Tag: CISO Series

Is cybersecurity a communication problem at its core? If communication is so critical in cybersecurity, why do we keep seeing so many failures?  Check out this post for the discussion […] The post Cybersecurity Is a Communications Problem appeared first…

Read more →

In today’s cybersecurity news… CrowdStrike dishes details  CrowdStrike published its Preliminary Post Incident Review from its massive incident last week. The company detailed its InterProcessCommunication Template type used in novel […] The post Cybersecurity News: CrowdStrike details, Chrome keeps cookies,…

Read more →

DirectDefense recently released a threat report, offering insights on managed services, threat hunting, and customer requirements. But intelligence only goes so far, organizations can best benefit from tailored alerts based […] The post Optimizing Security Operations with DirectDefense appeared first…

Read more →

In today’s cybersecurity news… Google’s $23 billion plan to buy Wiz falls apart Last week, it appeared Google was poised to snap up cybersecurity start-up for $23 billion, in what […] The post Cybersecurity News: Wiz deal crumbles, CrowdStrike aftermath,…

Read more →

As a principle, zero trust can be taken for granted as a best practice. But the reality is that many aspects of IT infrastructure, from legacy systems to IoT, were […] The post Everyone Has a Zero-Trust Plan Until They…

Read more →

CrowdStrike says “significant number” back up and running CrowdStrike reports that of the estimated 8.5 million Window’s devices impacted last Friday, “a significant number” are back in operation. In case […] The post Cybersecurity News: CrowdStrike update, Russian criminals sanctioned,…

Read more →

We’re going to Seattle! It’ll be our first time ever producing a live recording of CISO Series Podcast in that beautiful city. We’ll be the closing entertainment on the first […] The post Join CISO Series Podcast LIVE in Seattle…

Read more →

In today’s cybersecurity news… Microsoft confirms CrowdStrike update also hit cloud Windows PCs The faulty CrowdStrike update that continues to reverberate around the world also resulted in a number of […] The post Cybersecurity News: CrowdStrike hits Cloud PCs, criminals…

Read more →

In today’s cybersecurity news… Major worldwide outage hits Windows A worldwide blue screen of death is affecting many Microsoft based activities and organizations this morning, including airlines, banks, and healthcare […] The post Cybersecurity News: Worldwide Windows outage, Fin7 sells…

Read more →

In today’s cybersecurity news… FIN7 sells security evasion tool to others via darknet The customized tool, called AvNeutralizer, is used for bypassing threat detection systems, and has been used exclusively […] The post Cybersecurity News: Fin7 sells malware, Synnovis blood…

Read more →

There’s a common assumption that mergers and acquisitions put organizations at more risk of cyberattacks. Is there any data to back up this well-worn trope? Check out this post for […] The post Do Companies Undergoing a Merger or Acquisition…

Read more →

In today’s cybersecurity news… UK mandatory ransomware reporting gets watered-down As part of the King’s Speech formally opening the Parliament, the UK government announced it would bring forward its Cyber […] The post Cybersecurity News: UK ransomware reporting, Project Oscar,…

Read more →

Please join us on Friday August 2, 2024 for Super Cyber Friday. Our topic of discussion will be “Hackings CISOs: An hour of critical thinking about your questions for our […] The post Join Us 08-02-24 for “Hacking CISOs” –…

Read more →

With rapid development and agile methodologies, attack surfaces are dynamically changing along with code and infrastructure. Continuous monitoring and human-augmented analysis can help protect your organization’s internet-facing assets, argues Nabil […] The post The Future of Attack Surface Management with…

Read more →

In today’s cybersecurity news… Rite Aid says ‘limited’ cybersecurity incident affected over 2 million people Follow up on a story we brought to you on Monday on Cyber Security Headlines, […] The post Cybersecurity News: Rite Aid update, AT&T ransom…

Read more →

We know insider risks represent a major attack surface for any organization, but who should own insider risk management? HR, security, legal? This week’s episode is hosted by me, David […] The post I Don’t Want Insider Risk. You Take…

Read more →

In today’s cybersecurity news… Alphabet in talks to acquire Wiz The Wall Street Journal’s sources say Alphabet remains in advanced talks on the deal, reportedly valued at about $23 billion. […] The post Cybersecurity News: Wiz acquisition, AT&T paid hacker,…

Read more →

Automation in the SOC is experiencing a seismic shift, going from basic, rule-based robotic automation to the sophisticated capabilities of large language models. Edward Wu, CEO and founder, Dropzone AI, […] The post Revolutionizing SOC Automation with Large Language Models…

Read more →

In today’s cybersecurity news… Rite Aid announces data breach following June cyberattack The third largest drugstore chain in the U.S. was hit by the RansomHub ransomware group in June. This […] The post Cybersecurity News: Rite Aid breach, AT&T breach…

Read more →

In today’s cybersecurity news… PHP vulnerability exploited, spreading malware and DDoS attacks Following up on a story we covered in June, numerous threat actors have now been observed exploiting a […] The post Cybersecurity News: PHP vulnerability exploit, Auto Parts…

Read more →

We know that storytelling is a key to communicating risk to the business. How do we integrate metrics to help us tell those stories? Check out this post for the […] The post Telling Stories with Security Metrics appeared first…

Read more →

Australia targets government tech under foreign control Australia’s Department of Home Affairs issued new instructions to all government agencies, ordering them to review their tech stacks for Foreign Ownership, Control […] The post Cybersecurity News: Australia targets foreign tech, banks…

Read more →

New AI tools can be a boon for defenders, but they’re also leading to increased phishing, smarter threat actors, and advanced reconnaissance tactics. Paul Reid, global head of threat intelligence, […] The post Getting Visibility into Your Cyber Horizon with…

Read more →

In today’s cybersecurity news… US disrupts Russian AI-powered disinformation bot farm  A joint international law enforcement operation led by the U.S. Justice Department has seized email servers, domains and nearly […] The post Cybersecurity News: Russian bot takedown, Burdensome cyber…

Read more →

When we talk about giving back to the community, there’s an inevitable element of self-interest layered on as well. Sure your blog provides information to others, but it also raises […] The post How to Get the Most for Yourself…

Read more →

Record-breaking 10 billion stolen passwords exposed It appears to be the largest collection of stolen and leaked credentials ever seen on the crime marketplace BreachForums. Security researchers from Cybernews report […] The post Cybersecurity News: Billions of stolen passwords, cybersecurity…

Read more →

What is the “materiality” of a breach? Jason Clark, chief strategy officer for Cyera, and I discussed trying to answer this amorphous question that the SEC presented to companies and […] The post Answering SEC’s Question of Materiality of a…

Read more →

In today’s cybersecurity news… Alabama Department of Education suffers data breach Financially motivated foreign threat actors are suspected of being behind a breach at the Alabama State Department of Education, […] The post Cybersecurity News: Alabama Education breach, OpenAI secrets…

Read more →

In today’s cybersecurity news… Senate leader demands answers from CISA re March Ivanti hack Sen. Charles Grassley of Iowa has sent a message to CISA chief Jen Easterly, requesting further […] The post Cybersecurity News: Senator pressures CISA, Velvet Ant…

Read more →

Please join us on Friday July 19, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking SOC Automation: An hour of critical thinking about how the line […] The post Join Us 07-19-24 for “Hacking SOC Automation”…

Read more →

In today’s cybersecurity news… Evolve Bank data breach is…. evolving Following up on a story we brought to you this past Friday on Cyber Security Headlines, loan company Affirm is […] The post Cybersecurity News: Evolve breach update, Patelco cyberattack,…

Read more →

As an emerging technology, there are a lot of questions about who owns the risk inherent with new AI and LLM-based tools. But even though this technology offers exciting new […] The post Who Owns AI Risk? NOT IT! appeared…

Read more →

14 million Linux systems threatened by ‘RegreSSHion’ vulnerability Researchers at Qualys have uncovered a critical vulnerability, “regreSSHion” (CVE-2024-6387), which some experts are comparing to the notorious Log4Shell in terms of […] The post Cybersecurity News: 14 million Linux systems threatened,…

Read more →

In today’s cybersecurity news… Update on the TeamViewer network breach The remote access software company is now attributing Wednesday’s attack on its corporate networks as being the work of Russian […] The post Cybersecurity News: TeamViewer breach update, HubSpot customer…

Read more →

In today’s cybersecurity news… Gas chromatograph vulnerabilities reveal medical IoT challenges The research firm Claroty has revealed four vulnerabilities within the model Rosemount 370XA gas chromatograph manufactured by Emerson. This […] The post Cybersecurity News: Gas chromatograph vulnerabilities, Cloudflare rebukes…

Read more →

How are we securing identity in the cloud? Unlike on-prem, the cloud requires you to cede control to a vendor. So what can we do to keep identities safe? Check […] The post Securing Identities in the Cloud appeared first…

Read more →

In today’s cybersecurity news… Android lying Snowblind in the sun Security researchers at Promon released a report on an Android malware called Snowblind. This utilizes the Linux “seccomp” security feature […] The post Cybersecurity News: Snowblind Android, identity services leaks…

Read more →

Network segmentation plays a critical role in Operational Technology (OT) environments. Contrary to popular belief that segmentation is primarily for resilience and uptime, Christopher Walcutt, CSO, DirectDefense emphasizes that it’s […] The post The Crucial Role of Network Segmentation in…

Read more →

In today’s cybersecurity news… Julian Assange to plead guilty and return to Australia On Wednesday, WikiLeaks founder Julian Assange is scheduled to plead guilty to a single criminal charge in […] The post Cybersecurity News: Julian Assange plea, Latest MOVEit…

Read more →

How are threat actors getting around EDR? Every solution out there will show how well it does in benchmarks, but that doesn’t seem to match real-world situations. Is there something […] The post How About This? Only Attack the Endpoints…

Read more →

In today’s cybersecurity news… Indonesia battles Lockbit 3.0 ransomware Indonesia’s national data center has been compromised, causing disruptions to 200 government services, including immigration checks at airports. While some services, […] The post Cybersecurity News: Indonesia battles Lockbit, DOJ charges…

Read more →

In today’s cybersecurity news… CDK Global outage caused by BlackSuit ransomware attack In an update to one of last week’s biggest stories, BleepingComputer has learned that the operation behind CDK […] The post Cybersecurity News: BlackSuit behind CDK, Microsoft spoofing…

Read more →

A target so nice, they hacked it twice CDK Global offers a SaaS platform used by roughly 15,000 car dealerships. Earlier this week, it announced it suffered a breach, which […] The post Cybersecurity News: CDK Global hacked again, LockBit…

Read more →

Have we lost sight of data security with defense in depth? Recent trends have seen a focus on applications and roles, but do we need to refocus on the fundamentals? […] The post How AI Is Making Data Security Possible…

Read more →

In today’s cybersecurity news… Nvidia becomes world’s most valuable company Not directly a cybersecurity story, but undeniably central to the business, Nvidia has just become the world’s most valuable company […] The post Cybersecurity News: Nvidia most valuable, Markopolo’s meeting…

Read more →

There are a lot of common pitfalls in penetration testing, particularly with the remediation phase. It’s important to move away from static processes to more actionable systems, understanding the gaps […] The post From Pentesting to Remediation with NetSPI appeared…

Read more →

Please join us on Friday July 12, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking the Materiality of a Data Breach: An hour of critical thinking […] The post Join Us 7-12-24 for “Hacking the Materiality…

Read more →

There are a lot of common pitfalls in penetration testing, particularly with the remediation phase. It’s important to move away from static processes to more actionable systems, understanding the gaps […] The post From Pen Testing to Remediation with NetSPI…

Read more →

AMD investigates breach after data for sale on hacking forum AMD is investigating whether it suffered a cyberattack after a threat actor dubbed IntelBroker shared some screenshots of the data […] The post Cybersecurity News: AMD investigates breach, Qilin demands…

Read more →

How do you manage the risk introduced by your own staff? This can range from having written passwords in plain sight to using insecure operating systems on BYOD devices. Staff […] The post The Post-it Note Clearly Says “Don’t Share”…

Read more →

Snowflake breach escalates with ransom demands and death threats As many as 10 companies are facing ransom payments between $300,000 and $5 million following a breach against cloud-based data analytics […] The post Cybersecurity News: Snowflake breach escalates, MITRE has…

Read more →

Everyone is asking the same questions when it comes to generative AI. People want to know how to harness it for good and how can we make sure employees are […] The post How Does Generative AI Help and Hurt…

Read more →

In today’s cybersecurity news… CISA leads first tabletop exercise for AI cybersecurity The exercise was led by the Joint Cyber Defense Collaborative, which is a branch of CISA that works […] The post Cybersecurity News: CISA tabletop exercise, Keytronic confirms…

Read more →

In today’s cybersecurity news… Record high for North American cyber insurance claims A new report released by insurance broker Marsh says it received “over 1800 cyber claim reports from clients […] The post Cybersecurity News: Cyberinsurance claims increase, NATO’s Russia…

Read more →

This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Janet Heins, CISO, ChenMed Here are the stories we plan to cover TODAY, time […] The post Cyber Security Headlines Week in Review: New…

Read more →

Life360 faces extortion attempt after Tile data breach Life360, the parent company of Tile, a bluetooth tracking device reported an extortion attempt following a data breach in Tile’s customer support […] The post Cybersecurity News: Life360 faces extortion attempt, White…

Read more →

Every CISO has a unique path to getting the role. But once you’re there, what does it take to be effective? Check out this post for the discussion that is […] The post What Makes a Successful CISO? appeared first…

Read more →

The current state of ransomware is alarming. It has evolved into a highly lucrative criminal enterprise with minimal risk. This follows the overall ransomware shift towards monetary gain through sophisticated […] The post Where Can We Win Against Ransomware with…

Read more →

Pure Storage hacked via Snowflake workspace On Monday, cybersecurity firm Mandiant warned that the threat actor named UNC5537 is “systematically” compromising victim organization data through Snowflake and attempting to extort […] The post Cybersecurity News: Snowflake hack update, BreachForums down…

Read more →

When a cybersecurity incident occurs, who should be the first call the CISO makes? And once that call gets made, what is the CISOs role in handling the fallout? This […] The post Who You Gonna Call? LEGAL COUNSEL! appeared…

Read more →

In today’s cybersecurity news… Cyber assistance coming to rural hospitals Both Microsft and Google announced programs to offer cybersecurity services to these organizations. The Biden administration announced that Google will […] The post Cybersecurity News: Rural hospital support, 23andMe investigation,…

Read more →

Are cybersecurity professionals connecting the dots as to how specific cyber risks impact the day-to-day operations of the business? This was the question I posed to Neatsun Ziv, co-founder and […] The post Does the Business Understand the Current State…

Read more →

In today’s cybersecurity news… Microsoft resets Recall plans Following up on a story that dogged the industry last week, Microsoft announced on Friday that its new feature Recall will not […] The post Cybersecurity News: Microsoft resets Recall, LastPass outage…

Read more →

FCC moves forward with BGP security measures The Federal Communications Commission unanimously voted to advance a proposal to improve the security of the Border Gateway Protocol (BGP) for the internet. […] The post Cybersecurity News: FCC moves forward with BGP…

Read more →

Discovery of security issues is important, but ultimately we need them remediated. So why do so many solutions seem to stop short? Check out this post for the discussion that […] The post We Want a Solution to Remediate, Not…

Read more →

In today’s cybersecurity news… US research using psychology against threat actors The Intelligence Advanced Research Projects Activity, IARPA, picked five research teams to look into threat actor behavior, hoping to […] The post Cybersecurity News: Psychology vs. threat actors, AI…

Read more →

Compared to IT, operational technology (OT) systems are often misunderstood and mishandled. There’s a reason for this, OT carries a lot of unique challenges, such as the inability to use […] The post Unseen Challenges in OT Security with DirectDefense…

Read more →

Please join us on Friday June 21, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking Generative AI Anxiety: An hour of critical thinking about how to […] The post Join Us 06-21-24 for “Hacking Generative AI…

Read more →

Ransomware attack forces London hospitals to cancel operations Several of London’s largest hospitals were forced to cancel operations and declare critical incident emergency status after Synnovis, a third-party provider, experienced […] The post Cybersecurity News: London hospitals hit by ransomware,…

Read more →

Do cybersecurity budgets suffer from recency bias? It seems organizations are most likely to significantly raise budgets after a cybersecurity incident. Meaning if you’ve ran an effective program, your budget […] The post I’m Rewarding Your Successful Use of the…

Read more →

In today’s cybersecurity news… Authorities unmask criminals behind malware loaders As part of Operation Endgame, law enforcement agencies in 13 countries have revealed the identities of eight Russians linked to […] The post Cybersecurity News: Russian criminals unmasked, Background check…

Read more →

ISO 27001 and SOC 2 remain two of the most prominent industry compliance standards. These standards are crucial for establishing customer trust and maintaining security best practices, said Faisal Khan, […] The post Demystifying SOC 2 and ISO 27001 appeared…

Read more →

In today’s cybersecurity news… Ticketmaster hack affects 560 million customers, third-party denies liability The attack, which occurred on May 20, has been confirmed by its parent company, Live Nation, as […] The post Cybersecurity News: Ticketmaster breached, Ticketek Australia breached,…

Read more →

Senator calls for UnitedHealth leadership to be held responsible In recent years, we’ve seen increasing legal responsibility thrust onto CISOs. From the SolarWinds Orien supply chain attack to the guilty […] The post Cybersecurity News: UnitedHealth responsibility, Europol dropper takedown,…

Read more →

The realm of rogue or shadow identities in the cloud is a real problem. EDR for cloud identities is changing the game, according to Adam Bateman, co-founder and CEO, Push […] The post Stopping Cloud-Based Identity Attacks with Push Security…

Read more →

Working the help desk seems like a great place to get entry-level cyber security skills. So why is it so often overlooked or even looked down upon? Check out this […] The post Recruiting From the Help Desk appeared first…

Read more →

In today’s cybersecurity news… New North Korean hacking group emerges A North Korean hacking group has been formally identified by Microsoft, and it has been given the name Moonstone Sleet, […] The post Cybersecurity News:  New NK hackers, Dutch bank…

Read more →

Please join us on Friday June 14, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking the Conversation Around Risk: An hour of critical thinking about how […] The post Join Us 06-14-24 for “Hacking the Conversation…

Read more →

In today’s cybersecurity news… BreachForums returns just weeks after FBI-led takedown Just two weeks after we brought you the news of the FBI’s takedown of the notorious dark-web marketplace, BreachForums […] The post Cybersecurity News: BreachForums returns, First American data…

Read more →

CISOs tend to be cool customers. But even in a role that requires nerves, there are still things that can scare a CISO. Some of these don’t have anything to […] The post Ransomware? Why’d It Have to Be Ransomware?…

Read more →

In today’s cybersecurity news… New ransomware uses Windows BitLocker to encrypt victim data The new ransomware, called ShrinkLocker, “encrypts victim data using the BitLocker feature built into the Windows operating […] The post Cybersecurity News: Ransomware uses BitLocker, pharmacy supplier…

Read more →

In today’s cybersecurity news… Arc browser’s Windows launch sabotaged by malvertising The much-anticipated launch of the Arc browser for Windows, a new browser that has already received positive reviews after […] The post Cybersecurity News: Arc browser sabotaged, Cencora pharma…

Read more →

In today’s cybersecurity news… Chinese hackers hide on military and government networks for 6 years This threat actor, previously unknown and now dubbed “Unfading Sea Haze” has been targeting military […] The post Cybersecurity News: Chinese hack military, search engine…

Read more →

We’re seeing AI and LLM rapidly push what was science fiction into production. Our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from […] The post How Do We Build a Security Program…

Read more →

NY Stock Exchange owner fined $10 million by SEC  The SEC is putting its foot down that nobody or company is above the law. The Intercontinental Exchange (ICE), which owns […] The post Cybersecurity News: NY Stock Exchange owner fined,…

Read more →

Please join us on Friday June 7, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking SOC2 Vs. ISO 27001: An hour of critical thinking about the […] The post Join Us 06-07-24 for “Hacking SOC 2…

Read more →

In today’s cybersecurity news… Brits to propose mandatory ransomware reporting Recorded Future News’ sources say UK officials will publish proposals calling for mandatory ransomware reporting as well as a complete […] The post Cybersecurity News: UK ransomware reporting, Tech Against…

Read more →

Every organization wants to achieve the productivity benefits of generative AI. But privacy and security concerns mean that very few organizations have been able to move these systems into production, […] The post Getting Your Copilot Pilot Out of Pilot…

Read more →

Data minimization in the US is changing from a potential policy goal to a regulatory imperative. Maryland’s new Online Data Privacy Act requires any service collecting data to meet the […] The post You Can’t Leak What You Don’t Collect…

Read more →

Military cyber service proposal picks up steam A group of bipartisan lawmakers on the House Armed Services Committee plan to push an amendment into the fiscal 2025 defense authorization bill […] The post Cybersecurity News: Military cyber service, GetCaught abuses…

Read more →

In today’s cybersecurity news… Grandoreiro banking Trojan reappears, hits banks worldwide This malware has come back in a new and improved version since its attacks in 2022 and following a […] The post Cybersecurity News: Grandoreiro Trojan reappears, Kimsuky’s new…

Read more →

Welcome to the finals of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Alexandra Landegger, executive director and CISO, Collins Aerospace, and Edward Contreras, EVP […] The post Capture the CISO Finals – Season 2…

Read more →

In today’s cybersecurity news… Nissan North America breach impacts over 53,000 employees The car manufacturer has disclosed that a breach discovered last November has exposed personal data of more than […] The post Cybersecurity News: Nissan NA breach, VMware Pwn2Own…

Read more →

Are secure web gateways still an effective tool in the enterprise? The browser has changed a lot in the last decade, are Secure Web Gateways – SWGs still keeping up? […] The post Where Are Secure Web Gateways Falling Short?…

Read more →

FBI seizes BreachForums On the morning of March 15th, the US FBI announced its seizure of the illicit clear-net hacking forum as well as its Telegram channel, updating the BreachForums […] The post Cybersecurity News: FBI seizes BreachForums, Android threat…

Read more →

Please join us on Friday May 31, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking Microsoft Copilot: An hour of critical thinking of how to get […] The post Join Us 05-31-24 for “Hacking Microsoft Copilot”…

Read more →

In today’s cybersecurity news… Singing River patient data was swiped in ransomware attack  Mississippi-based Singing River Health System has warned that more than 895,000 patients have been impacted by a […] The post Cybersecurity News: Singing River breach, D-Link exploit…

Read more →

Many people view email security as just stopping phishing attacks. In this video, Abhishek Agrawal, CEO, Material Security, argues that this limited appreciation for email security obscures a lot of […] The post How Material Security Protects Your Email Beyond…

Read more →

The shine is off the cybersecurity promise of MFA. While its certainly vital to implement, threat actors are increasingly finding ways to get around it. Most recently we’ve seen social […] The post Our Help Desk Plaque Reads “Over 100,000…

Read more →

FCC implements new classification to combat robocall groups A classification fit for royalty; well I should say robocall royalty. The Federal Communications Commission (FCC) is targeting an entity named Royal […] The post Cybersecurity News: FCC implements new classification, MITRE…

Read more →