Please join us on Friday October 18, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Hype of Zero Trust: An hour of critical thinking about […] The post Join Us 10-18-24 for “Hacking the Hype…
Category: CISO Series
Cybersecurity News: LockBit ties to Evil Corp, public records flaws, ransomware hits Texas hospital
In today’s cybersecurity news… UK ties LockBit affiliate to Evil Corp The UK’s National Crime Agency, or NCA, revealed the identity of a LockBit affiliate known as “Beverly” to be […] The post Cybersecurity News: LockBit ties to Evil Corp,…
Risk Management in Real Time with Safe Security
Join us for a groundbreaking announcement in cyber risk quantification and management. Today, Safe Security unveils SafeX, its new AI-powered mobile application designed to simplify and automate cyber risk assessment. […] The post Risk Management in Real Time with Safe…
We’re Lowering the Requirement for Entry Level to Just 8 Years of Experience
Is the cybersecurity talent shortage a self-inflicted wound? It seems like we’re caught in a vicious cycle of employers not being honest about the roles they need to fill, leading […] The post We’re Lowering the Requirement for Entry Level…
Cybersecurity News: T-Mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate
T-Mobile data breaches cost company $31.5 million In a settlement with the Federal Communications Commission (FCC), T-Mobile has agreed to pay a total of $31.5 million following a series of […] The post Cybersecurity News: T-Mobile data breach fines, Iranian…
Celebrating 6 Years with CISO Series
We got the best present for the CISO Series 6th anniversary: testimonials from our listeners! David Spark hit the show floor at Black Hat 2024 to ask attendees why they […] The post Celebrating 6 Years with CISO Series appeared…
Cybersecurity News: Recall redesigned, Embargo attacks cloud, Dallas suburb cyberattack
In today’s cybersecurity news… Recall redesign: reinforced and removable Responding to customer reaction to the release of its new AI-powered feature, Microsoft has now announced improvements to Recall including stronger […] The post Cybersecurity News: Recall redesigned, Embargo attacks cloud,…
Cybersecurity News: Train station WiFi hack, Mozilla tracking complaint, NIST password changes
In today’s cybersecurity news… Public Wi-Fi hacked at some of the UK’s busiest train stations Train passengers connecting to free WiFi at many major rail stations in England were greeted […] The post Cybersecurity News: Train station WiFi hack, Mozilla…
Is It Possible to Inject Integrity Into AI?
When it comes to generative AI systems, often we’re concerned about the quality and reliability of the output. But do we risk losing sight of the integrity of these systems […] The post Is It Possible to Inject Integrity Into…
Cybersecurity News: DragonForce ransomware, Salt Typhoon hits ISPs, ChatGPT SpAIware
In today’s cybersecurity news… DragonForce uses ransomware’s greatest hits Researchers at Group-IB disclosed that this threat group’s toolset includes a customized Conti variant and leaked Lockbit ransomware. Dragonforce operates a […] The post Cybersecurity News: DragonForce ransomware, Salt Typhoon hits…
CISO Series Podcast LIVE in La Jolla (10-30-24)
The CISO Series Podcast is celebrating spooky season the only way we know how, with another live podcast recording! We’re recording a podcast episode at the Planet Cyber Sec CISO-CIO […] The post CISO Series Podcast LIVE in La Jolla…
Cybersecurity News: Kansas water targeted, CrowdStrike apology, MoneyGram goes dark
In today’s cybersecurity news… Kansas water plant pivots to analog after cyber event Yesterday we updated you on a ransomware attack that hit the state Kansas earlier this year. Now […] The post Cybersecurity News: Kansas water targeted, CrowdStrike apology,…
PREVIEW: CISO Series Podcast LIVE in Los Angeles, CA 10-9-24
The CISO Series Podcast is set to return to the ISSA LA summit just in time for the start of the spooky season. But don’t be afraid, we’ve got amazing guests for […] The post PREVIEW: CISO Series Podcast LIVE in Los…
Cybersecurity News: Proposed ban on autonomous vehicles, updated Telegram policy, Necro infects Android devices
U.S. proposes ban on Chinese, Russian tech in autonomous vehicles It’s not going to happen overnight, but on Monday, the U.S. Department of Commerce proposed a ban on connected and […] The post Cybersecurity News: Proposed ban on autonomous vehicles,…
… And the Business Listened to the CISO and Everyone Lived Happily Ever After
It’s not enough for cybersecurity professionals to talk among themselves. Storytelling is a vital way to connect technical security controls and policies to the rest of the business. So how […] The post … And the Business Listened to the…
Join Us 10-04-24 for “Hacking Job Stagnation” – Super Cyber Friday
Please join us on Friday October 4, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Job Stagnation: An hour of critical thinking about what to do […] The post Join Us 10-04-24 for “Hacking Job Stagnation”…
When Can AI Take Over Decision Making in the SOC?
There are varied decisions SOC analysts have to make multiple times every day. It’s hard to describe each one, and so much of the decision making is happening in the […] The post When Can AI Take Over Decision Making…
Cybersecurity News: LinkedIn halts AI training, Ukraine bans Telegram, hack-for-hire lawsuit
In today’s cybersecurity news… LinkedIn halts AI data processing in UK due to privacy concerns Following up on a story we covered on last Friday’s Week In Review show, the […] The post Cybersecurity News: LinkedIn halts AI training, Ukraine…
Cybersecurity News: INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
In today’s cybersecurity news… New INC ransomware targets U.S. healthcare sector A warning from Microsoft about a financially motivated threat actor who is using INC ransomware against the U.S. health […] The post Cybersecurity News: INC targets healthcare, Providence schools…
CISO Series Podcast LIVE in Los Angeles (10-09-24)
CISO Series Podcast will be returning to Los Angeles to do another live audience recording of our show with ISSA LA. Joining me on stage will be two CISO Series […] The post CISO Series Podcast LIVE in Los Angeles…
Building Cybersecurity Leadership Skills
Last week on Super Cyber Friday, we talked about building leadership skills. David Spark hosted the discussion, joined by Alexandra Landegger, executive director and CISO at Collins Aerospace, and Jodie […] The post Building Cybersecurity Leadership Skills appeared first on…
Cybersecurity News: Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit
In today’s cybersecurity news… Feds derail Raptor Train FBI Director Chris Wray said a joint operation last week took down a Chinese-state-sponsored botnet known as Flax Typhoon, in operation since […] The post Cybersecurity News: Derailing Raptor Train, Volunteer Civil…
Are Phishing Tests Helping or Hurting Our Security Program?
Are we missing the point with phishing tests? We know attackers will just craft better messages to get clicks. So how can we make our own testing more meaningful? Check […] The post Are Phishing Tests Helping or Hurting Our…
PREVIEW: CISO Series Game Show LIVE in Washington, DC 10-2-24
We are just a few weeks away from TWO exciting events in our nation’s capital, Washington D.C. Monday, September 30th, 2024: CISO Series meetup. This is a FREE event happening […] The post PREVIEW: CISO Series Game Show LIVE in…
Cybersecurity News: Exploding pager analysis, construction company vulnerability, cyberattack job loss
In today’s cybersecurity news… Exploding pager tragedy: experts look towards supply chain sabotage rather than hacking Security and technology experts surveying the wave of exploding wireless pagers that killed at […] The post Cybersecurity News: Exploding pager analysis, construction company…
Cybersecurity News: Intellexa faces new sanctions, London hospitals impact, Apple releases update
Spyware giant Intellexa faces new U.S. sanctions The U.S. Treasury Department has hit Intellexa Consortium and its affiliates with a new round of sanctions, intensifying efforts to crack down on […] The post Cybersecurity News: Intellexa faces new sanctions, London…
Our Guardrails Only Fail When You Try To Go Around Them (LIVE in Seattle)
Securing emerging AI tools is not a solved problem. We lack basic visibility into how the underlying LLMs work. We’re told there are guardrails in place, but given the frequency […] The post Our Guardrails Only Fail When You Try…
CISO Series Podcast LIVE at Stanford University (10-17-24)
CISO Series Podcast will be going back to school for another live show. We’re recording a show at Stanford University’s Cybersecurity and Privacy Festival 2024, AKA “Cyberfest.” Joining me on […] The post CISO Series Podcast LIVE at Stanford University…
Cybersecurity News: Fortinet breach, RansomHub extorts Kawasaki, TfL password resets
In today’s cybersecurity news… Fortinet confirms customer data breach Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440 GB of files […] The post Cybersecurity News: Fortinet breach, RansomHub extorts Kawasaki,…
PREVIEW: CISO Series Podcast LIVE in Boca Raton, FL 9-21-24
CISO Series Podcast will be at the 2024 SFISSA Hack the Flag Conference to do a live audience recording of our show. Joining me on stage will be Adam Fletcher, […] The post PREVIEW: CISO Series Podcast LIVE in Boca…
Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
In today’s cybersecurity news… Lazarus Group’s VM Connect campaign spoofs CapitalOne New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with […] The post Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys…
PREVIEW: CISO Series Podcast LIVE in Houston, TX 9-24-24
CISO Series Podcast will be heading to HOU.SEC.CON to do a live audience recording of our show. Joining me on stage will be the incomparable Jerich Beason, CISO, WM, and […] The post PREVIEW: CISO Series Podcast LIVE in Houston,…
Who Is Responsible for Securing SaaS Tools?
Haven’t we already discussed at great length the cloud shared security model? We’ve had the cloud for a few decades. Why can’t we just extend that shared responsibility model for […] The post Who Is Responsible for Securing SaaS Tools?…
Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber Commandos, Word hits drone makers
The $20 WHOIS vulnerability Researchers at watchTowr Labs discovered the WHOIS server for the .mobi top-level domain migrated domains, so they spent $20 to acquire the legacy one and spun […] The post Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber…
Join Us 9-30-24 for a CISO Series Meetup in Washington, DC
On the eve of FAIRCON24, we’re inviting fans of CISO Series to join us for a meetup at the Fairmont Hotel in DC. This is a free event to attend, […] The post Join Us 9-30-24 for a CISO Series…
Join Us 09-27-24 for “Hacking Alerts” – Super Cyber Friday
Please join us on Friday September 27, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Alerts: An hour of critical thinking about triaging the deluge hitting […] The post Join Us 09-27-24 for “Hacking Alerts” –…
Cybersecurity News: Slim CD data breach, International sextortion bust, TfL mixed messages
In today’s cybersecurity news… Slim CD notifies 1.7M customers of data breach Electronic payment firm, ESlim CD, has notified nearly 1.7 million credit card holders that their data may have […] The post Cybersecurity News: Slim CD data breach, International…
Join us at FAIRCON24 – 10-02-24 for CISO Series Game Show
Live in Washington DC or planning to attend FAIRCON24? Love cybersecurity and playing cybersecurity games? Then join us for a CISO Series Game Show, happening as part of FAIRCON24. Here’s […] The post Join us at FAIRCON24 – 10-02-24 for…
Join CISO Series for a Game Show at FAIRCON24 – 10-02-24
Live in Washington DC or planning to attend FAIRCON24? Love cybersecurity and playing cybersecurity games? Then join us for a CISO Series Game Show, happening as part of FAIRCON24. Here’s […] The post Join CISO Series for a Game Show…
Our Cybersecurity Journey Starts With a Single Overworked Staffer
When operating a security program in an existing deployment, it can be tempting to romanticize an opportunity like a greenfield deployment. But starting from square one doesn’t mean you’ll be […] The post Our Cybersecurity Journey Starts With a Single…
Cybersecurity News: Payment processing breach, dark web admins charged, Predator spyware resurges
1.7 million impacted in payment processing breach In an ironic twist, payment gateway provider Slim CD says they’ve swiftly initiated an investigation into a breach affecting around 1.7 million individuals. […] The post Cybersecurity News: Payment processing breach, dark web…
25 Ways to Make the SOC More Efficient and Avoid Team Burnout
Being part of a security operations center (SOC) means that when everything is running right, no one knows you’re responsible, but when things go wrong, everyone knows who to blame. […] The post 25 Ways to Make the SOC More…
Cybersecurity News: Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach
In today’s cybersecurity news… Car rental company Avis discloses data breach According to notification letters sent to customers on Wednesday and filed with California’s Office of the Attorney General, the […] The post Cybersecurity News: Avis rentals breach, Microsoft disables…
CISO Series Podcast LIVE in Houston (09-24-24)
CISO Series Podcast will be heading to HOU.SEC.CON to do a live audience recording of our show. Joining me on stage will be the incomparable Jerich Beason, CISO, WM, and […] The post CISO Series Podcast LIVE in Houston (09-24-24)…
Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda takedown, Microchip Technology theft
In today’s cybersecurity news… Planned Parenthood cyberattack Officials from the nonprofit agency have confirmed that a cyberattack has impacted its IT systems, forcing it to take parts of its infrastructure […] The post Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda…
Join Us 9-23-24 For a CISO Series Meetup in Houston
On the Monday just before HOU.SEC.CON. launches in Houston, CISO Series will be hosting a meetup for both the listeners of the CISO Series AND those who have never heard […] The post Join Us 9-23-24 For a CISO Series…
Hiring Cyber Teenagers with Criminal Records
Threat actors don’t need certifications or a degree to be good at their job. So why do we keep trying to demand those from new cyber hires? And could a […] The post Hiring Cyber Teenagers with Criminal Records appeared…
Cybersecurity News: Spyware research, Cicada rebrand, MacroPack malware
In today’s cybersecurity news… Spyware research report A new study from the Atlantic Council’s Cyber Statecraft Initiative tracked the evolution of the spyware market, looking at larger players like NSO […] The post Cybersecurity News: Spyware research, Cicada rebrand, MacroPack…
CISO Series Podcast LIVE in Boca Raton, FL (09-21-24)
CISO Series Podcast will be at the 2024 SFISSA Hack the Flag Conference to do a live audience recording of our show. Joining me on stage will be Adam Fletcher, […] The post CISO Series Podcast LIVE in Boca Raton,…
Cybersecurity News: Halliburton data stolen, Columbus sues researcher, White House protects internet
In today’s cybersecurity news… Halliburton confirms data stolen in cyberattack Following up on a story we brought to you last week on Cyber Security Headlines, the U.S. oil service giant […] The post Cybersecurity News: Halliburton data stolen, Columbus sues…
Automating Network Alert Investigations with Dropzone AI
What good are network security alerts if they never get addressed? Frustration around this issue led Edward Wu to create Dropzone AI. I spoke with Edward about how he pivoted […] The post Automating Network Alert Investigations with Dropzone AI…
Red Flag? My Vendor Just Asked for My Mother’s Maiden Name
Just because a vendor is selling a security solution doesn’t mean they should expect your trust right away. Too many vendors initiate relationships with requests that stink of phishing emails. […] The post Red Flag? My Vendor Just Asked for…
Cybersecurity News: London transport cyberattack, German ATC attack, Sweden’s heightened risk
In today’s cybersecurity news… Transport for London suffers cyberattack The local government body responsible for most of the transport system in Greater London is currently dealing with a cyberattack, but […] The post Cybersecurity News: London transport cyberattack, German ATC…
Cybersecurity News: Seattle airport woes, aircraft cockpit SQL, North Korea’s FudModule
In today’s cybersecurity news… Seattle Airport issues travelers’ advisory for Labor Day travel The cyberattack that hit Seattle-Tacoma International Airport last week has forced the airport to warn passengers to […] The post Cybersecurity News: Seattle airport woes, aircraft cockpit…
Cybersecurity News: DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris
In today’s cybersecurity news… DICK’S Sporting Goods suffers cyberattack The largest chain of sporting goods retail stores in the U.S. has now confirmed that confidential information was exposed in a […] The post Cybersecurity News: DICK’S Sporting Goods cyberattack, Brain…
What’s Working With Third-Party Risk Management?
We know third-party risk management is a pain. If nobody likes the universally agreed upon solutions like questionnaires, what are we doing that’s improving the situation? Check out this post […] The post What’s Working With Third-Party Risk Management? appeared…
Cybersecurity News: Iran hacking, Labour Party backlog, more Telegram warrants
Iran targeting presidential administration officials CNN reports that a threat group believed to be working at the behest of Iran’s Islamic Revolutionary Guard Corps has targeted officials in both the […] The post Cybersecurity News: Iran hacking, Labour Party backlog,…
Beating MFA Fatigue and AI-Driven Attacks with DirectDefense
One of the big trends with threat actors over the past year is a rise in multi-factor authentication (MFA) attacks. Attackers have turned to increased sophistication using a variety of […] The post Beating MFA Fatigue and AI-Driven Attacks with…
Join Us 09-13-24 for “Hacking Leadership Skills” – Super Cyber Friday
Please join us on Friday September 13, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Leadership Skills: An hour of critical thinking about building the skills […] The post Join Us 09-13-24 for “Hacking Leadership Skills”…
Join Us 09-06-24 for “Hacking Tabletop Exercises” – Super Cyber Friday
Please join us on Friday September 6, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Tabletop Exercises: An hour of critical thinking about enhancing incident response […] The post Join Us 09-06-24 for “Hacking Tabletop Exercises”…
Cybersecurity News: Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped
In today’s cybersecurity news… Texas credit union user data exposed in another MOVEit breach Just when we thought MOVEit breaches had faded from the headlines, a new one has surfaced, […] The post Cybersecurity News: Another MOVEit incident, U.S. Marshals…
Well, I Think My Relationship With the CIO Improved When I Took Their Job
The relationship between a CIO and CISO can be fraught. Often this stems from the reporting structure of an organization, with CISO’s reporting directly to the CIO. So how can […] The post Well, I Think My Relationship With the…
Cybersecurity News: SonicWall access flaw, Microsoft security summit, Telegram details
In today’s cybersecurity news… SonicWall warns of critical access control flaw SonicWall released a bulletin detailing the vulnerability that impacts SonicOS’s use on its Gen 5, Gen 6, and some […] The post Cybersecurity News: SonicWall access flaw, Microsoft security…
Cybersecurity News: Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit
In today’s cybersecurity news… Halliburton takes systems offline following cyberattack The oil field services company informed regulators and the media on Friday about a recent cyberattack that “necessitated the shut-down […] The post Cybersecurity News: Halliburton suffers cyberattack, Telegram CEO…
Cybersecurity News: Russia’s questionable DDoS, FAA’s cybersecurity proposal, Windows Recall reappears
In today’s cybersecurity news… Kremlin complains of DDoS attack, digital experts not so sure Disruptions that occurred on Wednesday for some Russian users of WhatsApp, Telegram, Skype, Discord, Twitch, Wikipedia, […] The post Cybersecurity News: Russia’s questionable DDoS, FAA’s cybersecurity…
What Triggers a CISO?
CISOs are familiar with dealing with stress, making high-stakes decisions, and operating in an industry of unknown unknowns. But there are some things that still get under their skin and […] The post What Triggers a CISO? appeared first on…
Cybersecurity News: Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting
In today’s cybersecurity news… Security initiative from Japanese auto companies Dozens of companies in the Japan Automotive Information Sharing and Analysis Center signed on to a collaborative initiative to improve […] The post Cybersecurity News: Japanese auto security, Feds tap…
Mastering Data Visibility for Secure AI Adoption with Cyera
Does data security need to be complex? Perhaps in the past, but modern AI and cloud solutions simplify data security at scale, argues Yotam Segev, Co-Founder and CEO, Cyera. The […] The post Mastering Data Visibility for Secure AI Adoption…
Cybersecurity News: Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns
In today’s cybersecurity news… Toyota confirms third-party data breach impacting customers Toyota has confirmed that customer data was exposed in a data breach of an unnamed third-party. Toyota said the […] The post Cybersecurity News: Toyota third-party breach, Hawaii registry…
I Said I Was Technically a CISO, Not a Technical CISO
The road to becoming a CISO is highly individual. Often a CISO will not come from a technical background, or their technical background is long in their career rearview mirror. […] The post I Said I Was Technically a CISO,…
Cybersecurity News: National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue
‘Only’ 1.3 million affected by National Public Data breach The Florida-based data broker officially confirmed the breach which happened earlier this year that’s now been estimated to have impacted 1.3 […] The post Cybersecurity News: National Public Data breach update,…
Combining Continuous Pentesting with Attack Surface Management
A point-in-time pentest is insufficient in today’s cybersecurity landscape. Casey Cammilleri, CEO & Founder, Sprocket Security, explained to me that constantly changing targets, such as new application deployments and infrastructure […] The post Combining Continuous Pentesting with Attack Surface Management…
Cybersecurity News: Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability
In today’s cybersecurity news… Microsoft Entra admins must enable MFA or lose access to admin portals As part of its new Secure Future Initiative, Microsoft is warning global admins of […] The post Cybersecurity News: Entra forces MFA, another AnyDesk…
Cybersecurity News: GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix
In today’s cybersecurity news… GitHub vulnerability warning regarding ArtiPacked This is a new attack vector, spelled ArtiPacked, and according to researchers at Palo Alto Networks, it could be exploited to […] The post Cybersecurity News: GitHub artifact warning, RansomHub’s EDR…
Information Security vs. Cybersecurity
CISO stands for Chief Information Security Officer. So why do we sometimes pigeonhole their duties under “just” cybersecurity? Check out this post for the discussion that is the basis of […] The post Information Security vs. Cybersecurity appeared first on…
Cybersecurity News: Gemini AI privacy, AI Risk Repository, Russian phishing
Google details privacy commitments with Gemini AI Google announced new hardware and Gemini AI features this week. Many of these AI tools will feature local offline-only processing using its smaller […] The post Cybersecurity News: Gemini AI privacy, AI Risk…
Understanding AI Bias and Security with NetSPI
For all the intricacies and hype around AI and large language models, Nabil Hannan, Field CISO, NetSPI, reminds us that they lack any kind of true intelligence, it’s all just […] The post Understanding AI Bias and Security with NetSPI…
Cybersecurity News: FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked
In today’s cybersecurity news… FBI shutters Radar ransomware gang servers On Monday, the Federal Bureau of Investigation (FBI) announced it has disrupted the infrastructure associated with a nascent ransomware group […] The post Cybersecurity News: FBI shutters Radar, NIST post-quantum…
Why Are Fortune 500 Companies Swiping Right on 3-Person Startups?
Large companies aren’t traditionally known for being the fastest to adopt new technologies. So why is cybersecurity the exception? It seems like the larger or more highly regulated an enterprise, […] The post Why Are Fortune 500 Companies Swiping Right…
Cybersecurity News: U.S. “laptop farm” shut down, Ukranian computers compromised, Trump campaign hacked
U.S. operation of “laptop farm” for North Korea shutdown Tennessee resident Matthew Isaac Knoot has been arrested for allegedly running a ‘laptop farm’ to help North Korean IT workers secure […] The post Cybersecurity News: U.S. “laptop farm” shut down,…
Cybersecurity News: Iran election interference, AMD SinkClose flaw, ADT break-in
In today’s cybersecurity news… Iranian hackers ramping up U.S. election interference Microsoft has issued a new report stating that Iranian hackers have “increased their efforts to influence the upcoming U.S. […] The post Cybersecurity News: Iran election interference, AMD SinkClose…
Cybersecurity Headlines: Chameleon malware reappears, Rhysida hospital attack, Blacksuit’s $500m tally
In today’s cybersecurity news… Chameleon reappears targeting Canadian restaurant chain The malware originally known for attacking banks has now begun targeting hospitality workers in Canada and Europe, including “an unnamed […] The post Cybersecurity Headlines: Chameleon malware reappears, Rhysida hospital…
Should Deny By Default Be the Cornerstone of Zero Trust?
How far can we extend a deny-by-default approach as we build out our zero-trust architecture? Can that aggressive security tactic work for the business without disrupting productivity? Conventional wisdom says […] The post Should Deny By Default Be the Cornerstone…
Cybersecurity Headlines: McLaren hospitals disrupted, CrowdStrike improves processes, Ronin Network hacked
In today’s cybersecurity news… McLaren hospitals disruption linked to INC ransomware attack On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following a cyber attack. The […] The post Cybersecurity Headlines: McLaren hospitals disrupted, CrowdStrike improves…
How NetSPI Built a Proactive Security Platform
Jumping from penetration testing to a full proactive security platform isn’t an easy move. But as organizations need to address the critical needs of IT organizations, InfoSec teams, and CISOs, […] The post How NetSPI Built a Proactive Security Platform…
Join Us 08-23-24 for “Hacking the Future of Pentesting” – Super Cyber Friday
Please join us on Friday August 23, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Future of Pentesting: An hour of critical thinking about how […] The post Join Us 08-23-24 for “Hacking the Future…
Cybersecurity Headlines: Google kernel zero-day, voter portal flaw, ransomware as terrorism
Google patches Android kernel zero-day As part of its Android security update for August, Google patched 46 vulnerabilities. This included a use-after-free vulnerability in the Android network route management stack […] The post Cybersecurity Headlines: Google kernel zero-day, voter portal…
Cybersecurity Headlines: CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz
CrowdStrike strikes back against Delta’s claims of negligence The finger-pointing continues as CrowdStrike responds to Delta’s lawsuit threats with attorneys from CrowdStrike rejecting Delta’s claims that the company failed to […] The post Cybersecurity Headlines: CrowdStrike strikes back against Delta,…
We Make Threat Actors Read Our Resiliency Policy Before Attacking Us
Many businesses realize that cyberattacks are inevitable and a sound business policy, led by the security department, is one of resiliency. Business continuity planning and disaster recovery are understood goals, […] The post We Make Threat Actors Read Our Resiliency…
Cybersecurity Headlines: Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap
Hackers use ISP to send malware through software updates The hacking group known as both StormBamboo and Evasive Panda has been observed exploiting an internet service provider in order to […] The post Cybersecurity Headlines: Software update malware, investors sue…
Cybersecurity News: Cencora patient breach, OneDrive phishing campaign, Argentina’s crime predictions
In today’s cybersecurity news… Cencora confirms patient data stolen in February cyberattack Following up on cyberattack on pharmaceutical supplier Cencora, the company has now confirmed, in an updated filing to […] The post Cybersecurity News: Cencora patient breach, OneDrive phishing…
Cybersecurity News: Elections and DDoS, dating apps leak locations, Germany blames China
In today’s cybersecurity news… DDoS attacks won’t impact US elections CISA and the FBI issued a joint statement to this effect, saying that DDoS activity could at best make accessing […] The post Cybersecurity News: Elections and DDoS, dating apps…
What Is a Field CISO?
We’re increasingly seeing the industry fill up with Field CISOs. Why is the CISO out in the field? What does that role entail? Check out this post for the discussion […] The post What Is a Field CISO? appeared first…
The Challenges and Responsibilities of CISOs with Halcyon
We’re seeing increasing pressure and anxiety put on the CISO role, as legal and regulatory pressure seems to single out people in these positions. This leaves CISOs with a lot […] The post The Challenges and Responsibilities of CISOs with…
Join Us 08-16-24 for “Hacking the Demo” – Super Cyber Friday
Please join us on Friday August 16, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Demo: An hour of critical thinking about how to be […] The post Join Us 08-16-24 for “Hacking the Demo”…
Cybersecurity News: Delta’s legal maneuver, Record-breaking ransom, Meta $1.4B settlement
In today’s cybersecurity news… Delta enlists Microsoft’s legal nemesis over CrowdStrike losses Delta Air Lines suffered an estimated $500 million in operational losses due the CrowdStrike update that caused a […] The post Cybersecurity News: Delta’s legal maneuver, Record-breaking ransom,…
Incident Response Is So Important We Might Try Getting Good At It
If incident response’s mission statement is so clear, why do so many companies struggle when delivering on it? Often the fault lies with communications. The business and its divisions are […] The post Incident Response Is So Important We Might…
Cybersecurity News: HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit
4.3 million impacted by HealthEquity data breach One of the largest HSA providers in the U.S., HealthEquity, is in the process of notifying 4.3 million people that their personal and […] The post Cybersecurity News: HealthEquity data breach, CrowdStrike impact…
Cybersecurity News: PyPi package targets MacOS, Columbus, Ohio suffers cyber incident, Windows July update problems
In today’s cybersecurity news… PyPi package targets MacOS Researchers from Checkmarx have discovered a malicious package on the Python Package Index (PyPI) focused on Apple macOS systems. Its goal is […] The post Cybersecurity News: PyPi package targets MacOS, Columbus,…
Cybersecurity News: Microsoft Defender exploited, assassin’s encryption frustration, NK elite hackers
In today’s cybersecurity news… Hackers exploiting Microsoft Defender SmartScreen bug Researchers at Fortinet FortiGuard Labs have observed a new campaign that exploits an Internet Shortcut Files Security Feature Bypass vulnerability […] The post Cybersecurity News: Microsoft Defender exploited, assassin’s encryption…