Rami
@ramimac.me
security, for the internet, at Wiz
opinionated about security.
knowledge hubs at rami.wiki, thoughts at ramimac.me
opinionated about security.
knowledge hubs at rami.wiki, thoughts at ramimac.me
reminds me of ramimac.me/poisoning-ss... 😉
Poisoning the SSM Command Document Well
Responsibly disclosing risks in using SSM Command Docs for software distribution.
ramimac.me
December 24, 2024 at 12:12 PM
reminds me of ramimac.me/poisoning-ss... 😉
One recent report highlighted that roughly a third of their customers have “at least one cloud workload that is publicly exposed, critically vulnerable and highly privileged.”
If you’re this vendor, should I really buy your product?
ramimac.me/state-of-clo...
If you’re this vendor, should I really buy your product?
ramimac.me/state-of-clo...
State of ‘State of Cloud Security’ Reports: Insights or Self-Owns?
Dozens of hours reading State of Cloud Security reports that I think miss the mark.
ramimac.me
December 18, 2024 at 4:50 PM
One recent report highlighted that roughly a third of their customers have “at least one cloud workload that is publicly exposed, critically vulnerable and highly privileged.”
If you’re this vendor, should I really buy your product?
ramimac.me/state-of-clo...
If you’re this vendor, should I really buy your product?
ramimac.me/state-of-clo...
December 18, 2024 at 10:43 AM
Just keep dm'ing them to me so I can bully you into publishing 😈
December 9, 2024 at 11:14 AM
Just keep dm'ing them to me so I can bully you into publishing 😈
IIRC, re:Inforce was a bust for security announcements.
I wish some of these announcements got time center stage there, versus being pre:Invent announcements now.
Hopefully re:Invent makes space alongside the GenAI noise!
I wish some of these announcements got time center stage there, versus being pre:Invent announcements now.
Hopefully re:Invent makes space alongside the GenAI noise!
November 21, 2024 at 10:45 AM
IIRC, re:Inforce was a bust for security announcements.
I wish some of these announcements got time center stage there, versus being pre:Invent announcements now.
Hopefully re:Invent makes space alongside the GenAI noise!
I wish some of these announcements got time center stage there, versus being pre:Invent announcements now.
Hopefully re:Invent makes space alongside the GenAI noise!
I think it's pretty easy to dig up research that ties phishing simulations to a decrease in metrics like Click Through Rate or improvement in "awareness" - but I'd argue those aren't the metrics that matter!
Ex. hcis-journal.springeropen.com/articles/10....
Ex. hcis-journal.springeropen.com/articles/10....
Don’t click: towards an effective anti-phishing training. A comparative literature review - Human-centric Computing and Information Sciences
Email is of critical importance as a communication channel for both business and personal matters. Unfortunately, it is also often exploited for phishing attacks. To defend against such threats, many ...
hcis-journal.springeropen.com
November 18, 2024 at 5:08 PM
I think it's pretty easy to dig up research that ties phishing simulations to a decrease in metrics like Click Through Rate or improvement in "awareness" - but I'd argue those aren't the metrics that matter!
Ex. hcis-journal.springeropen.com/articles/10....
Ex. hcis-journal.springeropen.com/articles/10....