America got cyber attack last night and they are not saying nothing

[At30wecashout]

I agree. But people consider security a nuisance instead of actually protecting you

My god, I wasn't going to comment on this thread but this fukking comment speaks right to my heart. I cannot tell folks how often I have to get into these deep ass explanations with the staff I work with why certain things are the way they are. We have people who have Macs who can not remember their login information due to only using the thumb lock and essentially can not access any companywide system when they need to. Any mild resistance from the systems in place gets big ass groans.


I swear half of the battles in my org (especially from people who bring lots of money to the org) are based around them being annoyed at having to update their fukking computers.

*Turns off computer for 2 weeks*

*Turns on computer, drained to 1%, minutes before a big presentation and predictably gets their computer slowed/restarted/bombarded by updates for said computer*

Then they come at IT's throat when all a mothafukka had to do was leave the computer on and charging when not in use. They put company data and their own productivity at risk and whine to us to fix shyt. Every company is a disgruntled or incompetent mothafukka away from a large data breach or trojan horse.

 

[2 Up 2 Down]

girl I'm talking to works for the VA and she told me their system was down temporarily earlier in the day

 

[Afro]

That's why people working in tech demand big money.

It's very clear many of these companies don't take security seriously (proof all through the reddit thread). You got think the amount of software people write and all the experimenting they do while trying to fix/implement something - they're finding and fixing a lot of the most subtle bugs along the way. They definitely know how to break shyt.

It's also why you shouldn't piss people off with massive layoffs: people know the system so well that thousands of other people don't understand. I myself have left shyt in thinking someone else will fix it because it's simple, left the team (different team, same company) only to find out the problem still isn't fixed years later when somebody from team I used to be on talked about it casually one day.

Like they say: don't fukk with people who handle your food, car, mail, etc. Well I wouldn't want to fukk with people who are critical to how a company operates either.

Only cell phone companies were hit/experiencing problems today, but so many companies are at risk for a catastrophic event other people will feel that they keep playing with fire with.






Not even security, but just straight up collecting a large amount of risk and brittle software:



Not to mention even ordinary people above the engineering level can't do shyt and are inompetent:


Way too many exploitable weaknesses and attack surface areas surrounding millions of companies around the world.

Dap + Rep.

I will always have a job in IT because folks like being ignorant

Left a few jobs where I heard later they didn't know I handled 8+ systems all day. Scrambling to hire someone new AND relearn what they dumped on me.

That is a lot of knowledge and writing all over it down in case of troubleshooting is a waste sometimes because who else is gonna read it all but my replacement?

There is a new Critical Vulnerability every fukking day now. Patched Chrome nine times within a few months! I stay on top of it but so many folks don't/can't.

2024 gonna be hell for IT because of all these customer support layoffs. I hate calling Bangladesh

 

[Afro]

*Turns on computer, drained to 1%, minutes before a big presentation and predictably gets their computer slowed/restarted/bombarded by updates for said computer*

It's ALWAYS before a fukking meeting! WHY?! THE fukk YOU BEEN DOING THIS ENTIRE TIME JAKE?!

 

[At30wecashout]

It's ALWAYS before a fukking meeting! WHY?! THE fukk YOU BEEN DOING THIS ENTIRE TIME JAKE?!

And that shyt goes right up the chain. We've made exceptions in patching process for some pretty powerful folks in the org because they refuse to do the bare minimum. For YEARS on end.

Do I have to even mention whether Mac or Windows, folks suddenly not being able to do something (access webcam/print server/wifi) and it turns out they haven't restarted their computer in 3 months?

"I can't restart now. Can we meet up again later?" Now a simple fix, restarting the fukking computer, is a multi-day endeavor. I love IT but my fukking god, man.

 

[Afro]

And that shyt goes right up the chain. We've made exceptions in patching process for some pretty powerful folks in the org because they refuse to do the bare minimum. For YEARS on end.

Do I have to even mention whether Mac or Windows, folks suddenly not being able to do something (access webcam/print server/wifi) and it turns out they haven't restarted their computer in 3 months?

"I can't restart now. Can we meet up again later?" Now a simple fix, restarting the fukking computer, is a multi-day endeavor. I love IT but my fukking god, man.

I push weekly restarts at 8pm on the dot on Fridays, I don't play that shyt no more
I used to do it during working hours and they were allowed to say no three times, but after that it forced a restart to update.

I was told that was too cruel, so I compromised

If I'm feeling really froggy I'll watch their processes in LogMeIn and restart remotely if Excel, Word, and/or Outlook isn't open. I'm that petty IT guy, tired of these fukking dumb shyts holding up my tickets.

 

[Paper Boi]

they sent an apology text to millions of americans, how about you credit our bill

 

[JT-Money]

Insurance companies asked to pay up? Yeah right...

https://www.cnn.com/2024/03/10/tech/govt-letter-health-insurance-companies-cyberattack/index.html

Washington, DCCNN —
The US government on Sunday urged insurance companies to make advanced payments to health care providers following a cyberattack that disrupted insurance processing systems.

The cyberattack had “significant impact” on Change Healthcare, a unit of health IT giant UnitedHealth Group, which processes 15 billion health care transactions annually. CNN previously reported that the cyberattack has resulted in pharmacies and hospitals unable to process prescription bills across the country.

“We are asking private sector leaders across the health care industry — especially other payers — to meet the moment,” Health and Human Services Secretary Xavier Becerra and Acting Labor Secretary Julie Su wrote in a letter.

The two specifically called on UnitedHealth Group to “ensure no provider is compromised by their cash flow challenges” through expedited delivery of advanced payment and more frequent communication.

 

[xXMASHERXx]

Insurance companies asked to pay up? Yeah right...

https://www.cnn.com/2024/03/10/tech/govt-letter-health-insurance-companies-cyberattack/index.html

Washington, DCCNN —
The US government on Sunday urged insurance companies to make advanced payments to health care providers following a cyberattack that disrupted insurance processing systems.

The cyberattack had “significant impact” on Change Healthcare, a unit of health IT giant UnitedHealth Group, which processes 15 billion health care transactions annually. CNN previously reported that the cyberattack has resulted in pharmacies and hospitals unable to process prescription bills across the country.

“We are asking private sector leaders across the health care industry — especially other payers — to meet the moment,” Health and Human Services Secretary Xavier Becerra and Acting Labor Secretary Julie Su wrote in a letter.

The two specifically called on UnitedHealth Group to “ensure no provider is compromised by their cash flow challenges” through expedited delivery of advanced payment and more frequent communication.

Yeah it's going to get bad. I imagine at some point congress is going to have to mandate minimum jail sentences for people at the top when things like this happen. Until then, security is always going to be an afterthought.

 

[JT-Money]

Yeah it's going to get bad. I imagine at some point congress is going to have to mandate minimum jail sentences for people at the top when things like this happen. Until then, security is always going to be an afterthought.

I don't even think threatening jail time will fix the laziness and ineptitude at most companies. Especially when you get rewarded for cutting corners and half-assing cybersecurity.

Cyber brehs gonna eat good for a long time.

 

[Who Not How]

I don't even think threatening jail time will fix the laziness and ineptitude at most companies. Especially when you get rewarded for cutting corners and half-assing cybersecurity.

Cyber brehs gonna eat good for a long time.

I'm in a cybersecurity program......in this lab learning access control commands right now.

Seeing cyber attacks happen all the time in the news is eye opening so these companies really do the bare minimum when it comes to protecting their systems against threats

 

[xXMASHERXx]

I'm in a cybersecurity program......in this lab learning access control commands right now.

Seeing cyber attacks happen all the time in the news is eye opening so these companies really do the bare minimum when it comes to protecting their systems against threats

Bare minimum is an understatement. Most of the time the incident could have been prevented if the proper patches were applied. Apply patches to known vulnerabilities should be part of the bare minimum.

 

[Who Not How]

Bare minimum is an understatement. Most of the time the incident could have been prevented if the proper patches were applied. Apply patches to known vulnerabilities should be part of the bare minimum.

Sheesh. We just did a lab on the WannaCry attack from 2017.

7 years later and some companies still not staying on top of patch management

 

[JT-Money]

I'm in a cybersecurity program......in this lab learning access control commands right now.

Seeing cyber attacks happen all the time in the news is eye opening so these companies really do the bare minimum when it comes to protecting their systems against threats

They outsource so much coding to Nap and his cousins. It's months or years later before they find all the glaring security holes.

And internally they handcuff their own cybersecurity staff. To ensure any cybersecurity related decisions are rubber stamped.

 

[Afro]

Sheesh. We just did a lab on the WannaCry attack from 2017.

7 years later and some companies still not staying on top of patch management

My first IT job, I noticed that our Trend Micro was out of date by years.

I'm like, why don't we get the latest? It's due for an upgrade.

Response? It wasn't in the budget.

Eight months later, guess who spent 36 hours straight cleaning 100+ corporate computers from Emotet?

Bless yall in Security. I can't do it, I would go insane from the bureaucracy.

It's just like IT, it's a black hole on a spreadsheet so no one wants to spend money on it until something happens.