Welcome to the finals of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Alexandra Landegger, executive director and CISO, Collins Aerospace, and Edward Contreras, EVP […] The post Capture the CISO Finals – Season 2…
Category: CISO Series
Cybersecurity News: Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws
In today’s cybersecurity news… Nissan North America breach impacts over 53,000 employees The car manufacturer has disclosed that a breach discovered last November has exposed personal data of more than […] The post Cybersecurity News: Nissan NA breach, VMware Pwn2Own…
Where Are Secure Web Gateways Falling Short?
Are secure web gateways still an effective tool in the enterprise? The browser has changed a lot in the last decade, are Secure Web Gateways – SWGs still keeping up? […] The post Where Are Secure Web Gateways Falling Short?…
Cybersecurity News: FBI seizes BreachForums, Android threat detection, US AI investment
FBI seizes BreachForums On the morning of March 15th, the US FBI announced its seizure of the illicit clear-net hacking forum as well as its Telegram channel, updating the BreachForums […] The post Cybersecurity News: FBI seizes BreachForums, Android threat…
Join Us 05-31-24 for “Hacking Microsoft Copilot” – Super Cyber Friday
Please join us on Friday May 31, 2024 for Super Cyber Friday. Our topic of discussion will be Hacking Microsoft Copilot: An hour of critical thinking of how to get […] The post Join Us 05-31-24 for “Hacking Microsoft Copilot”…
Cybersecurity News: Singing River breach, D-Link exploit released, Google AI spots scams
In today’s cybersecurity news… Singing River patient data was swiped in ransomware attack Mississippi-based Singing River Health System has warned that more than 895,000 patients have been impacted by a […] The post Cybersecurity News: Singing River breach, D-Link exploit…
How Material Security Protects Your Email Beyond Phishing Attacks
Many people view email security as just stopping phishing attacks. In this video, Abhishek Agrawal, CEO, Material Security, argues that this limited appreciation for email security obscures a lot of […] The post How Material Security Protects Your Email Beyond…
Our Help Desk Plaque Reads “Over 100,000 Threat Actors Served”
The shine is off the cybersecurity promise of MFA. While its certainly vital to implement, threat actors are increasingly finding ways to get around it. Most recently we’ve seen social […] The post Our Help Desk Plaque Reads “Over 100,000…
Cybersecurity News: FCC implements new classification, MITRE releases embedded devices framework, World renowned auction house attacked
FCC implements new classification to combat robocall groups A classification fit for royalty; well I should say robocall royalty. The Federal Communications Commission (FCC) is targeting an entity named Royal […] The post Cybersecurity News: FCC implements new classification, MITRE…
Cybersecurity News: Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked
Boeing confirms $200 million ransomware extortion attempt Following up on the stories regarding LockBit that we covered last week, as well as a story we covered in November, Boeing has […] The post Cybersecurity News: Boeing confirms ransomware, Dell announces…
Cyber Security Headlines: F5 Big-IP warning, UK Army breach, BetterHelp pays out
F5 Networks warns of new Big-IP vulnerabilities The vulnerabilities, numbered CVE-2024-26026 and CVE-2024-21793, exist in the BIG-IP Next Central Manager (NCM), a single-pane-of-glass management and orchestration solution provided by F5. […] The post Cyber Security Headlines: F5 Big-IP warning, UK…
Cyber Security Headlines: Lockbit hit Wichita, AI export bans, Pathfinder on Intel
Lockbit takes credit for Wichita attack The pernicious ransomware organization added the city of Wichita to its leak site, giving officials until May 15th to pay an unspecified ransom. We […] The post Cyber Security Headlines: Lockbit hit Wichita, AI…
Understanding the Zero-Trust Landscape
Lots of vendors claim to offer zero-trust solutions. But is that framework even applicable to some product categories? Check out this post for the discussion that is the basis of […] The post Understanding the Zero-Trust Landscape appeared first on…
Cyber Security Headlines: LockBit ringleader indicted, DocGo cyberattack, UK military data compromise
US indicts LockBit ransomware ringleader On Tuesday, the U.S. Department of Justice (DoJ) charged the mastermind behind the notorious LockBit ransomware-as-a-service (RaaS) operation. The DoJ unmasked 31-year-old Russian National, Dimitry […] The post Cyber Security Headlines: LockBit ringleader indicted, DocGo…
Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)
For years, we’ve talked about the blurring line between work and personal devices. But increasingly we’re seeing signs that that line no longer exists for employees. If that’s the reality, […] The post Can’t Talk, I’m Onboarding My Kids To…
Cyber Security Headlines: Neuberger proposes improvements, Olympic cybersecurity preparations, North Korea DMARC warning
NSC’s Neuberger suggests operational approach for on mitigating cyberattacks In an interview with Click Here a podcast from Recorded Future News, deputy national security adviser for cyber and emerging technologies […] The post Cyber Security Headlines: Neuberger proposes improvements, Olympic…
Cyber Security Headlines: Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach
Goldoon botnet exploits D-Link routers The exploit involves a security flaw that is almost 10 years old, specifically CVE-2015-2051 which has a CVSS score of 9.8. It affects D-Link’s DIR-645 […] The post Cyber Security Headlines: Goldoon exploits D-Link, CISA…
Join Us 05-17-24 for the Capture the CISO Finals
Season 2 of Capture the CISO is not over. We still have the finals! And it’s going to be LIVE on Friday, May 17th, 2024 at 1 PM ET/10 AM […] The post Join Us 05-17-24 for the Capture the…
Cyber Security Headlines: Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual We’ve had several election cycles haunted by the threat of Chinese disinformation campaigns, made only more ominous with the advent of modern generative AI tools. But […] The post Cyber Security Headlines: Chinese disinformation, NCSC AMS,…
Scaling Least Privilege for the Cloud
Scaling least privilege in the cloud remains challenging. Throwing more people at the problem isn’t feasible, so how are you managing it? Check out this post for the discussion that […] The post Scaling Least Privilege for the Cloud appeared…
Capture the CISO S2E3: BugProve, Egress, and Zenity
Welcome to episode three of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Christina Shannon, CIO, KIK Consumer Products and Dan Walsh, CISO, Paxos. Our contestants: […] The post Capture the CISO S2E3: BugProve, Egress, and Zenity…
Cyber Security Headlines: UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed The CEO of UnitedHealth Group, the parent company of Change Healthcare, is set to testify before a congressional committee today, […] The post Cyber Security Headlines: UnitedHealth Group CEO faces…
Cyber Security Headlines: USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular In October 2023, researchers at Akamai began observing traffic to combosquatting phishing domains impersonating the US Postal Service, all using the same malicious JavaScript file. […] The post Cyber Security Headlines: USPS phishing, UK IoT…
I Really Shouldn’t Have Agreed to Variable Rate Technical Debt
Technical debt is an inevitability in any organization. But how do you go about “paying it down?” This requires a framework to understand the risk the technical debt represents to […] The post I Really Shouldn’t Have Agreed to Variable…
How Compliance Can Launch Your Risk Program with Vanta
For many organization, risk programs are driven by compliance requirements. What compliance framework you use will directly impact what processes you have in place around risk, noted Kim Elias, Senior […] The post How Compliance Can Launch Your Risk Program…
Cyber Security Headlines: Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data The healthcare giant is alerting more than 13 million customers that their personal information may have been shared with third-party […] The post Cyber Security Headlines: Kaiser Permanente breach, DSH…
PREVIEW: CISO Series Game Show During RSA Week
Going to the RSA Conference? Looking forward to having some fun, win prizes, and enjoy lunch? Then come to our CISO Series game show that will be happening on Tuesday, […] The post PREVIEW: CISO Series Game Show During RSA…
Cyber Security Headlines: Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Google has announced that it is once again delaying its plans to deprecate third-party tracking cookies in its Chrome web browser. This time the reason […] The post Cyber Security Headlines: Google postpones cookies, Brocade…
The Importance of Data Hygiene with OpenText
Knowing what data your organization holds is critical to using it effectively. But organizations don’t know where to start getting their data in order. In this video Greg Clark, director […] The post The Importance of Data Hygiene with OpenText…
Cyber Security Headlines: Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud […] The post Cyber Security Headlines: Chinese keyboard flaws, hacked…
Should CISOs Be More Empathetic Towards Salespeople?
Ask any CISO how they feel about sales pitches and be prepared for a litany of sins. But when do these legitimate complaints cross the line to sounding entitled? Check […] The post Should CISOs Be More Empathetic Towards Salespeople?…
Capture the CISO S2E2: HYAS, Nudge Security, and SlashNext
Welcome to episode one of Capture the CISO Season 2! Our judges are Arvin Bansal, CISO, C&S Wholesale Grocers and Brett Conlon, CISO, American Century Investments. Our contestants: And don’t forget to join […] The post Capture the CISO S2E2: HYAS, Nudge Security, and…
Cyber Security Headlines: Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies On Tuesday, four Iranian nationals (Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab) were indicted in a Manhattan […] The post Cyber Security Headlines: Iranian hackers charged, Siemens…
Cyber Security Headlines: RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites
RedLine stealer variant delivers Lua bytecode by disguising as game cheat According to McAfee Labs, this off-the-shelf variant of RedLine malware gathers saved credentials, autocomplete data, credit card information, and […] The post Cyber Security Headlines: RedLine GitHub connection, MITRE…
Cyber Security Headlines: TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House The bill passed as part of a larger foreign aid package by a vote of 360-58. THe House passed a similar standalone TikTok ban […] The post Cyber Security Headlines: TikTok ban update, Sandworm…
We’ll Invest in Resilience as Soon as the Ransom Payment Clears
Lots of businesses pledge to never pay ransomware demands. That sounds good, but priorities quickly change when you need to get the business back to normal after an attack occurs. […] The post We’ll Invest in Resilience as Soon as…