Serious Discussion How Does One improve Security ?

Guys, please stay on topic. This thread is for discussing "How does one improve security'.
I shared some insights and some links about disclosed vulnerabilities that would help other better understand the threat vectors. Each one of the replies I made is one way or another related to the core of this topic.

Edit:


Correcting misinformation and dismantling unverified claims (on the topic of cyber security) is precisely on-topic.
 
  • Like
Reactions: Khushal

This completely nukes the fallacy of "up-to-date"

The Januscapel Vulnerability was introduced in the Linux kernel in August 2010, and it was not patched until 2026 (16 years!)

For a decade and a half, Linux system administrators who religiously kept their servers "up-to-date" were still completely vulnerable to this zero-day exploit. An updated OS only protects against known threats; it does nothing to stop a 16-year-old architectural flaw.
 
Guys, this thread is for posting Methods to Improve Security.

@Divine_Barakah has demo'ed another way, and that is to learn from attack dissections by security researchers. Some call it Open Source Intelligence. (OSINT). Members of MT frequently post these as Security News in the forum. Sometimes, the dissections reveal methods where we can block some of the attacks. For example for ClickFix attacks, we can use Group Policy to forbid use of the Run Box ( accessed by Winkey + R )
 
The tech is there. I should say User Awareness. Once people are aware of the do's and don'ts, it will help any organization be it SMB or Enterprise.