Best of r/cybersecurity

SonicWall recommends disabling SSLVPN due to increasing attack threats to ensure better security for system administrators.

The post questions how someone in an HR role obtained CISSP certification, doubting how it was validated given the requirement for relevant IT security experience. The poster feels this devalues the CISSP certification.

Looking for a threat intelligence tool for a small security team with a focus on early detection and enrichment. Considering options like Recorded Future, Crowdstrike Falcon, and Anomali, but unsure of hype vs. utility. Seeking recommendations from midsize organizations.

The author warns against enrolling in cybersecurity bootcamps, describing them as scams, based on their own experience with the expensive EDX bootcamp by the University of Denver, which provided little value. They suggest using free online resources and focusing on certifications instead.

The post discusses skepticism about cybersecurity firms charging high fees for what seems to be simple automated scan services, possibly even using open source tools. The author suggests these services may exploit clients' ignorance and fear, emphasizing their boss's poor IT decision-making history.

Microsoft used engineers based in China to support a product that was recently hacked by Chinese actors, sparking concerns about internal security challenges and the company's oversight of its global workforce.

A Reddit user is seeking insights into how companies are using AI or machine learning practically to enhance security or efficiency, beyond just purchasing AI tools. They are interested in genuine projects or implementations that have proven to be game-changers.

A user is seeking information on vulnerability scanners with the widest CVE coverage. They note that QualysGuard covers 110,000 CVEs and Fortra's Alert Logic 256,000 CVEs but haven't found a scanner with higher coverage than Alert Logic. They distrust Tenable due to perceived low ethics.

When building a startup's network infrastructure with a focus on cloud-based, zero trust principles, and minimal physical hardware, it's wise to avoid traditional on-premises setups and any outdated security approaches that conflict with zero trust.

Mentorship Monday - Post All Career, Education and Job questions here!

Businesses should avoid using TightVNC for remote access, especially in environments with poorly secured public kiosks, like those in airports and fast food restaurants. TightVNC is insecure with limited password protection, making systems vulnerable to exploitation.

How to present a short 2-month tenure on LinkedIn?

The job market is currently tough, with both freshers and experienced professionals facing unemployment. The post questions whether there is a chance for improvement or if the situation will remain the same.

A Reddit user reflects on encountering outdated tech in cybersecurity, noting how upgrading to Windows 11 has led to detecting interesting USB drive incidents. They mention finding a conficker binary on an old external drive. They ask others about incidents that felt like uncovering digital relics.

A phone repair and insurance company has been severely impacted by a ransomware attack. Despite reducing its staff from over 100 to just eight employees, the firm couldn't avoid collapse after paying a crushing ransom demand.

The user is asking if the BEEF security tool is still relevant or has become obsolete against modern browsers, and includes a GitHub link to the project for clarity.

Considering a Master's in Cyber Security could help open more opportunities and increase your earning potential, especially since you already have several certs and experience as an ISSO. It could be a beneficial investment for your long-term career growth.

To stay updated on cybersecurity, users suggest sources like security blogs, online forums, podcasts, newsletters, and websites like Krebs on Security, Ars Technica, and CyberScoop, avoiding Reddit due to its poor recommendation algorithm.

A forensic inspection of an old USB drive led to the discovery of a previously undocumented USB worm that replicates itself in the "Downloads" folder on a Windows 11 system. It uses obfuscation and privilege escalation techniques. A full analysis is available online for collaboration.

The post is asking if people would consider implementing a BYOD (Bring Your Own Device) policy if there was a way to fully secure company data on personal laptops without heavy software or invading privacy. The user is curious about others' opinions on this approach.

Cybersecurity Analyst vs Cybersecurity Engineer

Suspicious MS account login despite strong password + 2FA. Trying to understand how this happened.

An Ontario city must cover an $18.3 million cyberattack bill because their insurer denied the claim, causing frustration for taxpayers and IT professionals alike.

A Reddit user reviews the poor coding practices of the Tea App, highlighting its vulnerabilities by disassembling its source code and providing insight into how such flaws can be exploited.

An American with 5 years in Cybersecurity, focusing on GRC/Incident Response, is relocating to Shanghai for family reasons. Despite a tech BA, a Masters in cybersecurity, and certifications, they're finding few American companies and are seeking insights on job prospects in China.

Rapid7 rescinded a user's job offer due to a lack of headcount after they accepted it, raising concerns about the company's prospects. They're asking if others have experienced anything similar.

Consider implementing measures like regular software updates, strong password policies, two-factor authentication, and data encryption to secure payment portals. Additionally, rely on trusted third-party tools with built-in security features and seek occasional security audits or consultancy.

Considering a cybersecurity position abroad, the post highlights concerns including visa requirements, job market demand, experience level, and language barriers. It questions whether to switch to pentesting with broad opportunities or specialize in DFIR, given potential security clearance issues.

A concerned Proton user is worried about potential changes in Swiss privacy laws, fearing Switzerland might adopt heavy surveillance measures. They seek insights on whether these changes will affect Proton's safety and ask about alternative countries with strong privacy protections.

Consider appointing an internal security champion or a part-time consultant to guide your team. Use frameworks and tools tailored for small businesses to streamline the process. Prioritize documentation and training to ensure compliance readiness.