Just watched a gentleman squeeze his Cybertruck into a compact space which leads me to believe we need to clarify the thing that is supposed to be compact is the vehicle, not the brain or penis
The best email you can get from any company is “you haven’t logged into our app for a while, so we are going to delete your info unless you do in the next X days.”
Now that is an indicator of a company that has their shit together.
It shows they are auditing activity.
It shows they don’t want to hoard data.
It shows they are making an effort.
Ironically, it makes me want to sign in and use their stuff more.
Imagine if they had open-enrollment for cyber insurance and the only way you could enroll outside of that window was a qualifying life event. Those events would be stuff like:
1) executive saw a presentation on AI 2) mergers and acquisitions where you were so quick to want to join the networks you didn’t check what you were connecting too 3) company decided to move back to on premises Exchange for some reason 4) executive saw a presentation on blockchain 5) Elon Musk purchases a majority stake in your company
“A key question for the NTSB and Boeing over the coming days will be whether this whole thing could’ve been avoided with the Flex Seal family of products.”
Another benefit to being a remote employee is it forces you to be better at documenting things because you can’t just have a passing conversation with someone where a decision is made. Instead, there’s a perfect record of decisions made, concerns raised and who is accountable and oh wow this is another reason some companies hate it.
QEMU IS a generic and open source machine emulator and virtualization tool, it IS NOT a conspiracy theory involving an emu with the highest level of security clearance.
A reminder that if your company experiences a Ransomware incident, technically you should update your privacy policy to include whichever Ransomware group was behind it as a sub-processor
Lots of bad hot takes on LinkedIn (or as I think we’re supposed to refer to it here, the Berksite), regarding social engineering and employee security awareness training post-MGM, “your employees are the biggest risk”, yada yada yada.
Nope.
If a single employee can be socially engineered resulting in such devastating impact, that’s not a failure of that employee. It’s a failure of several layers of people, including some who will have been paid more in a year than the socially engineered employee would have in ten, to allow such a target rich, mission critical environment, to develop without putting proper controls in place to stop an attacker at the first opportunity once they are in.
And sadly, this story will play out hundreds more times, and the “untrained employee” will be thrown under the bus each and every time.
I keep forgetting I need to disclose a vulnerability to all physical key manufacturers. Essentially, it's possible to bypass the 'do not duplicate' message stamped into certain keys by taking them to a hardware store and asking a person who works there to duplicate them.
When you think about it, opening the cabin door at 700ft during landing is just the natural progression for those folks who like to stand up and start getting their bags before the plane has parked at the gate
Idea: if you’re being forced to return to an office to work and are also required to be on-call, insist upon commuting into the office before you start work on fixing whatever outage triggered the on-call to make it easier to collaborate with your peers.
“Oh no, site down, that’ll be costing us about $100k a minute - well better jump in the shower, get dressed and head on in, see you in about an hour and a half”
"so since our organization's annual spend with your company is now over a certain amount, you are classified as a 'critical' vendor to us, and we need you to fill out this security survey, or we can also accept a third party audit report like a SOC 2 or ISO 27001, do you have an audit?"
Windows Server 2003 turns 20 this year and will celebrate by continuing to operate in critical national infrastructure and manufacturing facilities for another 20 years
Author of Digital Forensic/Pen Test/Blue Team Diaries, Hands-on Incident Response and Digital Forensics & Security Operations in Practice! (he/him) #infosec #DFIR #BlueTeam #Pentesting