Cyber Security

591

Solutions

909

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Experts,

This question relates to cyber security and service side code execution.

In many cases I read about a vulnerability that allows an attacker to upload files.  However, how do they get the file to execute?  Normally it is mentioned as "vulnerability allowed for attacker to upload and execute the malicious payload".  I would see uploading and being able to tell the server to execute it as two separate functions that require two separate exploits.  Thoughts?
0
Active Protection takes the fight to cryptojacking
LVL 2
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Hallo Experts
       
I would like to collect the following Threat Artifacts from a compromised Windows System:
     
  • CPU
  • Routing-, ARP- & Process tables
  • Memory
  • Temporary files
  • Relevant data from storage media
   
What would you collect? Is there any best practice from NIST or anyware?
 
Thanks a lot
1
Hallo Experts
     
For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.
     
We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.
   
Thanks a lot
1
Our Internet Surfing Segregation (one of those  Secure Browser product/solution like
Menlo, Authentic8, Fireglass) recommended us to put a proxy.pac (Proxy Auto Config)
file in a webserver.

This proxy.pac will be pointed to by IE, Chrome, Firefox so that when users launch
these browsers, proxy.pac will launch this vendor's secure browsers when users
browse sites that are not in the 'whitelist' (ie trusted sites).

This is a Garrison product (garrison.com) : I thought of placing this proxy.pac file
in a corporate shared drive  so that in browsers, we can set in the proxy config
script as   file://c:/folder/proxy.pac  but IE11 doesn't support this file location
anymore (tho Chrome & Firefox still do).

Was advised by garrison that it's best to put in web server so that in IE11, can
specify as  http://...website.com/proxy.pac    but our corporate site is hosted in
a Cloud: don't think the Cloud provider (AWS) allows us to deposit a file in an
SaaS model.

What other ways other than setting up a webserver?  I do have a Solaris web
server that acts as  ClamAV depository (local mirror)  that runs httpd : what
are my best option?
0
Dont see such a benchmark guide at CIS site.
Anyone can share/point me to one?
0
we prefer not to do apps whitelisting on our rhel n solaris due to fears of service disruption.

what alternative mitigations can we implement?
0
Hi all,

I am a complete newbie in the cyber security world. I am tasked to setup SPF and DMARC in order to combat email spoofing. We successfully enabled SPF on our domains, now is the turn for DMARC.

My question is, if I setup the DMARC policy on none or quarantine and if I see any legit vendor spoofing our domain that is being quarantined, how do I allow that vendor to spoof our domain ? Do I just add their IP as a sender in our SPF record ?

Thanks for your guidance.
1
Guys, a recent update by our cybersecurity team to the fleet of workstations has broken the SEP AV client on it, resulting in the client not being able to talk back to the management server, and they have no way to remediate this via the SEP console, so they want us to remove this via SCCM (we have an SCCM instance managing our desktop fleet)
The SEP install on clients is password protected, laptops have BitLocker pins, so multiple reboots is an issue, might have to disable the BitLocker pin prompt to facilitate this install.
Can you point me to a script/SCCM package of the sort that can achieve this, please?
Version of SEP installed = 14.2.760.000
Clients are a mixture of Windows 7/8.1 and 10 (1803) clients
0
Greetings! I have well over 15 years in the I.T. world specifically in working with Servers & Workstations, I am considering branching out to another field in the I.T. world specifically in the Cyber Security. I have minimal I.T. Security related experience and knowledge.
Q4U: What Cyber Security Certification would be ideal for a novice like me?
There are so many and I would like to focus on the one that will open the doors to that side of the I.T. world.
Thank you in advance!
3
just as in ssllabs qualys to scan for ssl weaknesses, is there free tools for xss, cross-frame-scriptg, injections etc?

for scanning portals and mobile apps
0
LinkedIn & the state of cyber security
LinkedIn & the state of cyber security

Hundreds of thousands of cyber security jobs go unfilled because employers can't find the talent they need.

we are not subscribing to any professional phishing service but doing our own phishing drill.  can someone provide me a pdf file tt will email back to me (indicating who clicked with a message 'You failed this test' in the pdf) when our o365 exchange online users clicked on the attachment.   Guess we hv to whitelist such a pdf so tt our AV doesnt block it from opening?
0
Our local CyberSecurity Agency has come out with a directive:
•      Review internal structure to ensure C-Suite has oversight of cybersecurity risks as part of enterprise risk management
•      Ensure security team has direct line to C-Suite

EE expert has provided the CISO handbook below but I'll need more "Terms of Ref" that will cover a
CISO's  "Scope of Work (& what is out of scope)", "Authority", need for "impartiality/independence":
currently all risks-related roles come under CFO but CFO's kpi is on cost control and one
link says this is inappropriate as CISO may need to spend on compliances, manpower,
tools, services etc

Extract from EE:
"In most cases, the agency’s internal policies delegate management of the agency’s information to the Chief Information Officer (CIO). Under FISMA, the CIO may then delegate  tasks related to information security to the senior agency information security officer (often referred to as CISO).
There are more information on reporting requirements specific to agency responsibility and how these key stakeholders are involved.
https://www.cio.gov/assets/files/CISO_Handbook.pdf


https://www.securityroundtable.org/whats-the-best-reporting-structure-for-the-ciso/
Above link gives various suggestions but will need something authoritative like
ISO standard or to further support what CyberSecurity Agency has provided above.


Deloitte & one ErnstY papers statistics show most sites still adopt the model of
CISO going under CIO:
0
for the de-identification of data, essentially what are recommended best practices - particularly are there any best practices to ensure the data cannot be re-identified and what are the best practices there. any  NIST controls takes on de-identified data and how that impacts system categorizations (if at all)
0
What's the latest easy and simple defense against comment spam? mybigdata.co.uk has a contact form and BOTS submit spam as a message. The solution will be something else than captcha as other businesses also don't use it.
0
I am an independent consultant and I work with multiple clients.   Some of these clients provide me with a laptop and ask me to use their kit.

I use Google Drive to store all my data.  I find it extremely useful and powerful.  How can I protect the data being accessed by the IT department?  Can I encrypt the data on Google Drive so only I can view it?  I am concerned that my personal file on my clients (very nice laptop) can be viewed by them.  

I am looking for a nice easy solution - for example, is there any way of using the standard microsoft encryption solution - I am not familar with them.

Thoughts?

Thanks
A.
0
I am trying the to find an application were if my laptop or desktop was compromise meaning by cyber-attack, and it’s a new an unknown bug I would like to setup a data file or word document, which if the attack click on the file or document it will trigger an email to my email account.
0
A user email account seem to be hacked. Attached is a log captured in Exchange smtp log and our email filtering gateway log.

The client android device is SAMSUNG and its IP address is h.i.j.149.
The hacker seem to come a.b.c.d.138, login to the Exchange through the user's credential and send a ransome email to the user herself.

Can I send the email is sent from the user's Samsung device ? The time logged in gateway and Exchange is matched. However, the IP logged in filtering gateway and Exchange is difference. And I suppose if the Samsung device is hacked, the IP logged in filtering gateway should the Samsung device, which is h.i.j.149.

Actually, user has already changed the password before but it seems that the hacker is still able to pass through. I believe a device should be hacked and that's why I need to identify it.

Thx.
0
we need to set up within 8 weeks a small SIEM for 30 servers  n hopefully its something low-cost, fast to set up n easy to use/manage.

Solarwinds, ManageEngine, Websense or ?
0
There's request to set up a dedicated Internet Wifi hotspot
that will be used to connect up IoT : one such item in mind
is power meter.

We are not a financial/banking/healthcare organization but
still need to adhere to government guideline on cybersecurity.

I can only think of the following if this is to be granted:

a) restrict it to IoTs only ie corporate laptops/PCs/user devices
    can't connect to it : so what kind of mechanisms out there
    can stop corporate PCs/laptops and user BYODs from
    connecting?

b) we'll make the SSID unscannable

c) as many IoTs have been known to be compromised, such
    as Mirai, botnets attacks, how shall we mitigate these as
    the IoT is exposed to risks from Internet.
 
d) any other mitigations?
0
Exploring SQL Server 2016: Fundamentals
LVL 13
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you
0
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
0
Hi Experts
I am planing to study the information security, I am working in the IT field long time ago
But I do not know any courses i can start by.  some of them told me that CEH is perfect and other told me  to CEH it is useless
please advice me
0
I've set our web.config file on a WP site we've built to have secure cookies but all tests we've run online suggest cookies are still not secure. The httpOnly setting also hasn't taken effect.

The code snippet from the web.config is below and always the PHPSESSID cookie doesn't have these settings

<system.web>
    <httpCookies httpOnlyCookies="true" requireSSL="true"  />
</system.web>

Open in new window


What else do we need to look at to ensure this setting takes effect?

Thanks
Iain
0
https://www.garrison.com/browsing.php

I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.

We have corporate Wifi too, so need to take this into consideration if it's relevant.

Q1:
Can suggest a few products & local resellers (if available)?

Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
0
what would be some useful checks to include in an audit/health check of SharePoint (and document management in general). The obvious one we can think of is around permissions of documents stored in SharePoint, to ensure sensitive documents are only accessible by the approved users/groups - but I wanted to spread the review a but further, and was hoping for some inspiration on what above and beyond security permissions would be useful when looking at such a system (it doesn't have to all be about security). Any common SharePoint mistakes/risks above and beyond permissions also most useful,
0

Cyber Security

591

Solutions

909

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.