the Middle East and cyber, but coming from an IR background rather than a cybersecurity one.","upvotes":10,"user_id":"Matkionni"},{"content":"What are the best, most affordable cybersecurity managed services companies that can provide next-generation antivirus managed detection and response in the United States remotely or in Maryland or New York?","created_at":1611996578.0,"id":"l89j84","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l89j84/what_are_the_best_most_affordable_cybersecurity/","subreddit":"cybersecurity","title":"I think the term for this is endpoint detection and response (EDR). Also for a single or few devices.","upvotes":0,"user_id":"xprmtxud"},{"content":"VPNs - What they do and their role in our society","created_at":1611995727.0,"id":"l898ql","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l898ql/vpns_what_they_do_and_their_role_in_our_society/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"identifythisbook"},{"content":"TCP Port 30000 is open on my pc?","created_at":1611991740.0,"id":"l87r81","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l87r81/tcp_port_30000_is_open_on_my_pc/","subreddit":"cybersecurity","title":"i used nmap localhost on powershell and it says tcp port 30000 is open. I looked online and it said things about trojans/ malware. Is there anything I should be worried about?","upvotes":1,"user_id":"NFGrub"},{"content":"New course on Cybersecurity","created_at":1611988432.0,"id":"l86d4n","n_comments":30,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/l86d4n/new_course_on_cybersecurity/","subreddit":"cybersecurity","title":"Hi everybody,\n\nThis is the course I teach at the undergraduate level at my university. \n\nFind it on my YouTube channel: [https://www.youtube.com/channel/UCb6kvLtSv54WSr-nNlOF4cA](https://www.youtube.com/channel/UCb6kvLtSv54WSr-nNlOF4cA)\n\nBest,","upvotes":532,"user_id":"bdug"},{"content":"Role Based Access Control Template / Permissions Management","created_at":1611986533.0,"id":"l85lu4","n_comments":0,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l85lu4/role_based_access_control_template_permissions/","subreddit":"cybersecurity","title":"Greetings dear r/cybersecurity comrades,\n\nI need your thought and input on a simple subject. I started a new position as the head of a small sysadmin team and inherited a very messy network in terms of procedures and permissions... It's \"wild wild west\" here and since the first day I started, It's clear to see that 90% of our issues comes from having multiple sysadmins having permissions to do whatever they want to do in the network. Everyone is Domain Admin, everyone is Network Admin, everyone is Virtualization Admin etc... You get the idea.\n\nLuckily for me, I have the power to change things around and put a policy in place. This is where I need your expertise.\n\nI need a simple excel sheet to list our needs first. Like, decide the different security groups and roles we'll be using, members of the security groups, permissions they have, authenticated by which server etc... I looked online and couldn't really find anything pre-built. \n\nFYI, I'm not asking out of laziness as I don't mind building this excel sheet myself, but I believe there must be already something similar that I can use as an example and follow the best practices. It could / would even give me some extra ideas and maybe avoid important errors from the beginning ;)\n\nP.S. : I'm looking into implementing KeyCloak or OpenIAM kind of server to handle all identity management but that's the 2nd or 3rd step in this project.\n\nThank you all in advance!","upvotes":0,"user_id":"kubilayelmas"},{"content":"Lazarus Affiliate \u2018ZINC\u2019 Blamed for Campaign Against Security Researcher","created_at":1611984933.0,"id":"l84ym7","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l84ym7/lazarus_affiliate_zinc_blamed_for_campaign/","subreddit":"cybersecurity","title":"Lazarus Affiliate \u2018ZINC\u2019 Blamed for Campaign Against Security Researcher\r\nhttps://www.cyberiqs.com/latestnews\n\nhttp://www.cyberiqs.com/latestnews","upvotes":1,"user_id":"Cyberiqs"},{"content":"College Student Looking For Experience Opportunities","created_at":1611982088.0,"id":"l83qu5","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l83qu5/college_student_looking_for_experience/","subreddit":"cybersecurity","title":"I am currently a junior majoring in Digital Forensics and Cyber Security. I\u2019m more interested in the cybersecurity side and am trying to find a way to get some experience before I graduate. \n\nMost entry level jobs I am seeing want prior experience. Are there any other options besides internships?","upvotes":1,"user_id":"Nathan0235"},{"content":"Analyzing network capture with WireShark to reverse a blind SQL injection - HackTheBox","created_at":1611981467.0,"id":"l83hbx","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l83hbx/analyzing_network_capture_with_wireshark_to/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"PinkDraconian"},{"content":"Adoption of MDR","created_at":1611981161.0,"id":"l83cl4","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l83cl4/adoption_of_mdr/","subreddit":"cybersecurity","title":"Been reading more about MDR offerings and curious who this group thinks stands out amongst MDR players. Also curious if MDR is a growing trend for medium sized companies given the lack of good security professionals and desire to outsource the complexity. Or is MDR just vaporware by the MSSPs to sound more software-like?\n\n[View Poll](https://www.reddit.com/poll/l83cl4)","upvotes":1,"user_id":"OneTonSoupp"},{"content":"I've been Pwned","created_at":1611974838.0,"id":"l80jyi","n_comments":12,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l80jyi/ive_been_pwned/","subreddit":"cybersecurity","title":"I check my email situation in \"Have I been Pwned\" twice a month. Today, the site said that Ive been Pwned. What I do in my situation? Just change the passwords of the sites I use most? Just it will bring my privacy back?\n\n​\n\n​\n\n(Bonus question: I use the same email for like, everything, school, games, work, etc. If we are talking about security, is it worth to have 1 email, for each thing?)","upvotes":0,"user_id":"Koji_Hara"},{"content":"Software Engineer in InfoSec career roadmap","created_at":1611973125.0,"id":"l7zshh","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l7zshh/software_engineer_in_infosec_career_roadmap/","subreddit":"cybersecurity","title":"Hi all,\n\nI am a fresh undergraduate in Software Engineering and Management, 25yo with a previous background in CS and IT. Long story short, I have a strong interest for infosec which combined with dedication and good negotiation skills made me land a first job in cybersec with NO previous experience in the field nor in the industry, besides the one from software engineering, which is also the reason I was recruited as there is a lot of work to do in the application security for my company (I will probably be the responsible for the app.sec program towards DevSecOps)\n\nMy contract is an onboarding for fresh graduates lasting 2 years where my manager is also the CISO, this contract lets me rotate within the business to develop and make my own career roadmap before settling to a fixed position.\n\nWhat are your suggestions of next steps and recommended skills to learn in order to maximize the future salary and increase the criticality of my role? (e.g. what do people in app.sec usually shift to? what should I incorporate in my current role to get to a managerial position in the field?)\n\nPlease beware I am not laser focusing on a specific career path, but rather brainstorming for avoiding the unnecessary learnings.","upvotes":2,"user_id":"BlueSkye00"},{"content":"Is CompTIA Security+ doable for individual who has no professional experience, but looking to start a career in Security?","created_at":1611971428.0,"id":"l7z0sx","n_comments":9,"percentage_upvoted":0.78,"permalink":"/r/cybersecurity/comments/l7z0sx/is_comptia_security_doable_for_individual_who_has/","subreddit":"cybersecurity","title":"Hi guys, \n\nI am in my last year doing Computing bachelor degree and I am looking to proceed into a Cyber Security master degree. However, I also would like to start some professional experience. \n\nMy question is if I will be able to finish the course with almost no experience in the area?","upvotes":5,"user_id":"x17ed-600"},{"content":"Injections Attacks Resources","created_at":1611969002.0,"id":"l7xygi","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7xygi/injections_attacks_resources/","subreddit":"cybersecurity","title":"Want to start focusing on injections a lot more for bug bounties and just for general pentest knowledge (it is owasp #1 after all)\n\nWatch a few courses, but want to take it to the next step and see how it\u2019s used in an actual good secure environment/webapp and not just juice shop or DVWA.\n\nAny good courses on Udemy, youtubers or even professional certs? \n\nLet me know\n\ud83c\udf64","upvotes":2,"user_id":"prawn2"},{"content":"Custom Elastic Stack","created_at":1611961144.0,"id":"l7ujym","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7ujym/custom_elastic_stack/","subreddit":"cybersecurity","title":"I'm interested in learning how to setup a custom instance of Elastic Stack at home for network security monitoring. I've tried Security Onion, but want more custom dashboards. How hard is this to learn and do you know of any good resources for learning?","upvotes":2,"user_id":"groovesec"},{"content":"Bypassing the Protections \u2014 MFA Bypass Techniques for the Win","created_at":1611959931.0,"id":"l7u2cf","n_comments":1,"percentage_upvoted":0.77,"permalink":"/r/cybersecurity/comments/l7u2cf/bypassing_the_protections_mfa_bypass_techniques/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"ju1i3k"},{"content":"What are the best companies that can tell you if and where you're exposed on the internet?","created_at":1611958834.0,"id":"l7tnfr","n_comments":4,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/l7tnfr/what_are_the_best_companies_that_can_tell_you_if/","subreddit":"cybersecurity","title":"Companies that can tell you if your passwords or anything that would allow someone to get into your accounts are available on the internet anywhere or if your computer or phone screens are visible live.","upvotes":2,"user_id":"xprmtxud"},{"content":"First Principles Literature","created_at":1611958289.0,"id":"l7tg7s","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7tg7s/first_principles_literature/","subreddit":"cybersecurity","title":"Hi all, just wondering if anyone has recommendations for books that teach first principles thinking in the field of cyber security?","upvotes":4,"user_id":"MiloStean"},{"content":"Push Login","created_at":1611958126.0,"id":"l7te39","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7te39/push_login/","subreddit":"cybersecurity","title":"Hello Folks.\n\nRecently I was looking for Push Login Authentication by companies and read it should be Phishing protected.\n\nWhat do you mean Push Login should be phishing protected and how to do it?","upvotes":2,"user_id":"priyanka7june"},{"content":"What are the best, most affordable cybersecurity managed services companies that can provide security in the United States remotely or in Maryland or New York?","created_at":1611957847.0,"id":"l7ta9w","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l7ta9w/what_are_the_best_most_affordable_cybersecurity/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"xprmtxud"},{"content":"Weekly cyber news recap:","created_at":1611957796.0,"id":"l7t9is","n_comments":0,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/l7t9is/weekly_cyber_news_recap/","subreddit":"cybersecurity","title":"","upvotes":14,"user_id":"caramel_member"},{"content":"Reading material/Podcasts","created_at":1611957329.0,"id":"l7t34l","n_comments":3,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/l7t34l/reading_materialpodcasts/","subreddit":"cybersecurity","title":"Hi everyone! I was wondering what are some good sources (books,journals,podcasts... etc) for news/information that you all enjoy reading or listening too. Thank you!","upvotes":13,"user_id":"Normal-Effect6974"},{"content":"Is there any way you can get CrowdStrike or similar next-generation antivirus for a single or few devices?","created_at":1611956717.0,"id":"l7sva1","n_comments":5,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/l7sva1/is_there_any_way_you_can_get_crowdstrike_or/","subreddit":"cybersecurity","title":"Are there any managed services companies in the United States that you can get this from remotely or in Maryland or New York?","upvotes":3,"user_id":"xprmtxud"},{"content":"Need help on the best possible paths to earn cybersecurity certification","created_at":1611953439.0,"id":"l7rqxw","n_comments":6,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l7rqxw/need_help_on_the_best_possible_paths_to_earn/","subreddit":"cybersecurity","title":"Hi, community\n\nI am a writer. I need your help to identify permutations and combinations of the best path in earning these cybersecurity certifications. \n\nLooking for different orders in which an academic or professional could tackle them.\n\nThe certifications are as follows: \n\n1. Certified Ethical Hacker (CEH)\n2. CompTIA Security+\n3. Certified Information System Security Professional (CISSP)\n4. Certified Information Security Manager (CISM)\n5. Certified Information Systems Auditor (CISA)\n6. NIST Cybersecurity Framework (NCSF)\n7. Certified Cloud Security Professional (CCSP)\n8. Computer Hacking Forensic Investigator (CHFI)\n9. Cisco Certified Network Associate (CCNA) Security\n10. CompTIA CySA+\n11. Google Cloud Platform Professional Security Engineer. \n\nI'd highly appreciate any input from the community. \n\nPS. If you want to pass on writing the complete names of certs, you can just mention the number next to it in an order you'd suggest others to do them.","upvotes":1,"user_id":"Sagarwrites"},{"content":"Decompiling the Facebook app to find interesting CSRF","created_at":1611944296.0,"id":"l7p5pi","n_comments":0,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/l7p5pi/decompiling_the_facebook_app_to_find_interesting/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"AshleyKingUK"},{"content":"Edu","created_at":1611941745.0,"id":"l7ohb7","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7ohb7/edu/","subreddit":"cybersecurity","title":"I wanna forward my firewall VM port to the Honeypot VM. Can someone please tell me how to do that?","upvotes":1,"user_id":"Sirenagrace_"},{"content":"Symantec endpoint protection security review","created_at":1611924830.0,"id":"l7joov","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l7joov/symantec_endpoint_protection_security_review/","subreddit":"cybersecurity","title":"Hey, Can anyone please share a security checklist or proposed guidelines to perform a review on Symantec endpoint protection. I am new into this, looking for professional support.","upvotes":0,"user_id":"moeex_mm"},{"content":"SANS Aptitude Test","created_at":1611924298.0,"id":"l7ji63","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l7ji63/sans_aptitude_test/","subreddit":"cybersecurity","title":"I am interested in pursuing a SANS Graduate Certificate and I am wondering if anyone has taken the aptitude and what to expect for it? Do I need to prepare at all? \n\nAlso let me know your experience with SANS courses / degrees / certificates if applicable","upvotes":2,"user_id":"rpmva2019"},{"content":"Top 10 Telegram Cybersecurity Groups You Should Join","created_at":1611923364.0,"id":"l7j6o9","n_comments":1,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l7j6o9/top_10_telegram_cybersecurity_groups_you_should/","subreddit":"cybersecurity","title":"https://www.sentinelone.com/blog/top-10-telegram-cybersecurity-groups-you-should-join/","upvotes":12,"user_id":"awsgeekguru"},{"content":"Authorities Seize Dark-Web Site Linked to the Netwalker Ransomware","created_at":1611922753.0,"id":"l7iz68","n_comments":1,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/l7iz68/authorities_seize_darkweb_site_linked_to_the/","subreddit":"cybersecurity","title":"","upvotes":19,"user_id":"WalkureARCH"},{"content":"Which class is better for general all around knowledge of computer, networking, and software. IT or ethical Hacking","created_at":1611922372.0,"id":"l7iudo","n_comments":5,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l7iudo/which_class_is_better_for_general_all_around/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"BihCorbad"},{"content":"Nmap Tool Review","created_at":1611922061.0,"id":"l7iqcc","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/l7iqcc/nmap_tool_review/","subreddit":"cybersecurity","title":"If you are a beginner and keen to learn ethical hacking, finding information about the target, IP or the website is the first step. Nmap is one such tool for mapping a network and finding information about the target. Here is a video that will help you learn more about the tool, along with demonstration on how we can use the tool. Do watch it!\n\n[https://www.youtube.com/watch?v=pxuBxp1NfsY&t=26s](https://www.youtube.com/watch?v=pxuBxp1NfsY&t=26s)","upvotes":1,"user_id":"FishermanWitty8173"},{"content":"Classiscam: Multi-Vector Attack Used Telegram & WhatsApp","created_at":1611918564.0,"id":"l7hg84","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7hg84/classiscam_multivector_attack_used_telegram/","subreddit":"cybersecurity","title":"On January 14, 2021, threat hunting company Group-IB published a [report](https://www.group-ib.com/media/mammoth-migration/) on a new scam scheme that they named \u201cClassiscam.\u201d The scheme involves a hierarchy of administrators, workers, and callers, who organize their activities through a Telegram bot. The scam itself targets customers of online marketplaces with a combination of baits, messages, and fraudulent sites to steal a victim\u2019s money. [Classiscam: Multi-Vector Attack Uses Telegram & WhatsApp (safeguardcyber.com)](https://www.safeguardcyber.com/blog/classiscam-targets-marketplace-users-with-telegram-bot)","upvotes":1,"user_id":"PhilipTortora"},{"content":"WhatsApp COVID-19 Phishing Schemes Targeting Latin America","created_at":1611918466.0,"id":"l7hexa","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7hexa/whatsapp_covid19_phishing_schemes_targeting_latin/","subreddit":"cybersecurity","title":"Messaging apps like WhatsApp are currently being utilized by criminal actors to send COVID-19 vaccine-themed phishing messages to individuals in Latin America. [WhatsApp COVID-19 Phishing Schemes Targeting Latin America (safeguardcyber.com)](https://www.safeguardcyber.com/blog/whatsapp-covid19-phishing-schemes-targeting-latin-america)","upvotes":2,"user_id":"PhilipTortora"},{"content":"Career path doubt","created_at":1611917109.0,"id":"l7gwq3","n_comments":6,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l7gwq3/career_path_doubt/","subreddit":"cybersecurity","title":"I m currently working as a Product support engineer for a DAM security product in a cybersecurity company(leader in data/app security). I have Security+ certification and some background in pen-testing/vulnerability assessment. \n\nI like what I do, but I am doubting will my current role help me in my career since although the product is data security, but job role is actually not security-related?\n\nSo my question here is how long should I stay in this job role or should I change and look for cybersecurity roles?","upvotes":1,"user_id":"karan_nayak"},{"content":"Phishing email and malware installed","created_at":1611916437.0,"id":"l7goa1","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7goa1/phishing_email_and_malware_installed/","subreddit":"cybersecurity","title":"Please help with the correct information. \nSay. Security analyst or threat analyst received a phishing Alert. \nThat one of the employee got phishing emailed. And click on the phishing link and downloaded malware documents. \nWhat are the step to (investigate) analyze and mitigates. \nWhat to look etc the step \nAs a security analyst or threat analyst. Would take.","upvotes":1,"user_id":"davidrob-"},{"content":"SOC Analyst Level 1 Interview Questions","created_at":1611878345.0,"id":"l70jku","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l70jku/soc_analyst_level_1_interview_questions/","subreddit":"cybersecurity","title":"Tomorrow is my Interview of SOC Analyst Level 1. What type of questions should I expect kindly share interview questions links if you thoughts that will be valuable for me.","upvotes":2,"user_id":"securitygusf"},{"content":"Free intro to incident response training course from creator of Autopsy","created_at":1611906516.0,"id":"l7cwbn","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7cwbn/free_intro_to_incident_response_training_course/","subreddit":"cybersecurity","title":"[https://dfir-training.basistech.com/courses/intro-to-divide-and-conquer](https://dfir-training.basistech.com/courses/intro-to-divide-and-conquer)","upvotes":2,"user_id":"Glum_Technology_Lord"},{"content":"How to Protect your Data Privacy. Some basic tips.","created_at":1611910399.0,"id":"l7efp7","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l7efp7/how_to_protect_your_data_privacy_some_basic_tips/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Mac_Hertz"},{"content":"Androidapp to test WiFi security","created_at":1611905995.0,"id":"l7cokl","n_comments":7,"percentage_upvoted":0.71,"permalink":"/r/cybersecurity/comments/l7cokl/androidapp_to_test_wifi_security/","subreddit":"cybersecurity","title":"Is there an app you use to check if a WiFi is secure? If so, which one? Non rooted pixel phone here.\n\n(Am aware of VPNs etc., this is a question about ensuring hackers aren't trying to get into your device through a WiFi network. Also am aware of general rules like having an updated phone and trusted apps only etc.)","upvotes":3,"user_id":"asifal2071"},{"content":"The first post on this sub in Reddit, I have a podcast called CISOTalk where I speak with fellow CISO, I wanted to share the latest episode with Jerich Beason, CISO at Epiq, the podcast is about cyber leadership, security challenges, and much more... Tune in and let me know what you think","created_at":1611905004.0,"id":"l7calm","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l7calm/the_first_post_on_this_sub_in_reddit_i_have_a/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Cisotalk"},{"content":"Patch Sudo - CVE-2021-3156","created_at":1611904767.0,"id":"l7c79t","n_comments":0,"percentage_upvoted":0.79,"permalink":"/r/cybersecurity/comments/l7c79t/patch_sudo_cve20213156/","subreddit":"cybersecurity","title":"* https://www.youtube.com/watch?v=2_ZaNBl6qNo\n* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3156\n\nSudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.","upvotes":5,"user_id":"cyber_numismatist"},{"content":"Cloud Security CSPM vs CWPP and IaaS vs PaaS","created_at":1611901235.0,"id":"l7aqcw","n_comments":4,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/l7aqcw/cloud_security_cspm_vs_cwpp_and_iaas_vs_paas/","subreddit":"cybersecurity","title":"I\u2019ve been researching solutions to get our cloud security whipped into shape. As I understand it CSPM will focus on the CSP management plane (AWS, Azure admin layer) whereas CWPP solutions are more focused on workloads running in the CSPs (thinking traditional host security measure like AV, HIDS, etc). \n\nMy questions are:\n\n1) Agree/disagree with my assessment of the line and purpose between CSPM and CWPP solutions? \n\n2) What solution(s) would you want to secure PaaS workloads where you aren\u2019t managing the underlying OS (Linux) or middleware (Kubernetes)?\n\nEnd goal of the understanding is I\u2019m trying to assess the value of a CWPP over a CSPM if an organization only leveraged PaaS services.","upvotes":2,"user_id":"clayjk"},{"content":"Deciding between math courses","created_at":1611900787.0,"id":"l7ak06","n_comments":2,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l7ak06/deciding_between_math_courses/","subreddit":"cybersecurity","title":"Hi there! I'm a Junior in HS who's going to pursue a career in cyber security. I'm currently choosing courses for my Senior year, and I'm stuck on my Math course. I'd either be taking AP Statistics or Calculus AB, and I'm wondering if one would be more beneficial than the other to pursue a degree in Cyber Security. Any advice is appreciated. Thank you!","upvotes":1,"user_id":"EnderKnight197"},{"content":"Security+ Voucher","created_at":1611897093.0,"id":"l78zdh","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l78zdh/security_voucher/","subreddit":"cybersecurity","title":"I have a Comptia Security+ & Network+ voucher for sale. Expires August 2021, message me if interested!","upvotes":0,"user_id":"unruly021"},{"content":"Any advice will be appreciated.","created_at":1611896742.0,"id":"l78to6","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l78to6/any_advice_will_be_appreciated/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"eco_go5"},{"content":"Concerning VPN Services","created_at":1611896680.0,"id":"l78soj","n_comments":22,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/l78soj/concerning_vpn_services/","subreddit":"cybersecurity","title":"I've noticed all of the fame that VPN services such as NordVPN has been getting, and as a Cybersecurity professional myself, I want to bring this mass scam into light. Simply put, they're utterly useless unless you're trying to do illegal stuff or wanting to watch something that isn't available in your country. If you use one for \"privacy\" it's also useless. It's just a proxy server that uses tunneling protocols, meaning it just adds another middle-man for all of your data to go through.\n\nWell you may ask me, what about my IP address? People can take that and if they do, can't they do anything they want to me? Most seem to think that once someone gets your IP address, they can find your physical location, even though it's HIGHLY unlikely since the only way to do that is to ask the ISP that owns that IP address about the postal code that's attached to it, but even then no one can do this without a warrent. I've publically put out my IP address many times because I like to host game servers on my network, and absolutely nothing that these stupid VPN services say that will happen to you if your IP address is leaked actually happens, and I know for a fact that nothing will happen. Even if you have the slightest bit of default security, it's still super hard for any potential hacker to break in, hence why they attempt to send you viruses, so every time it ends up being the victims fault that they were hacked (Unless it's some giant company, but I'm talking about average users here).\n\nFirst I'd like to point out that originally, Virtual Private Networks are used as an access point into a private network so you could be across the world and still be able to access your work or home. It allows you to securly connect to the private network over the internet, hence the name \"Virtual Private Netork\". A proxy, on the other hand, acts as a middle man to recieve all of your data and send it to the destination under a different source IP address, effectively masking your own IP address. What's insane is that VPN services are even misleading in their name. Services such as NordVPN are actually just accessible proxy servers that use tunnling protocols to keep your messages encripted.\n\nHere's what these bogus VPN services do in a nutshell: First, they send all of your data for you, cutting down your internet speed and making it so the destination sees the data coming from the proxy server instead of your own network. Second, they claim to be more \"private\", even though it's essentially less private because it just adds another middle-man (one that's third party in this case) to recieve all of your data. Finally, they're even misleading about the name since \"Virtual Private Network\" will intrest someone more then \"Proxy\" would. As I said, what NordVPN and the like does for you fits more along the lines of what a Proxy server does. All of this on top of the fact that you have to pay for them. As for the free VPN services, who knows what kind of information they're gathering from you.\n\nIf you don't believe this, ask any networking or Cybersecurity professional and I can garentee you that they agree. I hope I brought some people into the light about these misleading services.","upvotes":3,"user_id":"debug001"},{"content":"Does anybody know what the name is of something that can look at events that occurred in a system that beings with an H?","created_at":1611895508.0,"id":"l78993","n_comments":4,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l78993/does_anybody_know_what_the_name_is_of_something/","subreddit":"cybersecurity","title":"I am having trouble remembering the name of this term I know it begins with an H and it can help check to see if changes were made in an information system. Thank you!","upvotes":4,"user_id":"doradire"},{"content":"User behavior analytics services for security","created_at":1611892621.0,"id":"l76wwd","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l76wwd/user_behavior_analytics_services_for_security/","subreddit":"cybersecurity","title":"Hello,\n\nI\u2019m wondering if anybody knows of any good companies that provide services for insider threats, using User Behavior Analytics (UBA)?","upvotes":2,"user_id":"ceezvs"},{"content":"A Look at iMessage in iOS 14, from the Project Zero team at Google","created_at":1611892217.0,"id":"l76q4h","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l76q4h/a_look_at_imessage_in_ios_14_from_the_project/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"julian88888888"},{"content":"Do you really know what Cyber Threat Intel is? (And why its so important?)","created_at":1611889940.0,"id":"l75obs","n_comments":0,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/l75obs/do_you_really_know_what_cyber_threat_intel_is_and/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"HeyGuyGuyGuy"},{"content":"Best education?","created_at":1611889736.0,"id":"l75kw6","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l75kw6/best_education/","subreddit":"cybersecurity","title":"Hi there :) I just wanted to ask this community which education is best if I want to work with cybersecurity? I was wondering whether I should pick Network Engineering or Computer Science. I appreciate any input :)","upvotes":0,"user_id":"uservssystem"},{"content":"If I keep using my old hard drive will I still be anonymous?","created_at":1611889382.0,"id":"l75f15","n_comments":10,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l75f15/if_i_keep_using_my_old_hard_drive_will_i_still_be/","subreddit":"cybersecurity","title":" I'm thinking about browsing the tor but I have my hard drive that I used several years ago in Windows and browsing Google this breaks my anonymity?","upvotes":0,"user_id":"IntelligentEchidna87"},{"content":"Masters in InfoAssurance and Cyber Sec at Davenport university","created_at":1611888975.0,"id":"l7581a","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l7581a/masters_in_infoassurance_and_cyber_sec_at/","subreddit":"cybersecurity","title":"Hi community. Anyone here studied at Davenport university? Just want to know whether the program is well taught or just skimmed through.\n\nAny advice would be appreciated","upvotes":0,"user_id":"Taiwan004"},{"content":"Getting into Cyber Security","created_at":1611887184.0,"id":"l74he6","n_comments":5,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l74he6/getting_into_cyber_security/","subreddit":"cybersecurity","title":"What are the most basic and essential skills/and concepts to learn ,know and be familiar with to get into Cyber Security with no experience and a few certs. (Sec+ and Aws CCP)?????","upvotes":2,"user_id":"mastermynd_rell"},{"content":"Verification of salted hash","created_at":1611885970.0,"id":"l744jg","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l744jg/verification_of_salted_hash/","subreddit":"cybersecurity","title":"Hi, I do understand the consept with salted hashing, and that the hash is a sum of the password/key + salt. That the hash is stored i.e. in the device, and that the device/application compare the hash of the user password input (password+salt) to the one stored in the internal database. And as far as I can see the salt is stored along with the hash.\nBut with Cisco devices I have seen that I can copy the hashed representation of a users password into another device and be able to login to that device using the same password. How is that possible? (since I just copied the hash, not the salt)","upvotes":2,"user_id":"Energia2000"},{"content":"Python Based Website Login Credential Sniffer","created_at":1611884879.0,"id":"l73o6s","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l73o6s/python_based_website_login_credential_sniffer/","subreddit":"cybersecurity","title":" TuskerInterface:- Python Based Website Login Credential Sniffer. \n\n1. This is a simple yet extremely powerful Python HTTP/HTTPS Login Sniffer script.\n\n2. It comes with the Tusker Tnterface for executing it to seamlessly sniff login creds.\n\nNOTE:-\n\n1. You need sslstrip installed and running on your system while executing this tool.\\*\n\n2. You need to run sslstrip, then two instances of this script (one for arp spoofing other for password sniffing)\\*\n\n3. I recommend using a custom terminal like 'Terminator' for easy access to different terminals\\*\n\nDownload Link for [security professionals](https://ncybersecurity.com/):-\n\n[https://github.com/mage-master/TuskerInterface](https://github.com/mage-master/TuskerInterface)","upvotes":2,"user_id":"soumi5"},{"content":"TD Clients Affected By Fraudulent DoorDash Debit Card Charges","created_at":1611882607.0,"id":"l72m7e","n_comments":0,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/l72m7e/td_clients_affected_by_fraudulent_doordash_debit/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"knifes96"},{"content":"Metasploit (basic/advanced) training","created_at":1611882458.0,"id":"l72jfm","n_comments":4,"percentage_upvoted":0.82,"permalink":"/r/cybersecurity/comments/l72jfm/metasploit_basicadvanced_training/","subreddit":"cybersecurity","title":"Can anyone suggest best metasploit (basic and advanced) training, free or paid? I am trying to learn it from metasploit unleased document but not really gripping to learn ( at least I feel so). I have used metasploit to some extent in the past and familiar with it for basic exploits. But I want something like methodical training (videos) etc. Thanks in advance.","upvotes":7,"user_id":"Pamelaxyz"},{"content":"What I Would Do/The Resources I Would Use To Get My First Job In Cybersecurity If I Had No Higher Education, No Experience In IT, & Little Money To Spend (A Guide w/Links)","created_at":1611882298.0,"id":"l72gmn","n_comments":76,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/l72gmn/what_i_would_dothe_resources_i_would_use_to_get/","subreddit":"cybersecurity","title":"","upvotes":555,"user_id":"heyitsmegannnn"},{"content":"Work/Home privacy","created_at":1611880417.0,"id":"l71ixk","n_comments":5,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l71ixk/workhome_privacy/","subreddit":"cybersecurity","title":"Hi, I currently work from home on a company computer which is plugged into a network switch ALONG with my personal PC. The switch uses 1 ethernet cable going from my router and has both my devices connected into it. Could my employer see my browsing activity from my personal PC?","upvotes":0,"user_id":"Avansir1"},{"content":"Recent cyber security grad with 3 questions \u2b07\ufe0f","created_at":1611877915.0,"id":"l70cv8","n_comments":13,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/l70cv8/recent_cyber_security_grad_with_3_questions/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"KaleidoscopeClean"},{"content":"I've to learn hacking etical first before to be a red team hacker?","created_at":1611875702.0,"id":"l6zauu","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/l6zauu/ive_to_learn_hacking_etical_first_before_to_be_a/","subreddit":"cybersecurity","title":"Hi! I'm a MERN developer (mongo, express, react and nodejs), but i'm too interested about cybersecurity. I was looking of the diferents currents paths. But before i start to learn i've a question , i have to learn first ethical hacking ? And if u have any resource to learn i'll be really appreciate :D\n\nSorry about my english :(","upvotes":1,"user_id":"byteston15"},{"content":"Maximum Security","created_at":1611875193.0,"id":"l6z1tw","n_comments":8,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/l6z1tw/maximum_security/","subreddit":"cybersecurity","title":"I\u2019ve been wondering if there\u2019s anything you could do to be as secure as possible on the internet. I only have surface level knowledge about security ( vpn etc ) but i\u2019d love to learn more so i can be as secure as possible. I\u2019d love it if anyone could point me in the right direction or recommend some resources for cybersec. \n\nThanks in advance","upvotes":2,"user_id":"Phantom-Thief98"},{"content":"Data Privacy Day 2021","created_at":1611874695.0,"id":"l6ysdo","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6ysdo/data_privacy_day_2021/","subreddit":"cybersecurity","title":"2021 Begins a new decade of privacy, especially as everything continues to become more interconnected. For Data Privacy Day, we're sharing two informative blogs that cover an array of topics focused on security your user's data.\n\n[https://community.spiceworks.com/topic/2304763-data-privacy-day-2021](https://community.spiceworks.com/topic/2304763-data-privacy-day-2021)","upvotes":2,"user_id":"jrmscooter"},{"content":"Cyberespionage Book","created_at":1611872000.0,"id":"l6xllx","n_comments":0,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/l6xllx/cyberespionage_book/","subreddit":"cybersecurity","title":"Ilk kitab\u0131m, tezim, Routledge yay\u0131nlar\u0131ndan bas\u0131ld\u0131. Eyl\u00fcl ay\u0131ndan itibaren se\u00e7kin kitap\u00e7\u0131larda...\n\nMy first book and thesis has been published by Routledge, avaliable in September.\n\nhttps://books.google.com.tr/books/about/Confronting_Cyberespionage_Under_Interna.html?id=UkaXtgEACAAJ&redir_esc=y\n\nhttps://www.routledge.com/Confronting-Cyberespionage-Under-International-Law/Pehlivan/p/book/9781138476424","upvotes":0,"user_id":"opehlivan"},{"content":"New cybercrime tool can build phishing pages in real-time","created_at":1611869825.0,"id":"l6wr9b","n_comments":2,"percentage_upvoted":0.92,"permalink":"/r/cybersecurity/comments/l6wr9b/new_cybercrime_tool_can_build_phishing_pages_in/","subreddit":"cybersecurity","title":"","upvotes":30,"user_id":"jpc4stro"},{"content":"Any security professionals willing to jump on a Skype or Zoom call for a quick interview?","created_at":1611868647.0,"id":"l6wbu2","n_comments":8,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/l6wbu2/any_security_professionals_willing_to_jump_on_a/","subreddit":"cybersecurity","title":"I'm a security professional with 5-6 years of experience who is planning to switch jobs and needs help preparing for technical interview. \n\nIf anyone is willing to help out that would be greatly appreciated.","upvotes":2,"user_id":"cultrip"},{"content":"IF YOU ACQUIRE THE CISSP WITHOUT THE EXPERIENCE, IS IT PRACTICAL TO USE CISSP-ASSOCIATE on your resume?","created_at":1611867351.0,"id":"l6vwd7","n_comments":11,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l6vwd7/if_you_acquire_the_cissp_without_the_experience/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"mastermynd_rell"},{"content":"Someone clearly knows my name, phone number and one of my email addresses. What to do?","created_at":1611866988.0,"id":"l6vsi4","n_comments":5,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6vsi4/someone_clearly_knows_my_name_phone_number_and/","subreddit":"cybersecurity","title":"I received a phone call from a tattoo parlor for an appointment I never made (I don\u2019t have a single tattoo and don\u2019t have plans for one). The parlor obviously hasn\u2019t phone number which anyone can guess and just give but they also referred to me by name which was cause for concern. I asked if they knew the name of the person who signed me up and they said it was Melinda.\n\nNow this morning I get an email from said Melinda saying \u201cHi <my first name> I am bored.\u201d\n\nSo now I know this person not only knows my name and number they also know my email. \n\nDo I bother replying or just ignore? Will this Melinda continue to be annoying and make appointments for me? \n\nWhat should I do? I\u2019m considering just deleting that email address and changing my phone number if this becomes a problem.","upvotes":0,"user_id":"01123581321AhFuckIt"},{"content":"Need help with school project!","created_at":1611866313.0,"id":"l6vldz","n_comments":0,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l6vldz/need_help_with_school_project/","subreddit":"cybersecurity","title":"Hello,\n\nThis is my first time posting here. I am in need of some help with a school project. I am in my final semesters as a cyber security student, and as part of my course work we have to do an internship. Now, this place I work at is not really cyber security related and I am having troubles finding someone in the industry to help me fill this out.\n\nIf there is anyone out there who is a cyber security engineer that can fill out this questionnaire I would really appreciate it. You can just copy past it and PM it to me if you want.\n\n​\n\n​\n\n \n\nINFORMATIONAL INTERVIEW\n\nInterviewer\n\n: (name)\n\nInterviewee\n\n: (name)\n\nInterviewee\u2019s Company(Your Companies name)\n\nHow did you get started in the field? What was your first job?\n\nHow did you get from your first job to where you are today?\n\nWhat are your major job responsibilities?\n\nWhat is a typical day (or week) like for you? Is the work typically routine or does it vary on a daily basis? \n\nWhat are the greatest pressures and frustrations that typically accompany this type of work?\n\nWhat is your educational background?\n\nWhat degrees and/or certificates and do employers typically value in this field?\n\nWhat are the key personal characteristics for success in this field?\n\nIf I want to work in this industry (which I do), what should I be reading regularly to stay on top of the emerging \n\ntechnologies in the industry? Are there books, websites, magazines or trade publications that you recommend?\n\nWhich skills are most important for me to acquire?\n\nWhat is the best advice you have for me once I graduate and look to find a job in this field? What are the most \n\neffective strategies for seeking a position in this field in this area?\n\nWhat are the important \u201ckey words\u201d or \u201cbuzz words\u201d to include in a resume or cover letter when job hunting in \n\nthis field?\n\nWhat are some related occupations I could consider?\n\nWhat advice would you give someone going into the field?","upvotes":1,"user_id":"Popgoesmyglock"},{"content":"If I give a fake email to someone, is my real email in danger?","created_at":1611864942.0,"id":"l6v7og","n_comments":4,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l6v7og/if_i_give_a_fake_email_to_someone_is_my_real/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"NerdyLizardZ"},{"content":"Emotet: World's Largest Malware Botnet Taken Down By Police","created_at":1611863696.0,"id":"l6uv2e","n_comments":1,"percentage_upvoted":0.84,"permalink":"/r/cybersecurity/comments/l6uv2e/emotet_worlds_largest_malware_botnet_taken_down/","subreddit":"cybersecurity","title":"","upvotes":4,"user_id":"harshsharma9619"},{"content":"MS cyber security is big business.","created_at":1611862728.0,"id":"l6ulyu","n_comments":1,"percentage_upvoted":0.88,"permalink":"/r/cybersecurity/comments/l6ulyu/ms_cyber_security_is_big_business/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"Gary_The_Snail_IV"},{"content":"A new Server for Hackers","created_at":1611858885.0,"id":"l6tmn6","n_comments":4,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6tmn6/a_new_server_for_hackers/","subreddit":"cybersecurity","title":"Hey people, I build a new Discord Server just for hackers, We are a group of hacking enthusiasts ranging from all points of the spectrum. We hope you have a good time interacting with fellow members and share knowledge, in turn helping each other grow. If you are interested here is the link to join [https://discord.gg/Td4HV3ftm4](https://discord.gg/Td4HV3ftm4)\n\nThank you!","upvotes":0,"user_id":"Gexos"},{"content":"Unhacking Password Attacks with Roger Grimes","created_at":1611858415.0,"id":"l6til7","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6til7/unhacking_password_attacks_with_roger_grimes/","subreddit":"cybersecurity","title":"Intensity Analytics, the leader in password fortification through behavorial authentication, has been invited to participate in a webinar hosted by Roger Grimes, the author of Hacking Multifactor Authentication, as well as eleven other best-selling books and over 1,000 articles. He is a consultant to some of the world's largest companies and military agencies, with over thirty years of experience in computer security, and a leading expert on host and network security, IdM, crypto, PKI, APT, honeypot, cloud security. Intensity Analytics, will demonstrate their TickStream product, in real-time, to show how new technology can solve many of the problems associated with password attacks.\n\nPasswords are the single biggest cybersecurity risk, but they aren't going away anytime soon. The average person has up to 19 active passwords on as many as 100 accounts, and while the demise of passwords has been predicted for thirty years, the alternatives (MFA, biometrics, etc.) work on less than 2% of the world's web sites and services. Meanwhile, multifactor authentication is, and can be hacked, sometimes as easy as passwords. Learn about these vulnerabilities, how these exploits work, and what to do about them (along with the live demonstration), from one of the world's foremost authorities on security.\n\nTo register for this free webinar, with an opportunity to win a copy of Roger's latest book, please register at: [https://unhackingpasswords.eventbrite.com/?aff=TK](https://unhackingpasswords.eventbrite.com/?aff=TK)","upvotes":0,"user_id":"IntensityAnalytics"},{"content":"Safest way to video call a stranger?","created_at":1611857970.0,"id":"l6teqp","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l6teqp/safest_way_to_video_call_a_stranger/","subreddit":"cybersecurity","title":"So in short, I\u2019ve been messaged on here (Reddit) asking if I would like to have some free language lessons based off a post I had made. They seem normal and genuinely want to help but I am still very cautious about video calling someone I don\u2019t know and would like to know what the best video calling app is the safest? One that doesn\u2019t give away IP address or leaves me vulnerable to being hacked. I have a VPN but I don\u2019t know if that is enough security?\n\nIf there is no safe way of doing this, I won\u2019t. Thanks!","upvotes":0,"user_id":"TA12346785433"},{"content":"Unknows 'Haleng' program found in Task manager startup","created_at":1611857838.0,"id":"l6tdjx","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6tdjx/unknows_haleng_program_found_in_task_manager/","subreddit":"cybersecurity","title":"I was just browsing through task manager startup and saw two unknown programs-'Haleng' and 'Program'.I researched a bit online and found that 'program'Is, not a virus, it is a leftover f a deleted application, but I don't know about 'Haleng' If anybody knows how to fix this or if it is even a virus pls help.I disabled it as soon as I saw it.I ran a full scan and found a threat and removed it but this doesn't go away","upvotes":0,"user_id":"Hybrrid"},{"content":"Top 10 Telegram Cybersecurity Groups You Should Join","created_at":1611857047.0,"id":"l6t6lc","n_comments":0,"percentage_upvoted":0.33,"permalink":"/r/cybersecurity/comments/l6t6lc/top_10_telegram_cybersecurity_groups_you_should/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Cyberthere"},{"content":"2021 is Unlikely to See Reduction in Ransomware Attacks - WebTitan","created_at":1611853743.0,"id":"l6sdyj","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6sdyj/2021_is_unlikely_to_see_reduction_in_ransomware/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"Lincoln21234456"},{"content":"What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics","created_at":1611852795.0,"id":"l6s5d6","n_comments":0,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/l6s5d6/whats_in_score_for_website_users_a_datadriven/","subreddit":"cybersecurity","title":"**tl;dr:** Online services use Risk-based Authentication (RBA) to protect their users from password attacks without enforcing Two-factor authentication (2FA). Study shows how RBA behaves on a real-world website and which RBA configurations are sensible for own deployments.\n\nStudy will be published at Financial Crypto (FC) 2021.\n\n**Website + Paper**: [https://riskbasedauthentication.org/security/characteristics/](https://riskbasedauthentication.org/security/characteristics/)","upvotes":2,"user_id":"ldmail"},{"content":"Intezer - How We Hacked Azure Functions and Escaped Docker","created_at":1611850840.0,"id":"l6ro9k","n_comments":0,"percentage_upvoted":0.85,"permalink":"/r/cybersecurity/comments/l6ro9k/intezer_how_we_hacked_azure_functions_and_escaped/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"difki"},{"content":"MSSQL Lateral Movement \u2013 NCC Group Research","created_at":1611764068.0,"id":"l5zs7x","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l5zs7x/mssql_lateral_movement_ncc_group_research/","subreddit":"cybersecurity","title":"","upvotes":2,"user_id":"IberianIbex"},{"content":"Blue team training list","created_at":1611791345.0,"id":"l679wq","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l679wq/blue_team_training_list/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"OOptions"},{"content":"Why understimate CEH certification?","created_at":1611850131.0,"id":"l6rhz6","n_comments":4,"percentage_upvoted":0.6,"permalink":"/r/cybersecurity/comments/l6rhz6/why_understimate_ceh_certification/","subreddit":"cybersecurity","title":"In my previous post, few people mentioned that CEH is not worth it. What do you cyber champs think? Or Why is it underated? \n\nThanks","upvotes":1,"user_id":"Taiwan004"},{"content":"Cybercops derail malware botnet, FBI makes ransomware arrest","created_at":1611848301.0,"id":"l6r1k4","n_comments":4,"percentage_upvoted":0.95,"permalink":"/r/cybersecurity/comments/l6r1k4/cybercops_derail_malware_botnet_fbi_makes/","subreddit":"cybersecurity","title":"","upvotes":51,"user_id":"wewewawa"},{"content":"What should I learn first in cybersecurity?","created_at":1611845441.0,"id":"l6qcbr","n_comments":3,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/l6qcbr/what_should_i_learn_first_in_cybersecurity/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"MO_DOK"},{"content":"Best password manager?","created_at":1611843490.0,"id":"l6puo2","n_comments":179,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/l6puo2/best_password_manager/","subreddit":"cybersecurity","title":"Any recommendations for a password manager that works with PC and mobile? I\u2019ve heard good things about 1Password, wondering if there\u2019s better out there","upvotes":181,"user_id":"Novel-Connection9762"},{"content":"Anything I should know before getting into Cybersecurity?","created_at":1611842643.0,"id":"l6pm2k","n_comments":9,"percentage_upvoted":0.64,"permalink":"/r/cybersecurity/comments/l6pm2k/anything_i_should_know_before_getting_into/","subreddit":"cybersecurity","title":"I'm thinking about going into cybersecurity as a career. What should I know before going in? Any coding languages I should understand how to use or anything else?","upvotes":3,"user_id":"phantasmacorvi"},{"content":"I'm studying for the eJPT, I'd the free INE course enough for it? Or should I study something else along with it? Also any tips for the cert would be appreciated","created_at":1611834114.0,"id":"l6n2qy","n_comments":2,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l6n2qy/im_studying_for_the_ejpt_id_the_free_ine_course/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"Diligent-Surround693"},{"content":"Examining A Sodinokibi Attack","created_at":1611832018.0,"id":"l6mepp","n_comments":0,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/l6mepp/examining_a_sodinokibi_attack/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"ajokewaitingtohappen"},{"content":"Apple urges iPhone, iPad users to update operating system immediately after security flaws 'may have been actively exploited'","created_at":1611830656.0,"id":"l6ly5d","n_comments":1,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/l6ly5d/apple_urges_iphone_ipad_users_to_update_operating/","subreddit":"cybersecurity","title":"","upvotes":74,"user_id":"DeoVolente11"},{"content":"Is lastpass safe?","created_at":1611829791.0,"id":"l6lnkc","n_comments":11,"percentage_upvoted":0.25,"permalink":"/r/cybersecurity/comments/l6lnkc/is_lastpass_safe/","subreddit":"cybersecurity","title":"Hi I am looking for a safe way to protect my passwords and I saw in a video that its pretty good. Is it really though?","upvotes":0,"user_id":"VaibhavsHyper"},{"content":"How is the work/life balance in this field? Degree or certs?","created_at":1611823638.0,"id":"l6jf60","n_comments":5,"percentage_upvoted":0.57,"permalink":"/r/cybersecurity/comments/l6jf60/how_is_the_worklife_balance_in_this_field_degree/","subreddit":"cybersecurity","title":"Im looking into this field, and an important factor to me is the work/life balance. Im a first year college student. How are the work hours? Do you still get time for yourself? Also, If i were making cybersec my goal, should I drop out and start collecting experience now, or go to trade school for it?","upvotes":1,"user_id":"RedacteddHT"},{"content":"Trying to understand some strange network activity","created_at":1611822417.0,"id":"l6iwkh","n_comments":3,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6iwkh/trying_to_understand_some_strange_network_activity/","subreddit":"cybersecurity","title":"I recently setup a server that listens on 2 random port numbers, and after I move some information (from AWS back to my office) I start to see random hosts on the internet trying to connect to these newly opened ports. The ports are non-standard, and I even tried to change them and the strangeness starts happening again after a short time (but only after I move info). The server is only 2 https servers running on 2 ports (one port request clients certs and the other requires them). I even setup a 3rd server/port that was a honeypot wondering if this was port scanning and the hosts never tried connecting to that\n\nWhy would random hosts on the internet be trying to connect to these completely random ports? And this isn't just once, it is repeatedly hosts on similar network ranges from different countries, and they keep trying to connect multiple times (firewall blocks then after first failed connection without proper cert)\n\nNot sure if this the right place to post this, but figured I'd see if anyone has any ideas or a better place to ask","upvotes":0,"user_id":"DaSpawn"},{"content":"Recent cyber security grad with career paths questions","created_at":1611820312.0,"id":"l6i5ic","n_comments":0,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l6i5ic/recent_cyber_security_grad_with_career_paths/","subreddit":"cybersecurity","title":"I posted my question at the link below. I don\u2019t know how to use Reddit tbh so sorry if this isn\u2019t allowed. Or if it\u2019s annoying lol \n\n https://www.reddit.com/r/SecurityCareerAdvice/comments/l6hvtq/recent_cyber_security_grad_with_3_questions/?utm_source=share&utm_medium=ios_app&utm_name=iossmf","upvotes":0,"user_id":"KaleidoscopeClean"},{"content":"Is CCNA Certification worth it?","created_at":1611820173.0,"id":"l6i3hi","n_comments":13,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l6i3hi/is_ccna_certification_worth_it/","subreddit":"cybersecurity","title":"Currently taking classes for an info security Associates that will transition into a bachelors in 2022. One of my classes this semester is intro to networks which says it is 1st of 3 courses aligned to the CCNA Certification exam. Is this worth it for Cybersecurity? Or is it more IT based?","upvotes":11,"user_id":"Affectionate_Mind661"},{"content":"Could someone please explain some to me how Prototype Pollution attack works with handlebars?","created_at":1611817273.0,"id":"l6gzfh","n_comments":4,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l6gzfh/could_someone_please_explain_some_to_me_how/","subreddit":"cybersecurity","title":"I understand the Prototype Pollution attack using regular jQuery i.e., using the extend or the merge (or clone) function but I'm unable to wrap my mind around how you would do that with handlebars?\n\nLinks to relevant vulnerabilities:\n\n[Prototype Pollution with jQuery](https://nvd.nist.gov/vuln/detail/CVE-2019-11358)\n\n[Prototype Pollution with handlebars](https://nvd.nist.gov/vuln/detail/CVE-2019-19919)\n\nThanks in advance!","upvotes":1,"user_id":"zhdapleeblue"},{"content":"Does a VPN encrypt your data?","created_at":1611814973.0,"id":"l6g3un","n_comments":13,"percentage_upvoted":0.76,"permalink":"/r/cybersecurity/comments/l6g3un/does_a_vpn_encrypt_your_data/","subreddit":"cybersecurity","title":"Hello everyone, please correct me if I'm wrong.\n\nI had a discussion with a peer about if a VPN encrypts the data in transit. For example, if you are navigating the internet using a VPN and somebody intercepts the traffic, would the interceptor be able to see what you were doing? How does VPN encryption work?","upvotes":11,"user_id":"Bani2008"},{"content":"Trust will not protect you: Verify & Monitor your Software Supply Chain","created_at":1611806419.0,"id":"l6cyor","n_comments":0,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6cyor/trust_will_not_protect_you_verify_monitor_your/","subreddit":"cybersecurity","title":"Trust will not protect you: Verify & Monitor your Software Supply Chain\n\n[https://www.linkedin.com/pulse/trust-protect-you-verify-your-software-supply-chain-john-scott/](https://www.linkedin.com/pulse/trust-protect-you-verify-your-software-supply-chain-john-scott/)","upvotes":0,"user_id":"Bayes-Scheming-33"},{"content":"CNCF - Cloud Native Security Whitepaper on GitHub","created_at":1611805973.0,"id":"l6cshk","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6cshk/cncf_cloud_native_security_whitepaper_on_github/","subreddit":"cybersecurity","title":"[https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF\\_cloud-native-security-whitepaper-Nov2020.pdf](https://github.com/cncf/sig-security/blob/master/security-whitepaper/CNCF_cloud-native-security-whitepaper-Nov2020.pdf)","upvotes":1,"user_id":"alcideio"},{"content":"Looking for Suggestions","created_at":1611804406.0,"id":"l6cbgd","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6cbgd/looking_for_suggestions/","subreddit":"cybersecurity","title":"Hi y\u2019all! I\u2019m taking an information warfare class this semester and have to do a threat intelligence brief on an APT. There are a few that seem interesting like Helix Kitten or Stardust Chollima. I want an APT that will have a lot written about it so it\u2019ll make researching fun. Any suggestions? Thank you!","upvotes":2,"user_id":"achavva"},{"content":"I am receiving reddit digest emails for an account i never made","created_at":1611803553.0,"id":"l6c1wk","n_comments":6,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l6c1wk/i_am_receiving_reddit_digest_emails_for_an/","subreddit":"cybersecurity","title":"My account, the one used for this post, is tied to a Gmail account. Just now i was checking through my spam folder and noticed a bunch of reddit digest emails. Thinking nothing of it except that it's annoying, i scroll down looking for the unsubscribe link. I find it, click it and am taken to the unsubscribe page for u /Automatic-jelly-\"some number\". What? I never made this account and the fact that it's tied to my Gmail is extremely concerning.\n\nSo what and how did this happen? Is it some shitty reddit feature or did someone hack my Gmail account in order to verify the email for the account, which you have to do, right?","upvotes":0,"user_id":"MayContainYuri"},{"content":"Nefilim Ransomware Gang Used CVE-2019-11634 Vulnerability To Remotely Access Deceased User Account","created_at":1611803055.0,"id":"l6bwjj","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6bwjj/nefilim_ransomware_gang_used_cve201911634/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Sentinel_2539"},{"content":"NAT Slipstreaming v2.0: New Attack Variant Can Expose All Internal Network Devices to The Internet","created_at":1611802793.0,"id":"l6bty7","n_comments":0,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/l6bty7/nat_slipstreaming_v20_new_attack_variant_can/","subreddit":"cybersecurity","title":"","upvotes":27,"user_id":"speckz"},{"content":"TeamTNT Malware Upgraded to Use Open-Source Tool to Evade Detection","created_at":1611802082.0,"id":"l6bl8k","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6bl8k/teamtnt_malware_upgraded_to_use_opensource_tool/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"harshsharma9619"},{"content":"Does anyone have any information about a data breach AntiPub Drugs Squad\" Combolist?","created_at":1611798640.0,"id":"l6a8cc","n_comments":23,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l6a8cc/does_anyone_have_any_information_about_a_data/","subreddit":"cybersecurity","title":"I found out that my primary email has been caught up in a breach called AntiPub Drugs Squad\" Combolist breach. Does anyone know what this means? I'm not very savy when it comes to breaches and how to handle them, unless I see the specific site or company that caused the breach. I had this happen with adobe once and reset all my login information. I'm not sure what to do about this breach though, as I do not know where it came from. Any information is appreciated.","upvotes":10,"user_id":"Cheap_and_Defective"},{"content":"Top 10 Best Mobile App Security Testing Tools In 2021","created_at":1611797401.0,"id":"l69pyt","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l69pyt/top_10_best_mobile_app_security_testing_tools_in/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"KeyDutch"},{"content":"Admin Access By Cookie Manipulation | TryHackMe Advent of Cyber 1 Day 1","created_at":1611793456.0,"id":"l683pz","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l683pz/admin_access_by_cookie_manipulation_tryhackme/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"MotasemHa"},{"content":"Interesting ideas for bug bounty program","created_at":1611792500.0,"id":"l67q1j","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l67q1j/interesting_ideas_for_bug_bounty_program/","subreddit":"cybersecurity","title":"Hey\nI'm planning on starting a bug bounty program for my application and I wanted to know if y'all had any cool ideas for it. \n\nRight now I'm planning \n - Low - Company Swag; Medium -$300; High -$500 \n - Hall of Fame page \n\nAny other suggestions?","upvotes":2,"user_id":"___Sirrv___"},{"content":"United Nations Environment Program Data Breach - Mitre ATT&CK analysis","created_at":1611792009.0,"id":"l67j0e","n_comments":5,"percentage_upvoted":0.98,"permalink":"/r/cybersecurity/comments/l67j0e/united_nations_environment_program_data_breach/","subreddit":"cybersecurity","title":"","upvotes":122,"user_id":"Advocatemack"},{"content":"Why The SolarWinds Hack is Incredibly Important","created_at":1611789140.0,"id":"l66gtv","n_comments":1,"percentage_upvoted":0.77,"permalink":"/r/cybersecurity/comments/l66gtv/why_the_solarwinds_hack_is_incredibly_important/","subreddit":"cybersecurity","title":"","upvotes":9,"user_id":"ThePainDrain"},{"content":"For those who have a career in cyber security, how can I start mine?","created_at":1611785646.0,"id":"l65buy","n_comments":14,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l65buy/for_those_who_have_a_career_in_cyber_security_how/","subreddit":"cybersecurity","title":"Hey everyone! I\u2019m a 17 year old from the UK who is currently spending most of my time inside everyday due to the lockdown. I\u2019m new to cybersecurity but I\u2019m a quick learner and I\u2019ve had an interest and skill for computers and problem solving my whole life so it seems like the perfect career path for me. \n\nI am really motivated to start learning as soon as I can, So I came here to ask the professionals for advice, is there any good courses, videos or anything else that I can do now that will boost my future in cybersecurity?\n\nAny help is welcome, thanks. :)","upvotes":6,"user_id":"General_Tricky"},{"content":"See some Tresorit examples for simulating phishing attacks and learn more about how to design tests, about common attack types, and get some tips for preventative measures your company should have in place.","created_at":1611785641.0,"id":"l65bsz","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l65bsz/see_some_tresorit_examples_for_simulating/","subreddit":"cybersecurity","title":"**A false sense of security**\n\nPhishing is by no means a new phenomenon - for years now, organizations of all sizes have been falling victim to attacks ranging from the laughably obvious to the frightfully sophisticated. \n\nA successful phishing attempt is often the first link in a chain of events that lead to a high severity information security incident, like the disclosure of sensitive information or the theft and destruction of intellectual property. As a result of this, measures aimed at detecting and stopping phishing attacks are now a vital element in any organization\u2019s information security strategy.\n\nTechnical measures are usually the first that come to mind, and these have advanced considerably since the early days of the Internet. We have filters (and they are getting better and better at recognizing fraudulent messages), our browsers maintain lists of known attacker sites and the impact of a successful attack is lessened by security features such as two-factor authentication and modern intrusion detection systems. \n\nThe bad news is that, while technical measures may stop the majority of attacks before any damage can be done, they might actually help the more sophisticated attackers who are able to circumvent them. Since obvious phishing messages of the more common variety rarely reach our inbox (while e-mail is not the only vector attackers can use, it is the focus of this post), we begin to build a kind of confidence in the algorithms that protect us, implicitly trusting messages that get through them. Without visible danger on the horizon, organizations tend to let our guard down.\n\nFrom an organizational security perspective, this presents us with a new problem: while people can be trained to better recognize fraudulent messages and websites, they rarely have the opportunity to do so in practice. One might spend the entire time between two yearly information security training courses never putting any of their content to use - quizzes and the like do little to help with this. \n\nWhilst we cannot risk letting real attacks through on purpose, we can construct our own phishing messages based on known attacker patterns and let them loose inside the organization. Not only does this provide a safe environment for employees to apply the techniques that are essential in recognizing fraudulent messages, it also lets us track the efficacy of our training program, measuring progress over time with repeated tests (counting clicks, compromised credentials, e-mails reported as phishing, and so on).\n\nSince early 2019, the Security team at Tresorit have aimed to deliver one of these simulated attacks to our employees inboxes every quarter. While more and more organizations choose to perform such tests (for example, [GitLab chose to publish a write-up on theirs](https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/RT-011%20-%20Phishing%20Campaign), and news of a test performed by GoDaddy has been [featured in several online publications](https://coppercourier.com/story/godaddy-employees-holiday-bonus-secruity-test/)), Tresorit sets the bar for these tests high - by simulating a variety of attack types, ranging from simple to highly sophisticated. \n\n**Designing the tests**\n\nFrom the very start, we decided to focus on simulating attacks that try to obtain user credentials for various external and internal services. While attackers are known to have other targets (credit card numbers, personal information to be later used for identity theft, etc.), the impact of leaked credentials on overall organizational security is by far the most severe. \n\nWe already had different preventative measures in place for this kind of attack:\n\n​\n\n* Single sign-on through Azure Active Directory is preferred where supported\n* LastPass is used as a password manager and to prevent password reuse\n* Two-factor authentication is turned on wherever possible\n\nAnd, In our information security training materials, we emphasize two main points:\n\n​\n\n* You should never be prompted to log in to Azure Active Directory while on a company owned device (since [Seamless Single Sign-On](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso) is turned on)\n* After clicking on a link in an e-mail, treat the page as suspicious, and do not enter credentials when prompted. Log in on a safe, known page instead, then try again. If the link still prompts for credentials, contact the Security Team.\n\nWhile our training material also includes information on how to recognize phishing e-mails by content, it is important to understand that a well executed attack is extremely hard to distinguish from the real thing. \n\nWhile in practice many phishing e-mails and landing pages look *off* somehow, there is nothing preventing an attacker from making a carbon copy of a real e-mail and landing page. The sender\u2019s e-mail address and the URL of the landing page might be suspicious, or it might be perfectly reasonable - at times, the e-mail might be getting sent from a real (albeit compromised) account that belongs to a service or partner company.\n\nBased on these premises, we decided to simulate attacks against the highest value credentials (including Azure Active Directory and LastPass), and craft e-mails and landing pages that could not be identified as suspicious based on their content. \n\nTo make this all work, we built a custom solution based on open-source tools such as [Modlishka](https://github.com/drk1wi/Modlishka), a seamless reverse proxy that allows us to serve a slightly modified version of the real service as our landing page. This page is indistinguishable from the real service to the naked eye, allowing us to capture credentials protected by two-factor authentication (as it can be used to capture the full user session instead of just the credentials themselves). While this might sound like an advanced attack, note that this is an open-source tool available to attackers as well.\n\nWhile we intentionally bypassed automated filters for these tests, during development we noticed that most of the messages got through them either way. This is probably due to the fact that their content was unique and the domains/IP addresses they were sent from had no prior reputation as being attacker controlled. While this is usually not the case for most attacks, it shows that a determined attacker has a good chance of bypassing this initial filter.\n\n**Attack showcase**\n\nSo how does such a simulated attack look like from the user\u2019s perspective? Whilst we\u2019ve executed over 15 campaigns to date, we\u2019ve selected to walk through at this point - each designed with a different level of difficulty in mind.\n\n**Security alert**\n\nOn the lower end of the difficulty spectrum are fake automated service messages. Most information security training materials warn us about them and users are significantly more likely to recognize them as suspicious. We took the *security alert* sent by Microsoft after failed login attempts, and changed some of the details to fit:\n\nMessages such as these represent a common attack type. A keen observer might notice that this message is intended for Microsoft accounts - not Azure Active Directory accounts - and the domain from which the e-mail was sent from (hidden in the image above) is not one that is controlled by Microsoft. Otherwise, the message looks and feels just like the real one \u2013 and that\u2019s because the underlying HTML is actually the same, with the links swapped out to drive traffic to our special landing site.\n\nIf the user does not notice that something is amiss, and clicks on the *Review recent activity* button, or the *click here* link below, a proxied clone of the Microsoft login page will be shown, which will capture credentials given the chance. Here\u2019s what it looks like:\n\nThe login prompt requires users to enter their e-mail address as well as their password, triggering two-factor authentication and an approval request on the user\u2019s device. This is indistinguishable from how the real login prompt works. \n\nAfter a successful login, the user is redirected to a generic account management page housed on the real Microsoft portal. The portal has little to do with the promised recent activity page, so users who have gotten to this point have another chance to recognize the attack and make a report.\n\n**Vaccination**\n\nA more sophisticated attacker might research and target a single company. The *Vaccination* campaign we ran was intended to simulate such an attack, though one disguised as an internal announcement sent by a trusted colleague.\n\nWe chose the sender by looking at the top results for Tresorit on LinkedIn, and selecting an employee that looked most likely to send the email based onindicated position. We then faked a *firstname.lastname* style e-mail address using a domain that at first glance might be mistaken for Tresorit, and signed the message as *firstname*. The content of the e-mail was based on current events, and was not company specific in any way. The e-mail was in English, but we added the Hungarian translation for general practitioner to the e-mail as an additional method of building trust in its content. All of this could have been done by a determined attacker with a few minutes of research.\n\nThe e-mail was text-only, without formatting or other HTML content. The only link was the one that led to our landing page - which would present a fake Microsoft login page. Take a look at how it played out:\n\nNote the short loading animation before redirection that indicates this is a Microsoft Forms site. The user\u2019s e-mail address is pre-filled, and the user is prompted to enter the password immediately. After a successful login, the user is redirected to a real form without an additional authentication login prompt. Most users who get to this point go on about their day and have no idea that their credentials have been compromised.\n\n**After the test**\n\nDespite some initial complaints, these tests eventually became a regular part of our company routine and even a source of amusement for some employees. Communication was key to achieving this effect. We made announcements after each test acknowledging the phishing test, and pointing out the different ways an e-mail could have been recognized as a phishing attempt. We never berated or made example of individual employees who failed the test, although at times we have required them to undergo additional training or to change passwords.\n\nTest results were not made public and the data did not affect employee compensation and performance reviews. We believe it\u2019s our duty to help prepare our employees to recognize these attacks, and to introduce technical countermeasures that protect us - a failed test is a collective failure, and a reminder of the need for *constant vigilance*.\n\n**Takeaways**\n\nIn terms of results, we could draw the following conclusions from the data available to us:\n\n​\n\n* Over time, our company results improved. In one quarter, when we missed the company wide test (opting for a targeted test of high value targets instead), there was a measurable bounce-back in the failure rate, further reinforcing the conclusion that regular reminders have a positive effect.\n* Easier campaigns (such as the security alert template demonstrated previously) had very low failure rates, which improved to near zero over time.\n* Different departments had widely different failure rates. Software developers and other technical personnel did significantly better, but were not immune.\n\nOf course, there is still a long way to go, and we are continuously looking to improve our scores. Nonetheless, we found these tests valuable tools for raising awareness of phishing attacks and a great complement to our existing technical training materials and measures. \n\nLearn more on the [Tresorit blog](https://tresorit.com/blog/simulating-phishing-attacks/?utm_source=reddit.com&utm_medium=referral&utm_campaign=phishing_attacks).","upvotes":1,"user_id":"TresoritTeam"},{"content":"AMA Series - Security Consultant","created_at":1611784820.0,"id":"l6527t","n_comments":34,"percentage_upvoted":0.94,"permalink":"/r/cybersecurity/comments/l6527t/ama_series_security_consultant/","subreddit":"cybersecurity","title":"Hi all,\n\nBig thanks to /u/_larry0 for all his work on the last AMA. I think that was the most hits we've had for any AMA post - you can view it here: [https://www.reddit.com/r/cybersecurity/comments/l19phh/i\\_am\\_a\\_security\\_researcher\\_who\\_has\\_identified/](https://www.reddit.com/r/cybersecurity/comments/l19phh/i_am_a_security_researcher_who_has_identified/)\n\nIf you want to keep up to date with his research, check out or subscribe to the Akamai blog, https://blogs.akamai.com/, or follow him on Twitter, https://twitter.com/_larry0.\n\nNext up, we have /u/ReckedExe with the Security Consulting AMA. Here's their intro:\n\n\\-------\n\nI'm u/ReckedExe, a Senior Cybersecurity Consultant at a big 4 professional services firm by day and an avid home chef by night. During my tenure as a cyber security professional, I've worked with a diverse portfolio of industries to serve up cyber solutions. I enjoy assessing threat environments to spread company-wide cyber strategy initiatives with a side of sustainable project timelines. Then, I sprinkle in effective leadership in fast-paced\u00a0environments to pour the SecOps and IR solutions for each company. Why would ya look at that? I have the cyber stew ready to simmer. Now, it's time to AMA about the security consulting industry!\u00a0","upvotes":13,"user_id":"Oscar_Geare"},{"content":"KeyFile on usb drive vs YubiKey","created_at":1611782891.0,"id":"l64gs9","n_comments":1,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l64gs9/keyfile_on_usb_drive_vs_yubikey/","subreddit":"cybersecurity","title":"Hey y'all I'm pretty new to reddit as well as personal cyber security so hopefully this is the right place to ask the question.\n\n I currently store the keyfile for my keepass database on a flash drive. Keepass stores the path to the file, so I just have to plug in the usb drive as well as enter my password and it works. I also keep one backup on an HDD that i leave at home. For this situation is a hardware key really better?","upvotes":1,"user_id":"rwgsmf"},{"content":"Why are cyber ranges so complicated? A closer look at building a test environment for defenders from a \"hackers\" perspective.","created_at":1611781659.0,"id":"l643x4","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l643x4/why_are_cyber_ranges_so_complicated_a_closer_look/","subreddit":"cybersecurity","title":"","upvotes":3,"user_id":"privat3duck3y"},{"content":"Emotet botnet disrupted after global takedown operation","created_at":1611781429.0,"id":"l641qk","n_comments":3,"percentage_upvoted":0.8,"permalink":"/r/cybersecurity/comments/l641qk/emotet_botnet_disrupted_after_global_takedown/","subreddit":"cybersecurity","title":"","upvotes":8,"user_id":"deadbroccoli"},{"content":"What are the these pop up ads doing?","created_at":1611778524.0,"id":"l63act","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l63act/what_are_the_these_pop_up_ads_doing/","subreddit":"cybersecurity","title":"I have a question about pop up ads which sometimes come up on illegal streaming sites/other dodgy sites. I'm not sure if anyone else has had experience with these pop ups, but what they do is show up a blank page and then immediately close. I have seen these far more often recently compared to the standard \"Win an iPhone\" pop ups. What are these pop ups doing?","upvotes":1,"user_id":"mrman2525"},{"content":"VPN beginner here, explanation needed","created_at":1611777505.0,"id":"l63025","n_comments":4,"percentage_upvoted":0.66,"permalink":"/r/cybersecurity/comments/l63025/vpn_beginner_here_explanation_needed/","subreddit":"cybersecurity","title":"Hi people\n\nI have always been interested in using VPN but never really paid too much attention into it, until now. I have a number of questions that hopefully you guys will be able to provide the answers for. Lets get straight to it:\n\n1. Does using VPN mean I can use any public wifi (restaurants/cafes/hotels/airports) and be 100% worry-free?\n2. How exactly do you use a VPN? Is it: **connect to internet, turn on VPN, start browsing?** or is it **turn on VPN, connect to internet, start browsing**? \n3. Lets say I decide to use VPN. Is the VPN going to be connected to my device/computer or will it be to the ISP? I ask because I am living with my brother. The question is, if I use a VPN, will it be only for my computer, or will it be connected to the ISP as well, in which case my brother will be able to use it as well?\n4. Is it normal to use VPN most of the time, when you connect to the internet?\n5. As long as I use VPN, connecting to public wifi and checking my social media accounts, my bank accounts, etc. will be safe, correct?\n\n​\n\nThat is all. Thank you for reading","upvotes":1,"user_id":"AliveandDrive"},{"content":"Security in Node.JS and Express: The Bare Minimum \u2014 Part 3.","created_at":1611773959.0,"id":"l625gk","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l625gk/security_in_nodejs_and_express_the_bare_minimum/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"petrandeme"},{"content":"North Korea hackers use social media to target security researchers - via @FT","created_at":1611772519.0,"id":"l61t7l","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l61t7l/north_korea_hackers_use_social_media_to_target/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"Alex09464367"},{"content":"[HELP] I think I'm going to get hacked!","created_at":1611770755.0,"id":"l61dxp","n_comments":16,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l61dxp/help_i_think_im_going_to_get_hacked/","subreddit":"cybersecurity","title":"[SOLVED]\n\nSo it happened 15 min ago, I tried to shut down my PC but it said something along the lines of, \n\n# 'Someone else is still using this PC. If you shut down now, they could lose unsaved work.'\n\nI panicked but then I remember one friend told me that your should check task manager whenever you have doubt that someone else is connected to your network, \n\nI checked and I found another account with username 'defaultuser1000000'\n\nThe screenshot: [https://imgur.com/a/7uCu28T](https://imgur.com/a/7uCu28T) (the blurred one is my account)\n\nNow i am not that knowledgeable about computers, maybe its just some system process.\n\nOnly thing I downloaded was a word doc and nothing else in last week from any site, I actually ran into a minor hiccup earlier this day when it was saying 'there's some with your pin-code', but it actually got fixed once i restarted my laptop, but now I am scared that if i shut down now, I might get locked out of my own PC and, I might lose all my data so I am uploading everything important the cloud.\n\nAny help is appreciated, I have attached the screenshot and I think it's showing all the programs that user has accessed, am I in any big trouble?, I was not sure where to post this on reddit.\n\n​\n\nPS. Pardon my English.","upvotes":0,"user_id":"thesanaster"},{"content":"Handling of confidental data on a new MacBook Pro","created_at":1611767308.0,"id":"l60k1e","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l60k1e/handling_of_confidental_data_on_a_new_macbook_pro/","subreddit":"cybersecurity","title":"Hello at all :)\n\nI currently own a MacBook Pro from 2011, where I could upgrade the RAM and installed a 500 GB SSD. I was not been able to update the operating system to a new version since \"High Sierra\". Now, however, I also no longer get security updates, so I decided to buy a new MacBook Pro M1.\n\nI find it very unfortunate that I can't remove the SSD at the newer MacBooks. Especially with a defect system you have to hand over your Macbook with all your confidential data to Apple. Of course, I would implement a hard disk encryption via the T2 chip, but I would not have a good feeling to hand over my MacBook including all my confidental data to Apple.\n\nOtherwise I think the technology of the new MacBook Pro is great and I would like to stay at the Apple family. Is my fear too big or how do you see my considers?\n\nI'm glad about your comments :)","upvotes":1,"user_id":"d3xt4h"},{"content":"Which career in cybersecurity is Burnout?","created_at":1611766640.0,"id":"l60e8i","n_comments":8,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l60e8i/which_career_in_cybersecurity_is_burnout/","subreddit":"cybersecurity","title":"Which career is more burnout? SOC analyst or pentesting? \n\nI am working in SOC analyst so is definitely a burnout but I want some pentesting guys to answer this question.\n\nI cued pentesting cuz you can get into bug bounty not as money but an a perspective where you can grow and have create something as a sidekick and get money off of it. \n\nI think thats why burnout is there in SOC. What you guys think?\n\nThanks in advance.","upvotes":2,"user_id":"Somechords77"},{"content":"Deepen cybersecyrity skills","created_at":1611766132.0,"id":"l60a2u","n_comments":2,"percentage_upvoted":0.63,"permalink":"/r/cybersecurity/comments/l60a2u/deepen_cybersecyrity_skills/","subreddit":"cybersecurity","title":"Hi redditors, hope you're doing well ! :)\nI learn cybersecurity as a passion and i study telecommunications in school and i want to learn more. I've done a lot of ctfs on tryhackme i'm now able to resolve basic ctfs. Also i've coded a basic keylogger on python. \nBut i want to learn more concrete techniques to do real cybersecurity.\nI like all the cyber fields but i don't really know what to do, between certifications, ctfs, coding basic viruses (for understanding of course), and many other things...\nDo you have any advise ?","upvotes":2,"user_id":"Windwind444"},{"content":"A first year college student who just discovered cybersecurity.","created_at":1611765998.0,"id":"l608yk","n_comments":4,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l608yk/a_first_year_college_student_who_just_discovered/","subreddit":"cybersecurity","title":"Hello everyone. Im a first year college student currently working toward a comp sci degree. I was considering dropping out of comp sci, but I recently found cybersecurity as a much more interesting field with good pay. Ive heard from Neal Bridges that getting a degree is becoming less important in this field as time passes. Will my degree still be worth earning for a career in cybersec by 2024 (the year I will graduate)? If not, I would probably treat cybersec as a trade and go to a trade school while getting certs along the way. Im a bit nervous about dropping out of college if I end up pursuing cyber, however if I can safely drop out without worry of being unemployable then I would do it. It would save my family alot of money and it would save me alot of time, since I would be skipping 2 years of GE classes. Would pursuing a different degree in a different industry while also getting cybersec experience be a good idea so I have something to fall back on? My biggest fear is getting a 4 year comp sci degree (with a focus in cybersec), applying for a job, then realizing how much time and money I wasted taking classes I never needed to take. To be totally honest, I have always hated school (the stress, the lectures, the insane prices for courses/textbooks), so if I can get away with doing trade school instead and still be successful in this field, I would gladly take that route.","upvotes":1,"user_id":"RedacteddHT"},{"content":"CySA+ vs CEH","created_at":1611764756.0,"id":"l5zxrr","n_comments":5,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5zxrr/cysa_vs_ceh/","subreddit":"cybersecurity","title":"Hellow community. Kindly advice me.\n\nWhich one should i pursue between the two?. Are they the same? \n\nThank you","upvotes":1,"user_id":"Taiwan004"},{"content":"Cyber security Certifcation Poll","created_at":1611764504.0,"id":"l5zvqn","n_comments":2,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l5zvqn/cyber_security_certifcation_poll/","subreddit":"cybersecurity","title":"Hi Community. Kindly help me get an overview of what Certification you own\n\n[View Poll](https://www.reddit.com/poll/l5zvqn)","upvotes":2,"user_id":"Taiwan004"},{"content":"Any unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration - CVE-2021-3156: Heap-Based Buffer Overflow in Sudo","created_at":1611764200.0,"id":"l5ztbe","n_comments":30,"percentage_upvoted":0.99,"permalink":"/r/cybersecurity/comments/l5ztbe/any_unprivileged_user_can_gain_root_privileges_on/","subreddit":"cybersecurity","title":"","upvotes":569,"user_id":"geeshta"},{"content":"TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers","created_at":1611763900.0,"id":"l5zqsg","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l5zqsg/tiktok_bug_could_have_exposed_users_profile_data/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"zr0_day"},{"content":"What do you think would be the top secure home router from the following choices?","created_at":1611759775.0,"id":"l5yq42","n_comments":11,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l5yq42/what_do_you_think_would_be_the_top_secure_home/","subreddit":"cybersecurity","title":"\n\n[View Poll](https://www.reddit.com/poll/l5yq42)","upvotes":1,"user_id":"rudnet"},{"content":"Iranian Government Blocked Signal App as Millions Started Using it","created_at":1611757978.0,"id":"l5yalz","n_comments":4,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/l5yalz/iranian_government_blocked_signal_app_as_millions/","subreddit":"cybersecurity","title":"","upvotes":38,"user_id":"harshsharma9619"},{"content":"Rooting Bosch lcn2kai Headunit","created_at":1611757610.0,"id":"l5y7et","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5y7et/rooting_bosch_lcn2kai_headunit/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"DerBootsMann"},{"content":"Cyber Path","created_at":1611757554.0,"id":"l5y6y2","n_comments":6,"percentage_upvoted":0.73,"permalink":"/r/cybersecurity/comments/l5y6y2/cyber_path/","subreddit":"cybersecurity","title":"After a long hiatus from college, I am going back to get a master's. I want to focus on Cybersecurity, but want to make sure that I choose the right path. I am looking to attend the University of Texas in San Antonio. They offer two paths that focus on Cybersecurity, the first is a Master in CyberSecurity. This path is more technical and is in the Computer Science School. The second is Master in Information System with an emphasis in Cybersecurity and is in the business school. I am leaning towards the Master in Information System route. I believe it provides more long term job opportunity. Should I more concerned about the technical or have a mixture of both technical and business classes? Any advice would be greatly appreciated.","upvotes":5,"user_id":"LimitedChaos"},{"content":"Protect your data! Learn best practices for #dataprivacy + #dataprotection, and how to use AXEL Go, our private, secure cloud storage and sharing platform.\u2060 @AXEL","created_at":1611755861.0,"id":"l5xrer","n_comments":1,"percentage_upvoted":0.4,"permalink":"/r/cybersecurity/comments/l5xrer/protect_your_data_learn_best_practices_for/","subreddit":"cybersecurity","title":"","upvotes":0,"user_id":"AXEL_Network"},{"content":"Track activity from my computer while I'm away","created_at":1611755752.0,"id":"l5xqge","n_comments":7,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/l5xqge/track_activity_from_my_computer_while_im_away/","subreddit":"cybersecurity","title":"So I have my computer on a common area of my house due to the router position. Someone in my household is an engineer who works in cybersecurity and I know he unlocks my computer, no matter the password. I even purchased Kaspersky to find out if there is keylogger installed. No luck\n\nThere are times when I must leave the computer turned on while I'm away\n\nI could try the Event Viewer from Windows but I'm sure he can delete specific logs. I found that he turned on the computer when I was away thanks to this these logs but somehow he found out.\n\nThat being said, do you guys know about a way to make sure all activity from the computer is recorded while I'm not at home\n\nI'm studying programming and I can handle myself on python. Any ideas you have, I can research it and handle it myself","upvotes":1,"user_id":"Bleyster"},{"content":"Moving from NYC. What city will give me the best opportunities for work in CyberSec?","created_at":1611752203.0,"id":"l5wsfi","n_comments":23,"percentage_upvoted":0.87,"permalink":"/r/cybersecurity/comments/l5wsfi/moving_from_nyc_what_city_will_give_me_the_best/","subreddit":"cybersecurity","title":"","upvotes":6,"user_id":"rudnet"},{"content":"Review of Virtual Hacking Lab (VHL)","created_at":1611751744.0,"id":"l5wnxz","n_comments":0,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5wnxz/review_of_virtual_hacking_lab_vhl/","subreddit":"cybersecurity","title":"","upvotes":1,"user_id":"DropTheThunder"},{"content":"Targeted Phishing Attacks Strike High-Ranking Company Executives","created_at":1611751675.0,"id":"l5wn9x","n_comments":2,"percentage_upvoted":0.89,"permalink":"/r/cybersecurity/comments/l5wn9x/targeted_phishing_attacks_strike_highranking/","subreddit":"cybersecurity","title":"","upvotes":7,"user_id":"WalkureARCH"},{"content":"Privacy and Cybersecurity Experts You Should Follow","created_at":1611749925.0,"id":"l5w6bq","n_comments":0,"percentage_upvoted":0.86,"permalink":"/r/cybersecurity/comments/l5w6bq/privacy_and_cybersecurity_experts_you_should/","subreddit":"cybersecurity","title":"","upvotes":5,"user_id":"stewofkc"},{"content":"What are the best managed next generation anti-virus companies for small businesses and home users?","created_at":1611749685.0,"id":"l5w3tk","n_comments":0,"percentage_upvoted":0.75,"permalink":"/r/cybersecurity/comments/l5w3tk/what_are_the_best_managed_next_generation/","subreddit":"cybersecurity","title":"In maryland or new york city if location matters but I think all managed anti-virus companies can do it remotely from anywhere in the us.","upvotes":2,"user_id":"xprmtxud"},{"content":"What are some good/the best malware removal and malware analysis companies to remove malware?","created_at":1611748521.0,"id":"l5vrfd","n_comments":5,"percentage_upvoted":0.43,"permalink":"/r/cybersecurity/comments/l5vrfd/what_are_some_goodthe_best_malware_removal_and/","subreddit":"cybersecurity","title":"I'm looking for a good/the best malware removal or malware analysis companies to remove bad spyware/malware that doesn't seem to go away with reinstalling the operating system. Not geek squad and micro center, need something more capable. Would prefer remote company or local company in maryland or new york city. Would appreciate recommendations.\n\nIf it's against the rules to recommend specific companies I would appreciate suggestions for keywords to search for to find companies. Thank you.","upvotes":0,"user_id":"xprmtxud"},{"content":"Getting out of Retail","created_at":1611747747.0,"id":"l5vj8m","n_comments":1,"percentage_upvoted":0.5,"permalink":"/r/cybersecurity/comments/l5vj8m/getting_out_of_retail/","subreddit":"cybersecurity","title":"I'm currently the Tech Supervisor at my local Staples, and discovered a love of IT work because of it. I've taught myself the fundamentals of Linux, learned boatloads through my recently completed A+ certification, and am now studying for Sec+ while I learn Kali Linux for fun.\n\nI'd like to pursue cybersecurity specifically as it seems the most interesting. I should have an interview coming up for an IT Specialist position at a local community college through a connection I've made in the community.\n\nWhat steps should I be taking beyond active job hunting and my Sec+ studies?","upvotes":0,"user_id":"Damienn93"},{"content":"X-content type options missing vulnerability","created_at":1611747370.0,"id":"l5vf2j","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5vf2j/xcontent_type_options_missing_vulnerability/","subreddit":"cybersecurity","title":"Curious how would other security personnel take \u201cx-content-type-missing\u201d in a non-public facing web UI as ? This is something I considered as a very minor issue since a server (which has UI) is not essentially exposed to Public. But a senior security engineer from a reputed pentest company thinks otherwise as medium vulnerability ! May be I am wrong (always learning) but thought to get some opinion here.","upvotes":1,"user_id":"Pamelaxyz"},{"content":"Transitioning to cybersecurity after 20 years in tech management","created_at":1611746003.0,"id":"l5uzf2","n_comments":3,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5uzf2/transitioning_to_cybersecurity_after_20_years_in/","subreddit":"cybersecurity","title":"hello.. recent provisional CISSP here with 20 years tech background - no pure security work but plenty of designing secure networks and systems. , looking for some guidance on transitioning to cybersecurity - what type of roles to look at, what my resume should focus on, any help would be greatly appreciated. Even though I've been leadership/C-level exec for smaller companies it seems every cybersecurity job expects you to have pure security experience. Does anyone have any experience making this type of later career transition or know of any resources for the same?","upvotes":1,"user_id":"breakingb0b"},{"content":"1st interview for Helpdesk support internship","created_at":1611744350.0,"id":"l5ugw6","n_comments":1,"percentage_upvoted":0.67,"permalink":"/r/cybersecurity/comments/l5ugw6/1st_interview_for_helpdesk_support_internship/","subreddit":"cybersecurity","title":"Hello everyone, currently have a interview from my community college offering a 15$ per hour internship. So far I only have my sec+ and been studying for NET+ when I am not working as a city tracer. (I might study for net+ but just skip to CCNA) Im a bit bum I will see a reduce in salary if I choose this internship over my current job but I desperately need the experience to add on my resume. My current job is a contract and may end in June so I am thinking long term. The internship consist of simple troubleshooting for hardware, installing pc desktop, maintaining logs of computers in use etc etc. Is there any advice anyone to give me to prepare for the interview? \n\n​\n\nI assume know my ports, SYN three way handshake, just a bit nervous Im doing the right decision and what else desktop supportwill consist of. I already have good customer service due to my background. Thanks all pms appreciated.","upvotes":3,"user_id":"Environmental_Work63"},{"content":"Hi, my gridinsoft anti-malware is detecting 2 adware.installcore.vl!c adwares in C:\\\\$RECYCLE.BIN\n\nbut when i open the recycle bin folder and check it it is empty, no hidden files, nothing, i also cleared the recycle bin, so idk why is it detecting something there, can someone help ?","created_at":1613416780.0,"id":"lkbpwe","n_comments":0,"percentage_upvoted":1.0,"permalink":"/r/cybersecurity/comments/lkbpwe/antimalware_detecting_files_i_cant_seefind/","subreddit":"cybersecurity","title":"Antimalware detecting files i can't see/find","upvotes":1,"user_id":"cogitek"},{"content":"This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do *you* want to know about certs/degrees, job requirements, and any other general cybersecurity career questions?\n\nAdditionally, we encourage everyone to check out [Questions](https://www.reddit.com/r/cybersecurity/search/?q=flair%3Aquestion&restrict_sr=1&t=week) posted in the last week and see if you can answer them!","created_at":1612771225.0,"id":"lez6js","n_comments":75,"percentage_upvoted":0.81,"permalink":"/r/cybersecurity/comments/lez6js/mentorship_monday/","subreddit":"cybersecurity","title":"Mentorship Monday","upvotes":9,"user_id":"AutoModerator"},{"content":"This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do *you* want to know about certs/degrees, job requirements, and any other general cybersecurity career questions?\n\nAdditionally, we encourage everyone to check out [Questions](https://www.reddit.com/r/cybersecurity/search/?q=flair%3Aquestion&restrict_sr=1&t=week) posted in the last week and see if you can answer them!","created_at":1612166414.0,"id":"l9pnli","n_comments":58,"percentage_upvoted":0.9,"permalink":"/r/cybersecurity/comments/l9pnli/mentorship_monday/","subreddit":"cybersecurity","title":"Mentorship Monday","upvotes":7,"user_id":"AutoModerator"},{"content":"EDIT: Jeez y'all I made this post at like 2am, thank you for the support!\nIt went super well. The company seems very invested in training and supporting my growth.","created_at":1611694362.0,"id":"l5ddz7","n_comments":126,"percentage_upvoted":0.97,"permalink":"/r/cybersecurity/comments/l5ddz7/the_first_day_of_my_first_job_cybersecurity/","subreddit":"cybersecurity","title":"The first day of my first job, Cybersecurity, starts tomorrow. Wish me luck! \ud83d\ude03","upvotes":1126,"user_id":"im_tira"}],"trust":1.0}