#defense-in-depth — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #defense-in-depth, aggregated by home.social.
-
🎩💻 Behold the hacker's wet dream: bypassing noexec like it's 1999, because who needs #security when you have a #PoC that screams "I told you so" at sysadmins? 🙄 Spoiler alert: defense in depth is just a bedtime story for the gullible. 😴🔍
https://hardenedlinux.org/blog/2026-04-13-stealthy-rce-on-hardened-linux-noexec--userland-execution-poc/ #hackernews #bypass #sysadmins #defenseindepth #HackerNews #ngated -
What is Port Knocking Implementation and Security: A Comprehensive Guide
https://denizhalil.com/2026/04/06/port-knocking-implementation-security-guide
#CyberSecurity #PortKnocking #NetworkSecurity #DefenseInDepth #LinuxSecurity #ServerSecurity
-
Security tools that live outside the operating system can only react. The most effective defenses are the ones built into the OS itself: enforcing integrity, catching tampering, and reducing blast radius in real time.
Prevention beats cleanup. Every time.
#LinuxSecurity #EnterpriseLinux #Linux #SysAdmin #DefenseInDepth
-
Plugging the Holes: The Swiss Cheese Model of Cyber Defense
https://youtu.be/bR3y5efWoGE #CyberSecurity #RiskManagement #DefenseInDepth #SwissCheeseModel #Phishing #PatchManagement #NetworkSecurity #EndpointSecurity #IncidentResponse #Governance #AIinCybersecurity -
🛡️ Web App Security Architecture: Implementing Defense-in-Depth
https://alexmacra.com/cybersecurity-guides/web-app-security-architecture-implementing-defense-in-depth/
#WebSecurity #DefenseInDepth #CyberSecurity #AppSec -
Some decent AppSec advice in here from a security chief at Sony.
https://www.darkreading.com/vulnerabilities-threats/defense-depth-approach-modern-era
-
A Defense-in-Depth Approach for the Modern Era – Source: www.darkreading.com https://ciso2ciso.com/a-defense-in-depth-approach-for-the-modern-era-source-www-darkreading-com/ #rssfeedpostgeneratorecho #DarkReadingSecurity #CyberSecurityNews #defenseindepth #DARKReading
-
John Poulin joins the Security Repo Podcast to break down #DefenseInDepth, audit logs, and why security headers are the new "bank-grade encryption." 🔐
🎧 Listen now:
https://buff.ly/3D0Le8C -
There's this thing about resilience engineering being more about being ready for dragons around the next corner than trying to guess where all the holes are in the swiss cheese.
I enjoy high nerd humor.
#ResilienceEngineering #ThereBeDragons #WhenSwissCheeseModelsFail #DefenseInDepth #Complexity https://mastodon.zergy.net/@Enalys/113656847324163454
-
Defense-in-Depth: Not Deep Enough – Source: www.govinfosecurity.com https://ciso2ciso.com/defense-in-depth-not-deep-enough-source-www-govinfosecurity-com/ #rssfeedpostgeneratorecho #govinfosecuritycom #CyberSecurityNews #defenseindepth
-
Defense in Depth approach using AWS: https://aws.plainenglish.io/defense-in-depth-approach-using-aws-f064d434c550
-
According to #Yubico, it took six months for a firmware vulnerability that allows cloning of #YubiKeys using #EllipticCurveCryptography to be resolved and responsibly revealed to the public. That's not the problem.
The real problem is there will always be another unpatched vulnerability just around the corner. That's why we need new ways of framing what #cybersecurity should look like in today's modern enterprise. Old-school #defenseindepth still has a place, but businesses must find new ways to reduce the amount of sensitive data that's at risk in a #databreach when all layers of defense are inevitably pierced.
https://www.yubico.com/support/security-advisories/ysa-2024-03/
-
New #DefenseInDepth strategy:
When a company has a data breach and leaks your PII to the world, we tie their CEO to a rock and hurl them into the Pacific Ocean.
-
"Often, defense in depth is compared to an onion; it has multiple layers. But how many layers do you need before you're secure? In this way, defense in depth fails as a strategy because it's not measurable."
I really like this quote from Project Zero Trust.
-
"Critical Alert! 🚨 Veeam ONE Monitor in the Crosshairs 🎯"
Veeam ONE -a comprehensive monitoring and analytics solution that is part of the Veeam Backup & Replication suite- has issued a high alert 🛑, releasing hotfixes for four vulnerabilities in its Veeam ONE platform, with two critical risks scoring near the max on the CVSS scale (9.8/9.9). The most severe allows RCE and NTLM hash theft! Patch ASAP! 🛠️
Less critical but still noteworthy, CVE-2023-38549 and CVE-2023-41723 show that even with less privileged roles, Veeam ONE users could exploit XSS attacks and view sensitive schedules. Keep those defenses up! 🏰
Tags: #CyberSecurity #Veeam #RCE #Vulnerability #PatchTuesday #InfoSec #CyberThreat #XSS #Vulnerabilities #DefenseInDepth #CyberHygiene
CVE Details:
- CVE-2023-38547: Potential SQL RCE MITRE ATT&CK
- CVE-2023-38548: NTLM hash theft MITRE ATT&CK
- CVE-2023-38549: XSS requiring admin interaction MITRE ATT&CK
- CVE-2023-41723: Schedule viewing without change permissions MITRE ATT&CK
-
Great blog post by a colleague of mine who asks why "Security through obscurity" is not dead in 2023! How many "#cybersecurity #incidents" is it going to take to finally realize that keeping your #securitycontrols a secret is a good thing? How many times does the #cybercommunity have to demonstrate that sharing of #threatintelligence, #TTPs, #IOCs, #securityconcepts, #AwarenessTraining methods, #zerodays, and everything else that goes along with having a #DefenseInDepth approach to a #HealthySecurityProgram, is ACTUALLY THE GOOD THING 🤨
(ahem)
You want to know about the platform I architected? No problem! 👌🏻
You want to know what Threat Intelligence I gather? Check my GitHub (link on my profile 😁).
You want the keys to my kingdom? 🤣 No, but thanks for playing 👍🏻I'm NOT saying #compromise yourself or open some dark #backdoor to your systems. Just share the knowledge of how you're protecting stuff! Everyone is more #secure for it, and the next generation will make it better.
https://kalahari.substack.com/p/security-through-obscurity?sd=pf
-
#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!
https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web
-
#Kubernetes question for the fedi:
How do you convert webhook formats in a #homelab environment? For example, converting #botkube 'generic webhook' payload to feed #gotify
Lots of people seem to use #nodered, but that is a lot for a json transform.
Difficulty: It is part of the alerting pipe, so it should be as durable as possible. (As durable as something running on the same infra can be.)
I saw https://github.com/adnanh/webhook with simple python or curl scripts, but even with #defenseindepth (networkpolicy, securitycontext, etc) shell scripts seem hacky at best and a Bad Idea at worst.
Some form of #serverless would probably work, but that means finding, installing and learning a new #framework that hopefully won't become a huge headache in a week or a year.
The old #housebrain uses git-backed #nodered and it is a huge pain to maintain. (Mostly thanks to my design.) I'm doing it better this time.
-
🔥⏲️ Fudge Sunday "Fuzz Jam June" A look at the growing importance of fuzzing in platform engineering
#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters
-
How well does it do in a data center with 90dB chillers blowing 24x7?
#infosec #DefenseInDepth https://techhub.social/@techandcoffee/110010877553474425
-
@Techmeme This is definitely positive, but in reference to:
“Database leaks have been a bane for security for many years now, with poor practices and configuration mistakes often exposing the sensitive details of millions of people.”
This won’t stop leaks from a misconfigured system (DB or other) on top of S3. By the time data is in the db, it has been decrypted.
-
I explain a #WAF as a nice line of defence against common nuisances only. Always secure your underlying API.
For example on #AWS WAF, SQLi / XSS filters are implented with regexes. False positives often lead to some rules being disabled. The article shared by others today demos widespread false negatives.
Geo filters are great against pests who don't have VPNs. WAF rate limits are really great against people who don't control botnets.
https://www.securityweek.com/wafs-several-major-vendors-bypassed-generic-attack-method
-
Microsoft’s security approach focuses on #defenseindepth, with layers of protection throughout all phases of design, development, and deployment. Read our recent learnings on ensuring #Azure and our technologies are secure for our customers: https://azure.microsoft.com/blog/microsoft-azures-defense-in-depth-approach-to-cloud-vulnerabilities
