Pitiful password enabled recent water treatment facility hack Border patrol scans millions of faces, catches 0 imposters at airports India using a glitchy app to inoculate 300 million people by August Thanks to our episode sponsor Altitude Networks Wouldn't it be great if you could INSTANTLY KNOW if a file containing sensitive information was shared in the wrong way, anywhere in your company AND security had a real time slack notification with a magic "undo button"?! Altitude Networks solves the...
Feb 12, 2021•8 min
Link to Blog Post This week's Cyber Security Headlines - Week in Review , February 8-12, 2021 is hosted by Steve Prentice ( @stevenprentice ) with our guest, Johna Till Johnson ( @JohnaTillJohnso ), CEO, Nemertes Research . Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G ...
Feb 11, 2021•23 min
SIM swapping gang targeting celebrities arrested Researcher demonstrates the vulnerability of open source to supply chain attacks Google study looks at high-risk victims of email attacks Thanks to our episode sponsor Altitude Networks "Uh oh! Charles just accidentally shared the board deck by link on the company slack channel… and the link is open to all employees! I hope we can take it down before the M&A information leaks!" Does this scenario sound familiar? Make sure it doesn't happen at ...
Feb 11, 2021•6 min
Office 365 will help admins find impersonation attack targets U.S. agencies publish ransomware factsheet Europol busts international cybercriminal group Thanks to our episode sponsor Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You're a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can au...
Feb 10, 2021•8 min
A look at Iranian spyware operations Florida water treatment plant hacked to distribute harmful chemicals Microsoft to add 'nation-state activity alerts' to Defender Thanks to our episode sponsor Altitude Networks Remember that time when someone at work accidentally shared a Google document to your personal email? Well, that happens a lot and it leaves a backdoor to cloud data for former employees or contracts. Altitude Networks is the only solution that will protect you from this and many other...
Feb 09, 2021•7 min
New phishing attack uses Morse code to hide malicious URLs Hacked by SolarWinds, Mimecast lays off staff despite record profits Activists complain of weakened voting security standard Thanks to our episode sponsor Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It's a lot more than you might think. Altitude...
Feb 08, 2021•8 min
Canada calls Clearview AI's facial recognition 'mass surveillance' Amazon pulls Big-Brother move, puts AI cameras in delivery vans Myanmar blocks Facebook following military coup Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at w...
Feb 05, 2021•8 min
Link to Blog Post This week's Cyber Security Headlines - Week in Review , February 1-5, 2021 is hosted by Steve Prentice ( @stevenprentice ) with our guest, Shawn Bowen , CISO, Restaurant Brands International (RBI) Thanks to our episode sponsor HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenie...
Feb 04, 2021•26 min
Microsoft sees a rise in business email compromise attacks on schools Facebook takes a proactive content stance after Myanmar coup SolarWinds CEO says its email systems were compromised for months Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protectio...
Feb 04, 2021•6 min
Another SolarWinds vulnerability used to hack National Finance Center SonicWall confirms actively exploited zero-day Microsoft Defender now detects macOS vulnerabilities Thanks to today's sponsors, HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidgloba...
Feb 03, 2021•7 min
Deloitte's CDC vaccine system comes up short Myanmar internet and telecom disruptions continue due to coup Sprite Spider emerges as one of the most destructive ransomware threat actors this year Thanks to our sponsor, HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn m...
Feb 02, 2021•8 min
Suspected Russian hack extends far beyond SolarWinds software Russian hack brings changes and uncertainty to US court system Section 230 emerges as Robinhood's shield from lawsuits Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global's advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa . For the stori...
Feb 01, 2021•8 min
Unhappy #DataPrivacyDay to us all WhatsApp adds biometric authentication to web, desktop versions Sources: Facebook preps suit against Apple over App Store rules And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools": Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability ...
Jan 29, 2021•7 min
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 25-29, 2021, is hosted by Steve Prentice @stevenprentice with our guest, Steve Zalewski , Deputy CISO, Levi Strauss . Thanks to our sponsor, Nucleus Security All this week on our daily news podcast, Nucleus Security has been sharing some antipatterns in vulnerability management, such as relying on spreadsheets to track risks, relying on homegrown vulnerability management tools that were abandoned due to complexity or ...
Jan 28, 2021•25 min
10-year old sudo bug patched Mass Emotet uninstall planned for March 25th Microsoft's security business exceeds $10 billion in revenue And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #4: "Homegrown Vulnerability Management Tools": Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, repla...
Jan 28, 2021•6 min
Google's Threat Analysis Group warns of social engineering hack aimed at security researchers Verizon outage started in Brooklyn TikTok fixes flaws allowing theft of private user information And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #3: "The Army of Analysts": Manual vulnerability analysis doesn't scale. In large enterprises, it's impossible to hire enough vulnerability analysts to manually analyze and triage vulnerability s...
Jan 27, 2021•7 min
Google's cookie replacement performs well in tests Twitter Birdwatch pilot launches WhatsApp wormable malware found on Android And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern #2: "CVSS prioritization": CVSS scores are useful, but you need much more than scores to determine what to fix and when to fix it; Business context and vulnerability intelligence are key to prioritizing vulnerabilities in large enterprises. Learn how Nucleus ...
Jan 26, 2021•7 min
President Biden takes on cybersecurity on day one SonicWall firewall maker hacked using zero-day in its VPN device Intel probes reports of quarterly earnings hack And now our sponsor Nucleus Security brings you "The Top 5 Antipatterns in Vulnerability Management": Antipattern No. 1: "Spreadsheet Hell": Relying on Microsoft Excel to track risks and answer questions about your vulnerability data is inefficient and insecure. Learn how Nucleus can rescue you from spreadsheet hell and provide the dat...
Jan 25, 2021•8 min
Technologists comb through Parler videos with facial recognition EU privacy watchdogs go after employers who spy on workers Google investigates top AI ethicist's exfiltration of thousands of files Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these ass...
Jan 22, 2021•8 min
Link to Blog Post This week's Cyber Security Headlines Week in Review, January 18-22, 2021 is hosted by Steve Prentice @stevenprentice with our guest Joshua Scott , Head of Information Security at Postman. Thanks to our episode sponsor Armis A rmis has research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of...
Jan 21, 2021•22 min
Malwarebytes breached by the group that attacked Solarwinds Google researcher finds security flaws impacting popular chat apps Executive Order addresses malicious use of public clouds Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets —or the r...
Jan 21, 2021•7 min
FireEye releases report and network auditing tool for SolarWinds-type hacks SolarWinds malware arsenal widens with Raindrop DNSpooq bugs let attackers hijack DNS on millions of devices Thanks to our episode sponsor Armis One of the biggest challenges security teams face is they do not have a clear picture of all assets in their environment. The resulting 'blind spot' means they have no way to efficiently, credibly, and automatically manage security. Armis Asset Management eliminates this blind s...
Jan 20, 2021•7 min
Parler resurfaces online Darknet forum Joker's Stash shutting down Microsoft Defender to enable auto-remediation by default Thanks to our episode sponsor Armis All cybersecurity programs start with gaining full visibility into all the assets in the environment. Yet security teams continue to struggle to see every thing they have. This asset blind spot means security teams don't have an accurate picture of what needs to be managed and secured. Head over to armis.com to see how Armis Asset Managem...
Jan 19, 2021•7 min
Xiaomi added to Pentagon blacklist Dating apps are using images from the siege to ban rioters' accounts NSA suggests enterprises use designated DNS-over-HTTPS resolvers Thanks to our episode sponsor Armis Lack of complete visibility to all assets in any environment is a huge cybersecurity challenge for every organization. And fragmentation across tools and systems along with broken remediation makes Cybersecurity Asset Management near impossible. Armis Asset Management addresses this issue provi...
Jan 18, 2021•7 min
Hackers waltzed past MFA used by CISA on cloud accounts Social media convulses after Capitol attack Google fixes bug that delayed COVID contact-tracing apps Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data ...
Jan 15, 2021•8 min
Link to blog post This week's Cyber Security Headlines Week in Review, January 11-15, 2021 is hosted by Steve Prentice @stevenprentice with our guest Allan Alford , @AllanAlfordinTX . Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Managemen...
Jan 14, 2021•23 min
Europol confirms dark web marketplace takedown Google to reportedly block all political ads... again DoD halts deployment of cybersecurity system Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor's homework? Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor. This practice reduces exposures that can occur from poorly monitored data disposition...
Jan 14, 2021•7 min
Hackers leak stolen Pfizer COVID-19 vaccine data online Social media's big terrible week Parler archived due to "mind-numbing" mistake Thanks to our episode sponsor, IT Asset Management Group Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group 's free...
Jan 13, 2021•8 min
SolarWinds breach now linked to Turla UK ruling limits the reach of "general warrants" UN data breach exposes staff records Thanks to our episode sponsor, IT Asset Management Group How does your organization measure a successful IT asset disposal program? Are decisions driven by dollars saved, ease of use, or security and compliance risk reduction? You should not have to choose one over the other. Utilizing IT Asset Management Group 's best practices guide will ensure your data disposition progr...
Jan 12, 2021•7 min
Parler removed from Apple, Google, and Amazon Facial-recognition app Clearview sees a spike in use after Capitol attack Emotet tops malware charts in December after reboot Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices. These policies should be readily available and regularly reviewed by leadership. IT Asset Management Group offe...
Jan 11, 2021•7 min
