Some decent AppSec advice in here from a security chief at Sony.
https://www.darkreading.com/vulnerabilities-threats/defense-depth-approach-modern-era
#DefenseInDepth
@Ashedryden sure:
- be well rested and less stressed. Really! Immune systems perform better when the organism is well-rested, and worse when under stress conditions. Literally calm your system beforehand with meditation if you can?
- have your vitamins. Results for vitamins D and C vary from "no effect" to "protective" (https://pmc.ncbi.nlm.nih.gov/articles/PMC9864223/ for example), with clear evidence that low vitamin D can down-modulate immunity. Especially important for PoC in northern climes, folks who don't work outdoors, and similar. Maybe start supplementing vitamin D (through sun exposure or pills) a week+ ahead?
- nasal sprays and mouthwashes. There is evidence for both xylitol and iota-carrageenan giving protection against SARS-CoV-2. A nice review with links to actual research from this past summer: https://integrativewomenshealthinstitute.com/how-to-prevent-long-covid-summer-2024-update/
- UV light disinfection, aka Germicidal Ultraviolet. This is harder to access as most installations are for industry, but if you have time and energy perhaps you can DIY it or find a supplier.
- explicitly say "And if you want to come but are feeling sick, let us know, and we'll drop off a get-better goodie basket and a little gift!" or similar, so folks who are ill have motivation to not come.
You've already said you will ventilate and filter. Add more filters? HEPA is great but Corsi-Rosenthal boxes with MERV-13 filters are also highly effective, relatively inexpensive, and if made with computer fans, very very quiet. They can be totally DIY - there's even a song about it https://www.youtube.com/watch?v=5XS-7vgThfQ !!! - , and various sellers have them available as kits or prefabbed, too.
Less likely to be useful:
- vaccinate 2-3 weeks prior to be at peak vax-induced immunity before waning
- PlusLife or RAT testing at the door
- free mask basket at the door. You sound perhaps willing to use an N95 but you indicated your guests wouldn't.
I hope some of those help! None of them will guarantee no infection, but when one must face such situations, the odds can be improved.
#SwissCheeseModel #AirborneAware #CovidCompetent #CovidConscious #COVIDcautious #SwissCheeseDefence #SwissCheeseDefense #DefenseInDepth #DefenceInDepth #COVIDIsNotOver #SARSCoV2 #COVID #COVID19 #CovidIsAirborne
John Poulin joins the Security Repo Podcast to break down #DefenseInDepth, audit logs, and why security headers are the new "bank-grade encryption." π
π§ Listen now:
https://buff.ly/3D0Le8C
Joomla Web Services WITHOUT Super User. Least Privilege Principle. One of the fundamentals of Information Security.
https://apiadept.com/technical/joomla-web-services-without-super-user
#acl #cybersecurity #blueteam #defensivesecurity #leastprivilegeprinciple #defenseindepth #joomla #developer
There's this thing about resilience engineering being more about being ready for dragons around the next corner than trying to guess where all the holes are in the swiss cheese.
I enjoy high nerd humor.
#ResilienceEngineering #ThereBeDragons #WhenSwissCheeseModelsFail #DefenseInDepth #Complexity https://mastodon.zergy.net/@Enalys/113656847324163454
π₯ Did you know a single vulnerability in Bosch Rexroth IndraDrive systems (CVE-2024-48989) could bring entire industrial setups to a halt? π₯
This flaw makes it possible for attackers to overload systems with minimal effort, causing a costly DoS attack. Quick tip: Layer your defenses! Network segmentation, firewalls, and regular vulnerability scanning are essential to keep attackers at bay.
Whatβs your take on layered security in ICS? Letβs discuss!
Read our full article for detailed insights and steps to safeguard your systems: https://guardiansofcyber.com/cybersecurity-news/bosch-rexroth-indradrive-critical-vulnerability/
#Cybersecurity #GuardiansOfCyber #ICS #IndustrialControl #DataProtection #NetworkSecurity #Vulnerability #CVE #DoS #DefenseInDepth
Defense in Depth approach using AWS: https://aws.plainenglish.io/defense-in-depth-approach-using-aws-f064d434c550
According to #Yubico, it took six months for a firmware vulnerability that allows cloning of #YubiKeys using #EllipticCurveCryptography to be resolved and responsibly revealed to the public. That's not the problem.
The real problem is there will always be another unpatched vulnerability just around the corner. That's why we need new ways of framing what #cybersecurity should look like in today's modern enterprise. Old-school #defenseindepth still has a place, but businesses must find new ways to reduce the amount of sensitive data that's at risk in a #databreach when all layers of defense are inevitably pierced.
https://www.yubico.com/support/security-advisories/ysa-2024-03/
Sometimes I feel like the protagonist in "The Princess and the Pea".
I can feel a single 1/8"-3/16" pebble or dry cat food nugget under foot, wearing shoes and on a double-carpeted surface.
Also, very few ticks have been able to make it past my leg hairs without my getting an alert.
#DefenseInDepth
@eff maybe consider physical security and wear elastomeric respirators, or N95s at least.
Attendees who leave port 23 open are mocked, compromised, honeypots, or all. Attendees who leave mouth and nose ports open are demonstrating situational unawareness.
#maskUp #security #swissCheeseModel #defenseInDepth #defenceInDepth
CISA Red Teamβs Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
New #DefenseInDepth strategy:
When a company has a data breach and leaks your PII to the world, we tie their CEO to a rock and hurl them into the Pacific Ocean.
"Often, defense in depth is compared to an onion; it has multiple layers. But how many layers do you need before you're secure? In this way, defense in depth fails as a strategy because it's not measurable."
I really like this quote from Project Zero Trust.
Did you know Docker bypasses your host firewall by default?
I certainly didn't until this week. Thankfully, my UFW host firewall is my last line of defence and any potential exposure was dealt with by my upstream CDN provider and cloud perimeter firewalls. IF ever there was an advert for Defence-in-depth.. this is it.
"Critical Alert! π¨ Veeam ONE Monitor in the Crosshairs π―"
Veeam ONE -a comprehensive monitoring and analytics solution that is part of the Veeam Backup & Replication suite- has issued a high alert π, releasing hotfixes for four vulnerabilities in its Veeam ONE platform, with two critical risks scoring near the max on the CVSS scale (9.8/9.9). The most severe allows RCE and NTLM hash theft! Patch ASAP! π οΈ
Less critical but still noteworthy, CVE-2023-38549 and CVE-2023-41723 show that even with less privileged roles, Veeam ONE users could exploit XSS attacks and view sensitive schedules. Keep those defenses up! π°
Tags: #CyberSecurity #Veeam #RCE #Vulnerability #PatchTuesday #InfoSec #CyberThreat #XSS #Vulnerabilities #DefenseInDepth #CyberHygiene
CVE Details:
- CVE-2023-38547: Potential SQL RCE MITRE ATT&CK
- CVE-2023-38548: NTLM hash theft MITRE ATT&CK
- CVE-2023-38549: XSS requiring admin interaction MITRE ATT&CK
- CVE-2023-41723: Schedule viewing without change permissions MITRE ATT&CK
A few lessons from Retool after the attacks that cause unauthorized access to their cloud customers: https://retool.com/blog/mfa-isnt-mfa/
#mfa #lessonslearned #socialengineering #defenseindepth #threatmodel
2023 Mid-Year Security Report by Check Point exposes startling surge in ransomware.
Over 48 ransomware groups hit 2,200+ victims!
Bolster your digital defenses and stay vigilant online
#ransomware #CISOAwareness #defenseindepth #securityneversleeps
Great blog post by a colleague of mine who asks why "Security through obscurity" is not dead in 2023! How many "#cybersecurity #incidents" is it going to take to finally realize that keeping your #securitycontrols a secret is a good thing? How many times does the #cybercommunity have to demonstrate that sharing of #threatintelligence, #TTPs, #IOCs, #securityconcepts, #AwarenessTraining methods, #zerodays, and everything else that goes along with having a #DefenseInDepth approach to a #HealthySecurityProgram, is ACTUALLY THE GOOD THING π€¨
(ahem)
You want to know about the platform I architected? No problem! ππ»
You want to know what Threat Intelligence I gather? Check my GitHub (link on my profile π).
You want the keys to my kingdom? π€£ No, but thanks for playing ππ»
I'm NOT saying #compromise yourself or open some dark #backdoor to your systems. Just share the knowledge of how you're protecting stuff! Everyone is more #secure for it, and the next generation will make it better.
https://kalahari.substack.com/p/security-through-obscurity?sd=pf
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst