ADT adds glowing Live Light yard sign and My Safety mobile protection to the ADT+ platform

https://fed.brid.gy/r/https://nerds.xyz/2026/04/adt-live-light/

Common security mistakes small businesses make

Read the full article: 7 WordPress Security Fixes Small Firms Need
▸ https://lttr.ai/AqGf4

#WordPress #Security #Website #SecurityMonitoring

Another talk announcement for BSides Luxembourg!

🏎️⛽ 𝗙𝗘𝗥𝗥𝗔𝗥𝗜 𝗪𝗜𝗧𝗛𝗢𝗨𝗧 𝗙𝗨𝗘𝗟: 𝗘𝗫𝗢𝗥𝗖𝗜𝗦𝗘 𝗚𝗜𝗚𝗢 𝗢𝗨𝗧 𝗢𝗙 𝗟𝗢𝗚𝗦 𝗠𝗔𝗡𝗔𝗚𝗘𝗠𝗘𝗡𝗧 - 𝗦𝗧𝗘𝗙𝗔𝗡𝗢 𝗔𝗠𝗢𝗗𝗜𝗢 & 𝗘𝗟𝗟𝗜𝗢𝗧 𝗣𝗔𝗥𝗦𝗢𝗡𝗦 📈🛡️

Throwing more data at your SIEM will not fix broken security 🚫 This talk highlights why poor log quality and missing visibility quietly undermine even the most advanced AI driven tools. The real fix starts upstream. Clean, meaningful, and governed data turns noisy monitoring into reliable detection and helps teams move from overload to clarity.

Stefano Amodio https://lu.linkedin.com/in/stea is a SOC Team Leader with a decade of experience across ISP, MSSP, and internal SOCs and holds a SANS GIAC GSOM certification.

Elliot Parsons https://www.linkedin.com/in/elliot-parsons-4ba72140 is a cyber threat intelligence consultant at AmeXio. He is from New Zealand with a background in Financial Services, Technology Services and Government organisations. His expertise is in threat intelligence, threat hunting, reverse engineering, malware analysis, and incident response.

📅 Conference dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #LogsManagement #SOCVisibility #SIEM #DataQuality #SecurityMonitoring

Common security mistakes small businesses make

Read the full article: 7 WordPress Security Fixes Small Firms Need
▸ https://lttr.ai/ApVVI

#WordPress #Security #Website #SecurityMonitoring

Operational disruption alert.
Reddit faced a global outage, 15,000+ rapid reports, mobile app impact at 64%, CDN-origin connectivity errors observed.

Security-adjacent considerations:
• Traffic surge management gaps
• CDN dependency risk
• Authentication system resilience
• Opportunistic phishing during downtime
• Brand impersonation spikes during trending outages

When high-traffic platforms fail, attackers often exploit confusion windows.

Did you observe increased malicious domain registrations or phishing attempts during #RedditDown?

Source: https://www.newsx.com/tech-and-auto/reddit-hit-by-major-global-outage-over-15000-users-report-issues-as-company-admits-elevated-error-rates-war-news-174980/

Engage below.
Follow TechNadu for infrastructure, outage intelligence, and cybersecurity insights.
Repost to expand situational awareness.

#Infosec #PlatformOutage #ThreatIntel #CloudSecurity #CDN #SRE #DigitalInfrastructure #CyberRisk #IncidentResponse #ServiceDisruption #SecurityMonitoring #AdTechSecurity

NIS2 requires fast incident reporting. Infosec K2K delivers real-time monitoring and structured response to meet 24-hour compliance and reduce risk across critical business operations.

#NIS2 #IncidentReporting #SecurityMonitoring #CyberCompliance #InfosecK2K

This Punchbowl Phish Is Bypassing 90% Of Email Filters Right Now

997 words, 5 minutes read time.

If you have had three different analysts escalate the exact same email in your ticketing system in the last 72 hours, this one is for you.

This is not a Nigerian prince scam. This is not a fake Amazon order. This is right now, this week, the most successful, most widely distributed phishing campaign running on the internet. And almost nobody is talking about just how good it is.

What this scam actually is

You get an email. It looks exactly like an invitation from Punchbowl, the extremely popular digital invite and greeting card service. There’s no misspelled logo. There’s no broken grammar. There is absolutely nothing that jumps out as fake.

It says someone has invited you to a birthday party, a baby shower, a retirement. At the very bottom, there is one single line that almost everyone misses:

For the best experience, please view this invitation on a desktop or laptop computer.

If you click the link, you do not get an invitation. You get malware. As of this week, the payload is almost always a variant of Remcos RAT, which gives attackers full unrestricted access to your device, full keylogging, and the ability to dump all credentials and move laterally across your network.

And every single mainstream warning about this scam has completely missed the most important detail. That line about the desktop? That is not a throwaway line. That is deliberate, extremely well researched threat actor tradecraft.

Nearly all modern mobile email clients automatically rewrite and sandbox links. Most endpoint protection does almost nothing on desktop by comparison. The attackers know this. They are actively telling you to defeat your own security for them. And it works.

Why this is an absolute nightmare for security teams

Let me give you the numbers that no one is putting in the official advisories:

• As of April 2025, this campaign has a 91% delivery rate against Microsoft 365 E5. The absolute top tier enterprise email filter is stopping less than 1 in 10 of these.
• Most lure domains are less than 12 hours old when they are first used, so they do not appear on any commercial threat feed.
• This is not just targeting consumers. The campaign is now actively being sent to corporate inboxes, targeted at HR, finance and IT teams.
• Proofpoint reported earlier this week that this campaign currently has a 12% click rate. For context, the average phish has a click rate of 0.8%.

I have seen CISOs, SOC managers and professional penetration testers all admit publicly this week that they almost clicked this link. If you look at this and don’t feel even the tiniest urge to click, you are lying to yourself.

This is what good phishing looks like. This is not the garbage you send out in your monthly phishing simulation with the obviously fake logo. This is the stuff that actually works.

How to not get burned

I’m going to split this into two sections: the advice for end users, and the actionable stuff you can implement as a security professional in the next 10 minutes.

For everyone

• Real Punchbowl invites will only ever come from an address ending in @punchbowl.com. There are no exceptions. If it comes from anywhere else, delete it immediately.
• Any email, from any service, that tells you to open it on a specific device is a scam. Full stop. There is no legitimate service on the internet that cares what device you use to open an invitation. This is now the single most reliable red flag for active phishing campaigns.
• Do not go to Punchbowl’s website to “check if the invite is real”. If someone actually invited you to something, they will text you to ask if you got it.

For SOC Analysts and Security Teams

These are the steps you can go and implement right now before you finish reading this post:

Closing Thought

The worst part about this scam is how predictable it is. We have all been talking for 15 years about how the next big phish won’t have spelling mistakes. We all said it will look perfect. It will be something you actually expect. And now it’s here, and it is running circles around almost every security stack we have built.

If you see this email, report it. If you are on shift right now, go push that detection rule. And for the love of god, stop laughing at people who almost clicked it.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

• Krebs on Security: Fake Punchbowl Invites Are Delivering Malware
• CISA Advisory AA25-086A: Fake Punchbowl Phishing Campaign
• Mandiant: Analysis of the March 2025 Punchbowl Phishing Campaign
• Punchbowl Official Public Warning
• Bleeping Computer: Fake Punchbowl Party Invites Deploy Remcos RAT
• Proofpoint Threat Insight: Punchbowl Phishing Campaign
• MITRE ATT&CK T1566.001: Spearphishing Link
• Verizon DBIR 2025: Phishing Effectiveness

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

DORA requires rapid detection, classification, and reporting of ICT incidents. Infosec K2K strengthens IAM telemetry, access logging, and real-time monitoring to enable accurate impact analysis and compliant 24-hour reporting.

#DORA #IAM #SecurityMonitoring #InfosecK2K

Top Security Monitoring Companies for Businesses and Homes

Top Security Monitoring Companies 2025 Ranked

Best security monitoring companies ranked for 2025. Compare monitoring services, response times, & pricing ($200-$2,000 monthly). GCCTVMS 30-day free trial.

For More Details: https://gcctvms.com/top-security-monitoring-companies/

#SecurityMonitoringCompanies #SecurityMonitoring #MonitoringCompanies #SecurityServiceCompanies #SecurityMonitoringServices #BusinessSecurityMonitoring

Server Security Checklist — Essential Hardening Guide

Securing your servers isn’t optional — it’s your first line of defense against data breaches, ransomware, insider threats, and lateral movement. Use this checklist as a baseline for Linux, Windows, cloud, hybrid, or on-prem servers.

⸻

🔧 1. System & OS Hardening
• Keep OS & packages updated (apply security patches frequently).
• Remove / disable unused services & software.
• Enforce secure boot + BIOS/UEFI passwords.
• Disable auto-login and guest accounts.
• Use minimal OS images only (reduce attack surface).

⸻

🔐 2. Access Control
• Enforce strong passwords & MFA everywhere.
• Use RBAC & least privilege access.
• Disable root/Administrator login over SSH/RDP.
• Rotate credentials & keys regularly.
• Implement just-in-time access for privileged users.

⸻

🌐 3. Network Security
• Restrict inbound/outbound traffic via firewalls.
• Segment critical servers from general LANs/VLANs.
• Disable unused ports & protocols.
• Enable DoS/DDoS protection.
• Apply zero-trust network principles.

⸻

🔑 4. Secure Remote Access
• Use SSH key-based authentication (disable password login).
• Enforce VPN for admin access.
• Log & monitor all remote access sessions.
• Disable legacy protocols (Telnet, FTP, SMBv1).
• Require bastion/jump host for critical access.

⸻

📊 5. Logging & Monitoring
• Enable centralized logging (syslog / SIEM).
• Track failed login attempts & anomalies.
• Configure alerts for privilege escalation or config changes.
• Monitor log tampering.
• Retain logs securely for audits & forensics.

⸻

🔒 6. Data Protection
• Encrypt data at rest (LUKS, BitLocker, etc.).
• Encrypt data in transit (TLS 1.2+).
• Strict database access policies.
• Regular, offline, immutable backups.
• Test restore procedures (don’t assume backups work).

⸻

🔁 7. Application & Patch Management
• Keep middleware, frameworks, and apps patched.
• Delete default credentials & sample files.
• Enable code signing for software packages.
• Use secure coding practices (OWASP Top 10).
• Implement dependency scanning (Snyk, Trivy, etc.).

⸻

🛡️ 8. Malware & Intrusion Defense
• Deploy EDR/AV on endpoints.
• Enable IDS/IPS at network edge.
• Automatic vulnerability scans (schedule weekly/monthly).
• Monitor persistence techniques (cron, startup scripts).
• Block known malicious IP ranges & TLDs.

⸻

🏢 9. Physical & Cloud Security
• Restrict physical access to server racks/rooms.
• Enable provider security tools (AWS Security Groups, Azure NSG, IAM).
• Harden cloud images (CIS benchmarks).
• Review cloud logging & audit trails regularly.
• Disable unused cloud API keys / roles.

⸻

📜 10. Policy & Compliance
• Use CIS / NIST / ISO-27001 benchmarks.
• Track & document every access change.
• Force annual access reviews & key rotation.
• Perform regular security training for admins.
• Maintain disaster recovery & incident plans.

⸻

➕ Additional 5 Critical Controls (Advanced Hardening)

🧠 11. Privileged Access Management (PAM)
• Use jump hosts & session recording.
• Just-In-Time access for admins.
• Store keys in secure vaults (HashiCorp Vault, CyberArk).

🚨 12. Real-Time Threat Detection
• Use behavioral analytics → UEBA/XDR.
• AI-based anomaly detection recommended.
• Block suspicious IPs automatically.

🧪 13. Red Team & Pentesting
• Run regular internal pentests.
• Validate configuration weaknesses.
• Simulate phishing + lateral movement scenarios.

🧱 14. Container / VM Isolation
• Use AppArmor, SELinux, Seccomp profiles.
• Limit Docker socket access & root containers.
• Scan images before deployment.

📦 15. Automated Configuration Management
• Use IaC (Terraform, Ansible, Puppet) for repeatable and secure builds.
• Detect drift using compliance scanning.
• Version control all infrastructure.

⸻

🧠 Core Reminder

A server is only as secure as the team who maintains it.
Hardening isn’t one task — it’s an ongoing

#ServerSecurity #SystemHardening #InfoSec #CyberSecurity #BlueTeam
#DevSecOps #SysAdmin #ThreatDetection #AccessControl #NetworkSecurity
#LinuxSecurity #SecureArchitecture #RiskMitigation #SecurityChecklist
#CloudSecurity #InfrastructureSecurity #ZeroTrust #SecurityMonitoring