Ujjwal Gupta’s Post

**DID YOU KNOW** Microsoft has rolled out significant updates for Microsoft Defender for Endpoint on macOS and Linux. These updates introduce additional features designed to deepen investigative capabilities and provide more nuanced control over security protocols. Highlighted New Features: File Collection for macOS and Linux: This addition empowers security teams by enabling the collection of files from devices under suspicion of compromise. It's a crucial step for analyzing potential threats and understanding the attacker's methods, thus playing a vital role in the investigative process and aiding in swift response to incidents. Investigation Package Collection for macOS and Linux: Building on file collection, this feature aggregates a broad array of forensic data from devices, including system logs, network activities, and process histories. This comprehensive package is instrumental in dissecting the full scope of security incidents, providing teams with the insights needed to tackle sophisticated cyber threats. Troubleshooting Mode for macOS: Recognizing the need for operational flexibility, Microsoft introduces a troubleshooting mode tailored for macOS. This mode allows administrators to directly address common system issues—ranging from performance bottlenecks to application incompatibilities—without sacrificing security. By temporarily adjusting security settings, this mode facilitates necessary diagnostics and remediation activities. Implementing the Updates: Organizations looking to leverage these new capabilities should ensure their systems are up to date, particularly macOS devices, which require version 101.23092.0007 or newer. learn more in the comments! #MicrosoftDefender #EndpointSecurity #CyberSecurity #macOS #Linux #TechUpdate

*** What Is The mean of OS (Operating System)? ✨ "OS" stands for "Operating System." An operating system is a software program that manages computer hardware and provides common services for computer programs. It acts as an intermediary between the computer hardware and user applications, facilitating communication and resource management. 🎓 🎓 ✨The main functions of an operating system include: ✨✨Hardware Management: An OS controls the computer's hardware components, such as the processor, memory, disk drives, and input/output devices, ensuring efficient utilization and allocation of resources. User Interface: Most operating systems provide a user interface (UI) through which users interact with the computer. This can be a graphical user interface (GUI) with windows, icons, menus, and pointers (WIMP), a command-line interface (CLI), or a combination of both.🎓 🎓 ✨✨Process Management: An OS manages the execution of computer programs, known as processes. It schedules processes, allocates system resources, and provides mechanisms for inter-process communication and synchronization. ✨✨Memory Management: Operating systems manage system memory, allocating memory space to processes and managing virtual memory to allow processes to use more memory than physically available. 🎓 🎓 File System Management: Operating systems provide a file system that organizes and stores data on disk drives. They manage files, directories, and storage devices, and provide mechanisms for file access, storage, and retrieval. 🎓 🎓 ✨✨Security and Access Control: Operating systems enforce security policies to protect the computer system and data from unauthorized access, viruses, and malware. They provide user authentication, access control mechanisms, and encryption services.🎓 🎓 ✨✨Networking: Many operating systems include networking capabilities to enable communication between computers and devices over local area networks (LANs) or the internet. They support network protocols, device drivers, and network services such as file sharing and remote access.🎓 🎓 Operating systems come in various types, including general-purpose operating systems like Windows, macOS, and Linux, as well as specialized operating systems for specific purposes such as real-time systems, embedded systems, and mobile devices. #linkedin #cyberdefense #cybersecurity #cyberskills #redteam #networking

Here are my quick reasons why MacOS is a more secure OS than Windows. All these points can be countered, some more than others. But why are cyber security firms using Apple computers and devices than Windows? What do you think? Let me know. 1 - Summary of File System: macOS utilizes the APFS (Apple File System), which is designed for better security, encryption, and reliability compared to traditional file systems used by Windows. 2 - Built-in Security: macOS comes with built-in security features such as Gatekeeper, which prevents the installation of unverified apps, and XProtect, which provides built-in malware detection and removal. Unix-based Architecture: The Unix-based architecture of macOS provides a strong foundation for security, including robust user permissions and the ability to run applications in a secure and isolated environment. 3 - Regular Updates: Apple regularly releases updates for macOS that include security patches and new features, ensuring that users are protected against the latest threats without needing to install third-party software. App Store: The Mac App Store offers a curated selection of applications that have been vetted by Apple for security and quality, reducing the risk of downloading malicious software. 4 - FileVault: macOS includes FileVault, a full-disk encryption program that protects data by encrypting the entire drive, making it difficult for unauthorized users to access the information. 5 - NO BSOD on Updates: During the July 19th Crowdstrike BSOD bug, macOS and Linux were immune since it would just cause a processor crash, not kill the machine. #CyberSecurity #ITSystems #SystemFailure #CrowdStrike #macOS #Apple #Microsoft

The Windows Computer Management (Windows Comp. Mgt.) This is an important and critical features of the Windows OS that contains a lot of administrative tools that can be used to manage your computer. A pack of windows administrative tools that Microsoft have provided for users. Administrative tools like Event viewer, Task scheduler, Device Manager where you can monitor performance, bit storage and partitioning of hard drive. Why Windows Comp Mgt? To be aware of the attack surfaces you can have within your OS. To be aware of the advance tools in the Comp Mgt only you should have access to. Three major components of the Comp Mgt Tools 1. System Tools (which can be used to manage the your OS) 2. Storage 3. Services and Applications For instance, Task Scheduler helps to schedule a particular task and define the trigger. Then common tasks could be created and managed at any point in time and carried out automatically at specific times. Event Viewer Keep you in the know of all that has happened (Incidence) or about to happen (Event) on your OS.  Note: the Windows and Linux OS don't differentiate between incidence and event in the context of logging. But in real life situations as a cybersecurity professional there is a difference and you need to know how to read an event carefully. Event viewer consists of Event Log, Windows Log, Custom views, Applications and Services Log. Explore the use of Windows Comp Mgt to create and manage some tasks. #Cybersecurity# #Informationsecurity# #Career# #Onlinelearning# #Skills# #Carboncybersecurityforum# #WindowsCMD# Will appreciate if Experts could please comment/repost. Bob Carver Sania Khan Azeez Razaq Ibrahim Hammed Carbon Cybersecurity Forum Cyber Attack - CBA Ose Oladimeji Anil Yendluri Marcel Velica Mujibat Oyiza Jimoh Rafat Alabelewe Titilope Ojelade Esther George Aaron Lax

💻In 1993, Microsoft released an update to its Windows 3.1🔄,giving rise to the well-known Windows 3.11. Despite Microsoft ceasing official support in 2001 and later, in 2008, discontinuing the sale of licenses for this operating system, we occasionally come across job offers for Windows 3.11 and MS-DOS administrators: https://lnkd.in/dJmVizC7 This operating system, as evidenced by this job offer, is still running on many systems🚝. However, it suffers from frequent crashes and sudden closures due to design flaws, as well as weaknesses and vulnerabilities in terms of security due to lack of support. That's why it's so surprising to me that, there are still companies that have not considered upgrading such critical systems to more modern and secure versions. #Cybersecurity #CybersecurityOT #OperationalTechnology #ImportanceofOTSecurit

Building a Live SIFT USB with Persistence, (Fri, Apr 12th): The SIFT Workstation[1] is a well-known Linux distribution oriented to forensics and incident response tasks. It is used in many SANS training as the default platform. This is also my preferred solution for my day-to-day DFIR activities. The distribution is available as a virtual machine but you can install it on top of a classic Ubuntu system. Today, everything is virtualized and most DFIR activities can be performed remotely with the provided VM but... sometimes you still need a way to perform local investigations against a physical computer. That's why I always carry a USB stick with me. Before I was using Kali which provides a standard solution. @Poseidon-US #SANS #Cybersecurity

- Cisco vulnerability: CVE-2024-20265 CVE-2024-20271 - Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities. Cisco's Access Point Software updates are for a secure boot bypass vulnerability (CVE-2024-20265), as well as another denial of service vulnerability (CVE-2024-20271). The former is "a vulnerability in the boot process [that] could allow an unauthenticated, physical attacker to bypass the Cisco Secure Boot functionality and load a software image that has been tampered with on an affected device," according to the advistory. CISA issued a follow-up alert encouraging administrators to update their systems as soon as possible. #CISCO #cybersecurity #GRC #vulnerability #CVE #IOS #Dos #DDoS #CISA

🕵️♂️ Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks 🕵️♂️ Several Cisco products, including IOS, IOS XE, and AP software, need patching against various highrisk security vulnerabilities. 📖 Read(https://lnkd.in/dryPhgeU) 🔗 Via "Dark Reading" #cybersec #cibersecurity

Heads up for Mac users. To summarize: - Eight vulnerabilities in Microsoft macOS apps (Outlook, Teams, Word, Excel, PowerPoint, and OneNote) could allow attackers to bypass the system's permissions model, gaining unauthorized access to sensitive data or elevated privileges. - Attackers could inject malicious code into these apps, exploiting their granted permissions to perform actions like sending emails, recording audio, or accessing the camera without the user’s knowledge. - These attacks require prior access to the system, potentially compromising the entire macOS security model. - Protection Tip: Ensure your macOS and Microsoft apps are updated to the latest versions, enable strict permissions for apps, and avoid downloading plugins or libraries from untrusted sources. https://lnkd.in/gBxfPGN4

Microsoft has rolled out new investigation and response capabilities tailored specifically for macOS and Linux systems. This includes advanced features such as file and investigation package collection for both platforms, along with a troubleshooting mode for macOS. Why It Matters? In today's hybrid work environment, the diversity of operating systems within an organization's network has broadened. Ensuring each of these systems is secure is more critical than ever. Microsoft Defender for Endpoint's expansion into macOS and Linux with these features offers security analysts the tools they need to better understand, respond to, and mitigate threats, maintaining the integrity and security of their IT environments. Key Highlights: File and Investigation Package Collection: Now in public preview for macOS and Linux, this feature enables security teams to collect crucial files and device telemetry. This aids in identifying the root cause of attacks and bolstering defenses against future threats. Troubleshooting Mode for macOS: A new mode that allows security professionals and IT administrators to temporarily override antivirus security policy configurations, focusing on resolving issues without compromising security. Looking Ahead These advancements underscore Microsoft's commitment to multiplatform endpoint security, ensuring that organizations have the necessary tools to protect against evolving threats. Check out the links in the comments to take advantage of this new functionality! #MicrosoftDefender #EndpointSecurity #CyberSecurity #MacOS #Linux #TechUpdate