Advanced Persistent Threats: Understanding the Characteristics, Tactics, and Strategies for Prevention and Mitigation in Today's Cyber Landscape

A detailed read on Cyber security in today's digital landscape. Happy Sunday everyone!

Advanced Persistent Threats (APTs) are a type of cyber attack that is specifically targeted at organizations or individuals to steal sensitive information or disrupt operations. These attacks are carried out by highly skilled and organized hackers who use sophisticated techniques to gain access to networks and systems. In this paper, we will discuss APTs in detail, including their…

View On WordPress

7 tips for preventing pernicious password-based breaches - CyberTalk

New Post has been published on https://thedigitalinsider.com/7-tips-for-preventing-pernicious-password-based-breaches-cybertalk/

7 tips for preventing pernicious password-based breaches - CyberTalk

EXECUTIVE SUMMARY:

Remember the infamous 2021 SolarWinds supply chain attack? Cyber criminals were able to coordinate the attack because an intern rendered the password ‘solarwinds123’ publicly accessible via a GitHub repository, in 2018. While this led to an extreme business compromise situation, SolarWinds is not the only organization that’s ever struggled with password management…

World Password Day is celebrated on the first Thursday in May and serves as an annual reminder to reevaluate and upgrade organizational password security.

In fact, research shows that eighty-one percent of corporate data breaches occur due to poor password management — an avoidable problem that can cost an organization as much or more than $4.35 million, which is the average cost of a data breach.

Despite the seeming triviality of passwords, as evidenced by the SolarWinds episode, it can prove exceedingly difficult for organizations to recover – financially and reputationally – from password-based breaches. In this article, brush up on best practices for preventing serious incidents that start with a password.

7 tips for preventing password-based breaches

1. Leverage strong password requirements. Although no password is ever entirely hack-proof, longer passwords are challenging for cyber criminals to guess, decipher or otherwise exploit.

Require a minimum number of password characters, a mix of upper and lower case letters, numbers and special characters. In addition, due to the nature of cyber criminal tactics, consider disallowing the use of dictionary words, common phrases and personal information within passwords.

2. Enable multi-factor authentication (MFA). In the event that a password or multiple passwords are compromised, multi-factor authentication (MFA) provides an extra layer of security. MFA should be applied for all user accounts and critical systems.

One factor in the MFA model is typically a standard password – something that the employee knows. While another factor, like a code received via text, is generally something that the employee has. Biometrics can theoretically represent yet another factor, however, experts advise against widely applying biometric authentication mechanisms for security purposes.

3.“Hashing” and “salting” passwords. These protocols are recommended by the National Institute of Standards and Technology (NIST). In case the terms are unfamiliar, NIST defines a hash as “a function that maps a bit string of arbitrary length to a fixed-length bit string”. In other words, the practice of hashing effectively scrambles the password characters in a way that ensures that a database never exposes a list of plain text passwords to cyber criminals. Salting involves adding supplementary data to passwords ahead of hashing, rendering stored passwords particularly challenging to exploit.

4. Educate and empower employees. Ensure that your organization’s employees are aware of common phishing tactics used to gain passwords. Emphasize that hackers commonly pose as trustworthy parties and/or may send users malicious webpages through which to input credentials. When it comes to employee education, review a variety of plausible scenarios through which cyber criminals may attempt to pinch passwords. Empower employees to protect their credentials.

5. Leverage a lockout mechanisms. NIST suggests locking a user out of password protected accounts in the event that an incorrect password has been input multiple consecutive times. NIST says that no more than 100 login attempts should be permitted. Many organizations opt to lock accounts after three to five incorrect login attempts.

6. Apply the principle of least privilege. Provide employees with the privileges that they require in order to effectively complete job requirements. Avoid providing employees with superfluous permissions. This way, in the event of account compromise, the damage will likely be limited.

7. Respond to suspicious activity. Set up alerts that can provide your team with information about suspicious activities, such as a substantive series of failed login attempts from unfamiliar locations. Ensure that your team investigates and responds to these alerts, as this will help prevent potential breaches.

For more password security insights, please see CyberTalk.org’s past coverage. To receive inspiring cyber security insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Explore the world of employee education programs and their pivotal role in enhancing your workforce's knowledge and skills. Empower your team with ongoing learning opportunities.

Firewall Friday: Network Security - Protecting Your Network from Threats

Welcome to Firewall Friday, where we dive into the exciting world of network security with a touch of humor and relatable analogies. In this edition, we’ll explore the importance of network security and how firewalls act as the guardians of your network, protecting it from potential threats. Get ready to embark on a hilarious and informative journey as we use common analogies, playful emojis, and…

View On WordPress

[📚🏈]

oh i know teacher!au!bucky loves the fuck outta tim walz and his vibes.

as an educator, as someone who's voted democrat ever since becoming politically engaged despite his home state being largely rural and mostly leaning republican, as a fellow football coach, as a gay man who was once an athletic gay teenager who felt adrift in school and needed guidance + acceptance...

like they're based in illinois now, but he'd maybe drag gale for a weekend trip up home to manitowoc if there's news of a walz rally in wisconsin, as a battleground state.

I just met the rarest type of person on earth- a best buy employee who helped me without trying to sell me stuff that I didn't need.

Rep. Alexandria Ocasio-Cortez said the story of civil rights icon Rosa Parks was "too woke" for the Republican party during an impassioned speech from the House floor on Thursday.

The New York Democrat was speaking out against the Parents Bill of Rights Act, which House Republicans are expected to pass on Friday. The education oversight bill seeks to give parents more of a say in education, and would require public schools to make materials like curriculum and library books available online, as well as the school budget.

"But before they claim that this is not about banning books and not about harming the LGBT community, let's just look at the impacts of similar Republican legislation that has already passed on the state level. Look at these books that have already been banned due to Republican measures," Ocasio-Cortez said before holding up several books.

"'The Life of Rosa Parks' — this apparently is too woke by the Republican Party," she said, referencing a book by Kathleen Connors.

The book, which tells the story of Parks, a Black woman who refused to give up her seat to a white person, was among 176 titles banned in Florida's Duval County, according to the nonprofit PEN America. The Duval County Public Schools district at the time said the books on the list had not been banned but were under review.

In another incident, a textbook publisher used in Florida schools removed references to Parks's race in a draft lesson plan in an effort to comply with the state's Stop WOKE Act, legislation pushed by Florida Gov. Ron DeSantis that limits instruction related to race and gender in schools. The Florida Department of Education later said the publisher was wrong to remove mention of Parks's race.

Screaming at the gmmtv 7 eleven employee telling them to also buy lube

Fuck Landlords

Today, I started sharpening my proverbial knives for this winter's Devouring of the Landlord. Here is the snipped text from an email I got from her today in response to a request that they assist me with a foul smell emanating from a wall in my apartment.

Since the snip is so small, I'll copy/paste what the bitch wrote when I told her that there is a horrifyingly vile stench of death in a closet/in a wall that is between my downstairs closet, and my computer room. A smell that is so pervasive, it has even begun to stink upstairs now that it has been almost a week we've been waiting for this to be dealt with (this is a closet under the stairwell).

"We had a maintenance tech and our pest control vendor come over earlier to look at and identify the smell.  They said they noticed a smell but it was not strong.  The pest control vendor said it did not smell like an animal and he did not see any animal droppings.  He was concerned that it may be a pet going to the bathroom in the closet?  Is there anything that could have spoiled that is in a box or around the closet?  Perhaps some cleaning out may help? He will come back in a couple of days and if it has not gone away can go in and open the wall.  We reached out to the resident in the unit below and they are alive.  So there are no dead bodies in the building. Please let me know if the smell continues."

So, when I complain that there is probably a dead squirrel in the wall in my apartment (and intimated they might want to do a quick wellness check on my elderly neighbor downstairs just to be safe, because you never know)... they send pest control who says 'nope, no pests here!'...which I already knew, because I didn't need pest control. Then, either the landlord is lying to me about what pest control said, or he seems to think my cats have human hands that can twist round doorknobs, and they are using their ~magical human hands~ to sneak into my closet to take massive, invisible shits, then they are leaving the closet and closing the door behind them. She is implying that it is my fault and I must just...be living in filth? Except...what pest control person thinks that feces and urine smell like death? And I doubt that anyone said 'the smell wasn't strong', because the first maintenance person to show up today immediately noted that it smelled like death/rot, and even mentioned they'd probably have to open the wall up to access it!

So the bitch lies to me, gaslights me, and then insinuates I must let what are effectively my children shit in the floor, and that's clearly the source of the stench. Except, I know my rights, and I wrote her about 4 paragraphs back about how I know my rights, how what she did is gaslighting and inappropriate and incredibly condescending... and in as kind a way as is possible, made it clear that I'm willing to make this a long, ugly fight she's not going to win. I grew up in the Southeastern U.S. - I will smile bright, call you hon, and the venom you never see will still melt the flesh from your bones, so I think she got my point. She is bound by law to deal with this issue, especially as it could be a health hazard - and it's real funny how her tune changed completely in her responding email, upon having me point out how I would also be making sure to hold onto her condescending and wildly inappropriate email here that blames me and condescends to me (especially as she is not the first member of management to try and step to me), for when I take this complaint further up to the parent company that owns this place.

Just a shame her apology email came too late, and I had already left a voicemail and an email for the parent company about the shockingly inappropriate behavior of this employee, and how she sets a low bar for their brand.

(It's worth noting that she's full of shit on other points, too - I specifically mention in my first complaint email that this closet stores nothing in it but nice smelling candles and toilet paper. So the bullshit question about cleaning it out just amounts to 'cOuLd It Be ThAt YoU'rE jUsT gRoSs?', which is wildly inappropriate, as well!)

Eat the godamned rich. Hold your ground against landlords.

Make them eat shit.

Edit: I made a follow up post to this, but the tl;dr is that I was right and she was wrong(obviously), and she refuses to actually apologize - she just makes almost-apology-excuses for her dogshit behavior. I hope she gets food poisoning over the holidays.

The Average New Teacher Only Makes $20 an Hour in the US

how to make 19 year old boy who came of age during the pandemic and never had a real real job before now realize he needs to Chill The Fuck Out and be Less eagar about working for free holy shit he is impossible to wrangle

Sits in shambles I didn't read maybe Jorge's id correctly in the mysterious hermit logs the first god knows how many times I read them and only just now realized that it's the same id as the scientist that speaks in the agricultural notes log why must I be so bad at reading

I’m oddly satisfied that my moral compass fucking pinged and I brought it to the attention of my boss, who then brought it to the attention of the CEO and the thing I was all in arms about… is handled.

I’m far from perfect but working at a non-profit has made me stand up for myself & my beliefs and I wasn’t gonna let shit slide.

my job interview today lasted like 50 minutes which apparently is long ?? so let's all hope that's a good sign bc i really got a good feeling from the principals

What is it about me that seems to make people think I am sexually experienced I am literally neither of those things.