Without: Inventory, patching, change management, backups, recovery/response plans, pentesting, and people who care.... No SOC, MDR, SIEM, or AI is going to save you.

People shouldn’t be scared by this CrowdStrike report. I don’t even know why they added the “AI-enabled ransomware” part -probably a PR idea that nobody stopped The real issue is wrong risk perception. CISOs worry about what sounds new instead of what actually causes incidents.

Ojito con esto: vulnerabilidades críticas en F5

How Ransomware Groups Got In: @rapid7 MDR’s Top Initial Access Vectors from Q1 2025. Top Initial Access Vectors - Account Compromise (No MFA) - Vuln Exploitation (all known, patchable) - Brute Forcing - Exposed RDP - SEO Poisoning What our #MDR team saw in real-world

Are you focusing on the important parts of cybersecurity first? It's critical to ruthlessly prioritize in cybersecurity because there is an infinite number of ways that attackers could possibly attack your systems. a 🧵

This kind of thing happens more than you might think: A manager or executive in an otherwise secure(d) environment wants to be able to use his or her personal device and do so on a connection that isn't restricted by the organization. It's a move that usually begs for trouble.

Everyone wants to spend $100k for EDR but no one wants to take away local admin rights from Suzie in accounting…

Everyone wants to spend $100k for EDR but no one wants to take away local admin rights from Suzie in accounting…

🚨Data Breach Alert���️ 🇪🇸Spain - Robinson List The threat actor known as "injectioninferno" claims to have exposed 614,197 rows of user records (address, full names, DNI, email, etc.) from Robinson List. The Robinson List is a free service allowing Spanish citizens to opt out