intrusion – WindowsTechs.com

How should I respond to an unrequested Facbook recovery code followed by an unexpected logout from the associated email account? [closed]

Posted on April 21, 2024 by mjc

Cybersecurity layperson here.
I recently got an email from Facebook giving me an account recovery code that I didn’t request. I assume this means that someone else did request it, either because they have a similar Facebook login to me and… Continue reading How should I respond to an unrequested Facbook recovery code followed by an unexpected logout from the associated email account? [closed]→

What is the effect of the number of snort rules on performance? [closed]

Posted on November 9, 2023 by user16385455

Some repositories have a set of Snort rules that cover a wide range of possible attacks.
Is it reasonable to use this set of rules (with a large number of rules) for a network and does it not significantly reduce performance (In this way, … Continue reading What is the effect of the number of snort rules on performance? [closed]→

security monitoring for applications [migrated]

Posted on November 3, 2023 by user1875739

I’m working on improving security monitoring for our applications and need recommendations. We have web and mobile apps handling sensitive data and want to enhance our security.
I’m looking for:
Real-time monitoring and alerting tools.
Set… Continue reading security monitoring for applications [migrated]→

Cryptojacking soars as cyberattacks increase, diversify

Posted on July 27, 2023 by Help Net Security

Digital threat actors are adopting evolving tactical behaviors, opting for different types of malicious attacks compared to previous years, according to SonicWall. Overall intrusion attempts were up, led by the highest year on record for global cryptoj… Continue reading Cryptojacking soars as cyberattacks increase, diversify→

Is human threat hunting a fool’s errand?

Posted on May 15, 2023 by Help Net Security

We all have witnessed automated advances creep into our modern threat hunting processes – and with good reason. As the rate of cyberattacks steadily increases, automated threat hunting processes are being integrated to help stem the tide by provi… Continue reading Is human threat hunting a fool’s errand?→

How to recover a file with volatility from a linux profile

Posted on April 1, 2023 by P00

I’m trying to recover files from a .mem file with volatility. The mem file is from a Linux machine. I have already loaded the profile and it works fine. I have discovered that the drupalgeddon2 vulnerability was exploited but I need eviden… Continue reading How to recover a file with volatility from a linux profile→

Unexpected drop in UFW noise, should I be worried?

Posted on January 13, 2023 by rdi_pck

I run a bare-metal on-premises GitLab server (Ubuntu 22.04) for a very small company. While the server isn’t currently in production use, it is active and accessible over the public internet.
I have UFW set to block everything except HTTP,… Continue reading Unexpected drop in UFW noise, should I be worried?→

WIPS and IDS vs NDR

Posted on November 28, 2022 by Ethic Or Logics

My organisation has a Network Detection and Recovery (NDR) but does not have an WIPS/ WIDS. Because NDR is usually hooked to the core switch, is this enough to detect and mitigate against threats coming through the wireless LAN access con… Continue reading WIPS and IDS vs NDR→

CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it

Posted on March 16, 2022 by Paul Ducklin

Don’t leave old accounts lying around where someone sketchy could reactivate them. Continue reading CISA warning: “Russian actors bypassed 2FA” – what happened and how to avoid it→

How to track which php file executed a malware binary

Posted on February 27, 2022 by MOHAMMAD RASIM

I have a server that seems to be compromised checking the processes running I see an executable that seems to be a mining malware and the hacker uses it to mine litecoin at the address MKkb4o9jUYmcQRRkpJWK82mW2S1ZZMtaLg, the executable fil… Continue reading How to track which php file executed a malware binary→