Just released! Our Top Cybersecurity Control selection for Q2 2025 is Continuous Vulnerability Management (CVM).

Why CVM? We’ve analyzed the trends, and today’s threat landscape demands more than periodic scans and reactive fixes. Attackers are exploiting new vulnerabilities within hours, sometimes minutes, of disclosure. You need a program that’s always on, and it’s also becoming a compliance necessity.

Read the analysis on why CVM is the top control for Q2 and how to put it into action: https://www.lmgsecurity.com/why-continuous-vulnerability-management-is-the-top-cybersecurity-control-for-q2-2025/?latest

#Cybersecurity #ContinuousVulnerabilityManagement #VulnerabilityManagement #CVM #RiskManagement #AttackSurface #Infosec #IT #Cyberaware #CISO #Compliance #CyberRisk #Security

Your digital defenses might be hiding more vulnerabilities than you think. Attackers are using automation to map every potential entry point—learn how next-gen Attack Surface Management is flipping the script on cyber threats.

https://thedefendopsdiaries.com/enhancing-cybersecurity-with-attack-surface-management/

#attacksurface
#cybersecurity
#automation
#riskmanagement
#infosec

It sometimes pays to run domains that serve purely as spam honeypots. Case in point: A spammer has been delivering a ConnectWise commercial remote access client application as a payload in a scam that uses the purported arrival of a US Social Security statement as its hook.

A 🧵 ...

#ConnectWise #malware #spam #malspam #attacksurface #SocialSecurity #SocialSecurityAdministration #SSA #usgov

Inside the Silence: The Daemon Watches You #Cybersecurity #HackerMindset #ThreatIntelligence #DigitalSurveillance #PersistentThreats #CyberAwareness #SmallBusinessSecurity #Infosec #CyberThreats #SecurityTips #OPSEC #CyberDefense #AttackSurface #DigitalPrivacy #OpenSourceSecurity #ThreatModeling #CyberProtection #SecurityStrategy #AdversaryEmulation #SecurityAwareness

http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/

Musk/DOGE is a widely exposed single point of failure for international security. All it takes is for a state to overcome the personal security of inexperienced barely-post-tweens to essentially access all American information. There is no oversight on how the people's data is being handled. This is the worst kind of attack surface possible.

#infosec #doge #maga #uspol #privacy #data #attacksurface #trump

Your attack surface is bigger than you think. 🔍 Are you mapping every exposure point? Learn how to perform an attack surface analysis and stay ahead of threats. Book a free meeting with Annexus Technologies to stay ahead of threats: https://booknow.annexustech.com/#/customer/4020452000000028057?utm_source=mastodon&utm_medium=Zoho+Social 

#CyberSecurity #AttackSurface #AnnexusTech

A new experiment has landed in the #OpenTelemetry playground! Not to throw any shade on the awesome folks working on OpenTelemetry, but my teeth get itchy when using the contrib collector in production. *cough*attack*cough*surface* 😜 In this lab, you'll learn how to create a custom collector with just the components you need #ocb #attacksurface #supplychainattack #kitchensink https://github.com/booyaa/opentelemetry-playground/blob/main/experiments/08-ocb/README.md

Is there an attack/vector "official" report template?

I got an ongoing nation-state attack on one on my properties that I am barely keeping on top of and would like to get some help, but I would like to write it up properly before I cry wolf.

#imfosec #attacksurface is #WP

Cyber threats are evolving, and your attack surface is constantly expanding. Protect your business with the right security strategies before attackers strike. Book a free discovery call with Annexus Technologies today:  https://booknow.annexustech.com/#/customer/4020452000000028057?utm_source=mastodon&utm_medium=Zoho+Social

#CyberSecurity #AttackSurface #AnnexusTech

Jamaican businesses are expanding their digital presence—but is their cybersecurity keeping up? With rising cloud adoption and remote work, attack surfaces are growing, making organizations prime targets. Learn how to secure your digital assets.

🔗 Read more 👇👇👇

#Cybersecurity #CloudSecurity #AttackSurface #Jamaica #CaribbeanBusiness #DataProtection

https://www.annexustech.ca/blogs/post/your-attack-surface-is-growing-%E2%80%93-are-you-prepared?utm_source=mastodon&utm_medium=Zoho+Social

Assets.

Thank you, @runZeroInc.

#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity

Ideally, security schemes ought to _shrink_ the #AttackSurface.

But shrunken attack surfaces are not very glossy. Complexity must be introduced in order to sell bolting on yet another business plan, products and services.

Here a vulnerability and easy low-skill common point of unauthorized entry was purchased at great cost by customers thinking they were becoming safer, even as by so doing they were expanding the perimeter of their #ThreatHorizon.

https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/

🛡️ If you remain uncertain about what BaseFortify.eu is about! Then check out https://basefortify.eu/#features and discover how to protect your #AttackSurface with our easy to use #VulnerabilityManagement tool tailored to give every #SMB the best experience. 💻🔒 #Cybersecurity

#vendredilecture avec cette nuit, vers 3 heures en pleine insomnie, la fin de la lecture du deuxième livre de la série #AttackSurface par @pluralistic: #Homeland
Juste avant, c’était #LittleBrother, forcément. Palpitant !

🤖🧙 MEDITATIONS OF A CYBERSCOUT 09

A TTP is a capability. It is not a material attack and it's only half the picture. Ask yourself, can this impact my organization? A threat vector is nothing without a vulnerability in your attack surface.

#ttp #attacksurface #threatmodelling

> Malicious VSCode extensions with 229M installs found on Microsoft marketplace

https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-229m-installs-found-on-microsoft-marketplace/

#security #vscode #extension #programming #ide #attackSurface #microsoft #ide

#Microsoft plans to #force all users to use #Copilot and #Recall, two non- #AI algorithms, to keep a #database of past user actions so a user can return to them.
Neat idea. How will they deal with the #security #AttackSurface it creates and how it makes you less #safe?

"Absolutely! Installing #Linux is an alternative approach to avoid using Recall on your system. Linux provides a wide range of distributions (#distros) that cater to different preferences and use cases."
Actual Microsoft Employee

https://www.computerworld.com/article/2123524/windows-recall-a-privacy-nightmare.html

#PopOS for me: https://pop.system76.com/

Distro finder: https://distrochooser.de/

The Amass Project received a glowing testimonial from an organization leveraging the @owasp #attacksurface mapping system:

"For FortifyData, Amass is an invaluable tool in our arsenal for quickly and accurately determining asset footprints for cyber risk assessment. It reliably provides superior results without false positives. Further, the OAM database model provides inherent benefits beyond asset footprinting, such as identifying third parties associated with the target and nth-party detection. Working closely with the Amass team, we've watched Amass steadily enhance its capabilities. Our clients are deeply impressed with the results our platform generates using Amass data. We look forward to continuing to work with Amass and supporting its development!"

J. Eric Smith, VP Technology Services Delivery

Please let us know if your organization has a testimonial to share as well!

Going to be in #nyc this upcoming Wednesday? Come learn with the @owasp Global Board!

I'll be co-hosting with @redteamblueteam and doing a talk to introduce the new @amass project that builds your attack surface mapping infrastructure!

#infosec #cyber #cybersecurity #security #recon #reconnaissance #attacksurface #attacksurfacemanagement

https://www.meetup.com/owasp-new-york-city-chapter/events/299764785/