From the Ground Up - Learning About Computer Security

 Hello, This article was pretty interesting to read as I felt it relates a lot to "common sense" almost. The changes themselves are more focused on a change in wording to illicit specific behaviors from credential service providers (CSP) but they also had several methodology shifts too. Some of the most notable highlights were: Stop requiring users to periodically change passwords (unless a known credential leak occurs) Stop using "knowledge-based" authentication or security questions The actual rational for these changes was probably my favorite part, citing the fact that people tend to use more comfortable (repeated) passwords when they have to frequently change them. I highly recommend going to the article to see the rest of what was suggested/updated.  Original article:  NIST Drops Password Complexity, Mandatory Reset Rules

 Hello, I have a bit more of a fun post this week versus anything too compelling, but I found this great all the same. As a frequent user of Discord there was a part of me that had assumed some of the safety features that were probably already implemented on the platform, encrypted conversations for example. Apparently, I would have been sorely mistaken to assume that though.  Discord has just announced (as of September 18, 2024) that it is rolling out End-To-End encryption for video and voice calls on their platform. Since I probably sit in a Discord call at least a few times a week, I'm very excited to know that we're just a little bit safer now that we were even just last week. The article also highlights (at a high level) some of the methods that they are implementing to make these changes possible. Great update Discord, keep it coming! Source: Discord Launches End-To-End Encryption For Audio & Video Chats

I found this article really interesting as I've always considered 2FA (in all it's forms) to be extremely safe. I do a lot with authenticators myself and almost nothing via text/email codes when it comes to my 2FA preferences. I wouldn't really have considered how threating a Malware that could intercept SMS messages would be though, if not for this article highlighting it. This really helped to open my eyes to the additional possibility of our preferred security options not always being as safe as we imagine. Article:  New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram This has gotten me wondering though, what else isn't as safe as I think it is? I'll likely have to go do some research on other types of 2FA now and see what else I can find on the topic. I have a feeling this kind of realization is going to happen a lot as I continue to learn more on the subject of computer security. On that front, I'm both concerned and excited!

 This article was super interesting to me. It talks a lot about the stats associated with ransomware attacks on various organizations. It also highlights an 8-step plan to help cultivate a successful recovery solution in the event of successful ransomware attacks. Here are a couple of noteworthy quotes from the article:     " According to a report released in July by Semperis, based on a survey of 900 IT and security leaders, ransomware attacks disrupted business operations for 87% of companies."     " According to the Sophos survey, in 94% of cases ransomware actors attempted to compromise the backups. And 57% of those attempts were successful." Those are definitely some concerning numbers to say the least. The article then goes on to suggest the 8 steps that can be made to help secure your backups, things such as immutable storage and using multiple types of storage. It then caps off my saying that testing is also one of the most important parts. Companies nee...

 The ethics of cybersecurity can be a complicated matter. We must constantly consider our actions and ensure that they align with not only our client's code of ethics but also our own morals/ethics; these rules will be the guidance for all of our decisions and actions. The guidance doesn't stop there either, we must also consider the legality of our actions and ensure that we are well aligned with all applicable law that pertains to the data we are interacting with. Given the general sensitivity of the data that cybersecurity professionals have access to, they're tasked with not only maintaining the confidentiality of said data but also protecting it from unwanted prying eyes. This will lead them to make a series of carefully orchestrated decisions where they must weigh out the pros and cons of different data security techniques to suit the business's needs. In short, morals and ethics are at the heart of everything we do within the cybersecurity field and we must striv...