From the Ground Up - Learning About Computer Security

 This article was about an automation software being presented as an alternative to manual pentesting for networks. The article lays out some initial information on both internal and external pentesting before going into some details on the service being advertised. While I don't think tools like this will catch on immediately (they probably aren't sophisticated enough yet), I do think this is part of the developing cybersecurity landscape. Opportunities like this will continue to pop up where we might be able to find additional avenues to automate parts of the cybersecurity environment. I think it's an interesting idea and probably one of the most "low hanging fruit" spots of the field for automation. All in all, I would like to see the effectiveness of the software/service compared against actual, reputable companies that provide pentesting services to really see the overall effectiveness of this product. The article is more of a sales pitch for the software but...

 There is a new information stealer called Realst that is being used to steal the system credentials of Web3 users and it is masquerading as meeting application. The Realst creators have also setup fake companies to give extra legitimacy to the initial hacking attempt.  Per the article: " names such as Clusee, Cuesee, Meeten, Meetone, and Meetio for the bogus sites." The attackers seem to reach out via a message on Telegram and coerce the prospective target with an investment opportunity or something similar to that. From there the target is directed to a website that has the fake application ready to install. After the users agrees to the install of the application it tell the user that it's not compatible with their current OS version. It then tell the user to enter their system password for the appl to work correctly. The applications main goal is to use these credentials to steal various kinds of sensitive data and then export that data to a remote server. Overall, I ...