@timb_machine main gap is telemetry.
Often it is not available at all. If available, time retention is short and focused on traffic, not local execution.

Periodic automated external configuration backups are useful too.

UPDATE: After feedback from various National CSIRTs & mail server operators (thank you!), we have identified a number of potential false positives in data being shared. We have suspended the vulnerable POP3/IMAP reports & are working on improvements before restarting reporting

SoftBank RP562B Wi-Fi Mesh under the Microscope

https://neroteam.com/blog/softbank-wi-fi-mesh-rp562b

[CVE-2024-47799] - Active debug code (CWE-489).

The SoftBank Mesh RP562B is affected by Missing Authentication for Critical Function in the /data/activation.json endpoint.

#sercomm #vulnerability

I just used #Copilot to write a Job profile to (partially) replace me, and it did a better job than my draft. I'm not sure how to feel about that.

@stapia for me was the right size and depth. I like that you add the link to Malware bazaar. Similar posts assume everyone has an Enterprise VT license, which is wrong. Keep it up!

@campuscodi I'm embarased to agree. I only had to mute a couple of wannabe influencers and some others that confused it for Facebook. Now I have a quite decent timeline

@jbzfn @Kaspersky IMHO the key issue is not which is more secure, but which platform is more updated. Most Android are not, and cannot, be updated. Attacking Android is cheap and available, not because of the security of the platform, but because of the lack of incentives to keep the phones updated.
Is like saying which is more secure: Macos or Windows XP, Win7, Win8, WinVista, Win10 and Win11?

Proud to announce that we won the ABC price from XYZ consultancy company.

In other news, we just commissioned a truckload of money to XYZ for next year consultancy projects.

#cryptominers are vaccines for #ransomware