#attacksurfacereduction — Public Fediverse posts

Today it is Mythos. Tomorrow it will be something else.

The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

Everyone wants to attach themselves to the next big wave and present themselves as the answer.

Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

• Does it strengthen existing tools and workflows?

• Does it preserve model and vendor optionality?

• Does it reduce backlog and repetitive operational drag?

• Does it reduce attack surface by removing software, access, and exposure you do not need?

• Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

Most of the time, we just kick the ball a few months further down the road and call it progress.

I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

#securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

Yay, #Debian reduces #OpenSSH dependencies (in Debian Unstable for now) and removes #libsystemd dependency.

openssh (1:9.7p1-4) unstable; urgency=medium

* Rework systemd readiness notification and socket activation patches to not link against libsystemd (the former via an upstream patch).
* […]

Thanks @cjwatson!

(via https://tracker.debian.org/news/1516548/accepted-openssh-197p1-4-source-into-unstable/)

#xz #xzbackdoor #xzorcist #JiaT75 #systemd #AttackSurfaceReduction

If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: https://www.darkreading.com/threat-intelligence/bianlian-cybercrime-group-changes-attack-methods-cisa-advisory-notes?_mc=NL_DR_EDT_DR_weekly_20230518&cid=NL_DR_EDT_DR_weekly_20230518&sp_aid=116563&elq_cid=38046155&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&sp_eh=144c4ccfdc4bcabeefa4110f1ea26cecf2a866a1c04b99a946a3df0524ced34c&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Weekly_05.18.23&sp_cid=48613&utm_content=DR_NL_Dark%20Reading%20Weekly_05.18.23

#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

#Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
https://www.scmagazine.com/news/threat-intelligence/data-log-thefts-explode-as-infostealers-gain-popularity-with-cybercriminals?external_id=HBwZ-n4B490LDY0Z-dKj&external_id_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGLzUgAldBXEeVNitVuN5rpvANUjNCaIIBnTmArpblpBWE5hgFJSS9PoGhu7RxEp5cWxLUDxbLdJ7juuAc83cEfRAyiFxOpe18Kant7MXUMhA

#Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction