Category: CISO Series

Please join us on Friday October 18, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Hype of Zero Trust: An hour of critical thinking about […] The post Join Us 10-18-24 for “Hacking the Hype…

Read more →

In today’s cybersecurity news… UK ties LockBit affiliate to Evil Corp The UK’s National Crime Agency, or NCA, revealed the identity of a LockBit affiliate known as “Beverly” to be […] The post Cybersecurity News: LockBit ties to Evil Corp,…

Read more →

Join us for a groundbreaking announcement in cyber risk quantification and management. Today, Safe Security unveils SafeX, its new AI-powered mobile application designed to simplify and automate cyber risk assessment. […] The post Risk Management in Real Time with Safe…

Read more →

Is the cybersecurity talent shortage a self-inflicted wound? It seems like we’re caught in a vicious cycle of employers not being honest about the roles they need to fill, leading […] The post We’re Lowering the Requirement for Entry Level…

Read more →

T-Mobile data breaches cost company $31.5 million In a settlement with the Federal Communications Commission (FCC), T-Mobile has agreed to pay a total of $31.5 million following a series of […] The post Cybersecurity News: T-Mobile data breach fines, Iranian…

Read more →

We got the best present for the CISO Series 6th anniversary: testimonials from our listeners! David Spark hit the show floor at Black Hat 2024 to ask attendees why they […] The post Celebrating 6 Years with CISO Series appeared…

Read more →

In today’s cybersecurity news… Recall redesign: reinforced and removable Responding to customer reaction to the release of its new AI-powered feature, Microsoft has now announced improvements to Recall including stronger […] The post Cybersecurity News: Recall redesigned, Embargo attacks cloud,…

Read more →

In today’s cybersecurity news… Public Wi-Fi hacked at some of the UK’s busiest train stations Train passengers connecting to free WiFi at many major rail stations in England were greeted […] The post Cybersecurity News: Train station WiFi hack, Mozilla…

Read more →

When it comes to generative AI systems, often we’re concerned about the quality and reliability of the output. But do we risk losing sight of the integrity of these systems […] The post Is It Possible to Inject Integrity Into…

Read more →

In today’s cybersecurity news… DragonForce uses ransomware’s greatest hits Researchers at Group-IB disclosed that this threat group’s toolset includes a customized Conti variant and leaked Lockbit ransomware. Dragonforce operates a […] The post Cybersecurity News: DragonForce ransomware, Salt Typhoon hits…

Read more →

The CISO Series Podcast is celebrating spooky season the only way we know how, with another live podcast recording! We’re recording a podcast episode at the Planet Cyber Sec CISO-CIO […] The post CISO Series Podcast LIVE in La Jolla…

Read more →

In today’s cybersecurity news… Kansas water plant pivots to analog after cyber event Yesterday we updated you on a ransomware attack that hit the state Kansas earlier this year. Now […] The post Cybersecurity News: Kansas water targeted, CrowdStrike apology,…

Read more →

The CISO Series Podcast is set to return to the ISSA LA summit just in time for the start of the spooky season. But don’t be afraid, we’ve got amazing guests for […] The post PREVIEW: CISO Series Podcast LIVE in Los…

Read more →

U.S. proposes ban on Chinese, Russian tech in autonomous vehicles  It’s not going to happen overnight, but on Monday, the U.S. Department of Commerce proposed a ban on connected and […] The post Cybersecurity News: Proposed ban on autonomous vehicles,…

Read more →

It’s not enough for cybersecurity professionals to talk among themselves. Storytelling is a vital way to connect technical security controls and policies to the rest of the business. So how […] The post … And the Business Listened to the…

Read more →

Please join us on Friday October 4, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Job Stagnation: An hour of critical thinking about what to do […] The post Join Us 10-04-24 for “Hacking Job Stagnation”…

Read more →

There are varied decisions SOC analysts have to make multiple times every day. It’s hard to describe each one, and so much of the decision making is happening in the […] The post When Can AI Take Over Decision Making…

Read more →

In today’s cybersecurity news… LinkedIn halts AI data processing in UK due to privacy concerns Following up on a story we covered on last Friday’s Week In Review show, the […] The post Cybersecurity News: LinkedIn halts AI training, Ukraine…

Read more →

In today’s cybersecurity news… New INC ransomware targets U.S. healthcare sector A warning from Microsoft about a financially motivated threat actor who is using INC ransomware against the U.S. health […] The post Cybersecurity News: INC targets healthcare, Providence schools…

Read more →

CISO Series Podcast will be returning to Los Angeles to do another live audience recording of our show with ISSA LA. Joining me on stage will be two CISO Series […] The post CISO Series Podcast LIVE in Los Angeles…

Read more →

Last week on Super Cyber Friday, we talked about building leadership skills. David Spark hosted the discussion, joined by Alexandra Landegger, executive director and CISO at Collins Aerospace, and Jodie […] The post Building Cybersecurity Leadership Skills appeared first on…

Read more →

In today’s cybersecurity news… Feds derail Raptor Train FBI Director Chris Wray said a joint operation last week took down a Chinese-state-sponsored botnet known as Flax Typhoon, in operation since […] The post Cybersecurity News: Derailing Raptor Train, Volunteer Civil…

Read more →

Are we missing the point with phishing tests? We know attackers will just craft better messages to get clicks. So how can we make our own testing more meaningful? Check […] The post Are Phishing Tests Helping or Hurting Our…

Read more →

We are just a few weeks away from TWO exciting events in our nation’s capital, Washington D.C. Monday, September 30th, 2024: CISO Series meetup. This is a FREE event happening […] The post PREVIEW: CISO Series Game Show LIVE in…

Read more →

In today’s cybersecurity news… Exploding pager tragedy: experts look towards supply chain sabotage rather than hacking Security and technology experts surveying the wave of exploding wireless pagers that killed at […] The post Cybersecurity News: Exploding pager analysis, construction company…

Read more →

Spyware giant Intellexa faces new U.S. sanctions The U.S. Treasury Department has hit Intellexa Consortium and its affiliates with a new round of sanctions, intensifying efforts to crack down on […] The post Cybersecurity News: Intellexa faces new sanctions, London…

Read more →

Securing emerging AI tools is not a solved problem. We lack basic visibility into how the underlying LLMs work. We’re told there are guardrails in place, but given the frequency […] The post Our Guardrails Only Fail When You Try…

Read more →

CISO Series Podcast will be going back to school for another live show. We’re recording a show at Stanford University’s Cybersecurity and Privacy Festival 2024, AKA “Cyberfest.” Joining me on […] The post CISO Series Podcast LIVE at Stanford University…

Read more →

In today’s cybersecurity news… Fortinet confirms customer data breach Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440 GB of files […] The post Cybersecurity News: Fortinet breach, RansomHub extorts Kawasaki,…

Read more →

CISO Series Podcast will be at the 2024 SFISSA Hack the Flag Conference to do a live audience recording of our show. Joining me on stage will be Adam Fletcher, […] The post PREVIEW: CISO Series Podcast LIVE in Boca…

Read more →

In today’s cybersecurity news… Lazarus Group’s VM Connect campaign spoofs CapitalOne New research from Reversing Labs shows that the Lazarus Group is continuing its campaign of tempting targeting developers with […] The post Cybersecurity News: Lazarus spoofs CapitalOne, Mastercard buys…

Read more →

CISO Series Podcast will be heading to HOU.SEC.CON to do a live audience recording of our show. Joining me on stage will be the incomparable Jerich Beason, CISO, WM, and […] The post PREVIEW: CISO Series Podcast LIVE in Houston,…

Read more →

Haven’t we already discussed at great length the cloud shared security model? We’ve had the cloud for a few decades. Why can’t we just extend that shared responsibility model for […] The post Who Is Responsible for Securing SaaS Tools?…

Read more →

The $20 WHOIS vulnerability Researchers at watchTowr Labs discovered the WHOIS server for the .mobi top-level domain migrated domains, so they spent $20 to acquire the legacy one and spun […] The post Cybersecurity News: $20 WHOIS vulnerability, India’s Cyber…

Read more →

On the eve of FAIRCON24, we’re inviting fans of CISO Series to join us for a meetup at the Fairmont Hotel in DC. This is a free event to attend, […] The post Join Us 9-30-24 for a CISO Series…

Read more →

Please join us on Friday September 27, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Alerts: An hour of critical thinking about triaging the deluge hitting […] The post Join Us 09-27-24 for “Hacking Alerts” –…

Read more →

In today’s cybersecurity news… Slim CD notifies 1.7M customers of data breach Electronic payment firm, ESlim CD, has notified nearly 1.7 million credit card holders that their data may have […] The post Cybersecurity News: Slim CD data breach, International…

Read more →

Live in Washington DC or planning to attend FAIRCON24? Love cybersecurity and playing cybersecurity games? Then join us for a CISO Series Game Show, happening as part of FAIRCON24. Here’s […] The post Join us at FAIRCON24 – 10-02-24 for…

Read more →

Live in Washington DC or planning to attend FAIRCON24? Love cybersecurity and playing cybersecurity games? Then join us for a CISO Series Game Show, happening as part of FAIRCON24. Here’s […] The post Join CISO Series for a Game Show…

Read more →

When operating a security program in an existing deployment, it can be tempting to romanticize an opportunity like a greenfield deployment. But starting from square one doesn’t mean you’ll be […] The post Our Cybersecurity Journey Starts With a Single…

Read more →

1.7 million impacted in payment processing breach  In an ironic twist, payment gateway provider Slim CD says they’ve swiftly initiated an investigation into a breach affecting around 1.7 million individuals. […] The post Cybersecurity News: Payment processing breach, dark web…

Read more →

Being part of a security operations center (SOC) means that when everything is running right, no one knows you’re responsible, but when things go wrong, everyone knows who to blame. […] The post 25 Ways to Make the SOC More…

Read more →

In today’s cybersecurity news… Car rental company Avis discloses data breach According to notification letters sent to customers on Wednesday and filed with California’s Office of the Attorney General, the […] The post Cybersecurity News: Avis rentals breach, Microsoft disables…

Read more →

CISO Series Podcast will be heading to HOU.SEC.CON to do a live audience recording of our show. Joining me on stage will be the incomparable Jerich Beason, CISO, WM, and […] The post CISO Series Podcast LIVE in Houston (09-24-24)…

Read more →

In today’s cybersecurity news… Planned Parenthood cyberattack Officials from the nonprofit agency have confirmed that a cyberattack has impacted its IT systems, forcing it to take parts of its infrastructure […] The post Cybersecurity News: Planned Parenthood cyberattack, DoJ propaganda…

Read more →

On the Monday just before HOU.SEC.CON. launches in Houston, CISO Series will be hosting a meetup for both the listeners of the CISO Series AND those who have never heard […] The post Join Us 9-23-24 For a CISO Series…

Read more →

Threat actors don’t need certifications or a degree to be good at their job. So why do we keep trying to demand those from new cyber hires? And could a […] The post Hiring Cyber Teenagers with Criminal Records appeared…

Read more →

In today’s cybersecurity news… Spyware research report A new study from the Atlantic Council’s Cyber Statecraft Initiative tracked the evolution of the spyware market, looking at larger players like NSO […] The post Cybersecurity News: Spyware research, Cicada rebrand, MacroPack…

Read more →

CISO Series Podcast will be at the 2024 SFISSA Hack the Flag Conference to do a live audience recording of our show. Joining me on stage will be Adam Fletcher, […] The post CISO Series Podcast LIVE in Boca Raton,…

Read more →

In today’s cybersecurity news… Halliburton confirms data stolen in cyberattack Following up on a story we brought to you last week on Cyber Security Headlines, the U.S. oil service giant […] The post Cybersecurity News: Halliburton data stolen, Columbus sues…

Read more →

What good are network security alerts if they never get addressed? Frustration around this issue led Edward Wu to create Dropzone AI. I spoke with Edward about how he pivoted […] The post Automating Network Alert Investigations with Dropzone AI…

Read more →

Just because a vendor is selling a security solution doesn’t mean they should expect your trust right away. Too many vendors initiate relationships with requests that stink of phishing emails. […] The post Red Flag? My Vendor Just Asked for…

Read more →

In today’s cybersecurity news… Transport for London suffers cyberattack The local government body responsible for most of the transport system in Greater London is currently dealing with a cyberattack, but […] The post Cybersecurity News: London transport cyberattack, German ATC…

Read more →

In today’s cybersecurity news… Seattle Airport issues travelers’ advisory for Labor Day travel The cyberattack that hit Seattle-Tacoma International Airport last week has forced the airport to warn passengers to […] The post Cybersecurity News: Seattle airport woes, aircraft cockpit…

Read more →

In today’s cybersecurity news… DICK’S Sporting Goods suffers cyberattack The largest chain of sporting goods retail stores in the U.S. has now confirmed that confidential information was exposed in a […] The post Cybersecurity News: DICK’S Sporting Goods cyberattack, Brain…

Read more →

We know third-party risk management is a pain. If nobody likes the universally agreed upon solutions like questionnaires, what are we doing that’s improving the situation? Check out this post […] The post What’s Working With Third-Party Risk Management? appeared…

Read more →

Iran targeting presidential administration officials CNN reports that a threat group believed to be working at the behest of Iran’s Islamic Revolutionary Guard Corps has targeted officials in both the […] The post Cybersecurity News: Iran hacking, Labour Party backlog,…

Read more →

One of the big trends with threat actors over the past year is a rise in multi-factor authentication (MFA) attacks. Attackers have turned to increased sophistication using a variety of […] The post Beating MFA Fatigue and AI-Driven Attacks with…

Read more →

Please join us on Friday September 13, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Leadership Skills: An hour of critical thinking about building the skills […] The post Join Us 09-13-24 for “Hacking Leadership Skills”…

Read more →

Please join us on Friday September 6, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking Tabletop Exercises: An hour of critical thinking about enhancing incident response […] The post Join Us 09-06-24 for “Hacking Tabletop Exercises”…

Read more →

In today’s cybersecurity news… Texas credit union user data exposed in another MOVEit breach Just when we thought MOVEit breaches had faded from the headlines, a new one has surfaced, […] The post Cybersecurity News: Another MOVEit incident, U.S. Marshals…

Read more →

The relationship between a CIO and CISO can be fraught. Often this stems from the reporting structure of an organization, with CISO’s reporting directly to the CIO. So how can […] The post Well, I Think My Relationship With the…

Read more →

In today’s cybersecurity news… SonicWall warns of critical access control flaw SonicWall released a bulletin detailing the vulnerability that impacts SonicOS’s use on its Gen 5, Gen 6, and some […] The post Cybersecurity News: SonicWall access flaw, Microsoft security…

Read more →

In today’s cybersecurity news… Halliburton takes systems offline following cyberattack The oil field services company informed regulators and the media on Friday about a recent cyberattack that “necessitated the shut-down […] The post Cybersecurity News: Halliburton suffers cyberattack, Telegram CEO…

Read more →

In today’s cybersecurity news… Kremlin complains of DDoS attack, digital experts not so sure Disruptions that occurred on Wednesday for some Russian users of WhatsApp, Telegram, Skype, Discord, Twitch, Wikipedia, […] The post Cybersecurity News: Russia’s questionable DDoS, FAA’s cybersecurity…

Read more →

CISOs are familiar with dealing with stress, making high-stakes decisions, and operating in an industry of unknown unknowns. But there are some things that still get under their skin and […] The post What Triggers a CISO? appeared first on…

Read more →

In today’s cybersecurity news… Security initiative from Japanese auto companies Dozens of companies in the Japan Automotive Information Sharing and Analysis Center signed on to a collaborative initiative to improve […] The post Cybersecurity News: Japanese auto security, Feds tap…

Read more →

Does data security need to be complex? Perhaps in the past, but modern AI and cloud solutions simplify data security at scale, argues Yotam Segev, Co-Founder and CEO, Cyera. The […] The post Mastering Data Visibility for Secure AI Adoption…

Read more →

In today’s cybersecurity news… Toyota confirms third-party data breach impacting customers Toyota has confirmed that customer data was exposed in a data breach of an unnamed third-party. Toyota said the […] The post Cybersecurity News: Toyota third-party breach, Hawaii registry…

Read more →

The road to becoming a CISO is highly individual. Often a CISO will not come from a technical background, or their technical background is long in their career rearview mirror. […] The post I Said I Was Technically a CISO,…

Read more →

‘Only’ 1.3 million affected by National Public Data breach   The Florida-based data broker officially confirmed the breach which happened earlier this year that’s now been estimated to have impacted 1.3 […] The post Cybersecurity News: National Public Data breach update,…

Read more →

A point-in-time pentest is insufficient in today’s cybersecurity landscape. Casey Cammilleri, CEO & Founder, Sprocket Security, explained to me that constantly changing targets, such as new application deployments and infrastructure […] The post Combining Continuous Pentesting with Attack Surface Management…

Read more →

In today’s cybersecurity news… Microsoft Entra admins must enable MFA or lose access to admin portals As part of its new Secure Future Initiative, Microsoft is warning global admins of […] The post Cybersecurity News: Entra forces MFA, another AnyDesk…

Read more →

In today’s cybersecurity news… GitHub vulnerability warning regarding ArtiPacked This is a new attack vector, spelled ArtiPacked, and according to researchers at Palo Alto Networks, it could be exploited to […] The post Cybersecurity News: GitHub artifact warning, RansomHub’s EDR…

Read more →

CISO stands for Chief Information Security Officer. So why do we sometimes pigeonhole their duties under “just” cybersecurity? Check out this post for the discussion that is the basis of […] The post Information Security vs. Cybersecurity appeared first on…

Read more →

Google details privacy commitments with Gemini AI Google announced new hardware and Gemini AI features this week. Many of these AI tools will feature local offline-only processing using its smaller […] The post Cybersecurity News: Gemini AI privacy, AI Risk…

Read more →

For all the intricacies and hype around AI and large language models, Nabil Hannan, Field CISO, NetSPI, reminds us that they lack any kind of true intelligence, it’s all just […] The post Understanding AI Bias and Security with NetSPI…

Read more →

In today’s cybersecurity news… FBI shutters Radar ransomware gang servers On Monday, the Federal Bureau of Investigation (FBI) announced it has disrupted the infrastructure associated with a nascent ransomware group […] The post Cybersecurity News: FBI shutters Radar, NIST post-quantum…

Read more →

Large companies aren’t traditionally known for being the fastest to adopt new technologies. So why is cybersecurity the exception? It seems like the larger or more highly regulated an enterprise, […] The post Why Are Fortune 500 Companies Swiping Right…

Read more →

U.S. operation of “laptop farm” for North Korea shutdown Tennessee resident Matthew Isaac Knoot has been arrested for allegedly running a ‘laptop farm’ to help North Korean IT workers secure […] The post Cybersecurity News: U.S. “laptop farm” shut down,…

Read more →

In today’s cybersecurity news… Iranian hackers ramping up U.S. election interference Microsoft has issued a new report stating that Iranian hackers have “increased their efforts to influence the upcoming U.S. […] The post Cybersecurity News: Iran election interference, AMD SinkClose…

Read more →

In today’s cybersecurity news… Chameleon reappears targeting Canadian restaurant chain The malware originally known for attacking banks has now begun targeting hospitality workers in Canada and Europe, including “an unnamed […] The post Cybersecurity Headlines: Chameleon malware reappears, Rhysida hospital…

Read more →

How far can we extend a deny-by-default approach as we build out our zero-trust architecture? Can that aggressive security tactic work for the business without disrupting productivity? Conventional wisdom says […] The post Should Deny By Default Be the Cornerstone…

Read more →

In today’s cybersecurity news… McLaren hospitals disruption linked to INC ransomware attack On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following a cyber attack. The […] The post Cybersecurity Headlines: McLaren hospitals disrupted, CrowdStrike improves…

Read more →

Jumping from penetration testing to a full proactive security platform isn’t an easy move. But as organizations need to address the critical needs of IT organizations, InfoSec teams, and CISOs, […] The post How NetSPI Built a Proactive Security Platform…

Read more →

Please join us on Friday August 23, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Future of Pentesting: An hour of critical thinking about how […] The post Join Us 08-23-24 for “Hacking the Future…

Read more →

Google patches Android kernel zero-day As part of its Android security update for August, Google patched 46 vulnerabilities. This included a use-after-free vulnerability in the Android network route management stack […] The post Cybersecurity Headlines: Google kernel zero-day, voter portal…

Read more →

CrowdStrike strikes back against Delta’s claims of negligence The finger-pointing continues as CrowdStrike responds to Delta’s lawsuit threats with attorneys from CrowdStrike rejecting Delta’s claims that the company failed to […] The post Cybersecurity Headlines: CrowdStrike strikes back against Delta,…

Read more →

Many businesses realize that cyberattacks are inevitable and a sound business policy, led by the security department, is one of resiliency. Business continuity planning and disaster recovery are understood goals, […] The post We Make Threat Actors Read Our Resiliency…

Read more →

Hackers use ISP to send malware through software updates The hacking group known as both StormBamboo and Evasive Panda has been observed exploiting an internet service provider in order to […] The post Cybersecurity Headlines: Software update malware, investors sue…

Read more →

In today’s cybersecurity news… Cencora confirms patient data stolen in February cyberattack Following up on cyberattack on pharmaceutical supplier Cencora, the company has now confirmed, in an updated filing to […] The post Cybersecurity News: Cencora patient breach, OneDrive phishing…

Read more →

In today’s cybersecurity news… DDoS attacks won’t impact US elections CISA and the FBI issued a joint statement to this effect, saying that DDoS activity could at best make accessing […] The post Cybersecurity News: Elections and DDoS, dating apps…

Read more →

We’re increasingly seeing the industry fill up with Field CISOs. Why is the CISO out in the field? What does that role entail? Check out this post for the discussion […] The post What Is a Field CISO? appeared first…

Read more →

We’re seeing increasing pressure and anxiety put on the CISO role, as legal and regulatory pressure seems to single out people in these positions. This leaves CISOs with a lot […] The post The Challenges and Responsibilities of CISOs with…

Read more →

Please join us on Friday August 16, 2024 for Super Cyber Friday. Our topic of discussion will be “Hacking the Demo: An hour of critical thinking about how to be […] The post Join Us 08-16-24 for “Hacking the Demo”…

Read more →

In today’s cybersecurity news… Delta enlists Microsoft’s legal nemesis over CrowdStrike losses Delta Air Lines suffered an estimated $500 million in operational losses due the CrowdStrike update that caused a […] The post Cybersecurity News: Delta’s legal maneuver, Record-breaking ransom,…

Read more →

If incident response’s mission statement is so clear, why do so many companies struggle when delivering on it? Often the fault lies with communications. The business and its divisions are […] The post Incident Response Is So Important We Might…

Read more →

4.3 million impacted by HealthEquity data breach One of the largest HSA providers in the U.S., HealthEquity, is in the process of notifying 4.3 million people that their personal and […] The post Cybersecurity News: HealthEquity data breach, CrowdStrike impact…

Read more →

In today’s cybersecurity news… PyPi package targets MacOS Researchers from Checkmarx have discovered a malicious package on the Python Package Index (PyPI) focused on Apple macOS systems. Its goal is […] The post Cybersecurity News: PyPi package targets MacOS, Columbus,…

Read more →

In today’s cybersecurity news… Hackers exploiting Microsoft Defender SmartScreen bug Researchers at Fortinet FortiGuard Labs have observed a new campaign that exploits an Internet Shortcut Files Security Feature Bypass vulnerability […] The post Cybersecurity News: Microsoft Defender exploited, assassin’s encryption…

Read more →