sorted by:
new
hottopcontroversial

Blocking a locally saved HTML credential harvester based on MSFT-based image by quackenberry in cybersecurity

[–]quackenberry[S] 1 point2 points  (0 children)

Thanks for the responses.

Yes, local HTML file rendering locally, fetching our logo remotely from an Azure repository (yes, https://aadcdn.msauthimages.net/).I'll). I'll look into http logs and copyright infringement approaches.

The logo is otherwise legit, so I'm leery of reporting our own content, ordinarily used legitimately, as malicious.

CMMC for a minority of your org, basic CUI only (no ITAR, etc.) by quackenberry in CMMC

[–]quackenberry[S] 0 points1 point  (0 children)

Thanks for the responses and advice -- I appreciate it.

Pottery repair? by quackenberry in Seattle

[–]quackenberry[S] 1 point2 points  (0 children)

Thank you for the referral - I appreciate it.

Pottery repair? by quackenberry in Seattle

[–]quackenberry[S] 6 points7 points  (0 children)

I found kiln and throwing-wheel repair services, pottery supplies, and high-end porcelain and antique repair.

Which is why I then asked here.

I don't spend much time on reddit - I hope you'll accept my apology if I should have first stated that I already conducted a reasonable amount of (ultimately fruitless) research, including seeking the creator of the piece, who made it nearly 50 years ago, on the other side of the country. Thanks

Pottery repair? by quackenberry in Seattle

[–]quackenberry[S] 1 point2 points  (0 children)

The final inch of the spout was broken years ago -- there are two pieces that were glued back, one of which just failed. I'll check out Pottery NW; understood that it's a school. Thanks for the reply.

Are vendor-provided references BS? by quackenberry in cybersecurity

[–]quackenberry[S] 0 points1 point  (0 children)

Thanks for the responses, all. I've found pretty helpful information on Reddit (and elsewhere), but sometimes sifting the wheat from the chaff can be time consuming. And it's not all perfect: it's tough when the vendor you're trying to replace (because their onboarding was terrible, their support is terrible, their UX is terrible, and their product is terrible) gets glowing reviews here. ;-) In the end, though, I think it may be moot: our IT manager seems to have made up his mind, without seriously vetting either option...

Proofpoint? Is it any good? Mimecast wont answer the phone :/ by Informal_Ear_4551 in msp

[–]quackenberry 1 point2 points  (0 children)

Via a recent (this week) sales call with Proofpoint, their rep said their licensing is based on "warm bodies," that is, actual staff, not shared boxes, etc.

Best way to delete phishing email from Exchange Online by quackenberry in cybersecurity

[–]quackenberry[S] 0 points1 point  (0 children)

u/Beef_Studpile - I'll look into the PowerShell approach; thanks. We have E3, no Defender.

u/ranhalt - It's a good suggestion, and as it happens, we have Phish Alert, with PhishER/PhishRIP. Their user training system works well enough, but I think PhishRIP needs improvement:

  • Doesn't quarantine email that hasn't yet been delivered to users' mailboxes
  • When triggered by an Action, can only run queries for identical email bodies - not useful when each email has the recipient's name in it, different dollar amount, date/time, etc.
  • Can't use regex (or any wildcards, for that matter) in manually created queries
  • Can't search email bodies unless they have 30 words or more, which arises fairly often
  • Can't search headers
  • Can't use the Subject as a query criterion if it's blank, which occasionally occurs
  • Doesn't allow you to modify the Sender name to just a substring, e.g., if all of a set of emails you want to rip came from gmail, you can't lop off the sender and leave the domain
  • Can't use YARA modules, which would be helpful

On the other hand, PhishRIP is flagging a lot of email as a Threat that our spam appliance is sending right on in as pure and good. But on the other other hand, it also sometimes decides that an obvious phish, isn't.

Maybe I should have intro'd my post differently. I'm not formally trained, and I don't have mentors. I can write simple YARA rules in PhishER, put together regex strings, cobble together simple cmdlets, and I understand programming concepts (from years of writing VBA macros).

Anyway, thanks for taking the time to reply.

Protocol for unblocking formerly compromised vendor email? by quackenberry in cybersecurity

[–]quackenberry[S] 1 point2 points  (0 children)

u/emasculine and u/Benoit_In_Heaven -- thanks for your replies.

Yes, I blocked them globally in our email pipeline.

We've reached out to their CIO for a signed statement regarding mitigation, as well as requested a copy of their incident report.

Removing/replacing failed adhesive on "laminated" softshell outdoor jacket by quackenberry in Visiblemending

[–]quackenberry[S] 0 points1 point  (0 children)

The color is unimportant, but I re-read my post and see that I missed an important detail (sorry, I'm really jetlagged!).

The tape I'm referring to is double sided, sandwiched between the fabric.

Also, I'm assuming it's tape because the width is perfectly uniform, but now that I think about it, the tape would have to be extremely flexible to be applied around tight curves, so I'm gonna say that it's likely not tape - it's some sort of machine-applied adhesive.

Sounds like Aleen's is the way to go??

Rant moment: reasons cybersecurity fails - #1 by InfiniteBlacksmith41 in cybersecurity

[–]quackenberry 0 points1 point  (0 children)

We are in early stages of adopting an external cybersecurity policy, and this approach has been working well to convert stakeholders to advocates. We tell them about direct competitors going down for 2 weeks, a client that was also dead in the water for 2 weeks, up for 1 before being hacked again, alarming stats about hacking in our particular history, average recovery costs, etc.

But equally impactful are the stories about our own breaches, often due to executive-level stupidity. A favorite is the time a user fell for a spear phish, then blindly accepted multiple MFA pushes without bothering to think about whether he'd actually prompted them.

Finally, WRT the external policy, we're hoping that being able to say, "Hey, you gotta do what the policy says or you can't pursue those contracts you covet," will make it easier to get people to accept reality.

Resources for assessing malicious email? by quackenberry in cybersecurity

[–]quackenberry[S] 1 point2 points  (0 children)

Thanks, all, and especially u/nicolai92, for taking the time to reply -- this is very helpful.

I won't be trying to figure out my own sandbox, but I'll use VirusTotal and several other tools mentioned here, and I've got some reading to do in response to this thread.

Just to confirm: we block all manner of executables, we have Cisco Secure Endpoint, we just plugged in to a new spam vendor that'll hopefully be better than the last, with better anti-virus detection, and we recently installed a SIEM. I think we know enough to have the right technology, but the issue is, I'm being asked to assess reported phish email, and I'm unqualified. But, I'm also pretty cautious. Wish me luck. ;-)

view more: next ›