Great blog post by a colleague of mine who asks why "Security through obscurity" is not dead in 2023! How many "#cybersecurity #incidents" is it going to take to finally realize that keeping your #securitycontrols a secret is a good thing? How many times does the #cybercommunity have to demonstrate that sharing of #threatintelligence, #TTPs, #IOCs, #securityconcepts, #AwarenessTraining methods, #zerodays, and everything else that goes along with having a #DefenseInDepth approach to a #HealthySecurityProgram, is ACTUALLY THE GOOD THING 🤨

(ahem)

You want to know about the platform I architected? No problem! 👌🏻
You want to know what Threat Intelligence I gather? Check my GitHub (link on my profile 😁).
You want the keys to my kingdom? 🤣 No, but thanks for playing 👍🏻

I'm NOT saying #compromise yourself or open some dark #backdoor to your systems. Just share the knowledge of how you're protecting stuff! Everyone is more #secure for it, and the next generation will make it better.

https://kalahari.substack.com/p/security-through-obscurity?sd=pf

#DarkAI is a thing. I've talked about it before, and this article supports every theory I've mentioned over the years. #CyberCriminals are using #GenerativeAI to create sophisticated #BEC campaigns, #NovelMalware, and lowers the entry for new cyber criminals and especially #ScriptKiddies or people with zero technical experience to create and commit malicious fraud campaigns against a much wider swath of targets than ever before. The ONLY way to combat these emerging threats is through user awareness trainings and a #DefenseInDepth approach to your security platform for #EnterpriseSecurity. For yourselves personally - invest in a solid #antivirus solution, whether that's Microsoft's #Defender (consumer version), or a platform like #Avast who is affordable, very good, and works on desktop and mobile. You also want to look into a #VPN to protect your data streams. These DarkAI's aren't here to play, they are here to cause chaos. #BeCyberAware #BeCyberSafe and #DontGetPhished!!

https://www.darkreading.com/application-security/gpt-based-malware-trains-dark-web

#Kubernetes question for the fedi:

How do you convert webhook formats in a #homelab environment? For example, converting #botkube 'generic webhook' payload to feed #gotify

Lots of people seem to use #nodered, but that is a lot for a json transform.

Difficulty: It is part of the alerting pipe, so it should be as durable as possible. (As durable as something running on the same infra can be.)

I saw https://github.com/adnanh/webhook with simple python or curl scripts, but even with #defenseindepth (networkpolicy, securitycontext, etc) shell scripts seem hacky at best and a Bad Idea at worst.

Some form of #serverless would probably work, but that means finding, installing and learning a new #framework that hopefully won't become a huge headache in a week or a year.

The old #housebrain uses git-backed #nodered and it is a huge pain to maintain. (Mostly thanks to my design.) I'm doing it better this time.

(#boost)
#k8s #k3s #selfhosted

🔥⏲️ Fudge Sunday "Fuzz Jam June" A look at the growing importance of fuzzing in platform engineering

#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters

https://fudge.org/archive/fuzz-jam-june/

@FinchHaven @thisismissem Simple “friction” has been very useful against email #spammers without impacting normal email. Example: forcing SMTP clients to wait for a full banner and to follow command pipelining rules. Put the friction in the paths normal users only follow rarely, once, or never, but which spammers try to optimize for heavy travel.

It’s definitely just one layer of #DefenseInDepth but it is not nothing and can be almost free.

@thisismissem @grumpybozo

I've had a very long thread in my Home feed today (mostly because of hastags) that resolved down to:

"Now let's think about #DefenseInDepth for #mastodon and the #fediverse in the face of constant #spam attacks

Some options to add _just_ friction:"

Their entire solution was "friction"

Add enough friction and the spammers will go away

I kept wanting to scream

BUT YOUR 'FRICTION' AFFECTS THE 98% OF USERS WHO AREN'T SPAMMERS TOO

Fortunately I said nothing :)

Now let's think about #DefenseInDepth for #mastodon and the #fediverse in the face of constant #spam attacks.

Basically tying together my other thread with this one: https://hachyderm.io/@hrefna/110385501154045470

Some options to add _just_ friction:

1. Server-to-server rate limits. Irrespective of user.
2. Slowing down signups. This can be with #captcha tools, rate limits, etc.
3. Allow users to filter DMs based on content
4. Your standard "mark as spam" analyzers
5. Exponential backoff on the server side for DMs

How well does it do in a data center with 90dB chillers blowing 24x7?

#infosec #DefenseInDepth https://techhub.social/@techandcoffee/110010877553474425

@Techmeme This is definitely positive, but in reference to:

“Database leaks have been a bane for security for many years now, with poor practices and configuration mistakes often exposing the sensitive details of millions of people.”

This won’t stop leaks from a misconfigured system (DB or other) on top of S3. By the time data is in the db, it has been decrypted.

#DefenseInDepth

Referenced link: https://www.darkreading.com/microsoft/hardening-identities-with-phish-resistant-mfa
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1602353845455257602#m

Hardening Identities With Phish-Resistant MFA https://www.darkreading.com/microsoft/hardening-identities-with-phish-resistant-mfa @msftsecurity on extending your MFA strategy and using existing security options to deliver stronger authentication in #PartnerPerspectives #defenseindepth

I explained a #WAF as a nice line of defence against common nuisances only. Always secure your underlying API.

For example on #AWS WAF, SQLi / XSS filters are implented with regexes. False positives often lead to some rules being disabled. The article shared by others today demos widespread false negatives.

Geo filters are great against pests who don't have VPNs. WAF rate limits are really great against people who don't control botnets.

https://www.securityweek.com/wafs-several-major-vendors-bypassed-generic-attack-method

#infosec #defenseindepth

Referenced link: https://www.darkreading.com/microsoft/hardening-identities-with-phish-resistant-mfa
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1600947324791955466#m

Hardening Identities With Phish-Resistant MFA https://www.darkreading.com/microsoft/hardening-identities-with-phish-resistant-mfa @msftsecurity on extending your MFA strategy and using existing security options to deliver stronger authentication in #PartnerPerspectives #defenseindepth

Microsoft’s security approach focuses on #defenseindepth, with layers of protection throughout all phases of design, development, and deployment. Read our recent learnings on ensuring #Azure and our technologies are secure for our customers: https://azure.microsoft.com/blog/microsoft-azures-defense-in-depth-approach-to-cloud-vulnerabilities

#security #cybersecurity #Microsoft

@rotopenguin @scruss @a2_4am File that under #defenseindepth

One of my clients recently requested I do a security audit of an associated but independent side org.

There’s only 3 users and apparently an on-prem #exchange server. (They didn’t even know that’s what the computer in the corner of their office was.)
Their #wordpress is unpatched.
Security has never been something they’ve even spent 10 seconds thinking about.

The SMBs I take on as clients, often aren’t even doing any attempt at #defenseindepth until I’ve run through their stuff. Small Non-profits like this example are even worse off. MFA? yeah right. Password managers? you must be high.

There has to be a better way to serve these small orgs that’s not snake oil, and help them put up a solid defense somewhere above the #SecurityPovertyLine.
/rant

I have to say #microsoft #defender is consistently blowing my mind each month.
When a new CVE hits, I have near immediate visibility into impacted endpoints, with remediation steps for some.
I can tell my team-members exactly what machine needs what patch, including their own.
I love me some MacOs, and I’m a big Linux fanboy, but I’m increasingly drinking the MSFT koolaid for enterprise devices.
Defender + Intune is truly a game changer for SMB’s #DefenseInDepth.

#defenseindepth #catsofmastodon