cybersecurity

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

cross-posted from: https://infosec.pub/post/8133671

The company said the exposure includes names, dates of birth, insurer details, social security numbers, marital status, civil status, and guarantees open to third-party payment.

Hello everyone,

I hope this post belongs here, otherwise I'll move it to !appsec@infosec.pub.

I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.

I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

Fear them tooth brushes.

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

cross-posted from: https://infosec.pub/post/8070199

No exploitations have been observed in the wild as of yet, according to the company's European site, but owners should scan for indicators of compromise given that the bugs have been publicly known but unpatched for months.

Beyond the obvious step of updating to the latest firmware, Canon is advising its customers to "set a private IP address for the products and create a network environment with a firewall or wired/Wi-Fi router that can restrict network access."

AnyDesk Software GmbH, the German company behind the widely used (and misused) remote desktop application of the same name, has confirmed they’ve been hacked and their production systems have been compromised.

The statement was published on Friday evening and lacks technical details about the breach. The incident is not related to ransomware, they added.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Hi all,

Need to pick your brains for a bit regarding best practices for handling of account recovery issues while traveling.

Premise would be that my phone gets lost or stolen, and I may not have easy access to my laptop either, and being in a foreign country I couldn't easily get a copy of the original SIM to restore via OTP.

Consequently, I also don't really love the idea of using some password manager with a master password and no F2A.

Under those circumstances, what would you consider the best way forward to ensure accessibility without crippling myself in the process?

The only thing I can come up with is a random subdomain on one of my domains, with random username and random password, where I store an encrypted container containing txt-files. Maybe even further obscured with a random cypher (all numbers / letters shifted x positions to the right or something).

But there's gotta be other use-cases out there, so I was wondering what you are using?

Ideally something that doesn't involve another person.

Thanks!

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

Does your choice of configuration management tool (Ansible, SALT, Puppet, Chef, etc) control tier 0 assets? (Authentication/directory servers, network equipment, etc)

Do you consider your CM tool tier 0?

If so, do you only allow access to it via privileged access workstations?

Would you use GIT for the code repository?

What about if the GIT repo was local and also controlled as a tier 0?

What does your CM setup look like?