Managing initiatives through NIST CSF seems to be good/best practice. What are you all using to track the maturity of your cyber program?

Sunday morning is a great time to post an

Hi! I’m a professional, who has been into and for 25y. To give back to the community I run ioc.exchange and sfba.social .
I live in the San Francisco Bay Area with my wife and two kids. I came here 11y ago from , which is my hometown. My alma mater is , where I studied computer science. I was born in East Berlin, behind the iron curtain.

Be kind and hack the planet!

fellas who ended up on the overloaded mastodon.social and mastodon.online instances!

Give them a break and migrate to one of the infosec focused instances:

ioc.exchange
infosec.exchange
freeradical.zone
hackers.town
chaos.social

If you are looking for a great reference about CSOC/SOC operations, check out Carson Zimmerman's "Ten Strategies of a world-class Cyber Security Operations Center"

mitre.org/publications/all/ten

fediverse! What's the best paper/book you have read on zero trust?

professionals!

Any tips on how to better communicate that system maintenance (incl. patching) needs to cover ALL devices on the network?

Browsing the Conti.news this morning. A lot of German speaking victims lately, seems like they have learned how to navigate German Windows Server versions.

Desktop Linux Security Review for Elementary OS - The new Leader in this Review Series! Elementary OS collected 13 out of 18 points and looks great along the way.

decrypt.fail/desktop-linux-sec

Should we start suing web hosting companies, when they don’t patch their servers and as a result the websites get compromised and used for malware operations, which then creates a bad reputation for my domains?

Finished my security review on Garuda Linux - Such a beautiful distro! It received 10 out of 18 points - An average score.

write.as/decrypt/desktop-linux

Desktop security review for :ubuntu: is in!
Interesting that it downloads updates during install but not actually installs them.

decrypt.fail/desktop-linux-sec

Pop!_OS security review done. They missed out on a lot of points because of two ignored vulnerabilities 😞

decrypt.fail/desktop-linux-sec

Third security review for desktop distros done:

decrypt.fail/desktop-linux-sec

(Given the stuff I saw when testing and read online, I'm bracing for impact...)

is showing us that the current state of vulnerability scanning technology is insufficient. Who has ideas on how to improve in a way that would make it possible to properly handle a event?

Show older
IOC.exchange

INDICATORS OF COMPROMISE (IOC)
InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: https://ioc.wiki/mastodon

HAVE FUN and STAY SAFE!