Maksym Nowak
@mksmnwk.bsky.social
Part 1: Introduction to Bot Farms
Bot farms are networks of automated accounts designed to mimic real users on #socialmedia platforms. These bots can be used for various purposes, including spreading disinformation, manipulating public opinion, and amplifying specific messages. Mainly #politics
Bot farms are networks of automated accounts designed to mimic real users on #socialmedia platforms. These bots can be used for various purposes, including spreading disinformation, manipulating public opinion, and amplifying specific messages. Mainly #politics
December 6, 2024 at 9:43 AM
Part 1: Introduction to Bot Farms
Bot farms are networks of automated accounts designed to mimic real users on #socialmedia platforms. These bots can be used for various purposes, including spreading disinformation, manipulating public opinion, and amplifying specific messages. Mainly #politics
Bot farms are networks of automated accounts designed to mimic real users on #socialmedia platforms. These bots can be used for various purposes, including spreading disinformation, manipulating public opinion, and amplifying specific messages. Mainly #politics
8 hard truths of cybersecurity:
1. Assume breach The question isn’t if but when it happens.
2. Perfect security doesn’t exist — Risk is managed, never eliminated.
3. People are the weakest link — Your training matters more than your tech.
4. Compliance ≠ security — Checkboxes won’t stop threats.
1/2
1. Assume breach The question isn’t if but when it happens.
2. Perfect security doesn’t exist — Risk is managed, never eliminated.
3. People are the weakest link — Your training matters more than your tech.
4. Compliance ≠ security — Checkboxes won’t stop threats.
1/2
December 5, 2024 at 12:34 PM
8 hard truths of cybersecurity:
1. Assume breach The question isn’t if but when it happens.
2. Perfect security doesn’t exist — Risk is managed, never eliminated.
3. People are the weakest link — Your training matters more than your tech.
4. Compliance ≠ security — Checkboxes won’t stop threats.
1/2
1. Assume breach The question isn’t if but when it happens.
2. Perfect security doesn’t exist — Risk is managed, never eliminated.
3. People are the weakest link — Your training matters more than your tech.
4. Compliance ≠ security — Checkboxes won’t stop threats.
1/2
50% of recent #DDoS attacks were app layer. 72% of them come from known botnets and are usually short lived >1h. There is free botnet threat feed available from @cloudflare.social -> developers.cloudflare.com/ddos-protect...
#application-security #waap #cloudflare
#application-security #waap #cloudflare
December 4, 2024 at 9:36 PM
50% of recent #DDoS attacks were app layer. 72% of them come from known botnets and are usually short lived >1h. There is free botnet threat feed available from @cloudflare.social -> developers.cloudflare.com/ddos-protect...
#application-security #waap #cloudflare
#application-security #waap #cloudflare
Reposted by Maksym Nowak
Proof of Concept exploit has been made public for CVE-2024-42327, which is a critical vulnerability in Zabbix. If you running an instance, make sure that you update as soon as possible!
securityonline.info/poc-exploit-...
securityonline.info/poc-exploit-...
PoC Exploit Releases for Critical Zabbix Vulnerability - CVE-2024-42327 (CVSS 9.9)
Security researcher Alejandro Ramos has published a detailed technical analysis and proof-of-concept (PoC) exploit code for CVE-2024-42327
securityonline.info
December 4, 2024 at 12:33 PM
Proof of Concept exploit has been made public for CVE-2024-42327, which is a critical vulnerability in Zabbix. If you running an instance, make sure that you update as soon as possible!
securityonline.info/poc-exploit-...
securityonline.info/poc-exploit-...
If you are technical and still struggle with #cybersecurity after #CISSP certification - try this as well:
- explore requirements engineering and elicitation best practice
- try braking down security solutions into functional and non-functional requirement categories
- study MITRE ATT&CK and DEFEND
- explore requirements engineering and elicitation best practice
- try braking down security solutions into functional and non-functional requirement categories
- study MITRE ATT&CK and DEFEND
December 4, 2024 at 12:47 PM
If you are technical and still struggle with #cybersecurity after #CISSP certification - try this as well:
- explore requirements engineering and elicitation best practice
- try braking down security solutions into functional and non-functional requirement categories
- study MITRE ATT&CK and DEFEND
- explore requirements engineering and elicitation best practice
- try braking down security solutions into functional and non-functional requirement categories
- study MITRE ATT&CK and DEFEND
#Patch only #HighRisk strategy is not future-proof. #CVE-2014-2120 in #Cisco ASA can lead to #unauthenticated access was classified as #MediumRisk in 2014. It had to mature 10 years and is now under active exploit.
December 4, 2024 at 12:38 PM
#Patch only #HighRisk strategy is not future-proof. #CVE-2014-2120 in #Cisco ASA can lead to #unauthenticated access was classified as #MediumRisk in 2014. It had to mature 10 years and is now under active exploit.
Need to #secure #Azure #Bastion? Start with...
1. Role assignments and on
2. MFA is on
3. Diagnostic insights are on
4. NSGs and enabled
5. Just-in-Time access is enabled
For critical resources:
6. Session recording is enabled (Premium SKU)
Sovereignty?
7. Private-only deployment (Premium SKU)
1. Role assignments and on
2. MFA is on
3. Diagnostic insights are on
4. NSGs and enabled
5. Just-in-Time access is enabled
For critical resources:
6. Session recording is enabled (Premium SKU)
Sovereignty?
7. Private-only deployment (Premium SKU)
December 3, 2024 at 2:25 PM
36% decrease in successful cyberattacks on banks in 2024 (source: #PicusSecurity). What’s driving this drop? 🤔
1. Improved security measures
2. Increased investment in cybersecurity
3. Regulation readiness programs
4. Better collaboration and info sharing
5. Enhanced employee training
#ZeroTrust
1. Improved security measures
2. Increased investment in cybersecurity
3. Regulation readiness programs
4. Better collaboration and info sharing
5. Enhanced employee training
#ZeroTrust
December 3, 2024 at 12:49 PM
36% decrease in successful cyberattacks on banks in 2024 (source: #PicusSecurity). What’s driving this drop? 🤔
1. Improved security measures
2. Increased investment in cybersecurity
3. Regulation readiness programs
4. Better collaboration and info sharing
5. Enhanced employee training
#ZeroTrust
1. Improved security measures
2. Increased investment in cybersecurity
3. Regulation readiness programs
4. Better collaboration and info sharing
5. Enhanced employee training
#ZeroTrust
🇷🇺 #KillNet, #AnonymousSudan, and #REvil attacked 🇪🇺 European banks with #DDoS attacks, aiming to disrupt financial systems.
🇰🇵 #Lazarus Group targeted 🇺🇸 US banks by exploiting zero-day vulnerabilities to steal sensitive data.
#CyberSecurity #Banking #InfoSec
🇰🇵 #Lazarus Group targeted 🇺🇸 US banks by exploiting zero-day vulnerabilities to steal sensitive data.
#CyberSecurity #Banking #InfoSec
December 3, 2024 at 12:47 PM
🇷🇺 #KillNet, #AnonymousSudan, and #REvil attacked 🇪🇺 European banks with #DDoS attacks, aiming to disrupt financial systems.
🇰🇵 #Lazarus Group targeted 🇺🇸 US banks by exploiting zero-day vulnerabilities to steal sensitive data.
#CyberSecurity #Banking #InfoSec
🇰🇵 #Lazarus Group targeted 🇺🇸 US banks by exploiting zero-day vulnerabilities to steal sensitive data.
#CyberSecurity #Banking #InfoSec
Fear in #cybersecurity isn’t effective for #awareness or product marketing. Instead, let’s focus on positive reinforcement to build a proactive security culture. Empowerment and trust lead to lasting behavioral change. Let’s move beyond fear! #Cybersecurity #PositiveReinforcement #Trust #ZeroTrust
December 3, 2024 at 12:41 PM
Fear in #cybersecurity isn’t effective for #awareness or product marketing. Instead, let’s focus on positive reinforcement to build a proactive security culture. Empowerment and trust lead to lasting behavioral change. Let’s move beyond fear! #Cybersecurity #PositiveReinforcement #Trust #ZeroTrust
5 Signs Your #Security Controls Are Wrongly Defined
1. Vague words like `adequate`
2. You have more then 500 for entire stack
3. Mixing domains in example Auth in Network access
4. Unclear Responsibilities, if roles aren’t clear, gaps are inevitable.
5. Not measurable: `sufficient controls`
1. Vague words like `adequate`
2. You have more then 500 for entire stack
3. Mixing domains in example Auth in Network access
4. Unclear Responsibilities, if roles aren’t clear, gaps are inevitable.
5. Not measurable: `sufficient controls`
December 3, 2024 at 12:35 PM
5 Signs Your #Security Controls Are Wrongly Defined
1. Vague words like `adequate`
2. You have more then 500 for entire stack
3. Mixing domains in example Auth in Network access
4. Unclear Responsibilities, if roles aren’t clear, gaps are inevitable.
5. Not measurable: `sufficient controls`
1. Vague words like `adequate`
2. You have more then 500 for entire stack
3. Mixing domains in example Auth in Network access
4. Unclear Responsibilities, if roles aren’t clear, gaps are inevitable.
5. Not measurable: `sufficient controls`