@ciphermonger@infosec.exchange avatar

ciphermonger

@ciphermonger@infosec.exchange

Infosec guy. I'm just here for the memes. Midwest is best. All opinions are mine, etc, etc.

This profile is from a federated server and may be incomplete. For a complete list of posts, browse on the original instance.

jerry , to random
@jerry@infosec.exchange avatar

sorry about the extended downtime. I'll explain what happened shortly

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry It was the Illuminati, wasn't it?

jerry , to random
@jerry@infosec.exchange avatar

It isn’t until I open Mona that I see exactly how common quote posts are here on the fediverse these days.

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry I had to read that twice. I thought it said "Moana" and wondered if you were going to live-toot watching a Disney movie.

jerry , to random
@jerry@infosec.exchange avatar

I wonder how many security programs are designed around meeting the expectation of auditors, vs designed to protect the environment which is then inspected by auditors 🤔

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry Nearly every financial institution I've worked with is definitely aiming for the former. Likewise, the amount of time spent to make false-positives go away so they're not a "repeat finding" is utterly ridiculous.

jerry , to random
@jerry@infosec.exchange avatar

The primary adversary most IT/sec shops are intended to defend against is auditors

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry Just about to hop on an audit call with one of our customers and prove that we totally have security for all the cybers.

jerry , to random
@jerry@infosec.exchange avatar

Now I know they are desperate for clicks, but the teaser for this fund raising grift seems pretty ill advised given current events

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry Donny Jr. to the DOJ: "Come at me, bro".

jerry , to random
@jerry@infosec.exchange avatar

Seriously, though, I do expect to read about a notable surge in successful ransomware attacks leveraging the globalprotect vulnerability, which should largely see most devices still vulnerable and exposed to the internet until mid 2026

ciphermonger ,
@ciphermonger@infosec.exchange avatar

@jerry Maybe longer. Seems like there are still orgs getting hit using the Fortigate VPN vulnerability from 2018.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • test
  • worldmews
  • mews
  • All magazines
    •