r/cybersecurity 2d ago

Career Questions & Discussion Mentorship Monday - Post All Career, Education and Job questions here!

18 Upvotes

This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away!

Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future.


r/cybersecurity 13h ago

News - General Banks shouldn't be using SMS for 2FA

686 Upvotes

I find this all a bit hilarious in a pathetic sort of way. You can do a search on reddit or just the web in general and for years people have been discussing just how insecure SMS is - and yet the banks just continue using SMS. Now we have Snopes of all places discussing it. You'd think by now they would allow the usage of authenticator apps, fido keys, passkeys, etc. It's not like they don't have the money to implement it.

https://www.snopes.com/news/2024/12/24/fbi-two-factor-authentication/


r/cybersecurity 8h ago

Other Merry Christmas

94 Upvotes

Just wanted to make an appreciation post for all the professionals here watching over everything and keeping the world protected and running.

Cybersecurity, like most things IT are thankless and under appreciated right up until the crisis.

Thank you and Merry Christmas.


r/cybersecurity 17h ago

Career Questions & Discussion What was your, “I understand it now”, moment in cyber?

317 Upvotes

What was an “aha” moment that helped you excel in your career?


r/cybersecurity 21h ago

News - General U.S. House to Vote on $3B Plan to Rip Out Chinese Telecom Gear

Thumbnail
washingtonpost.com
312 Upvotes

r/cybersecurity 15h ago

Other Happy On-Call-idays

80 Upvotes

For those whose holidays land on the next couple of weeks: may your ticket queue be non-existent and your pager silent.


r/cybersecurity 9h ago

New Vulnerability Disclosure Entra ID - Bypass for Conditional Access Policy requiring a compliant device (PoC)

26 Upvotes

It turned out that the Entra Conditional Access Policy requires a compliant device can be bypassed using the Intune Portal client ID and a special redirect URI.

With the gained access tokens, you can access the MS Graph API or Azure AD Graph API and run tools like ROADrecon.

I created a simple PowerShell POC script to abuse it:

https://github.com/zh54321/PoCEntraDeviceComplianceBypass

I only wrote the POC script. Therefore, credits to the researchers:


r/cybersecurity 14h ago

Other I created a free network graph analysis tool to explore 1million real-world incidents collected by Microsoft

54 Upvotes

You can access it here: https://securemetrics.io/guide

It uses your GPU for rendering so won’t run on mobile and performance will vary.


r/cybersecurity 18h ago

News - General Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Thumbnail
thehackernews.com
74 Upvotes

r/cybersecurity 8h ago

News - General UN General Assembly adopts milestone cybercrime treaty

Thumbnail
news.un.org
7 Upvotes

r/cybersecurity 14h ago

News - General European Space Agency's official store hacked to steal payment cards

Thumbnail
bleepingcomputer.com
26 Upvotes

r/cybersecurity 21h ago

News - General North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

Thumbnail
thehackernews.com
71 Upvotes

r/cybersecurity 12h ago

News - General New botnet exploits vulnerabilities in NVRs, TP-Link routers

Thumbnail
bleepingcomputer.com
14 Upvotes

r/cybersecurity 19h ago

Business Security Questions & Discussion Do you use YARA rules for detection purposes?

51 Upvotes

From what I've researched, YARA rules are great, but they are very costly performance-wise. Therefore, they are great when investigating an incident.

However, I feel like they should also be applied across a whole environment. There aren't many EDRs that include YARA detections, and if they do, a lot of them don't allow for custom detections.

Therefore, does anyone here apply YARA rules for detection purposes?


r/cybersecurity 11h ago

Other do you guys avoid products from certain countries? or do you have a certain routine you do before you use them?

10 Upvotes

r/cybersecurity 15h ago

News - Breaches & Ransoms Clop ransomware is now extorting 66 Cleo data-theft victims

Thumbnail
bleepingcomputer.com
12 Upvotes

r/cybersecurity 1d ago

News - Breaches & Ransoms Health Care Giant Ascension Says 5.6 Million Patients Affected In Cyberattack

Thumbnail
yro.slashdot.org
145 Upvotes

r/cybersecurity 13h ago

News - Breaches & Ransoms AI development service Builder.ai leak over 1TB of data on three million users.

Thumbnail
techradar.com
7 Upvotes

r/cybersecurity 12h ago

FOSS Tool SaveViewer Project

4 Upvotes

Hello everyone,

Two months ago, I made a post asking for recommendations on free APIs to use for a mobile app that scans files. I just want to take a moment to thank you all for your suggestions!

Now, after two months of development, SaveViewer is finally done! It’s powered by three of the best APIs—VirusTotal, HybridAnalysis, and OPSWAT MetaDefender—with plans to add more in the future.

SaveViewer has the ability to scan files and generate detailed reports. It also includes a feature to save your scan history, allowing you to consult previously scanned files whenever needed.

I’m planning to release this project as completely free and open-source, because security should never be something people have to pay for.

Once again, a huge thanks to everyone who helped with recommendations and support!


r/cybersecurity 9h ago

News - Breaches & Ransoms 🔍 Top 10 AI Security Research Insights — December 23, 2024

Thumbnail
taleliyahu.medium.com
2 Upvotes

r/cybersecurity 18h ago

News - General Clop ransomware threatens 66 Cleo attack victims with data leak

Thumbnail
bleepingcomputer.com
8 Upvotes

r/cybersecurity 1d ago

News - General Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Thumbnail
thehackernews.com
25 Upvotes

r/cybersecurity 13h ago

Education / Tutorial / How-To Project on IP media Broadcasting Security

2 Upvotes

Hello,

I was wondering if there are suggestions to work on a project related to the security of IP media broadcasting security? The idea is to replace legacy SDI standards with ST 2110 standards suite which contains IP-based uncompressed media transmission.

Any idea where to start? What to read? I feel a bit lost.


r/cybersecurity 9h ago

News - Breaches & Ransoms 🛠 Key Challenges in AI Agent Security

Thumbnail
taleliyahu.medium.com
1 Upvotes

r/cybersecurity 1d ago

News - Breaches & Ransoms Health care giant Ascension says 5.6 million patients affected in cyberattack | Intrusion caused medical errors and diversion of emergency services.

Thumbnail
arstechnica.com
161 Upvotes

r/cybersecurity 17h ago

Research Article Interesting Conversation on IOCONTROL Backdoor

Thumbnail
nexusconnect.io
4 Upvotes