Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
bert hubert 🇺🇦🇪🇺🇺🇦 (bert_hubert@fosstodon.org)'s status on Thursday, 24-Apr-2025 17:02:34 JST bert hubert 🇺🇦🇪🇺🇺🇦

"Three of the four most exploited vulns were zero days, all were in cybersecurity products (Palo-Alto, Ivanti Connect Secure, Ivanti Policy Secure and Fortinet)." https://cyberplace.social/@GossiTheDog/114391474274944937
In conversation about a month ago from fosstodon.org permalink
Attachments
1. Domain not in remote thumbnail source whitelist: cyberplace.social
  
  Kevin Beaumont (@GossiTheDog@cyberplace.social)
  
  from Kevin Beaumont
  
  Attached: 1 image Exploitation was the primary entry method into orgs, although it declined slight YoY due to the rise of infostealers. Three of the four most exploited vulns were zero days, all were in cybersecurity products (Palo-Alto, Ivanti Connect Secure, Ivanti Policy Secure and Fortinet). In most of the cases documented, it was ransomware groups running rings around security vendors, ie the security vendors were the cause of the victims woes due to defective products.
- Haelwenn /элвэн/ :triskell: likes this.
- Embed this notice
  Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Thursday, 24-Apr-2025 17:06:21 JST Stéphane Bortzmeyer
  in reply to
  
  @bert_hubert Indeed, most of these "security" products are crap. But it is not a problem, you don't buy them for security, you buy them to tick a box in the auditor spreadsheet.
  
  In conversation about a month ago permalink
  
  Haelwenn /элвэн/ :triskell: likes this.

Public

Conversation

Notices

Feeds