According to the CySA SYBEX book, in chapter 1, power failures are listed as both environmental threats and structural threats… but which one is it?
According to the book:
Environment threats occur when natural or man-made disasters occur that are outside the control of the organization. These might include fires, flooding, severe storms, power failures, or widespread telecommunications disruptions.
At the same time,
Structural threats occur when equipment, software, or environmental controls fail due to … environmental controls (such as power and cooling infrastructure) …
When we set up security questions, assuming we answer fairly, we give out to the site our secrets, facts from our past. I wonder if the following is considered:
- we are encouraged to use a different password for every account, but our mothers have only one maiden name, we’ve had a limited number of pets, etc. Inevitably the answers are going to repeat on many accounts.
- we’ve seen many data breaches from many places, including the largest internet companies. Can the security answers become public this way? We can update passwords, but our secrets remain the same, except in case of a breach they are no longer secret. Consequences of releasing security answers might be much more serious than that of leaking a password.
- are the companies and websites actually allowed to store such private information? Are there legal limitations?
I found the following questions on SE:
- How are "security questions" not a major security hole for any application that uses them?
- Do security questions make sense?
- Does removing my security questions on Yahoo make me more secure?
- Do security questions subvert passwords?
The answers range from "security questions are bad" to "they are bad but we have nothing better". Do we really have nothing better in 2020?
What are the present recommendations for the website creators?
What are the best recommendations for the users? Lie? Provide random strings as answers?
A definition of an Insider Threat in enterprises/organizations context is: "A current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an organization, and who misuses this access."
I would like to know if such a threat can be generalized in a broader context so I can say that: "An Insider Threat refers to any user or entity that misuses the delegated access by taking the privilege that it is already authenticated and authorized to the system. The misuse of delegated access can be unintentional such as program flaws and failure, or intentional such as user account compromise."
Is my generalization of the term "Insider Threat" correct?
If it is not, what term is used to designate the type of threat that I defined in my generalization (2nd paragraph)?
I have troubles to understand what is exactly a threat.
If I’ve an antivirus able to catch some malware, is this malware still considered a threat to my computer.
I have recently received an e-mail from an existing support group e-mail box with the following characteristics:
- written in the language used in company’s HQ (different from English which is the primary communication language)
- had a zip attachment
- provides a clear password for the attachment
- is a reply of a legitimate e-mail I have received from a colleague a few months ago
This seems to be similar to what is described here, so there is very high chance to have received an infected file. After a couple of hours, our security department sent an e-mail related to similar cases happening inside the company.
I am wondering about how to find out the exact nature of the threat in a secure way. I have tried the following (only the first step inside the company, the rest within a VM):
- checked on VirusTotal, but received 0% detection which makes sense since the engines cannot scan the encrypted archive
- Checked with the Nanoav which boast about scanning password protected archives, but it does not allow to input the password
- opened the archive with 7zip and saw a document inside
- extracted the file using 7zip and uploaded the document to VirusTotal => 13+ engines detected something weird.
Do previewing and extracting the archive impose any security risk or is it only the document inside that can be infected? (in this case it seems to employ a macro).
Question: How to quickly find out what exactly the threat nature of a password protected archive without getting infected?
Trump did the same thing? Feb. 23: “We have it very much under control in this country.” — Trump in speaking to reporters. Feb. 26: “And again, when you have 15 people, and the 15 within a couple of days is going to be down to close to zero, that’s a pretty good job we’ve done.” — Trump at a press conference. Feb. 26: “I think every aspect of our society should be prepared. I don’t think it’s going to come to that, especially with the fact that we’re going down, not up. We’re going very substantially down, not up.” — Trump at a press conference, when asked if “U.S. schools should be preparing for a coronavirus March 9: “So last year 37,000 Americans died from the common Flu. It averages between 27,000 and 70,000 per year. Nothing is shut down, life & the economy go on. At this moment there are 546 confirmed cases of CoronaVirus, with 22 deaths. Think about that!” — Trump in a tweet.
The number of ways to exfiltrate data from an organization from an insider threat perspective is only limited by the imagination. Can detection teams reliably be alerted of the more unorthodox, alternate vectors ?
The xp computer is not directly connected to the internet. However, it is on the LAN where it holds analogue efaxes for manual processing by staff. The other computers on the LAN are all Windows 10 computers. The entire LAN is behind a 3rd party firewall.
To sum up the methodology of ethical hacking, what you do is :
- Information gathering (gets the IP, domains, etc…)
- Fingerprint the IP (what OS, what services are running, etc…)
- Vulnerability assessment (are any services or vulnerable application found to be vulnerable ?)
- Exploitation : verify the result of the step above
But, I came to realize during my security audit that end up either asking google questions like “what should I do to hack system A ?” or questions like “what are the tools to assess the security of system A ?”
It’s like looking for a looking for a needle in a haystack.
Then I read a paper in which the audit started with threat modelling. I was just asking myself how would a hacker (either a script kiddy or an ethical hacker) should perform threat modelling in order to have results meaningful to integrate and follow the methodology (info gathering, fingerprinting, vuln assessement, etc…)
I’m starting to believe this would make the security audit more professional and its results more reproducible. What do you think ?
In the PHB on page 147 about reach weapons:
Reach. This weapon adds 5 feet to your reach when you attack with it, as well as when determining your reach for opportunity attacks with it.
In the PHB on page 237 about the Enlarge/Reduce spell:
Enlarge: The target’s size doubles in all dimensions, and its weight is multiplied by eight. This growth increases its size by one category—from Medium to Large, for example. If there isn’t enough room for the target to double its size, the creature or object attains the maximum possible size in the space available. Until the spell ends, the target also has advantage on Strength checks and Strength saving throws. The target’s weapons also grow to match its new size. While these weapons are enlarged, the target’s attacks with them deal 1d4 extra damage.
Even if it’s not specifically stated in the rules and it might lead to making the spell that much powerful (especially with the Sentinel feat) I find it unreasonable to tell my players that an enlarged glaive doubles it’s dimensions but not it’s physical properties like reach.