|
FungiCap posted:Soooo is everyone else seeing a massive increase in QR code phishing for o365 logins? Yes.
|
#
?
Sep 21, 2023 19:46
|
|
|
|
| # ? May 24, 2024 19:43 |
|
|
Yup. Only a matter of time before things like Defender ATP are going to have to start following QR codes
|
|
#
?
Sep 21, 2023 20:00
|
|
|
FungiCap posted:Soooo is everyone else seeing a massive increase in QR code phishing for o365 logins? Yep there are a few distinct campaigns constantly hitting us. Good times.
|
|
#
?
Sep 21, 2023 20:03
|
|
|
Thanks Ants posted:Yup. Only a matter of time before things like Defender ATP are going to have to start following QR codes Does this not happen now? I know they are scanned when they are reported.
|
|
#
?
Sep 21, 2023 20:05
|
|
|
I just assumed they weren't because of the amount that are getting through Edit: You're right, they claim to scan QR codes https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide
|
|
#
?
Sep 21, 2023 20:07
|
|
|
MustardFacial posted:Anybody know of any good guides or info I can read about hardening Linux for PCI-DSS? I'm being included into a team to talk about it and while I'm not in charge for this group, I would at least like to have a general idea of which direction we should be going. https://static.open-scap.org/ssg-guides/ssg-rhel8-guide-pci-dss.html openscap will generate reports and remediation scripts for you RHEL 9 and PCI 4.0 not yet published last I checked That being said it’s not perfect and you can do the same exercise with openscap against CIS or DISA STIG
|
|
#
?
Sep 21, 2023 20:34
|
|
|
Thanks Ants posted:I just assumed they weren't because of the amount that are getting through Most of what we see are QR codes stuck in images which probably breaks the parsing.
|
|
#
?
Sep 21, 2023 20:38
|
|
|
You'll just end up with QR codes inserted into PDF attachments and people will grab their phone and scan it anyway because of course a password expiration notice would be sent as a PDF.
|
|
#
?
Sep 21, 2023 22:08
|
|
|
Can anybody recommend some decent resources for getting up to speed with the CISSP? There's so much noise for this cert, I'm not sure what is going to be most effective. Free is best until I can sucker work into paying.
|
|
#
?
Sep 21, 2023 22:17
|
|
|
Cannon_Fodder posted:Can anybody recommend some decent resources for getting up to speed with the CISSP? There's so much noise for this cert, I'm not sure what is going to be most effective. Free is best until I can sucker work into paying. Most comprehensive is still prolly https://www.sunflower-cissp.com
|
|
#
?
Sep 21, 2023 22:44
|
|
|
SABSA training day 4: This is some kind of cult for matrix fetishists, right?
|
|
#
?
Sep 22, 2023 00:47
|
|
|
https://twitter.com/LasVegasLocally/status/1704986596439941601 Lol, lmao even
|
|
#
?
Sep 22, 2023 02:32
|
|
|
I think I understand the issues that got them hacked.
|
|
#
?
Sep 22, 2023 02:35
|
|
|
AlternateAccount posted:Most comprehensive is still prolly https://www.sunflower-cissp.com I'll take a peek. Thank you!
|
|
#
?
Sep 22, 2023 02:36
|
|
|
At least they're willing to let you work for 7 days total! Also is it legal to require someone to be a US Citizen to work in a job like this?
|
|
#
?
Sep 22, 2023 02:38
|
|
|
10x7x110x52=400,400? I guess if you never need time to idk buy food, do laundry, or live a life it's not bad. Also lol for a red hat system administrator. Not even a system architect or security professional. Like the RHCSE is "can you install some packages? How do you disable selinux? Setup Kerberos". It's a baby Linux cert. These knobs want to rebuild an entire org this way lol Edit: just noticed the dates. Lol only a few weeks. Super-NintendoUser fucked around with this message at 03:05 on Sep 22, 2023 |
|
#
?
Sep 22, 2023 02:50
|
|
|
Also the job body says $100/hr, not $110. Do they pay you in slot machine vouchers that can only be cashed in when the job is done?
|
|
#
?
Sep 22, 2023 03:26
|
|
|
I Sensibly Chuckle every time I see one of their sports gambling commercials run during NFL games 
|
|
#
?
Sep 22, 2023 03:47
|
|
|
Super-NintendoUser posted:
I mean 14,700 for three weeks of hell(after 30% taxes).... If I was in my mid twenties I think I'd do it if I could negotiate a room at the mgm grand during those three weeks. factor in 2k for food and 10k for three weeks at that period of my life would have been pretty dope, and I'd have the energy to not give a drat about more or less sleep. Defenestrategy fucked around with this message at 04:01 on Sep 22, 2023 |
|
#
?
Sep 22, 2023 03:59
|
|
|
$100/hr is insulting for contractor pay. Try $500/hr, minimum.
|
|
#
?
Sep 22, 2023 05:30
|
|
|
They want an experienced Linux engineer who is also proficient with automation tools, securing the stack and doing all that while playing support at the same time. I don’t have all of those skills but if I did, I would demand probably 10 times that in this situation under those circumstances, with a bonus payout if by some loving miracle I pulled it off by October 15. When accepting I would be assuming from the very start that I’d be walking into a blazing dumpster fire primed for miserable failure. If they’re just throwing Hail Marys fishing for 1099s to bail their asses out while losing millions a day, lmao. It’s got to be a joke listing. They have to be taking out a multi million dollar contract for an team of experts to come in right? People are dumb, but that dumb?
|
|
#
?
Sep 22, 2023 06:16
|
|
|
Absurd Alhazred posted:At least they're willing to let you work for 7 days total! 1099 so they’re safe iirc not actually an employee checkmate labor laws
|
|
#
?
Sep 22, 2023 06:53
|
|
|
The company specifies exactly when, where and how you're supposed to do the work, and you're paid based on hours spent, but you're totally a contractor bro trust us.
|
|
#
?
Sep 22, 2023 08:18
|
|
|
It might be cheaper to buy another casino chain and move everything into their environment
|
|
#
?
Sep 22, 2023 09:13
|
|
|
Nice of them to rapidly spin up a new environment for the APT to play in. Bootstrapping an entire business network in seven days is surely enough time to do it to all regulatory requirements and security best practices, right? 
|
|
#
?
Sep 22, 2023 11:27
|
|
|
And surely, with that amount of time and favourable conditions, no bad actor would take the job and intentionally make a few backdoors for later.
|
|
#
?
Sep 22, 2023 12:23
|
|
|
"Oh wow, your resume shows that by sheer coincidence you already have intimate familiarity with our entire software stack, that's handy!!"
|
|
#
?
Sep 22, 2023 12:25
|
|
|
Cup Runneth Over posted:$100/hr is insulting for contractor pay.
|
|
#
?
Sep 22, 2023 12:36
|
|
|
|
|
#
?
Sep 22, 2023 13:21
|
|
|
The best part of my SABSA course is all that I'm looking at the attendance list and see email addresses from huge companies, government agencies, and banks, and everyone is just going on about everything that's wrong at their company, how nothing is architected properly, everything is broken, no one knows what exists on the network, etc. I mean we all know it but like maybe exercise some judgment in public 
|
|
#
?
Sep 22, 2023 13:30
|
|
|
some kinda jackal posted:The best part of my SABSA course is all that I'm looking at the attendance list and see email addresses from huge companies, government agencies, and banks, and everyone is just going on about everything that's wrong at their company, how nothing is architected properly, everything is broken, no one knows what exists on the network, etc.
|
|
#
?
Sep 22, 2023 13:59
|
|
|
Apologies if this has been discussed in last few hundred pages. What is the current recommendation for an 'enterprise' password manager? This is to be used across a multi-national IT team. I have previously used ManageEngine but it was a bit flakey.
|
|
#
?
Sep 22, 2023 14:24
|
|
|
evil_bunnY posted:It's the same everywhere and there's no shame in venting to your peers if you're not specific. Nah I get it, I guess I'm always paranoid because I have no deep understanding of whether my new found peers are cool computer janitors or big snitches. There's at least one person in this class from an org with whom we have a massive multi million dollar project with and I'm keeping my mouth shut AF because I have no idea if this guy shows up in my Teams feed in two weeks and is like "uh yeah so about that thing you said..." Based on the dynamic of the players in the room as they relate to the Canadian financial industry I'm just saying I'd probably be making less sweeping statements about state of things, unless these guys are all having beers after work on the reg already. BUT that's just me 
|
|
#
?
Sep 22, 2023 14:25
|
|
|
the people in the class probably don't give a poo poo if the company's bad decisions cost it a contract. not their problem. the only way it is their problem is if the information is directly tied to them, but in the absence of a written record that's not so much a live concern
|
|
#
?
Sep 22, 2023 15:39
|
|
|
I think it's a huge plus that people are actually willing to discuss how their security is poo poo in a reasonably confidential setting like that. Obviously not specific enough for attacks, but just getting the problems out there to discuss. My company (ISMS software vendor with consultancy) attempts to set up network meetings among clients, and we know that they have the same issues (like not having ownership for anything), but no one is willing to say it. But when we finally get one or two to talk, it usually turns into a good brainstorming/networking/experience sharing kind of thing that seems to help everyone involved. In my opinion, security guys aren't really in competition as such, so keeping everything secret to your peers is rarely necessary and often pointless and detrimental.
|
|
#
?
Sep 22, 2023 17:26
|
|
|
I remember when I was starting my career some infosec team had a "room" in the facility that only they could enter. They joked proudly about how I (desktop support guy) could not enter the room or even know what was in the room. I at the time thought this was a very serious thing. Looking back, these people were turds who got paid a lot of money to do nothing. There was nothing interesting at all happening in that room because these were people not intelligent enough to be doing anything interesting. Infosec was just a good ol boys club that was purposely not being inclusive because they were terrified of more people knowing they were useless. Secrecy in infosec use to be the norm even to its own detriment decades ago.
|
|
#
?
Sep 22, 2023 17:47
|
|
|
Did they like to think it was the equivalent of the MTAC room in NCIS
|
|
#
?
Sep 22, 2023 18:31
|
|
|
I feel like I'm putting my foot in my mouth if I disagree, because I actually don't. As long as you trust this information to stay within the parties involved in training then great, yeah, no problem. If the gov guy has a watercooler talk with his exec about how training went and unintentionally he's like "ha ha yeah it was great, there were a bunch of our banks in there and everyone mentioned they have problems with XYZ core competency" I wouldn't rule out that an offhand innocent comment sparks some other discussion that leads to a discussion with compliance that leads to bla bla bla. Or it could lead to nothing at all. I'm making up a stupid example because I'm pressed for time but I think you get my meaning. It could also be about the relationship dynamics you know exist. There was at least one company in there I know our org has a fairly .. what I'd call adverserial ... working relationship with, so I certainly volunteered zero unnecessary information, even though my peer in their group was absolutely personable and we got along just fine. I guess my initial jokey comment was coloured by the fact that I don't know any of these people well enough to gauge their confidentiality or intentions and I just erred on the side of caution. It's hard to be objective about these things sometimes, so if that's not everyone's personal risk tolerance then I am 100% ok with being painted as the thread paranoid weirdo and move on
|
|
#
?
Sep 22, 2023 18:39
|
|
|
I think, for some reason, the whole field has a thing about confidentiality being super important, and a lot of people, either because they are new, self important or just not questioning the culture, keep quiet about stuff. It doesn't help that 90% of problems are actually pretty embarrassing. My impression is that a very small amount of companies actually have their poo poo together enough to figure out if log4j affects them, what it affects and who needs to fix it without sending emails to half the company.
|
|
#
?
Sep 22, 2023 19:13
|
|
|
|
| # ? May 24, 2024 19:43 |
|
|
Sickening posted:I remember when I was starting my career some infosec team had a "room" in the facility that only they could enter. They joked proudly about how I (desktop support guy) could not enter the room or even know what was in the room. I at the time thought this was a very serious thing. We have this in my office and there is nothing interesting happening in there. We have to have it by some government regulation that requires certain cui and equipment be held in a limited access controlled room in a safe. It used to be my nap room/extra IT storage room until the security team stole it from me. edit: Now that I'm thinking about it, I have a story about inept infosec people. Before my bosses got fed up with how useless the prior security team was and decided to fire them all and replace them with some smart people and myself, they used that room. Their ONLY job WRT that room, was to remember the combination to the safe and let people into it when they needed to do work with it. No poo poo two weeks later they forgot the combination, which led to the company having to fly in a specialized locksmith to haul this 1,000 pound 20 floors down and out to the loading dock so they could drill into the safe and reset the locking mechanism, and yours truly had to hang out with them on a saturday to make sure no documents and other poo poo in that safe went missing. I think this actually lead directly to me getting the nod to get on the brand new infosecurity team after they fired the three dudes. Defenestrategy fucked around with this message at 19:27 on Sep 22, 2023 |
|
#
?
Sep 22, 2023 19:22
|
|