Search the Community

Budget (including currency): $1,000 to $1,500 Country: United States Games, programs or workloads that it will be used for: Primarily for cybersecurity work but possibly some casual gaming (Skyrim/Elder Scrolls 6 if it's ever released/Football Manager/city-building games) Other details (existing parts lists, whether any peripherals are needed, what you're upgrading from, when you're going to buy, what resolution and refresh rate you want to play at, etc): Currently have an older (2014) desktop from ThermalTake that simply does not cut it for much more than web browsing and some gaming. Processor is only an AMD A10-7700K APU with Radeon(TM) R7 Graphics. I'm going to be starting a cybersecurity program in the new year and need to upgrade. I won't need a mouse or keyboard and have a serviceable (aka older and widescreen), gigantic Samsung monitor but looking to add on another as well. I'd ideally like to keep the budget close to $1,000 but I know that might be difficult and if payment plans are available, wouldn't mind spending a little extra there.

Summary GEICO the second largest auto insurer in the united states, recently announced a third party data leak that has effected its 40,000 employees. The company notified employees that the MOVEit system was compromised "outside of GEICO's internal systems". GEICO uses MOVEit to send data via API to Delta Dental, Cinigia, and many other companies for employee benefits. Several employees have come forward saying that personal information such as Social Security Numbers, Address, Phone, Email, and Address have been found from credit searches on the Dark Web. Several individuals in the r/geico subreddit have claimed that GEICO neglected to protect the data in transit. The company has advised employees to freeze credit. Quotes My thoughts This raises several questions about data security in the industry. Does this matter? In todays age 1 in 4 people will have some kind of identity theft happen. Is it reasonable to assume that all data is already compromised, if so should a company be held responsible at all? Is a company responsible for ensuring the partners they share data with are following proper security standards? Should GEICO be held responsible for sharing employee data with a company not following proper standards? What rights/say should employees have when it comes to who a company shares data with? If a data is compromised in anyway, should employees be able to sue an employer for compensation? Lets talk about the complexity for an individual maintaining their data, GEICO employees need to go through three different credit monitoring services and freeze accounts, what about SSN and other information. Who is responsible for ensuring that individuals have the tools to protect their own data. Sources r/GEICO reddit Current GEICO Employees Experian Monitoring Report

Hi Question is the same as the title. I don't know a lot about this area, and all the purchase options look really sketchy. Should I even be purchasing them? Can I make my own or would that require some hardware or other service to run in the background (aka a server)? Purpose is for government contracting. Thanks

When I was searching for a file in my documents, I came across a file with .RDP extension. I searched through the web and came to know it was remote desktop protocol. I do not know how to create a RDP file. I later ran a full system scan in Malwarebytes (free version) and there were no threats detected. Should I be worried that someone else is accessing my laptop remotely? What steps should I take to remove the threat (if any).

Hi, I am in need of suggestions for a Laptop for Work - Coding, Running VMs, Pen Testing. I am searching for Laptop because I need to be able to travel with it. I also need it for Media consumption.

I have a norton vpn and whenever I use it omegle says, "error connecting to servers" and it doesn't work. I set the region to America where I know it is not banned. It only works if I turn off my vpn, I made sure to clear cookies and browser data and it didn't work with the vpn. How can I fix this?

Hey, Going back to the Cyber Security Scene of 2012-2015(A refreshing trip down memory lane, ain't it?), SMS Spoofing Was a popular choice of attackers, mostly through the Social Engineering Toolkit(SET). So, what happened that it is now deemed as "no longer possible" or "we don't do that here, kid" thing? Thanks For Reading.

I've been hosting my own Nextcloud for years now and the only person who ever actually got auto-banned was myself on accident a few times, but I've gotten three of these messages from my server just in the past week. Everything seems to be holding up just fine; no unusual login activity in Nextcloud, no strange activity in any of my logs, etc. I cranked up the bantime to multiple days because I figure if it's an accidental ban, it literally takes me 10 seconds to go remove it, but if it's somebody who needs to be banned, I want them to get tired of waiting and move on. Wonder why they decided to start picking on me all of a sudden.

Hi everyone, so I have just finished High School and Have managed to land a job as a Junior IT Tech. The company that I will be working with, will allow be to get a whole list of qualifications in networking and many others. At the same time, I will be studying part time to get my Diploma in IT. My end goal with all this is to finally make the leap to Cybersecurity analyst a couple of years down the track. What else will I need to make the jump to Cybersecurity analyst?

Hi all! I'm trying to find out some information pertaining to companies that provide top of the line cybersecurity to online businesses that are based both in and outside of the US. I am based in the Caribbean and there aren't much if any IT companies that provide this feature. I hope someone can help.

US government suspects that Kaspersky Lab is having ties to the Russian government cnet Looks like reality, because when you have 2 ways: or you working with government or you working against it, usually it's only one right choice here I was using Kaspersky, but now only Windows Defender. Looks like it may be banned in the US soon.

Sources: Ars Technica, Reuters, BSI (Germany) The WaPo article reporting the same events is here It adds additional details about the role Kaspersky AV reportedly played in identifying the NSA material the employee stored on his home computer. In a statement, Kaspersky Lab officials wrote: This is a bit concerning. I've used Kaspersky AVs since college when my PC got infected by a nasty worm that hid all my essential files and replaced them with shortcuts and stupid Microsoft Security Essentials wasn't able to detect and remove it so I downloaded a 30-day trial of Kaspersky Internet Security and it detected the nasty worm and I was able to recover my files and from that day on, I've been a customer and I even installed it to my parents' PC at home. While I don't think home users have little to worry about, it is what the alleged spying it does. Until the US Senate hearing ensues, I'd still give them the benefit of the doubt unless the code inspection by US CERT and NIST found something deplorable. Founder and CEO Eugene Kaspersky responded to the allegations in his personal blog saying: I don't know if I'm buying Kaspersky's response there. But the crazy thing is that Israeli hackers penetrated inside Kaspersky Lab's own network and remain undetected for months just to know the shenanigans of the NSA but only to see that allegedly, Kaspersky is working hand in hand with the Russian intelligence. It does raise a lot of concerns but the caveat is that a lot of these evidences proffered against Kaspersky are unknown sources. I think Kaspersky is caught in the middle of a modern day cold war but doubts on cyber espionage cannot be ruled out until the 25th of October when Eugene Kaspersky himself will testify on the US Senate. In their company website, they explained how they work and how their cloud services protect user privacy which you can read here and here.. You be the judge. I'll just wait here as the story unfolds. Although reading their privacy statement on their cloud protection service, I kinda wish Microsoft would finally allow full disabling of telemetry in Windows 10. Maybe they'll finally add it in their Spring Creators Update? UPDATE: There was an Ars Technica article at the moment about how allegedly Kaspersky modified their AV to be used by Russian intelligence to steal NSA secrets. In the latest Reuters article, Germany's BSI federal cyber agency said that the malicious accusations to Kaspersky Lab have no evidence that the Russian government used Kaspersky Lab AV to spy US authorities. Here's the original press release from Germany BSI in the original German language. Any German member in LTT can translate it correctly: Is Google Translate correct in translating? I hope so. But I want to know on what grounds or how did the German BSI investigated and found nothing. If Germany is correct, then all of the allegations to Kaspersky Lab and Eugene Kaspersky is basically oral defamation due to geopolitical conflicts. I wish other intelligence agencies from other countries to come to prove or disprove the allegations.

Source: Reuters HOT OFF THE PRESS I therefore conclude that 2017 is the year of cybersecurity woes. Either you're an owner of an SME or a big enterprise or just a home user, I get why many people got concerned and why is this just being discussed now in 2017 when the sophisticated hacking happened in 2013. I doubt it. To execute a potential sponsored attack on Microsoft and not use it to breach other Windows PCs immediately? I call BS. Anyone remember the Eternal Blue and Eternal Romance exploits used by WannaCry and Petya ransomware which where part of NSA's playbook that was later dumped in Github? After WannaCry, Microsoft President Brad Smith compared the NSA’s loss to the “the U.S. military having some of its Tomahawk missiles stolen,” and cited “the damage to civilians that comes from hoarding these vulnerabilities.” (Reuters) Now, not only Microsoft was the one hacked. Back in 2015, Mozilla corporation was also hacked. I got to commend Mozilla for informing the public that they got compromised and told their users how to protect themselves. Microsoft on the other hand waited for years even though they patched their own system months after the 2013 hack. Also in the Reuters article, both Facebook and Apple also got their systems compromised. I think this is potentially a state sponsored APT based hack. But it definitely refutes the notion that Macs are immune to malware. I think there's more to the story more than meets the eye and it will continue to unfold as the days go by. People interested are very much invited to read the Reuters exclusive report.

So im in a cybersecurity student, aspiring penetration tester and all that stuff. I have 2 important questions. First, I've gotten alot of mixed answers on this one, but what would you all consider the most important coding language for someone in my field to study to pick up? Second, and this is abit of an afterthought, security and ccna certs aside, what are some certs, or other fields of study to look into to benefit me?

I've been a sub to LTT for a while, but I'm new to the forums. I wanted to start off doing a thread about Cybersecurity war stories. Post any and all interesting stories related to Cybersecurity that you've experienced or heard from friends/colleges. (Let me know if this isn't the right place for this post)

I don't really know which topic this goes into but if mods think this does not belong here,please move it to the appropriate section. So today on the train station, 2 guys came and asked my Phone Number for a survey and being naïve I gave it to them. Immediately a code came in the SMS bin and then they typed the code in some app. They said a credit code would come for an online payment app (If you guys want the name then I am happy to specify) even after saying I don't use it. Shortly after an SMS came in with a link. Basically the SMS read you've completed your Rap Song this is the link (didn't click it) share it with your friends. I've been on the internet for a long time and know about phishing links and stuff. This mobile phone doesn't have anything sensitive on it but it is connected to my Google Pasword Save thing. I know the website is not legit since I couldn't dig up anything about it. However in the process, I accidentally accesed the main website (not the link, typed the website name and .com) for 2 seconds. I saw the tab description and it read "Crush Rap". My questions are : 1) How much danger am I in knowing that they have my mobile no.? 2) Since I visitsd the base website not the link, is it still enough to screw me over (if website is required I will post it here). 3) A good and free Virus Lab to get the Link Checked. If the screenshot of the SMS is Required I can post it here just ask for it Hopefully I can get an answer and late scowl over myself fir my own stupidity Thanks In Advance

I'm Struggling to decide I'm going into my 3rd year of computer security course and For my 3rd year I will be studying the fallowing modules, I need a laptop that will do the trick, I'm super leaniant for macbook 16 inch, with 32gb of ram, 1tb ssd. and 8gb of graphics. But what I don't know will it be value for my money I don't want to spend £3200 if I won't use the full pottential of the machine, I do own a desktop what is quite aged running 6700k skylake. I need a laptop so I can be mobile and do my work like my upcoming project and some other courses that will require me to use vm Kali. I own currectly a XPS 15 9th Gen, what am just not feeling it I have manjaro linux instaleld on it and there's to much fuss with batterylife and incompatability for certain stuff. I have never owned a mac to keep to learning a new OS, but will it be worth my money. or maybe should I get a 13 inch? Any guidance and stats be welcomed. Project Ethical Hacking Network Forensics Network Defence Applied Cryptography

Hi guys, While I'm browsing the web and searching some tech stuff news and innovation, this topic pops up first. A Youtube Video link from Microsoft talking about Azure Sphere. For those who are new about Azure, here's a brief introduction about it. According to Wikipedia: "Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) and supports many different programming languages, tools and frameworks, including both Microsoft-specific and third-party software and systems." Imagine like different types of companies connected, monitored and managed into a single core company. Helping each other for improving stability, performance, quality of service and security. but how about the addition of sphere in azure??? This time, this is what catch my attention even further. based on my understanding (sorry if some parts of my elaboration is mismatch if there are some) Microsoft's Azure Sphere aims to improve security from the chip up (which includes cloud systems, operating systems and the like). Building an updated end-to-end microcontroller and infrastructure for improving security especially for our fast pace development of IoT devices. A system to eliminate cybersecurity flaws and secure gadgets from hacks and threats. >>> Sorry, I can't build a comprehensive discussion about it. You're welcome to add or update about Microsoft's Azure Sphere. >>> Recommended to visit the sites that I placed in the REFERENCES section of this blog >>> Sorry again. I'll do my best to improve my post next time I post or create a new topic. REFERENCES: YOUTUBE LINKS: posted by Microsoft posted by Pureinfotech MICROSOFT AZURE SPHERE PAGE: https://www.microsoft.com/en-us/azure-sphere/ posted by Microsoft BLOG POST: https://azure.microsoft.com/en-us/blog/introducing-microsoft-azure-sphere-secure-and-power-the-intelligent-edge/ posted by Microsoft's blog page

Which specs should my laptop have that can fulfill my requirements? I am about to start Computer Science Engineering with specialization in cybersecurity. I need the laptop for college purposes as well as for external courses and internships. Also, it should be able to work for like 3-4 years without any problem after so much usage. Any suggestions for which laptop I should use are welcome.

Hello, My intention is to make it secure from the basic instruments to manipulate Wifi and do a mitm attack. I can just host a wifi the same name as an airport or hotel and a lot of people devices connects to my wifi directly without notice to the user. But using a special character that needs a license or at least an authorization for use to set as an ssid will make it immune to anyone with a cellphone. Would love if you can post this idea so the ieee responds with their action. I don't want fame or a patent. But a secure world is all I claim

https://www.newsbtc.com/2018/02/15/hackers-coinhoarder-steal-more-than-50-million-in-cryptocurrencies-using-google-ads/ Cisco's Talos Intelligence Group uncovered a team of hackers based out of Ukraine, who dubbed themselves CoinHoarder, using Google AdWords to lure people into malicious mirrors of popular wallet holder sites like blockchain.info. This highlights an important weakness of the Google AdWords service, that can be abused for other things in the future like sending people to fake bank or government sites. More than $50m (accounting for the appreciation of these cryptos since they were stolen) was taken from legitimate users, especially from countries that are not up to date in cybersecurity, they smartly targeted people who are less likely to know a scam site from a legit site. There is no mention of whether the members of this hacker group have been aprehended, or whether Google is going to change its AdWords service in any way. I'll update this if I find any more info.

Kaspersky Lab has apparently been hacked. The breach was first detected in early spring. Kaspersky says that the attackers accessed files but the files were not critical. The malware does not write to any disk, but rather the computer's memory. The hack consisted of 3 previously unknown techniques and is one of the most sophisticated hacks ever. I am personally curious as to the source of attack. The funding for such an attack must have been incredible. Sources: http://www.bbc.com/news/technology-33083050 https://blog.kaspersky.co.uk/kaspersky-statement-duqu-attack/

Image Source: http://www.ibtimes.com/house-expected-pass-cybersecurity-bill-indemnifying-companies-share-breach-data-1892534 Source:http://www.wired.com/2015/04/house-passes-cybersecurity-bill-despite-privacy-protests/ Source 2: http://www.engadget.com/2015/04/23/house-passes-protecting-cyber-networks-act/ Source 3: http://www.ibtimes.com/house-expected-pass-cybersecurity-bill-indemnifying-companies-share-breach-data-1892534 Video source: My opinion: So in my opinion these kind of things dont improve cybersecurity in anyway at all, actually the opposite they create more holes and spreads information in such way that its impossible to tell that data that has been collected is actually in "safe" hands. And it will be impossible to tell what the data that has been collected is and whats it used for, USA government has no transparency in these things and they make "cybersecurity" bills like these two bills that were approved in a way that its actually impossible to who has responsibility to keep the data secure, well it actually seems like nobody has responsibility to keep data that is collected "safe". These bills are just more nail on privacy coffin. Also i am going to point out how "funny" it is that these bills were approved just before release of Windows 10... *looks around... puts on a tinfoil hat*

Hi people of the LTT Form. I use Mega's sync app on my Windows PC to keep a cloud backup of all my important files [Mostly photos]. I was curious to know that if my PC gets infected by a ransomware will it effect the files on the cloud. Also I use Windows in built backup feature and back up to a local disk