Highest Rated Comments

IST_org277 karma

Bob: I'm a fan of the Cybersecurity Body of Knowledge (https://www.cybok.org/) and you can learn tons just by absorbing the MITRE ATT&CK content (https://attack.mitre.org/) (they update ~quarterly)

IST_org153 karma

Marc: Very likely as many ransomware groups have seen that high risk infrastructure is both out of date and backed by organisations that will rush to pay because of the impact when it goes down. As a result many of them actively look for vulnerable, exposed infrastructure associated with these kinds of organisations because they know there is a high chance of a good pay-out.

IST_org139 karma

Allan: There are something like 8 BILLION username/passwords available for sale or free on underground markets at any given time and that doesn’t even take into account the number or organizations that just use poor password management for internet-exposed infrastructure

IST_org136 karma

Allan: Remote Desktop Protocol, either through credential reuse or credential stuffing attacks

IST_org112 karma

Allan: 1. MFA, 2. Patching, 3. Endpoint protection AND monitoring, 4. scanning of remote infrastructure, 5. threat hunting for attackers.