[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Cyber Security

563

Solutions

889

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

A user email account seem to be hacked. Attached is a log captured in Exchange smtp log and our email filtering gateway log.

The client android device is SAMSUNG and its IP address is h.i.j.149.
The hacker seem to come a.b.c.d.138, login to the Exchange through the user's credential and send a ransome email to the user herself.

Can I send the email is sent from the user's Samsung device ? The time logged in gateway and Exchange is matched. However, the IP logged in filtering gateway and Exchange is difference. And I suppose if the Samsung device is hacked, the IP logged in filtering gateway should the Samsung device, which is h.i.j.149.

Actually, user has already changed the password before but it seems that the hacker is still able to pass through. I believe a device should be hacked and that's why I need to identify it.

Thx.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 12
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

we need to set up within 8 weeks a small SIEM for 30 servers  n hopefully its something low-cost, fast to set up n easy to use/manage.

Solarwinds, ManageEngine, Websense or ?
0
There's request to set up a dedicated Internet Wifi hotspot
that will be used to connect up IoT : one such item in mind
is power meter.

We are not a financial/banking/healthcare organization but
still need to adhere to government guideline on cybersecurity.

I can only think of the following if this is to be granted:

a) restrict it to IoTs only ie corporate laptops/PCs/user devices
    can't connect to it : so what kind of mechanisms out there
    can stop corporate PCs/laptops and user BYODs from
    connecting?

b) we'll make the SSID unscannable

c) as many IoTs have been known to be compromised, such
    as Mirai, botnets attacks, how shall we mitigate these as
    the IoT is exposed to risks from Internet.
 
d) any other mitigations?
0
Hi Experts,

We recently had one of our employees click on a link in a e-mail that took him to a fake site where he entered his credentials and his e-mail account was compromised.
Management hired a cyber security company who did scans on the systems, his e-mails and also other things on the web.
We have managed symantec Endpoint protection, intrustion, malware which is up to date and active.  
We also didn't have anything on the back end set up (per management) to protect our e-mail against spam, malware, all e-mails were to come through.
The cyber people are telling management that Symantec only gets 20% of intrusions, viruses and malware.  (I don't believe that, I have a e-mail box flooded with all the intrustions Symantec is getting and not one virus in 4 years which it caught).
Management from their advice is most likely going to force me to uninstall Symantec from all of our workstations and servers and deploy Carbon Black?

Can anyone tell me if this sounds as insane as it I think it is?  Anyone familiar with Carbon Black?  

Please help, I don't trust this at all and would love to be proven right or wrong.  I think this cyber company might be banking on management fears from my co-workers mistake.

Thank you
0
In one presentation by an IT regulator & Cyber Security Agency,
one slide mentioned about reviewing "Netflow" & a couple of
slides later, it require us is to perform periodic "review of
information flow" :

though I raised if these are related ie by reviewing "Cisco Netflow",
we are deemed to have addressed the requirement to "review
information flow" : the presenter doesn't quite seem to know,
thus I'm clarifying here:
does Cisco Netflow offers a form of documenting information
flow?
0
Hi Experts
I am planing to study the information security, I am working in the IT field long time ago
But I do not know any courses i can start by.  some of them told me that CEH is perfect and other told me  to CEH it is useless
please advice me
0
https://www.garrison.com/browsing.php

I'm looking for similar competing products (preferably with local Singapore support presence) to provide
secure browsing of Internet and emails (these are the top 2 vectors of malwares): looking to adopt this
'logical segregation' instead of 'physical segregation':
I suppose this is more useable/implementable than doing physical segregation.

We have corporate Wifi too, so need to take this into consideration if it's relevant.

Q1:
Can suggest a few products & local resellers (if available)?

Q2:
if there's comparison of features (how each product fare against competitors), do provide as well.
It helps to justify the purchase.
0
what would be some useful checks to include in an audit/health check of SharePoint (and document management in general). The obvious one we can think of is around permissions of documents stored in SharePoint, to ensure sensitive documents are only accessible by the approved users/groups - but I wanted to spread the review a but further, and was hoping for some inspiration on what above and beyond security permissions would be useful when looking at such a system (it doesn't have to all be about security). Any common SharePoint mistakes/risks above and beyond permissions also most useful,
0
What realistically is the risk if somebody found out an internal server name from the outside, e.g. what may it allow them to do in terms of a security attack. I am talking about from the outside. I noticed in some documents available on our website there is some mention of internal servernames and need to quantify the risk, they are not accessible to anyone outside the organisation, only those internal to the company, but it still doesn't sit easy.
2
Hi I am looking to do Pester test around my powershell code...but not sure about it ...can some help.

Bascially I need to pull Azurekeyvaultkey information using powershell and then do a pester test to do it, I managed to do poweshell bit but not sure how to do pester part....please I need help urgently.
0
Acronis True Image 2019 just released!
LVL 1
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

We use Office 365 for Exchange. One employee's email account was compromised. HR received a request for changing direct deposit bank, from this employee's email address, and HR replied the email. But the request wasn't from the employee. The employee could receive all the normal emails, but not the ones related to this request.

How can we trace the original request email? How can we fix this issue?
0
if I wanted to test how secure the network is against being hacked or Ransomware attack - where would I start?

If I did something like the Certified Ethical Hacker Course or CREST Registered Penetration Tester. Would either of these courses help?

Thank

Ian
0
I have a certificate on one of my servers. The server is a certificate of authority. I know that I can set up a GPO to deploy their certificate to individuals on the domain. but what I want to do is install or enroll their certificate on one particular server manually without GPO. is it possible to do this?
0
What are the best practices in light of ransomware attacks. I've had a few local non rotating backups get bricked because of ransomware. I do have remote backup, but is everyone resorting to rotating backup drives?
0
Spectrum on behalf of Sony sent a client this e-mail: {Removed IP address below}

To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity.  The time stamps are approximate from our logs.  The actual timing of the events depend on the signature matched.  It is very likely to have occurred both before, during and following the times listed.

       Approximate Time Range (UTC),      IP Address, Reason
2018-07-23 12:46:00 ~ 2018-07-23 13:46:00 (UTC),   xxx.xxx.xxx.xxx, Account Takeover Attempts

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.api.sonyentertainmentnetwork.com

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP …
0
Hi Experts

Could you point if  phpCAS that uses API for authenticating users against a CAS server (WebSSO CAS) could be integrated at an existing Codeigniter project?

CAS - Central Authentication Server

I'm implementing a SSO (Single Sign-On)  funcionality to allow a web app conexion based on user id and  correspondent user's data obtained from LDAP (AD-Active Directory)

phpCAS

I'm planning to implement the SSO functionality at PHP Codeigniter's site index.php.

Thanks in advance!
0
Hi Everyone, our small SMB\company recently switched to hosted Office 365 Exchange based email. Before the switch, we had an "in-house" Exchange mail server.
We have about 10 or so domains registered for email delivery.

So here's the problem. Since switching to Office 365 our users are being bombarded with "Somewhat Legitimate" Phishing Emails that try and trick them into providing their logon credentials.
IE> Your account in box is full, click here to fix. Your account will be terminated if you don't click here and login .. and on and on and on.

I've mostly stemmed these by created rules in Mail Flow that block certain words and phrases contained in Subject\Body.

Thats said, any suggestions to better keep these emails out? This issue not nearly as bad when didn't host with Office 365.
0
I'm looking for opinions about setting up DMZ VLANs on switches that are also used for internal networking vs. using separate physical switches for DMZs and internal networks.  Any concerns or benefits you can think of for one over the other.  Assume Cisco equipment.
0
SSL Certificates

Can you explain the process for buying SSL certificates?
The challenges around security?
Where to buy from?

Who should have access?

Any other info would be great
0
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Hi,

I d like to see how good my Wi-Fi is protected so how can I test this and see what would happen when somebody could get connected to my Wi-Fi (what he could see/do)?

That way I could take countermeasures.

J
0
Hi,

I need assistance how I can disable / close network discovery on LAN for Servers and all Clients please.


Regards
Asif
0
Does anyone recommend any good ethical hackers?  I want to ensure that I close any open security issues for my organization and I was thinking of hiring an organization or individual that can provide that service?  

Any reputable recommendations?
0

Cyber Security

563

Solutions

889

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.