#elevationofprivilege — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #elevationofprivilege, aggregated by home.social.
-
Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights
Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent…
#PatchTuesday #Microsoft #Cve202641089 #RemoteCodeExecution #ElevationOfPrivilege
-
Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights
Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent…
#PatchTuesday #Microsoft #Cve202641089 #RemoteCodeExecution #ElevationOfPrivilege
-
Linux Flaw Exposes Users to Root Access Attacks
A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software…
#LinuxFlaw #RootAccess #Cve202641651 #Packagekit #ElevationOfPrivilege
-
Elevation-of-Privilege Vulns Dominate Microsoft’s Patch Tuesday – Source: www.darkreading.com https://ciso2ciso.com/elevation-of-privilege-vulns-dominate-microsofts-patch-tuesday-source-www-darkreading-com/ #rssfeedpostgeneratorecho #elevationofprivilege #DarkReadingSecurity #CyberSecurityNews #DARKReading
-
via @dotnet : .NET and .NET Framework January 2025 servicing releases updates
https://ift.tt/eR6NaGf
#DotNet #DotNetFramework #January2025 #SecurityUpdates #CVE #RemoteCodeExecution #DenialOfService #ElevationOfPrivilege #ASPNetCore #EFCore #ReleaseNotes #Softwa… -
via @dotnet : .NET and .NET Framework January 2025 servicing releases updates
https://ift.tt/eR6NaGf
#DotNet #DotNetFramework #January2025 #SecurityUpdates #CVE #RemoteCodeExecution #DenialOfService #ElevationOfPrivilege #ASPNetCore #EFCore #ReleaseNotes #Softwa… -
via @dotnet : .NET and .NET Framework January 2025 servicing releases updates
https://ift.tt/eR6NaGf
#DotNet #DotNetFramework #January2025 #SecurityUpdates #CVE #RemoteCodeExecution #DenialOfService #ElevationOfPrivilege #ASPNetCore #EFCore #ReleaseNotes #Softwa… -
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
- Abusive Partners
- Stalkers
- Kids
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
-
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
- Abusive Partners
- Stalkers
- Kids
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
-
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
- Abusive Partners
- Stalkers
- Kids
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
-
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
- Abusive Partners
- Stalkers
- Kids
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
-
The Canadian Centre for Cyber Security has an interesting article on #CybeSecurity #ThreatActors (adversaries) and their motivation.
https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment
The article IMHO leaves out at some threat actors (which might not be that relevant for a commercial or critical infrastructure setting)
- Abusive Partners
- Stalkers
- Kids
while these could be seen as part of insider threats, I believe that their capabilities and opportunities are different from other insiders.
And they are often overlooked when developing consumer products.
Think of the problems with #AirTags or the bike theft "problem" with Strava.I really like this and are thinking of creating a game around it to raise security awareness (especially within development and designe of systems). #SeriousGames
Idea is to have a collaborative game where you play through threats against your system. Starting with the Threat Actors, their intend, capabilities and opportunities.
Going through techniques used (maybe using a subset of #MitreAttack but also common #SocialEngineering techniques).
And then choosing mitigation and defense options.A bit of a mixture between #ElevationOfPrivilege/#EoP, #BackdoorsAndBreaches and #FearlessJourney
-
heise+ | IT-Sicherheitsbewusstsein schaffen: Threat-Modelling per Kartenspiel
Beim Produktzyklus einer Software ist es wichtig, frühzeitig mögliche Bedrohungen zu erkennen. So fördern Sie das dafür nötige Wissen mit Kartenspielen.
IT-Sicherheitsbewusstsein schaffen: Threat-Modelling per Kartenspiel -
heise+ | IT-Sicherheitsbewusstsein schaffen: Threat-Modelling per Kartenspiel
Beim Produktzyklus einer Software ist es wichtig, frühzeitig mögliche Bedrohungen zu erkennen. So fördern Sie das dafür nötige Wissen mit Kartenspielen.
IT-Sicherheitsbewusstsein schaffen: Threat-Modelling per Kartenspiel