@cybersecurity.page
Summarizes the hottest content on r/cybersecurity once per hour. Warning, the summaries are generated by an LLM and are not guaranteed to be 100% correct. Operated by @tweedge.net, open source @ https://github.com/r-cybersecurity/best-of-bot
Stryker suffered a cybersecurity incident where three Intune-managed devices were wiped at 3:30 AM EDT. The Entra login page was defaced with the Handala logo, and it's still visible at the time of posting.
Palo Alto XSIAM vs. CrowdStrike NG SIEM. Which one would you choose today?
A Department of Government Employee (DOGE) was reported to have illegally copied Social Security data onto a thumb drive.
The user seeks advice on whether to pursue a CISSP certification or a master's degree to enhance their 5 years of SOC experience and CompTIA Security+ credential. They're looking for feedback on which option would more meaningfully strengthen their profile for growth in cybersecurity.
An individual with access to Social Security data allegedly copied it onto a thumb drive, raising concerns about data security and unauthorized data transfer.
10+ years of DFIR... I just did my first ever forensic audit of an AI system
Mentorship Monday - Post All Career, Education and Job questions here!
I mapped 2,845 cybersecurity companies across 64 countries, revealing key clusters: The US with 1,718 companies is mostly coastal, Israel has a high concentration per capita, and Europe is more spread out than expected. APAC is growing fast, led by India and Australia.
Iβm a cybersecurity and insider threat investigator focused on DPRK APTs and remote workers. AMA
Trump's cyber strategy introduces support for cryptocurrency and blockchain security, marking the first time these technologies have been explicitly prioritized in a national cybersecurity agenda.
Hackers are reportedly selling an exploit for an unpatched zero-day vulnerability in Windows Remote Desktop Services. This flaw could allow unauthorized access to Windows systems, posing a significant security risk.
A Mississippi hospital system shut down all clinics following a ransomware attack, disrupting medical operations.
AI is now being used to automate identity fraud at the account creation stage specifically
A red team operator criticized TCS and others for poor security practices, such as ignoring SIEM alerts and lying during audits. This was part of a study collecting public signals from social media and reviews before TCS-related UK breaches, with data and methodology available publicly.
Russia's cyber weapons, developed for attacks on Ukraine, are now being used internationally. Poland's electricity operator experienced a disruption in December, linked to attacks by Russia's FSB Center 16. Though the incident didn't cause major outages, it signals possible hybrid warfare.
Email header analysis helps investigators detect spoofed emails by examining fields like "Received", "Return-Path", and "Reply-To" to trace the actual sender. Analysts can spot inconsistencies or mismatches in these fields, revealing if the visible email address is fake.
A Chrome extension was sold and turned malicious, executing malware on my device. This highlights the risk of extensions sold in marketplaces and the need for Chrome to address the issue.
Applying Zero Trust to Agentic AI and LLM Connectivity β anyone else working on this?
As the sole IT admin for a small business on WordPress/AWS, I've struggled with bots/crawlers impacting our servers. Despite using robots.txt and country filters, issues persist. We even faced a DDoS attack. What strategies have worked for you in managing this?
Looking for recommended cybersecurity books as they start their journey. Currently reading "Pegasus" by Laurent Richard, which is more investigative journalism. Prefers non-textbook recommendations.
Seeking advice for re-entering the cybersecurity field with a focus on Red Teaming. Looking for project ideas, effective portfolio presentation, and recommended learning resources or courses. Aims to create a practical portfolio showcasing real offensive security skills. Seeking community guidance.
How is cybercrime actually profitable when cashing out seems nearly impossible?
Replacing letters with numbers, like "B3li3v3r" instead of "Believer," can add complexity to a password, making it harder to crack. However, it primarily depends on the length and randomness rather than simple substitutions.
What were some of the best interview questions you were asked in an interview?
A person applied for a job and was told by a recruiter to enhance their CV and LinkedIn profile with someone the recruiter knew. The supposed contact asked for temporary access to their LinkedIn account to optimize it, assuring not to change settings or message anyone, raising suspicion of a scam.
Microsoft alerts that hackers increasingly use AI for phishing, reconnaissance, malware creation, and evasion in cyberattacks, potentially accelerating their speed and scale.