Suspected Russian hack extends far beyond SolarWinds software Russian hack brings changes and uncertainty to US court system Section 230 emerges as Robinhood's shield from lawsuits Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa . For the stori...
Feb 01, 2021•8 min
Unhappy #DataPrivacyDay to us all WhatsApp adds biometric authentication to web, desktop versions Sources: Facebook preps suit against Apple over App Store rules And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools": Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability ...
Jan 29, 2021•7 min
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 25-29, 2021, is hosted by Steve Prentice @stevenprentice with our guest, Steve Zalewski , Deputy CISO, Levi Strauss . Thanks to our sponsor, Nucleus Security All this week on our daily news podcast, Nucleus Security has been sharing some antipatterns in vulnerability management, such as relying on spreadsheets to track risks, relying on homegrown vulnerability management tools that were abandoned due to complexity or ...
Jan 28, 2021•25 min
10-year old sudo bug patched Mass Emotet uninstall planned for March 25th Microsoft's security business exceeds $10 billion in revenue And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools": Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, repla...
Jan 28, 2021•6 min
Google's Threat Analysis Group warns of social engineering hack aimed at security researchers Verizon outage started in Brooklyn TikTok fixes flaws allowing theft of private user information And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #3: "The Army of Analysts": Manual vulnerability analysis doesn't scale. In large enterprises, it's impossible to hire enough vulnerability analysts to manually analyze and triage vulnerability s...
Jan 27, 2021•7 min
Google's cookie replacement performs well in tests Twitter Birdwatch pilot launches WhatsApp wormable malware found on Android And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #2: "CVSS prioritization": CVSS scores are useful, but you need much more than scores to determine what to fix and when to fix it; Business context and vulnerability intelligence are key to prioritizing vulnerabilities in large enterprises. Learn how Nucleus ...
Jan 26, 2021•7 min
President Biden takes on cybersecurity on day one SonicWall firewall maker hacked using zero-day in its VPN device Intel probes reports of quarterly earnings hack And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern No. 1: "Spreadsheet Hell": Relying on Microsoft Excel to track risks and answer questions about your vulnerability data is inefficient and insecure. Learn how Nucleus can rescue you from spreadsheet hell and provide the dat...
Jan 25, 2021•8 min
Technologists comb through Parler videos with facial recognition EU privacy watchdogs go after employers who spy on workers Google investigates top AI ethicist's exfiltration of thousands of files Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these ass...
Jan 22, 2021•8 min
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 18-22, 2021 is hosted by Steve Prentice @stevenprentice with our guest Joshua Scott , Head of Information Security at Postman. Thanks to our episode sponsor Armis A rmis has research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of...
Jan 21, 2021•22 min
Malwarebytes breached by the group that attacked Solarwinds Google researcher finds security flaws impacting popular chat apps Executive Order addresses malicious use of public clouds Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets —or the r...
Jan 21, 2021•7 min
FireEye releases report and network auditing tool for SolarWinds-type hacks SolarWinds malware arsenal widens with Raindrop DNSpooq bugs let attackers hijack DNS on millions of devices Thanks to our episode sponsor Armis One of the biggest challenges security teams face is they do not have a clear picture of all assets in their environment. The resulting 'blind spot' means they have no way to efficiently, credibly, and automatically manage security. Armis Asset Management eliminates this blind s...
Jan 20, 2021•7 min
Parler resurfaces online Darknet forum Joker's Stash shutting down Microsoft Defender to enable auto-remediation by default Thanks to our episode sponsor Armis All cybersecurity programs start with gaining full visibility into all the assets in the environment. Yet security teams continue to struggle to see every thing they have. This asset blind spot means security teams don't have an accurate picture of what needs to be managed and secured. Head over to armis.com to see how Armis Asset Managem...
Jan 19, 2021•7 min
Xiaomi added to Pentagon blacklist Dating apps are using images from the siege to ban rioters' accounts NSA suggests enterprises use designated DNS-over-HTTPS resolvers Thanks to our episode sponsor Armis Lack of complete visibility to all assets in any environment is a huge cybersecurity challenge for every organization. And fragmentation across tools and systems along with broken remediation makes Cybersecurity Asset Management near impossible. Armis Asset Management addresses this issue provi...
Jan 18, 2021•7 min
Hackers waltzed past MFA used by CISA on cloud accounts Social media convulses after Capitol attack Google fixes bug that delayed COVID contact-tracing apps Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data ...
Jan 15, 2021•8 min
Link to blog post This week's Cyber Security Headlines Week in Review, January 11-15, 2021 is hosted by Steve Prentice @stevenprentice with our guest Allan Alford , @AllanAlfordinTX . Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Managemen...
Jan 14, 2021•23 min
Europol confirms dark web marketplace takedown Google to reportedly block all political ads... again DoD halts deployment of cybersecurity system Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data disposition...
Jan 14, 2021•7 min
Hackers leak stolen Pfizer COVID-19 vaccine data online Social media's big terrible week Parler archived due to "mind-numbing" mistake Thanks to our episode sponsor, IT Asset Management Group Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group 's free...
Jan 13, 2021•8 min
SolarWinds breach now linked to Turla UK ruling limits the reach of "general warrants" UN data breach exposes staff records Thanks to our episode sponsor, IT Asset Management Group How does your organization measure a successful IT asset disposal program? Are decisions driven by dollars saved, ease of use, or security and compliance risk reduction? You should not have to choose one over the other. Utilizing IT Asset Management Group 's best practices guide will ensure your data disposition progr...
Jan 12, 2021•7 min
Parler removed from Apple, Google, and Amazon Facial-recognition app Clearview sees a spike in use after Capitol attack Emotet tops malware charts in December after reboot Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Management Group offe...
Jan 11, 2021•7 min
Our sponsor, Omada's identity governance tip of the day Deploy identity capabilities in phases. If you try to do a massive lift and shift problems will occur and it will probably take longer than you expect. See where you can add value early on. First, launch the solution's basic functionality. What can be done without writing custom code? Where you can deliver value at each iteration? You want to show continuous success rather than the fastest total completion time. Learn more at omada.net . Fo...
Jan 08, 2021•8 min
Link to Blog Post This week's Cyber Security Headlines Week in Review - January 4-8, 2021 is hosted by Steve Prentice, with our guest, Ross Young, CISO, Caterpillar Financial ( LinkedIn ). Thanks to our episode sponsor, Omada Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers,...
Jan 08, 2021•20 min
Rioters storm US Capitol, Trump's Twitter suspended SolarWinds attackers accessed DOJ's email server WhatsApp to share user data with Facebook Our sponsor, Omada's identity governance tip of the day According to Gartner, if you use a SaaS solution for identity governance and administration you'll save an average of 30 percent in initial integration costs. Here are some items to look for when choosing an IGA SaaS solution: Does it have high availability? Is it configurable to your specific busine...
Jan 07, 2021•7 min
Google, Alphabet employees unionize NYSE no longer plans to de-list Chinese firms Amazon banned from using AWS trademark in China Our sponsor, Omada's identity governance tip of the day Upon launching a project map your business priorities to best-practice identity processes. Then, perform a fit-gap analysis between functional areas in the process to the ideal goal. Where are key data and systems going? Where are there gaps? Are there deviations from best practices? You now have a blueprint of b...
Jan 06, 2021•7 min
Microsoft source code accessed by SolarWinds attackers Slack suffers massive outage UK judge denies Assange extradition to US Our sponsor, Omada's identity governance tip of the day Well-tested process frameworks are great starting points. No need to reinvent. Just tweak processes that have already proven effective such as automating identity management, access requests, cross-application segregation of duties, and least privilege access. Head over to omada.net to see how Omada can help you get ...
Jan 05, 2021•6 min
Russian SolarWinds hack damage escalates Backdoor account discovered in more than 100,000 Zyxel firewalls and VPN gateways Wall Street to kick out Chinese telecom giants Our sponsor, Omada's identity governance tip of the day Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers,...
Jan 04, 2021•8 min
T-Mobile discloses data breach CISA updates SolarWinds guidance Emotet strikes Lithuanian health infrastructure Thanks to our sponsor ReversingLabs Newly created digital data that supports productivity is growing greater than forty percent annually. With more employees working remote and businesses reliant on this digital content, what steps are you taking to ensure this data is secure? Learn more about how ReversingLabs can help establish secure digital business processes today and watch an on-...
Dec 31, 2020•6 min
Google Docs bug exposes users private documents Kawasaki discloses security breach, potential data leak Brexit deal warns of security dangers of Netscape Communicator Thanks to our sponsor ReversingLabs We've seen a 430% growth in next generation cyber attacks actively targeting open-source software projects. Worse yet, contemporary malware implements evasive techniques to avoid detection by AV and Sandbox technologies. What can you do to stay on top of these new threats? Learn more about how Re...
Dec 30, 2020•7 min
Defending the COVID-19 vaccine supply chain Cellular aggregation tool detailed in police records CISA releases malware detection tool for Azure and Microsoft 365 Thanks to our sponsor ReversingLabs The SolarWinds attack has highlighted the need to scan "gold" software images prior to their release or consumption, and look for software tampering, invalid digital signing, and build quality issues. Do you have the right controls in place to assess these risks? Learn more about how ReversingLabs can...
Dec 29, 2020•7 min
Microsoft resellers seen as Russian cyberattack mules GoDaddy employees fail holiday bonus phishing test SolarWinds releases updated advisory for new SUPERNOVA malware Thanks to our sponsor ReversingLabs Less than thirty percent of organizations have a formal threat hunting program, yet threat hunting has shown to improve overall security postures by over ten percent. What actions are you taking to upskill your security staff and bring threat hunting practices into your daily security practices?...
Dec 28, 2020•7 min
Treasury Department's senior leaders were targeted by SolarWinds hack Draft lawsuit alleges Google and Facebook agreed to team up against antitrust action Three VPN providers with criminal ties taken down Thanks to our sponsor ReversingLabs Ransomware is responsible for causing the most destructive amount of downtime - more than seventeen hours. Are you equipped to fight ransomware? Do you have the latest intelligence and indicators of compromise to block these attacks? Learn more about how Reve...
Dec 23, 2020•7 min