Tag: dailyprompt

Security, Tech

Defending Beyond Screens: Cybersecurity and Social Engineering

Key Takeaways

Cybersecurity goes beyond tech: Protects information, people, processes, and physical spaces.

Social engineering: A major threat, manipulates people for access.

Physical security matters: Protects digital assets, secure server locations are key.

Train and educate: Create a cybersecurity-aware culture.

Holistic approach wins: Combine tech solutions, physical security, and employee education.

Constant adaptation: Both attackers and defenders keep evolving.

Beyond the screen: Cybersecurity professionals collaborate across departments.

Here’s the truth, you are the asset.
Photo by Frank K, please support by following @pexel.com

Fewer Darkrooms

Cybersecurity is a field that often conjures images of dark rooms filled with screens, and lines of code scrolling endlessly as intrepid defenders fend off digital attacks. However, this Hollywood portrayal is far from complete. Cybersecurity extends well beyond the confines of computer systems and into the realm of human psychology, organizational behavior, and even physical security.

At its core, cybersecurity is about protecting valuable assets, which are not always digital. Information, whether stored on a server or printed on paper, is an asset. The people who use and manage that information are assets, too. Cybersecurity professionals must consider a wide array of potential vulnerabilities, from the strength of passwords to the security of the building where the servers are located.

Shoulder surfing sometimes is a hacker’s best friend.
Photo by cottonbro studio, please support by following @pexel.com

Social engineering is a prime example of a non-digital threat. It involves manipulating individuals into divulging confidential information or performing actions that compromise security. This could be as simple as a phone call from someone pretending to be a colleague asking for a password. It’s not about cracking codes; it’s about cracking people.

Physical security is another critical aspect. A locked door or a security guard might be all that stands between a secure network and an intruder with a flash drive. Cybersecurity experts must work closely with facilities management to ensure that the physical environment is as secure as the digital one.

Then there’s the human element. Training and awareness are vital. Employees need to understand the importance of security protocols and how to recognize potential threats. Cybersecurity is as much about creating a culture of vigilance as it is about installing the latest firewall.

In constructing a cybersecurity strategy, the first step is to assess the value of the assets and determine the potential risks. From there, it’s a matter of figuring out how to protect those assets and how to respond if they are compromised. This involves a combination of technological solutions, physical security measures, and educational initiatives.

Sometimes protecting the network is too much for one to handle.
Photo by cottonbro studio, please support by following @pexel.com

The reality is that cybersecurity is a complex, multifaceted challenge that requires a holistic approach. It’s not just about technology; it’s about people, processes, and the physical world. It’s a field that is constantly evolving, as cybercriminals develop new tactics and cybersecurity professionals adapt to counter them.

So the next time you picture a cybersecurity professional, don’t just imagine them in front of a computer. Imagine them assessing the value of assets, collaborating with colleagues across different departments, and educating staff on security best practices. Cybersecurity is a dynamic and exciting field, and it’s about much more than just computers. It’s about protecting a way of life in the digital age.

Love learning tech? Join our community of passionate minds! Share your knowledge, ask questions, and grow together. Like, comment, and subscribe to fuel the movement!

Don’t forget to share.

Every Second Counts. Help our website grow and reach more people in need. Donate today to make a difference!

One-Time
Monthly
Yearly

Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount

$5.00
$15.00
$100.00
$5.00
$15.00
$100.00
$5.00
$15.00
$100.00

Or enter a custom amount

$

Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly
Security, Tech

Updating Google, We’re Tring…

Dude, how’d your account go to zero? We just got paid.
Photo by Visual Tag Mx, please support by following @pexel.com

Brokewell = Not Well

One thing is insanely clear if you spend enough time on the internet. Hackers, threat actors, bad actors, whatever you want to call them. They want your money, there’s no better way we can address this. And the insane thing is, just as you work hard for your money, there’s someone, somewhere, working just as hard to take it.

Why? Well, at the heart of it all, we all have bills to pay. And bills never ask where’d the money came from. We’re heading back to Google because Google is turning out to be a “download and find out” mess. A new malware is making its rounds dressed as a brand we all know and might be losing trust.

This version of Capital One is the worst.
Photo by Nicola Barts, please support by following @pexel.com

A malware by the name of Brokewell has been discovered, and unlike most malware on the market, you don’t have much thought into what it does. It leaves you “broke” and your bank saying “Oh, well.” Remember, in the IT world, the names are never clever, they’re straight to the point.

This little “leave you in debt” collector does several things when downloaded onto a machine. This is done by masking itself as an update for Google Chrome. When Brokewell infects a machine, it prompts the user to grant access to accessibility services.

Once permission is granted by the user, Brokewell then grants itself permissions on the user’s behalf, and from there can begin installing other malicious applications, steal user credentials, and whatever other task it has programmed. For the time being, Brokewell has been caught targeting applications like Google Chrome, ID Austria, and Klarna.

This isn’t your bank account, I’m just updating the firmware…for your bank.
Photo by Sora Shimazaki, please support by following @pexel.com

Some tips to keep your money and identity safe are thoroughly checking what’s being downloaded onto your machine, combing through File Explorer to check for possibly unwanted programs (PUPs), and keeping anti-virus software up to date. This solution isn’t 100%, no security is, but keeping up with best practices won’t leave you broke.

Enjoy what you read? Why not consider subscribing for more?

Don’t forget to share.

Programming, Security, Tech

You won’t believe what this snake does…

Consider following on social media!

Quick note: if you’re viewing this via email, come to the site for better viewing. Enjoy!

I need to make some money and fast. I could get into the world of IT. Where to start?
Photo by Chinmay Singh, please support by following @pexel.com

There comes a time in one’s life where they may think to themselves and say “The big ole Information Technology world huh, meh, let me give it a shot. What could go wrong?” Foolish child, we’re here to tell you that a lot could go wrong. One’s reasons for choosing a path in Information Technology or IT for short, could range from making a butt load of money, being the next person to create the next big thing, or simply adding a new skill to their already growing list.

Or maybe it’s a combination of all three. It should be the last one primarily because you’re awesome and striving to better a version of yourself every day is on your to-do list, so go you. However, typically, it’s the first reason since we’re all driven by our finances.

If you’re not making money, then you’re not making sense. A narrow and closed-minded way of thinking but hey, people aren’t usually open-minded so, whatever. For one to get into the world of IT, or jailbreak into IT at this point, a process needs to occur aside from simply learning code, linking resources together, and understanding how packets are sent through a network. When in an interview or at some point in a professional setting, one could be asked if they have ever contributed to what is called “Open source”.

Open source, in a nutshell, let’s say you make an application or a small program, once you feel your program or application is complete, it can then be uploaded to a platform like GitHub where others can either add onto or make corrections to your code. This can also be done vice versa. All in all, whoever is asking about contributing to open source wants to gauge your depth in IT. So, say yes, yes you have contributed to open source.

We checked if you have ever contributed to open source, and you didn’t. Printing “Hello World” doesn’t count as a contribution.
Photo by cottonbro studio, please support by following @pexel.com

The Attack

While there is a chance to get your program to an audience for good intentions other than to make money, others have used that same platform for malicious means. Are you interested in knowing what could be on your computer and getting up all in your network’s guts? Look no further than SSH-Snake. For those who may not know what SSH stands for, again, this is an all-inclusive platform, so we’re just being mindful of the audience.

SSH is “Secure Shell Protocol”, it’s a network protocol for operating network services securely over what is mostly an unsecured network. If you have ever worked with the command line, you’re more likely to be aware of SSH. Just know; common people mess with the Graphical User Interface (GUI), nerds, geeks, and hackers mess with the command line interface (CLI). Don’t know why they called “SSH” and not “SSP”, don’t know where the “H” came from but hey, we don’t make the script, we just read them.

I’m not lonely but I could stand to use some company. Fine, you drive a hard bargain, I’ll click your link.
Photo by Andrea Piacquadio, please support by following @pexel.com

Who Can It Be Now

SSH-Snake is known as a “self-modifying worm”. Worms are already a nightmare provided that once they’re in your system, they begin making their way to anything attached to your network. Doesn’t sound like a fun time? Trust us, it’s not. Self-modifying, as the name implies, the malware can infect a device and make alterations to its code. The best way to think of it is; code that adapts to a given situation.

Would you like to know who is using SSH-Snake? Well, we would like to know the same thing. There are instances where researchers find the tool is being used and report it right away but without finding out who. Granted, it just may not be in their scope which we can respect. Do what the job asks of you and nothing more. Ah, that good old work/life balance.

Enjoy the read so far? Why don’t you consider subscribing so you can keep up to date?

Wait, how could a snake get into a computer?
Photo by Moose Photos, please support by following @pexel.com

That Sinking Feeling

Now, how does SSH-Snake work? The malware finds your system’s cornhole (a way in), this could be done by something simple like clicking on a naughty (it’s not always naughty links but most common) link which could trigger downloading of malicious files housing SSH-Snake. Once downloading is complete, like any other worm, code is executed and now it’s free to run rampant and wreak havoc.

S-Snake(SSH-Snake) will begin collecting information from libraries, look for private keys, and shell history files, and begin spreading once the network is mapped. Other problems included are C2C. This is where all the collected information makes its way back to the threat actor’s lair for later use. SSH-Snake and worm virus have most things in common but what separates them overall is Snake’s ability to self-modify.

This port is an exit only.
Photo by Josie Stephens, please support by following @pexel.com

The Prevention

Great, so now you’re wondering, “How do I protect my computer’s cornhole?” A good way to protect your system is by practicing the best security practices. Always be mindful of what you interact with on the internet as some things may not appear to be on the level. Frequently check for updates for your operating system and anti-virus software. Security is becoming more challenging because technology is getting more advanced but the more you learn, the more you can protect. That was a call for you to learn about cybersecurity in case you’re confused.

Your computer’s security starts with you.
Photo by Designecologist, please support by following @pexel.com

Made it this far and found this to be entertaining? Then a big thanks to you and please show your support by cracking a like, sharing this with whomever, scripting a comment, or plug-in to follow.

Would like to give sincere thanks to current followers and subscribers, your support and actions mean a lot and has a play in the creation of each script.

Do you feel like there is something I may have missed on SSH-Snake? Script a comment below.