Category: CISO Series

Goldoon botnet exploits D-Link routers The exploit involves a security flaw that is almost 10 years old, specifically CVE-2015-2051 which has a CVSS score of 9.8. It affects D-Link’s DIR-645 […] The post Cyber Security Headlines: Goldoon exploits D-Link, CISA…

Read more →

Season 2 of Capture the CISO is not over. We still have the finals! And it’s going to be LIVE on Friday, May 17th, 2024 at 1 PM ET/10 AM […] The post Join Us 05-17-24 for the Capture the…

Read more →

Chinese disinformation proving ineffectual We’ve had several election cycles haunted by the threat of Chinese disinformation campaigns, made only more ominous with the advent of modern generative AI tools. But […] The post Cyber Security Headlines: Chinese disinformation, NCSC AMS,…

Read more →

Scaling least privilege in the cloud remains challenging. Throwing more people at the problem isn’t feasible, so how are you managing it? Check out this post for the discussion that […] The post Scaling Least Privilege for the Cloud appeared…

Read more →

Welcome to episode three of Capture the CISO Season 2! Our host is Rich Stroffolino and our judges are Christina Shannon, CIO, KIK Consumer Products and Dan Walsh, CISO, Paxos. Our contestants: […] The post Capture the CISO S2E3: BugProve, Egress, and Zenity…

Read more →

UnitedHealth Group CEO faces congress & cause of hack revealed The CEO of UnitedHealth Group, the parent company of Change Healthcare, is set to testify before a congressional committee today, […] The post Cyber Security Headlines: UnitedHealth Group CEO faces…

Read more →

USPS phishing sites are popular In October 2023, researchers at Akamai began observing traffic to combosquatting phishing domains impersonating the US Postal Service, all using the same malicious JavaScript file. […] The post Cyber Security Headlines: USPS phishing, UK IoT…

Read more →

Technical debt is an inevitability in any organization. But how do you go about “paying it down?” This requires a framework to understand the risk the technical debt represents to […] The post I Really Shouldn’t Have Agreed to Variable…

Read more →

For many organization, risk programs are driven by compliance requirements. What compliance framework you use will directly impact what processes you have in place around risk, noted Kim Elias, Senior […] The post How Compliance Can Launch Your Risk Program…

Read more →

Kaiser Permanente website tracking tools may have compromised customer data The healthcare giant is alerting more than 13 million customers that their personal information may have been shared with third-party […] The post Cyber Security Headlines: Kaiser Permanente breach, DSH…

Read more →

Going to the RSA Conference? Looking forward to having some fun, win prizes, and enjoy lunch? Then come to our CISO Series game show that will be happening on Tuesday, […] The post PREVIEW: CISO Series Game Show During RSA…

Read more →

Google postpones third-party cookie deprecation Google has announced that it is once again delaying its plans to deprecate third-party tracking cookies in its Chrome web browser. This time the reason […] The post Cyber Security Headlines: Google postpones cookies, Brocade…

Read more →

Knowing what data your organization holds is critical to using it effectively. But organizations don’t know where to start getting their data in order. In this video Greg Clark, director […] The post The Importance of Data Hygiene with OpenText…

Read more →

Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud […] The post Cyber Security Headlines: Chinese keyboard flaws, hacked…

Read more →

Ask any CISO how they feel about sales pitches and be prepared for a litany of sins. But when do these legitimate complaints cross the line to sounding entitled? Check […] The post Should CISOs Be More Empathetic Towards Salespeople?…

Read more →

Welcome to episode one of Capture the CISO Season 2! Our judges are Arvin Bansal, CISO, C&S Wholesale Grocers and  Brett Conlon, CISO, American Century Investments. Our contestants: And don’t forget to join […] The post Capture the CISO S2E2: HYAS, Nudge Security, and…

Read more →

Iranian nationals charged with hacking U.S. companies and agencies On Tuesday, four Iranian nationals (Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab) were indicted in a Manhattan […] The post Cyber Security Headlines: Iranian hackers charged, Siemens…

Read more →

RedLine stealer variant delivers Lua bytecode by disguising as game cheat According to McAfee Labs, this off-the-shelf variant of RedLine malware gathers saved credentials, autocomplete data, credit card information, and […] The post Cyber Security Headlines: RedLine GitHub connection, MITRE…

Read more →

TikTok ban passes the US House The bill passed as part of a larger foreign aid package by a vote of 360-58. THe House passed a similar standalone TikTok ban […] The post Cyber Security Headlines: TikTok ban update, Sandworm…

Read more →

Lots of businesses pledge to never pay ransomware demands. That sounds good, but priorities quickly change when you need to get the business back to normal after an attack occurs. […] The post We’ll Invest in Resilience as Soon as…

Read more →