Detection and Response

Post Content Link: Read More Source: Detection and Response

Post Content Link: Read More Source: Detection and Response

Nvidia published a security bulletin on May 16, 2022 in which it informs customers about a new software security update for the Nvidia GPU display driver. The update patches security issues in earlier driver versions that can lead to “denial of service, information disclosure, or data tampering”. While it is…

The post Nvidia releases security update for out-of-support GPUs | #linux | #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY.

Analysis As a mainstream desktop OS, Linux is doing better than ever. The Year of Linux on the Desktop came some time ago, and it’s ChromeOS (Chromebooks were outselling Macs until recently). But there’s a problem – there is almost no diversity of design. Let’s count the number of desktop…

The post The sad state of Linux desktop diversity and accessibility • The Register | #linux | #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY.

‘’Find the output of the following command using one of the techniques you learned in this section: find /usr/share/ | grep root | grep mysql | tail -n 1’’

Has anyone completed this recently?
I feel like I have the code needed for this, but I cannot get the answer correct.

I have written – find /usr/share/ | grep root | grep mysql | tail -n 1
replacing:
starting with %0a for newline
space = %09
| = <<<
reversed the forbidden words

I’m getting the result if I remove | tail -n 1 part, but the last answer filepath is not the answer they’re looking for.
I’m not sure if the code is capturing, or supposed to catch both of the greps as AND or OR, I feel like I get the same answer if I just grep ‘root’ or ‘mysql’ alone, is the code even correct here: find /usr/share/ | grep root | grep mysql | tail -n 1

Thanks for help in advance!

1 post – 1 participant

Read full topic

The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components. SFC sued Vizio, claiming it was in breach of contract by failing…

The post Vizio told it will face contract claims • The Register | #linux | #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY.

Cyberattacks are alarming, and establishments must increase protections, embrace a layered attitude, and cultivate security-conscious users to combat growing concerns.

Cybersecurity leaders are being inundated with talent development resources offered, encompassing hiring, recruitment, and retention of the talent pipeline. Fifty percent of hiring managers typically deem that their candidates aren’t highly qualified. Globally, the cybersecurity professional shortage is estimated to be 2.72 million based on findings in the 2021 (ISC)2 Cybersecurity Workforce Study & ISACA State of Cybersecurity 2021 Survey.

The cybersecurity workforce demand is a standing boardroom agenda for CISOs and senior executive constituents. CISOs must work collaboratively alongside human resources to solve talent pipeline challenges.

A Cyber Seek 2021 assessment indicates 597, 767 national cybersecurity job openings; thus, assertively, organizations must address this immediate disparity through consensus-building, diversity of thought, and out-of-the-box thinking. CISOs must evaluate their current hiring practices, transform ideal-to-actual job descriptions, and scrutinize their HR/organizational culture to remove aggressive tendencies and embrace a more forward-leaning, authentic, and autonomous culture.

Talent development is considered the cornerstone to increasing diversity-infused candidates into the cybersecurity pipeline. Based on my experience, I have adopted a three-prong attack strategy to cultivate a unique palette of experience and knowledge to ascertain a solid talent-rich team.

This goes beyond the outdated mentality of third-party partnerships to lean on certificates, degrees, professional associations, and internship/fellowship programming to acquire unique talent. This approach, combined with interview preparation and stretch assignments, creates real-time, mutually beneficial skills for current team members.

Lastly, providing opportunities to showcase my employees’ newfound skills through conferences (internal/external), community engagements, and immersive responsibilities provide hands-on experiences & shadowing opportunities. This helps to level up knowledge transfer and strengthen mentorship/sponsorship programs that create a more synergistic, follow-then-lead approach to build the talent pipeline.

As a transformational leader, it is paramount to change current hiring practices to further reach untapped talent inside and outside the organization using my three-prong attack strategy:

1. Go where the talent is located. Seek talent that has the drive, ambition, and tenacity to level themselves up through self-driven, multipronged vectors and consequently are thirsty and self-motivated.

2. Survey current hiring practices to identify the talent gaps. (Who? Where? Why? When? What?  & How?). Build a diverse talent pipeline and create new partnerships that are currently serving the population previously identified in the gap analysis.

3. “Try before you buy” mentality. Increase credibility and employee confidence through stretch assignments, mentorships/sponsorships, and leadership development tasks to align employees with exposure and insight before leaping to a new role.

My guiding principles lead me to ignite my employees’ inner authenticity and emotional intelligence to provide a team-oriented, future-oriented culture. This culture relies heavily on an in-group collectivism mindset to tap into “their inner leader.” Deeply coupled partnerships operate from a customized driver/navigator paradigm to provide an inclusive, autonomous environment.

In my experience, cybersecurity job descriptions primarily tend to be too inelastic. The panic-stricken job descriptions can turn away competent, qualified, and dedicated applicants. Plus, many highly qualified individuals do not have college degrees nor have attended boot camps or completed traditional security training that would be excellent security candidates.

Moreover, career changers are a large part of the untapped real estate that possess lucrative, diverse skillsets (i.e., lawyers, teachers, and librarians). Hiring candidates with the desire, passion, and willingness to learn or self-hone their skills should be treasured and respected.  Pioneering thought leadership is vital to building an above-board Diversity, Equity, and Inclusion (DEI) focused organization to complement current best practices interlaced with a meet-them-where-they-are mentality to cultivate good results.

Hello all! I’m having a lot of trouble with the Skills Assessment in this chapter. So far I have enumerated users, generated a password list and applied it to all users, and have decyphered the cookies, but I am getting nowhere. None of the passwords worked, and I’m not sure what to do with the cookies. I’d appreciate any hints or nudges you guys have!

1 post – 1 participant

Read full topic

Containerized application and service deployments have a lot of moving parts, which can equate to a significantly large attack plane. That’s why it’s absolutely crucial that you start on the right foot. To do that, you must be certain the images you base your containers are free from vulnerabilities. But…

The post Scan Container Images for Vulnerabilities with Grype – The New Stack | #linux | #linuxsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY.

Official discussion thread for Response. Please do not post any spoilers or big hints.

1 post – 1 participant

Read full topic