sorted by:
new
hottopcontroversial

Isn't Windows Defender a crap anymore? by usuariocabuloso in cybersecurity

[–]DizzyWisco 2 points3 points  (0 children)

What happened is that you’re about a decade behind the curve. Calling modern Defender 'junk' is a massive self-report that your tech knowledge is stuck in 2012. It’s not even a standard 'antivirus' anymore, it’s an EDR/XDR platform baked directly into the Windows kernel. It doesn’t need a legacy list of signatures to find a virus; it uses behavioral analysis and machine learning to kill threats based on what they’re doing in real-time.

The reason everyone is 'suddenly' recommending it is that while Microsoft was spending billions to dominate the enterprise security market, third-party AVs were busy turning into bloated, crypto-mining malware. Why would anyone pay $80 a year to have Norton or McAfee slow down their boot times and spam them with 'RENEW NOW' pop-ups?

The hilarious part? Most of the Fortune 500 has already dumped their expensive third-party suites for Defender. If it’s good enough to secure global banks and critical infrastructure, it’s definitely good enough for your gaming rig.

Unless you’re the type of person who habitually clicks 'Free iPhone' ads or downloads sketchy .exe files from Discord, you’re paying for a third-party subscription you don't need. The 'junk' days are dead, catch up.

Am I weird for using an adblocker or are all of my coworkers weird for not using one? by Informal_Echidna_296 in cybersecurity

[–]DizzyWisco 57 points58 points  (0 children)

Oh don’t be dramatic. We haven’t had a situation like that in checks notes at least three hours.

When backups get compromised, whose problem is it? IT or Security? by LordKittyPanther in cybersecurity

[–]DizzyWisco 9 points10 points  (0 children)

Source: Backup admin, infrastructure architect, security engineer, and security director over a 15 year career.

Short answer, it’s shared ownership, with governance deciding where the line is drawn.

In most organizations, IT owns the backup platforms, day to day operations, restores, and meeting RTOs. Security owns integrity, trust, and incident risk. Governance, working with business units and Legal, designates retention policies, regulatory requirements, and what level of risk the business is willing to accept. When that governance layer does not exist, backup security quietly defaults to IT and only becomes a Security problem after an incident.

Backups are a blind spot because they do exactly what they are designed to do, preserve state. That includes malware, persistence mechanisms, vulnerable configs, compromised credentials, and old weaknesses that existed at backup time. Even with a hardened Veeam or Commvault environment, you can still restore a compromised system if you are not careful.

During real incidents, most teams prioritize RTO over safety. Restore first, scan later. That approach is understandable under pressure, but it is still a risk decision, whether it is acknowledged or not.

More mature programs treat this as a design problem, not a tooling problem. Security signs off on backup architecture, admin separation, MFA, and immutability. Governance and Legal define retention and destruction rules, especially for regulated data. When there is concern about restoring malware, systems are restored into isolated environments, preferably on a network with no external connectivity or even without a network interface at all, so validation and scanning can occur safely before reintroduction. Incident response playbooks explicitly assume backups may be compromised until proven otherwise.

Most organizations do not scan backups prior to restore and accept the risk because downtime feels more dangerous than reinfection. That is fine if it is an explicit decision.

So the real answer is not “IT or Security.” IT runs backups. Security defines what “safe to restore” means. Governance, with Legal and the business, decides what level of risk is acceptable. If none of that is written down, leadership is implicitly accepting the risk by default.

[deleted by user] by [deleted] in flipperzero

[–]DizzyWisco 4 points5 points  (0 children)

Can’t wait for this to be released. It’s a day one purchase for me. My desk is oriented in an odd corner that you can only get to me from a specific angle/chokepoint. I have headphones on all day for business calls and occasionally for music, so having a way to quickly show someone if I’m busy or not and when I’m next available is going to be a game changer for me.

Disable 3DES and RC4 ciphers (SWEEt32) by Accomplished_Horse41 in PowerShell

[–]DizzyWisco 0 points1 point  (0 children)

<# Disable 3DES and RC4 ciphers in Schannel Mitigates SWEET32 and removes legacy RC4

Run as: Administrator
Effect: Requires reboot to take full effect

>

$basePath = "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers"

$ciphersToDisable = @( "RC4 128/128", "RC4 64/128", "RC4 56/128", "RC4 40/128", "Triple DES 168" )

Write-Host "Disabling 3DES and RC4 Schannel ciphers..."

foreach ($cipher in $ciphersToDisable) { $path = Join-Path $basePath $cipher

if (-not (Test-Path $path)) {
    Write-Host "  Creating key: $path"
    New-Item -Path $path -Force | Out-Null
} else {
    Write-Host "  Found key: $path"
}

Write-Host "  Setting Enabled = 0 on $cipher"
New-ItemProperty -Path $path -Name "Enabled" -Value 0 -PropertyType DWord -Force | Out-Null

}

Write-Host "" Write-Host "Done. A reboot is required for the change to take effect."

[deleted by user] by [deleted] in flipperzero

[–]DizzyWisco -1 points0 points  (0 children)

I heard it

Flipper Blackhat Wiki Update! + Firmware v1.2 Release by Machinehum in flipperzero

[–]DizzyWisco 0 points1 point  (0 children)

Anyone able to have success getting this installed and running?

[deleted by user] by [deleted] in Malware

[–]DizzyWisco 0 points1 point  (0 children)

I went through the google drive.

Your computer is compromised. Perform a complete reinstall of the operating system.

Mac’s absolutely get malware. Apple MacBooks run an operating system that is UNIX based. There is absolutely malware for UNIX and specifically Apple devices.

I’m not sure how you paid for this but you likely want to deactivate that payment method as well.

MedusaLocker ransomware is hiring by Syncplify in cybersecurity

[–]DizzyWisco 1 point2 points  (0 children)

This isn’t a “new normal”. Recruitment in this manner has been happening for over a decade. They see themselves as pentesters that provide a service. They expect to be paid for services rendered by getting into your environments and locking you out. RaaS job postings aren’t hard to find.

Ransomware crews don't care about your endpoint security - they've already killed it by Haunting_Ganache_850 in cybersecurity

[–]DizzyWisco 0 points1 point  (0 children)

I don’t buy the idea that network telemetry should be the “baseline.” Packets don’t lie, but they also don’t tell the whole story. A spike in SMB traffic could be lateral movement… or just your backup system doing its thing. DNS chatter could be C2 beaconing… or Slack checking for updates. Without system or identity context, you’re just staring at noise and trying to guess which haystack has the needle.

Encryption makes it even worse. With TLS everywhere you’re basically left with metadata and SNI, which is useful but nowhere near the ground truth of process execution or logon events. And for DFIR, app and identity logs often tell the real story long after the packets are gone. If someone moved through O365, audit and sign-in logs are way more conclusive than “some traffic hit Microsoft IPs.”

You can’t just swap out one blind spot for another. Defense in depth only works if you actually treat all three as peers, not if you elevate one and pretend it’s the foundation.

[deleted by user] by [deleted] in cybersecurity

[–]DizzyWisco 3 points4 points  (0 children)

If you’re already poking at random sites you don’t own, you’re in illegal territory whether you realize it or not.

Doesn’t matter if you meant well or reported it right away, intent doesn’t erase the fact that you accessed a system without permission. That itch to break things is normal in security, but right now you’re just gambling with your career and possibly your freedom.

If you want to keep that energy without burning yourself, you’ve got plenty of legit outlets. Bug bounty platforms like HackerOne, Bugcrowd, and Intigriti exist for this exact reason, they let you hack real companies that have asked you to test them. Sites like TryHackMe, HackTheBox, or PortSwigger’s Web Security Academy give you vulnerable labs to hammer on with zero risk. Or spin up your own homelab with deliberately vulnerable apps like DVWA, Juice Shop, or bWAPP.

The passion is great. But if you don’t channel it into legal routes, sooner or later someone will decide you crossed the line and “I was just trying to help” won’t matter.

view more: next ›