Boeing confirms $200 million ransomware extortion attempt Following up on the stories regarding LockBit that we covered last week, as well as a story we covered in November, Boeing has […] The post Cybersecurity News: Boeing confirms ransomware, Dell announces…
Category: CISO Series
Cyber Security Headlines: F5 Big-IP warning, UK Army breach, BetterHelp pays out
F5 Networks warns of new Big-IP vulnerabilities The vulnerabilities, numbered CVE-2024-26026 and CVE-2024-21793, exist in the BIG-IP Next Central Manager (NCM), a single-pane-of-glass management and orchestration solution provided by F5. […] The post Cyber Security Headlines: F5 Big-IP warning, UK…
Cyber Security Headlines: Lockbit hit Wichita, AI export bans, Pathfinder on Intel
Lockbit takes credit for Wichita attack The pernicious ransomware organization added the city of Wichita to its leak site, giving officials until May 15th to pay an unspecified ransom. We […] The post Cyber Security Headlines: Lockbit hit Wichita, AI…
Understanding the Zero-Trust Landscape
Lots of vendors claim to offer zero-trust solutions. But is that framework even applicable to some product categories? Check out this post for the discussion that is the basis of […] The post Understanding the Zero-Trust Landscape appeared first on…
Cyber Security Headlines: LockBit ringleader indicted, DocGo cyberattack, UK military data compromise
US indicts LockBit ransomware ringleader On Tuesday, the U.S. Department of Justice (DoJ) charged the mastermind behind the notorious LockBit ransomware-as-a-service (RaaS) operation. The DoJ unmasked 31-year-old Russian National, Dimitry […] The post Cyber Security Headlines: LockBit ringleader indicted, DocGo…
Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)
For years, we’ve talked about the blurring line between work and personal devices. But increasingly we’re seeing signs that that line no longer exists for employees. If that’s the reality, […] The post Can’t Talk, I’m Onboarding My Kids To…
Cyber Security Headlines: Neuberger proposes improvements, Olympic cybersecurity preparations, North Korea DMARC warning
NSC’s Neuberger suggests operational approach for on mitigating cyberattacks In an interview with Click Here a podcast from Recorded Future News, deputy national security adviser for cyber and emerging technologies […] The post Cyber Security Headlines: Neuberger proposes improvements, Olympic…
Cyber Security Headlines: Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach
Goldoon botnet exploits D-Link routers The exploit involves a security flaw that is almost 10 years old, specifically CVE-2015-2051 which has a CVSS score of 9.8. It affects D-Link’s DIR-645 […] The post Cyber Security Headlines: Goldoon exploits D-Link, CISA…
Join Us 05-17-24 for the Capture the CISO Finals
Season 2 of Capture the CISO is not over. We still have the finals! And it’s going to be LIVE on Friday, May 17th, 2024 at 1 PM ET/10 AM […] The post Join Us 05-17-24 for the Capture the…
Cyber Security Headlines: Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual We’ve had several election cycles haunted by the threat of Chinese disinformation campaigns, made only more ominous with the advent of modern generative AI tools. But […] The post Cyber Security Headlines: Chinese disinformation, NCSC AMS,…
Scaling Least Privilege for the Cloud
Scaling least privilege in the cloud remains challenging. Throwing more people at the problem isn’t feasible, so how are you managing it? Check out this post for the discussion that […] The post Scaling Least Privilege for the Cloud appeared…
Capture the CISO S2E3: BugProve, Egress, and Zenity
Welcome to episode three of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Christina Shannon, CIO, KIK Consumer Products and Dan Walsh, CISO, Paxos. Our contestants: […] The post Capture the CISO S2E3: BugProve, Egress, and Zenity…
Cyber Security Headlines: UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed The CEO of UnitedHealth Group, the parent company of Change Healthcare, is set to testify before a congressional committee today, […] The post Cyber Security Headlines: UnitedHealth Group CEO faces…
Cyber Security Headlines: USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular In October 2023, researchers at Akamai began observing traffic to combosquatting phishing domains impersonating the US Postal Service, all using the same malicious JavaScript file. […] The post Cyber Security Headlines: USPS phishing, UK IoT…
I Really Shouldn’t Have Agreed to Variable Rate Technical Debt
Technical debt is an inevitability in any organization. But how do you go about “paying it down?” This requires a framework to understand the risk the technical debt represents to […] The post I Really Shouldn’t Have Agreed to Variable…
How Compliance Can Launch Your Risk Program with Vanta
For many organization, risk programs are driven by compliance requirements. What compliance framework you use will directly impact what processes you have in place around risk, noted Kim Elias, Senior […] The post How Compliance Can Launch Your Risk Program…
Cyber Security Headlines: Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data The healthcare giant is alerting more than 13 million customers that their personal information may have been shared with third-party […] The post Cyber Security Headlines: Kaiser Permanente breach, DSH…
PREVIEW: CISO Series Game Show During RSA Week
Going to the RSA Conference? Looking forward to having some fun, win prizes, and enjoy lunch? Then come to our CISO Series game show that will be happening on Tuesday, […] The post PREVIEW: CISO Series Game Show During RSA…
Cyber Security Headlines: Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Google has announced that it is once again delaying its plans to deprecate third-party tracking cookies in its Chrome web browser. This time the reason […] The post Cyber Security Headlines: Google postpones cookies, Brocade…
The Importance of Data Hygiene with OpenText
Knowing what data your organization holds is critical to using it effectively. But organizations don’t know where to start getting their data in order. In this video Greg Clark, director […] The post The Importance of Data Hygiene with OpenText…
Cyber Security Headlines: Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud […] The post Cyber Security Headlines: Chinese keyboard flaws, hacked…
Should CISOs Be More Empathetic Towards Salespeople?
Ask any CISO how they feel about sales pitches and be prepared for a litany of sins. But when do these legitimate complaints cross the line to sounding entitled? Check […] The post Should CISOs Be More Empathetic Towards Salespeople?…
Capture the CISO S2E2: HYAS, Nudge Security, and SlashNext
Welcome to episode one of Capture the CISO Season 2! Our judges are Arvin Bansal, CISO, C&S Wholesale Grocers and Brett Conlon, CISO, American Century Investments. Our contestants: And don’t forget to join […] The post Capture the CISO S2E2: HYAS, Nudge Security, and…
Cyber Security Headlines: Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies On Tuesday, four Iranian nationals (Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab) were indicted in a Manhattan […] The post Cyber Security Headlines: Iranian hackers charged, Siemens…
Cyber Security Headlines: RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites
RedLine stealer variant delivers Lua bytecode by disguising as game cheat According to McAfee Labs, this off-the-shelf variant of RedLine malware gathers saved credentials, autocomplete data, credit card information, and […] The post Cyber Security Headlines: RedLine GitHub connection, MITRE…
Cyber Security Headlines: TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House The bill passed as part of a larger foreign aid package by a vote of 360-58. THe House passed a similar standalone TikTok ban […] The post Cyber Security Headlines: TikTok ban update, Sandworm…
We’ll Invest in Resilience as Soon as the Ransom Payment Clears
Lots of businesses pledge to never pay ransomware demands. That sounds good, but priorities quickly change when you need to get the business back to normal after an attack occurs. […] The post We’ll Invest in Resilience as Soon as…