#becybersafe — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #becybersafe, aggregated by home.social.
-
Exploit a #zeroday then self-patch the #vulnerability so other hackers can't use the same exploit? AND you maintain #persistence while hiding in plain sight for longer? Damn - that's really fuckin clever.
https://www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
#CyberWarfare #Hacking #ThreatAssessment #BeCyberSafe #StayCyberAware #F5
-
Just attended a briefing yesterday about this specific topic #ScatteredSpider:
https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-hacking-spree-airline-sector"Palo Alto Networks urged organizations in the sector to be "on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests," citing evidence of similar attacks.
#Airline #CyberFraud #ThreatAssessment #SocialEngineering #CyberWarfare #BeCyberSafe #StayCyberAware #CriticalInfrastructure
-
All #sysadmins should review this article and the #CVE reports. Ensure ALL of your #domaincontrollers (at a minimum) and #WindowsServers are fully patched to prevent this vulnerability from being exploited. No one wants an #LDAP #DoS situation. What a nightmare that would be.
-
So what kind of policy framework do I have at my org? Goal is AAL2 per NIST 800-63B. Keep in mind, at least for the next decade or so still, passwords are not going anywhere - they are the last line of authentication while the world transitions to #passwordless
:finger_point: Encrypt everything, everywhere, all the time
:finger_point: VPN tunnels everywhere
:finger_point: PW polciy that enforces a minimum of 13-complex characters for passwords (passphrases are evangelized heavily) + mandatory MFA via an Authnticator app + 365-day rotation policy (unless someone phishes their credential or it comes up on a #darkweb monitor) + 30-day token expiration - we do have filtering to prevent anyone reusing old password or common passwords (no, I don't pay for it, you can integrate with AD directly with some clever #powershell, #jfgi.
:finger_point: For our admin accounts, we require #passphrases of at least 4 words (7 are recommended), using the diceware method (physical, not a website). PW rotation occurs every 180-days. Tokens expire every 24-hours.
:finger_point: Service accounts (where we cannot use auto-cycling API tokens) require a minimum 24-character very complex password or 4-word passphrase as MFA is required to be disabled. PW rotation occurs every 180-days.
:finger_point: Awareness trainings every quarter for high-risk/high-exposure employees, annually for the rest of the company. I update my presentation facts, data, and reported metrics frequently based on OSINT, SIGINT, HUMINT, research, and constant education. -
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
-
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
-
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
-
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
-
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web