Blog

Common usernames submitted to honeypots, (Tue, Sep 5th)

Based on reader feedback, I decided to take a look at usernames submitted to honeypots. The usernames that are seen on a daily basis look very familiar. They tend to come from default user accounts, such as “administrator” on Windows systems or ”root” on Linux systems. The knowledge of a default user account can help in brute force attacks. If the username is already known, only the password needs to be guessed. This shouldn't be too much of a problem to users as long as strong passwords are chosen or other authentication methods such as public key authentication is used. Setting up public key authentication is also referenced in our DShield setup instructions for a Raspberry Pi [2]. 
http://news.poseidon-us.com/SvdHYJ

Reforming federal hiring: Does the Chance to Compete Act promise more than the government can deliver?

The massively bipartisan Chance to Compete Act aims to modernize federal hiring — but experts say limitations in HR offices could stunt its potential, while others think the bill doesn’t take hiring reform far enough.
http://news.poseidon-us.com/Svd8Ww

Golden rules for building atomic blocks

Physicists have developed a technique to precisely control the alignment of supermoiré lattices by using a set of golden rules, paving the way for the advancement of next generation moiré quantum matter.
http://news.poseidon-us.com/SvcS02

Pandemic watchdog sees ‘target-rich environment’ for AI to track down fraudsters

The Pandemic Response Accountability Committee sees AI as a valuable tool to flag potential fraud in pandemic spending data. 
http://news.poseidon-us.com/SvbvPz

Creating a YARA Rule to Detect Obfuscated Strings, (Mon, Sep 4th)

I wrote a blog post “Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs” on how to analyse PDF/ActiveMime polyglot malicious document files and also developed a YARA rule to detect them.
http://news.poseidon-us.com/SvbfDX

NAB restructure hits technology and operations

And many other functional areas across the bank.
http://news.poseidon-us.com/SvZfNC

Microsoft had three staff at Australian data centre campus when Azure went out

Cascading failures and root causes revealed.
http://news.poseidon-us.com/SvZfLg

Analysis of a Defective Phishing PDF, (Sun, Sep 3rd)

A reader submitted a suspicious PDF file. TLDR: it's a defective phishing PDF.
http://news.poseidon-us.com/SvZ3pR

Championing cybersecurity regulatory affairs with Nidhi Gani

Nidhi Gani is a seasoned regulatory affairs professional with over a decade of experience in cybersecurity, medical devices, and digital health. She’s worked with devices ranging from heart and lung machines to rehabilitation devices. Nidhi works at Embecta as a Regulatory Affairs Software and Cybersecurity and is a Cybersecurity Fellow at the Archimedes Center for Health Care and Medical Device Cybersecurity at Northeastern University. She joined the Left to Our Own Devices podcast to share … More → The post Championing cybersecurity regulatory affairs with Nidhi Gani appeared first on Help Net Security.
http://news.poseidon-us.com/SvYn0C

Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What makes a good ASM solution stand out In this Help Net Security … More → The post Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released appeared first on Help Net Security.
http://news.poseidon-us.com/SvYZNC