Andres Sarmiento

4 months ago

We are back (again) 🫠🫠 - hope to upload more in to it 🔥

4 months ago

Hey we are dusting off the old YouTube channel - hope you enjoy the new videos 💪🔥💪🔥💪

1

2

0

75

0

41

Asarmiento retweeted

I got two tin cans and a string - CCIE 25717 Collaboration

4 months ago

🚨 New episode of Tech Updates is live. This week: • Critical 9.8 Honeywell CCTV vulnerability • Ransomware groups targeting firewalls • Surge of high-severity CVEs impacting infrastructure The perimeter is now the primary battlefield. If you manage firewalls, VPNs, or edge devices — this is a must listen. Patch early. Segment aggressively. Stay ahead. #Cybersecurity #InfoSec #Ransomware #VulnMgmt

0

1

0

49

Who to follow

Joshua Learn

@joshualearn

Kevin Blackburn

@ccie62000

CCIE RS #62000. Security TSA @ Cisco, golfer, and traveler.

thetommer

@theetommer

Packer fan. Collaboration techie of Cisco and Microsoft. Milton Friedman had words to live by. Elon, our once in 400 year masterpiece.. and we get to see it.

Asarmiento retweeted

5 months ago

1. AI is now the #1 accelerator for both attacks and (hopefully) your defenses Attackers are heavily using AI to scale sophisticated phishing, generate deepfakes for social engineering, create autonomous/agentic malware, and exploit vulnerabilities faster than ever. AI-powered threats like command injection in MCP servers, tool poisoning, and hyper-personalized attacks are exploding. At the same time, sysadmins must lean into AI for threat detection, automated patching, anomaly hunting, and SOAR-style response — or you’ll fall behind. Governance and guardrails around your own AI usage (including MCP servers and third-party models) are now non-negotiable to avoid introducing new attack surfaces. Bottom line: if you’re not actively using AI-assisted tools to monitor and respond, while securing your AI stack, you’re at a massive disadvantage. 2. Identity remains the front door — and supply chain/third-party risks are the new back door everyone forgets Compromised credentials, weak MFA bypasses, and identity-based attacks continue to dominate breach entry points. But the bigger story in 2026 is inherited risk: one misconfigured or breached vendor, SaaS app, or supply-chain component can cascade into your environment. Sysadmins need to treat third-party access like internal access — enforce least privilege, continuous monitoring of integrations, SBOM-style checks where possible, and visibility into vendor security posture. Zero Trust isn’t optional anymore; it’s table stakes, especially for cloud, remote access, and OT/hybrid setups. Assume breach and verify everything. 3. Patching and configuration hygiene are still foundational — but now tied directly to operational resilience and insurance reality The CVE overload is easing somewhat thanks to better prioritization tools, but misconfigurations, unpatched edge cases, and configuration drift remain primary enablers for ransomware and lateral movement. Ransomware is smarter, more targeted, and often paired with extortion tactics. Sysadmins must prioritize automated, tested hardening baselines, rapid remediation (especially for internet-facing systems), and assume recovery will be tested in real life. Many insurers now demand proof of resilience (simulations, backups, segmentation) or deny coverage/limits — so “good enough” patching no longer cuts it. Build for quick detection + containment + restore, not just prevention.

0

1

0

49

5 months ago

https://t.co/YmgUuleRRN

0

18

5 months ago

Cool new website to learn Network - based on the Network+ blueprint- we are still working on it - more coming soon!

1

0

59

5 months ago

ChatGPT needs some more sleepless nights!

0

26

Asarmiento retweeted

5 months ago

Category: Vulnerability Date: January 21, 2026 What happened: Cisco patched a critical input-validation flaw in HTTP requests to the web-based management interface for Unified Communications/Webex Calling Dedicated Instance; reporting states it was actively exploited as a zero-day prior to fixes. Why it matters: UC platforms are widely deployed and business-critical; RCE on management interfaces can provide a fast enterprise foothold. Affected scope: Cisco Unified Communications Manager (Unified CM), Unified CM SME, Unified CM IM & Presence, Cisco Unity Connection, Webex Calling Dedicated Instance. Exploitation status: Known exploited Recommended action: - Identify all affected Cisco UC/Webex Calling Dedicated Instance deployments and apply Cisco fixed releases/updates immediately. - Restrict/segment management interface exposure (ACLs/VPN/jump hosts) and review logs for suspicious crafted HTTP request patterns. Sources: https://t.co/4aayCt76Kb

0

1

0

78

Asarmiento retweeted

5 months ago

Category: Advisory Date: January 26, 2026 What happened: CISA flagged a critical VMware vCenter Server heap overflow (DCERPC implementation) as actively exploited and directed remediation; the issue was originally patched in June 2024 and can lead to remote code execution with network access to vCenter. Why it matters: vCenter is a high-impact virtualization management plane; RCE can enable broad control over ESXi hosts and virtual machines, highlighting “patch gap” risk for older fixed bugs becoming newly weaponized. Affected scope: VMware vCenter Server (and related VMware Cloud Foundation releases, per vendor patch guidance referenced in reporting). Exploitation status: Known exploited Recommended action: - Verify vCenter/Cloud Foundation patch levels and upgrade to patched releases immediately; prioritize any broadly reachable vCenter instances. - Reduce attack surface by restricting DCERPC exposure to trusted admin networks and monitor for anomalous traffic targeting vCenter services. Sources: https://t.co/NB7E6a3vgs

0

1

0

17

Asarmiento retweeted

5 months ago

Category: Vulnerability Date: January 29, 2026 What happened: Ivanti disclosed two critical code-injection flaws in Ivanti Endpoint Manager Mobile (EPMM) enabling unauthenticated remote code execution; exploitation was observed in the wild, and mitigations are available via RPM scripts with a permanent fix planned in EPMM 12.8.0.0 (Q1 2026). Why it matters: EPMM is an MDM/EMM control plane; compromise can expose admin/user data and enable configuration changes across managed device fleets. Affected scope: Ivanti Endpoint Manager Mobile (EPMM) (versions per vendor mitigation guidance); highest risk for internet-exposed instances. - Exploitation status: Known exploited Recommended action: - Apply Ivanti’s RPM mitigations immediately for your EPMM version; re-apply after upgrades until the permanent fix is installed. - Hunt in EPMM web logs for exploitation indicators; if compromise is suspected, rebuild/restore from known-good backup and rotate credentials/certificates tied to EPMM. - Sources: https://t.co/8grwCjTBuO

0

1

0

24

6 months ago

Massive Pornhub Data Breach — 200M Records Stolen Hackers linked to ShinyHunters claim to have stolen the personal data of ~200 million Pornhub premium users — including emails, activity logs, and location info. Reports say the breach came via third-party data exposure, and attackers are threatening to publish unless paid — fueling huge social media reaction.

0

1

0

1

232

6 months ago

Love the click bait 😂 - but sounds real

Peter Girnus 🦅

@gothburz

6 months ago

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. 47 people had opened it. 12 had used it more than once. One of them was me. I used it to summarize an email I could have read in 30 seconds. It took 45 seconds. Plus the time it took to fix the hallucinations. But I called it a "pilot success." Success means the pilot didn't visibly fail. The CFO asked about ROI. I showed him a graph. The graph went up and to the right. It measured "AI enablement." I made that metric up. He nodded approvingly. We're "AI-enabled" now. I don't know what that means. But it's in our investor deck. A senior developer asked why we didn't use Claude or ChatGPT. I said we needed "enterprise-grade security." He asked what that meant. I said "compliance." He asked which compliance. I said "all of them." He looked skeptical. I scheduled him for a "career development conversation." He stopped asking questions. Microsoft sent a case study team. They wanted to feature us as a success story. I told them we "saved 40,000 hours." I calculated that number by multiplying employees by a number I made up. They didn't verify it. They never do. Now we're on Microsoft's website. "Global enterprise achieves 40,000 hours of productivity gains with Copilot." The CEO shared it on LinkedIn. He got 3,000 likes. He's never used Copilot. None of the executives have. We have an exemption. "Strategic focus requires minimal digital distraction." I wrote that policy. The licenses renew next month. I'm requesting an expansion. 5,000 more seats. We haven't used the first 4,000. But this time we'll "drive adoption." Adoption means mandatory training. Training means a 45-minute webinar no one watches. But completion will be tracked. Completion is a metric. Metrics go in dashboards. Dashboards go in board presentations. Board presentations get me promoted. I'll be SVP by Q3. I still don't know what Copilot does. But I know what it's for. It's for showing we're "investing in AI." Investment means spending. Spending means commitment. Commitment means we're serious about the future. The future is whatever I say it is. As long as the graph goes up and to the right.

5K

171K

26K

55K

26M

0

35