Systems Administration

New infosec products of the week: January 18, 2019

XebiaLabs launches new DevOps risk and compliance capability for software releases The XebiaLabs DevOps Platform provides a single pane of glass for technical and business stakeholders to track the release chain of custody across the end-to-end CI/CD toolchain, from code to production. And, with visibility into security and compliance issues, teams can take action to ensure that release failure risks, security vulnerabilities, and IT governance violations are resolved early in the software delivery cycle. ExtraHop … More →

The post New infosec products of the week: January 18, 2019 appeared first on Help Net Security.

Topics of research in Computer Science

Hello everyone! I wonder, what are the latest topics of research in Computer Science!

submitted by /u/durgesh2018
[link] [comments]

Weekly [Discussion] Thread

Pull up a chair and put that work away, it's Friday! /r/Tasker open discussion starts now

Allowed topics - Post your tasks/profiles

  • Screens/Plugins

  • "Stupid" questions

  • Anything Android

Happy Friday!

submitted by /u/AutoModerator
[link] [comments]

New requirements for the secure design and development of modern payment software

The PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework, which includes a validation program for software vendors and their software products and a qualification program for assessors. The programs will be launched later in 2019. “Innovation in payments is moving at an … More →

The post New requirements for the secure design and development of modern payment software appeared first on Help Net Security.

Command line utility requests

Command Line - 9 hours 1 min ago

I have 2 months of free time and am planning to make 3 command line utilities. I'm making them open source ofc. Any ideas?

submitted by /u/milanoscookie
[link] [comments]

Protecting privileged access in DevOps and cloud environments

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Example of tools in the DevOps pipeline Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps. Key recommendations The report … More →

The post Protecting privileged access in DevOps and cloud environments appeared first on Help Net Security.

Risk managers see cybersecurity as the biggest threat to business

Sword GRC canvassed amost 150 risk managers from highly risk-aware organizations worldwide for their opinions. Overall, cybersecurity was seen as the biggest risk to business by a quarter of organizations. In the UK, Brexit and the resulting potential economic fall-out was cited as the biggest risk to business by 14% of risk managers. The most notable regional variation was in the US where 40% of organizations see cybersecurity as the most threatening risk. The most … More →

The post Risk managers see cybersecurity as the biggest threat to business appeared first on Help Net Security.

My awful experience with Nextiva. Beware!

Sysadmin - 9 hours 27 min ago

I am the IT Administrator for a small business. We use a company called Ring Central to handle telephone calls. Ring Central provides VOIP service to 3 physical phones in our building, and they provide about 20 virtual extensions, where calls are routed to remote users' cell phones and/or home phones. Ring Central's cloud system provides an auto-attendant ("press 1 for sales, 2 for support", etc.) and routes calls appropriately.

Late 2018, I was shopping around for a lower price phone service provider, and I found Nextiva. On the surface, it looked like a reputable company. I got in touch with a salesman there named Chris Shippy. I explained how my business used Ring Central to manage calls, and he wrote up a proposal for Nextiva to provide the same service. Nextiva's price was lower than Ring Central, so I called and talked to Chris again, to make sure that what he quoted would do everything that I currently had with Ring Central. He assured me that Nextiva's system could handle it.

On 1/2/2019, I signed a 24-month agreement with Nextiva, and began setting up the system via their user portal. Within 2 hours, I realized that I couldn't accomplish the number of extensions and routings I needed, so I called their tech support, and after about 20 or 30 minutes, they concluded that what I needed wasn't possible with my account. What I needed was simply this: a caller could enter an extension at the auto-attendant and be routed to a particular remote user by ringing his phone numbers (sequentially or simultaneously). So I called the salesman Chris again and talked to him, and he said "you can accomplish that with virtual extensions". But the catch is that virtual extensions aren't free; you have to pay a monthly fee for them. Once he quoted me again, including the virtual extensions, it was much higher than my current service at Ring Central. Getting the re-quote done took some time, so on 1/8/2019, I told Chris via email to cancel my service, that I was going to stay with Ring Central.

After many emails, I never got confirmation from Chris that my account was closed, so I called him on 1/17/2019, and he said he would get it taken care of. He transferred me to a customer service representative named Steven. Steven said that since I was under contract, I would need to pay an early termination fee of $1,300. I explained the situation to him, and he honestly didn't care.

I tried to call Chris again, and he wouldn't answer his phone. Multiple calls all went to his voice mail. So then I called into the sales department at Nextiva, and finally got someone to transfer me to Chris's supervisor named Ashley Skold. Ashley also did not care at all that Chris had misrepresented the service to me, and claimed that he did not misrepresent the service to me. She confirmed that I would have to pay the early termination fee of $1,300. She offered to price-match with Ring Central for the same service, but it was too late for me. I was too frustrated with Nextiva to work with them any longer.

For proof, here is a link to the audio recording I made of my call with Nextiva. Listen and you will see the way they are handling my situation is an absolute joke.

Quick Summary:

• Nextiva salesman Chris told me his quote w/o virtual extensions would be equivalent to Ring Central and meet my needs.

• 2 hours after I signed the contract with Nextiva, I realized it wouldn't work.

• I told Chris it didn't work, and on 1/8/2019 he sent me a new quote, including the virtual extensions, which was much more than Ring Central.

• On 1/8/2019, I emailed to Chris to cancel my account.

• After never hearing back from Chris about canceling my account, I called him on 1/17/2019, and learned after to talking with Chris, Steven, and Ashley that I would have to pay the early termination fee anyway.

• Nextiva advertised a product to me for a given price. Then once I signed the contract, raised the price. When I tried to close my account, they demanded a $1,300 early termination fee.

• Nextiva apparently practices bait-and-switch to defraud their customers. I highly recommend avoiding them.

submitted by /u/M_Renegade_M
[link] [comments]

Friday fun fact: If Stegosauruses had space telescopes, they wouldn't have seen any rings around Saturn

The Register - 9 hours 36 min ago
Bet you were expecting a rude ring pun here? Well, not today

Saturn’s characteristic rings may only be as old as 100 million years, and thus formed during a time when dinosaurs still roamed on Earth.…

a simple folder lock

Sysadmin - Thu, 01/17/2019 - 23:16

Hi everyone,

One of my department we have about 20 employees. They all log in using the same general "user1" AD logon. The manager approach me and was wondering if I could create folders on the desktop and create some sort of "pin or password", unique for each of the employees to access their respective folder.

We are on windows 7 so I was looking for any built-in feature for folder locking but haven't seen anything. Have anyone ever done something like this and what did you use? What software or what method? We do not want to be creating an AD account for each of the employees.

submitted by /u/haventmetyou
[link] [comments]

Sysadmins, what do you like to see in a VAR?

Sysadmin - Thu, 01/17/2019 - 22:56

Not sure if this is allowed...please delete if so.

I work for a VAR which I shall not disclose exclusively who but....I really want to know -- What do you like to see in a var?

I sell into state and local government in the Texas area.

I love my customers and the system admins i work with are awesome. just had a call with my customer catching up on his vacay and talking about building a mintypi haha. To be honest, part of our reporting is based on calls but i dont bother customers who i know dont like calls. I mainly email. I know my customers like the quick response, contract pricing, and resources I have to assist...but is there anything Im missing?? I'm just posting because i want to be the best i can be and i feel like its better to hear it from people that are on the front lines haha.

As I mentioned, delete if not allowed - and appreciate all feedback :)

submitted by /u/JosieAndJittsie
[link] [comments]

Shared Calendar Question

Sysadmin - Thu, 01/17/2019 - 22:47

Is there a command in Exchange Powershell to see what users have shared their calendar with one specific user?

Ex. Who has shared their calendar with ‘X’ user?

submitted by /u/Kramerica13
[link] [comments]

RemoteApps will not publish on RDWeb (Windows Server 2016 Std)

Sysadmin - Thu, 01/17/2019 - 22:36

I have a Windows Server 2016 VM that is set up with the RD Connection Broker, RD Session Host, and RD Web Access roles. When I try to publish a RemoteApp (even Calculator or Notepad) through Server Manager or Powershell, the RemoteApp doesn't appear via RDWeb internally or externally regardless of the RemoteApp permissions set. The Event Logs do not show anything out of the ordinary.

Get-RDRemoteApp shows the app I tried to publish and everything looks right.

I've tried various solutions that I've found online with no luck, such as:

Has anyone else had this or a similar issue and resolved it?


submitted by /u/VeryNeatM0nster
[link] [comments]

Amazon Web Services announces AWS Backup

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 22:30

Amazon Web Services released AWS Backup, a backup service that makes it faster and simpler for customers to back up their data across AWS services and on-premises, helping customers meet their business and regulatory backup compliance requirements. AWS Backup makes protecting storage volumes, databases, and file systems easier by giving customers a single service to configure and audit the AWS resources they backup, automate backup scheduling, set retention policies, and monitor recent backups and restores … More →

The post Amazon Web Services announces AWS Backup appeared first on Help Net Security.

Immuta expands GRC expertise to help enterprises build data science programs

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 22:00

Immuta revealed that financial services industry veteran Richard Geering has joined as the company’s Vice President of Governance, Risk, and Compliance (GRC), reporting to CEO Matthew Carroll. Richard joins Immuta from the Royal Bank of Canada (RBC), where he served as Chief Operational Risk Officer for Investor and Treasury Services. He brings 25 years of experience in financial services and risk management, with broad domain knowledge in data analytics. Working alongside Immuta’s product and sales … More →

The post Immuta expands GRC expertise to help enterprises build data science programs appeared first on Help Net Security.

Old bugs, new bugs, red bugs … yes, it's Oracle mega-update day again

The Register - Thu, 01/17/2019 - 21:56
Out of 284 flaws, 33 are rated critical. Big Red admins have big patches ahead

Oracle admins, here's your first critical patch advisory for 2019, and it's a doozy: a total of 284 vulnerabilities patched across Big Red's product range, and 33 of them are rated “critical”.…

Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 21:30

Advanced Fraud Solutions and Q6 Cyber unveiled that they have partnered to integrate Q6 data feeds directly into the TrueCards fraud prevention software platform. TrueCards is a tool allowing financial institutions’ fraud teams to monitor card holder transactions for test sites, breaches, and common points of compromise (CPC). Q6 Cyber employs an approach to monitoring the “Digital Underground,” including the DarkWeb and DeepWeb. Leveraging years of law enforcement and intelligence experience in the dark corners … More →

The post Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud appeared first on Help Net Security.

Degree question

Computer Science: Theory and Application - Thu, 01/17/2019 - 21:05

I am planning on switching from a computer science honors degree to a mathematics and computer science degree. But since its technically in the math department, does this take away any employability?

submitted by /u/particlect
[link] [comments]

Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge

(IN)SECURE Magazine Notifications RSS - Thu, 01/17/2019 - 21:00

Onapsis has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the cybersecurity solution that protects the ERP systems and business-critical applications of the world’s largest organizations. Founded in 2006, Virtual Forge is the provider of solutions to prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP applications. The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident … More →

The post Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge appeared first on Help Net Security.