The #Cybercriminal's #Thanksgiving List:
Unpatched #servers
Older operating systems
Companies with no commitment to #Cybersecurity Awareness Training
Companies that haven't implemented #2FA
Users that don't activate 2FA
Users that over share personal details on social media
Weak #password policies
Single Sign-On for lateral movement
#Centralized data storage
Saved #RDP credentials
#CEOs who say no to the #CISO's budget requests
Understaffed security departments
@paxterrarum You remind me of some of my concerns about various other journos or lawyers for example talking about setting up Mastadon servers... how much do these people know about these things? And what would that mean for the user base? I don't worry about it here because @th3j35t3r has that in spades... but it's certainly not in everyone's wheel house!
@catmomdo
I'm sure there's a lot of variation in the security and trustworthiness of Mastodon instances. I'm on another Mastodon instance, where my emphasis is almost entirely work related (technology). I cross-post some stuff on both sites, like the "Cybercriminal's Thanksgiving" post. My other account is
@[email protected].
Jerry, who runs that instance, is another person who knows what he's doing.
@th3j35t3r
Aw, %$#$%#!!!
Is that vulnerability still there, or is that the one that was recently reported and patched?
I think Jerry patched it. But it was still there last week.
@th3j35t3r
A perfect example of why we should never use the same password on multiple sites.