home.social

#attacksurfacereduction — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #attacksurfacereduction, aggregated by home.social.

  1. Anant Shrivastava aka anantshri @[email protected] ·

    Today it is Mythos. Tomorrow it will be something else.

    The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

    Everyone wants to attach themselves to the next big wave and present themselves as the answer.

    Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

    • Does it strengthen existing tools and workflows?
    
• Does it preserve model and vendor optionality?

    • Does it reduce backlog and repetitive operational drag?

    • Does it reduce attack surface by removing software, access, and exposure you do not need?

    • Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

    Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

    Most of the time, we just kick the ball a few months further down the road and call it progress.

    I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

    #securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

    #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #securitystrategy #appsec
  2. Anant Shrivastava aka anantshri @[email protected] ·

    Today it is Mythos. Tomorrow it will be something else.

    The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

    Everyone wants to attach themselves to the next big wave and present themselves as the answer.

    Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

    • Does it strengthen existing tools and workflows?
    
• Does it preserve model and vendor optionality?

    • Does it reduce backlog and repetitive operational drag?

    • Does it reduce attack surface by removing software, access, and exposure you do not need?

    • Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

    Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

    Most of the time, we just kick the ball a few months further down the road and call it progress.

    I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

    #securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

    #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #securitystrategy
  3. Anant Shrivastava aka anantshri @[email protected] ·

    Today it is Mythos. Tomorrow it will be something else.

    The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

    Everyone wants to attach themselves to the next big wave and present themselves as the answer.

    Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

    • Does it strengthen existing tools and workflows?
    
• Does it preserve model and vendor optionality?

    • Does it reduce backlog and repetitive operational drag?

    • Does it reduce attack surface by removing software, access, and exposure you do not need?

    • Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

    Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

    Most of the time, we just kick the ball a few months further down the road and call it progress.

    I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

    #securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

    #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #securitystrategy #appsec
  4. Anant Shrivastava aka anantshri @[email protected] ·

    Today it is Mythos. Tomorrow it will be something else.

    The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

    Everyone wants to attach themselves to the next big wave and present themselves as the answer.

    Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

    • Does it strengthen existing tools and workflows?
    
• Does it preserve model and vendor optionality?

    • Does it reduce backlog and repetitive operational drag?

    • Does it reduce attack surface by removing software, access, and exposure you do not need?

    • Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

    Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

    Most of the time, we just kick the ball a few months further down the road and call it progress.

    I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

    #securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

    #operationalresiliencempanies #operationalresilience #appsec #securitystrategy #vendorlockin #attacksurfacereduction
  5. Anant Shrivastava aka anantshri @[email protected] ·

    Today it is Mythos. Tomorrow it will be something else.

    The pattern stayvendorlockin #securitystrategy #appsec #operationalresiliencempanies need urgency to position themselves.

    Everyone wants to attach themselves to the next big wave and present themselves as the answer.

    Real organizational readiness is not about pushing AI into every layer because the current panic cycle says so. The practical test for any change is much simpler:

    • Does it strengthen existing tools and workflows?
    
• Does it preserve model and vendor optionality?

    • Does it reduce backlog and repetitive operational drag?

    • Does it reduce attack surface by removing software, access, and exposure you do not need?

    • Does it reinforce the boring fundamentals like inventory, patching, least privilege, segmentation, and recovery?

    Without those checks, you are mostly just trading places. One dependency gets swapped for another. One vendor stack gets replaced by another. One kind of complexity becomes another. Very little materially improves.

    Most of the time, we just kick the ball a few months further down the road and call it progress.

    I wrote about many of these ideas in my pragmatic guide:
https://cyfinoid.com/a-pragmatic-guide-to-being-mythos-ready/

    #securitystrategy #appsec #operationalresiliencempanies #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #operationalresilience

    #cybersecurity #aisecurity #attacksurfacereduction #vendorlockin #securitystrategy #appsec
  6. Axel 🚴😷🐧🐪⌨ | #WeAreNatenom @[email protected] ·

    Yay, #Debian reduces #OpenSSH dependencies (in Debian Unstable for now) and removes #libsystemd dependency.

    openssh (1:9.7p1-4) unstable; urgency=medium

    * Rework systemd readiness notification and socket activation patches to not link against libsystemd (the former via an upstream patch).
    * […]

    Thanks @cjwatson!

    (via tracker.debian.org/news/151654)

    #xz #xzbackdoor #xzorcist #JiaT75 #systemd #AttackSurfaceReduction

    #debian #openssh #libsystemd #xz #xzbackdoor #xzorcist
  7. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #Geacon #IOCs and breakdown provided by @SentinelOne ⚠️
    Geacon Brings #CobaltStrike Capabilities to #macOS
    Threat Actors
    sentinelone.com/blog/geacon-br

    #Hacking #ThreatIntelligence #AttackSurfaceReduction

    #geacon #iocs #cobaltstrike #macos #hacking #threatintelligence
  8. Geekmaster 👽:system76: @[email protected] ·

    If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: darkreading.com/threat-intelli

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

    #rdp #admin #endpoint #breached #bianlian #hacking
  9. Geekmaster 👽:system76: @[email protected] ·

    If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: darkreading.com/threat-intelli

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

    #rdp #admin #endpoint #breached #bianlian #hacking
  10. Geekmaster 👽:system76: @[email protected] ·

    If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: darkreading.com/threat-intelli

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

    #rdp #admin #endpoint #breached #bianlian #hacking
  11. Geekmaster 👽:system76: @[email protected] ·

    If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: darkreading.com/threat-intelli

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

    #ransomware #attacksurfacereduction #exfil #dataexfiltration #cloudattacksurface #cloud
  12. Geekmaster 👽:system76: @[email protected] ·

    If you use #RDP, make sure it's strictly internal, and limited only to specific #admin accounts, and that you *DO NOT* have any #3389 open publicly. That IP will be found (quickly), and your #endpoint will be attacked, if not #breached. #BianLian has shifted their attack model. @cisacyber dropped an advisory this week, here's a decent summary of what's up: darkreading.com/threat-intelli

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #DataExfiltration #Exfil #AttackSurfaceReduction #Ransomware

    #rdp #admin #endpoint #breached #bianlian #hacking
  13. Geekmaster 👽:system76: @[email protected] ·

    #Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
    scmagazine.com/news/threat-int

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

    #infostealers #darkweb #underground #economy #supporting #infrastructure
  14. Geekmaster 👽:system76: @[email protected] ·

    #Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
    scmagazine.com/news/threat-int

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

    #infostealers #darkweb #underground #economy #supporting #infrastructure
  15. Geekmaster 👽:system76: @[email protected] ·

    #Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
    scmagazine.com/news/threat-int

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

    #infostealers #darkweb #underground #economy #supporting #infrastructure
  16. Geekmaster 👽:system76: @[email protected] ·

    #Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
    scmagazine.com/news/threat-int

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

    #attacksurfacereduction #usemfa #apt #chinaapt #russiaapt #cyberespionage
  17. Geekmaster 👽:system76: @[email protected] ·

    #Infostealers are a growing threat. Sure, they've been around for decades, but now it's becoming a much larger market on the #Darkweb. “What we are seeing is an entire #underground #economy and #supporting #infrastructure built around #infostealers, making it not only possible but also potentially #lucrative for relatively #lowskilled #threatactors to get involved,”
    scmagazine.com/news/threat-int

    #Hacking #ThreatIntelligence #Cloud #CloudAttackSurface #TOR #DataExfiltration #Exfil #RussianMarket #Cyberespionage #RussiaAPT #ChinaAPT #APT #UseMFA #AttackSurfaceReduction

    #infostealers #darkweb #underground #economy #supporting #infrastructure
  18. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

    #Hotfix:
    Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

    - Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

    - Using Intune: learn.microsoft.com/en-us/micr

    - Using Group Policy: learn.microsoft.com/en-us/micr

    #TheMoreYouKnow #SysAdmins

    #microsoftservicehealth #advisory #microstfoffice #defender #attacksurfacereduction #asr
  19. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

    #Hotfix:
    Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

    - Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

    - Using Intune: learn.microsoft.com/en-us/micr

    - Using Group Policy: learn.microsoft.com/en-us/micr

    #TheMoreYouKnow #SysAdmins

    #microsoftservicehealth #advisory #microstfoffice #defender #attacksurfacereduction #asr
  20. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

    #Hotfix:
    Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

    - Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

    - Using Intune: learn.microsoft.com/en-us/micr

    - Using Group Policy: learn.microsoft.com/en-us/micr

    #TheMoreYouKnow #SysAdmins

    #microsoftservicehealth #advisory #microstfoffice #defender #attacksurfacereduction #asr
  21. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

    #Hotfix:
    Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

    - Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

    - Using Intune: learn.microsoft.com/en-us/micr

    - Using Group Policy: learn.microsoft.com/en-us/micr

    #TheMoreYouKnow #SysAdmins

    #sysadmins #themoreyouknow #audit #hotfix #asr #attacksurfacereduction
  22. Geekmaster 👽:system76: @[email protected] ·

    ⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

    #Hotfix:
    Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

    - Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

    - Using Intune: learn.microsoft.com/en-us/micr

    - Using Group Policy: learn.microsoft.com/en-us/micr

    #TheMoreYouKnow #SysAdmins

    #microsoftservicehealth #advisory #microstfoffice #defender #attacksurfacereduction #asr
  23. IAintShootinMis @[email protected] ·

    This was the result of an #ASR #AttackSurfaceReduction rule called "Win32 Imports from Office Macro Code" being set to "Block" causing it to delete all of the shortcuts from ProgramData\Microsoft\Windows\Start Menu\Programs

    #asr #attacksurfacereduction
  24. Christian Müller @[email protected] ·

    Attention! Microsoft Defender issue!

    Starting with security intelligence version 1.381.2140.0 (or others depending on OS) Attack Surface Reduction (ASR) will remove .LNK files in start menu and taskbar once they are clicked on. This will trigger an ASR alert in some but not all cases ("Block Win32 API calls from Office macro"). Setting this to audit might help.

    This is affecting every environement I have looked at now, so just wanted to share it so as many people as possible.

    #MicrosoftDefender #ASR #AttackSurfaceReduction

    #microsoftdefender #asr #attacksurfacereduction