Cloudflare repels another record DDoS Africa's largest supermarket chain hit with ransomware Resurgence in travel not ignored by threat actors Thanks to today's episode sponsor, Datadog Check out Datadog 's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.c...
Jun 16, 2022•6 min
US defense contractor discusses takeover of NSO spyware DoJ will no longer prosecute ethical hackers Attack on Kaiser Permanente exposes data of thousands of customers Thanks to today's episode sponsor, Datadog Watch Datadog 's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams a...
Jun 15, 2022•6 min
Leaky continuous integration logs Exchange servers used to deploy Black Cat Bluetooth can be used to track phones Thanks to today's episode sponsor, Datadog Check out Datadog 's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/...
Jun 14, 2022•7 min
Amazon's chat app has a child sex abuse problem Ransomware decryptors now for sale on gaming platform China's biggest online influencers go dark Thanks to today's episode sponsor, Datadog Watch Datadog 's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results...
Jun 13, 2022•8 min
Link to Blog Post This week's Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Upendra Mardikar , CSO, Snap Finance Thanks to our sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," ...
Jun 10, 2022•26 min
MFA could be long haul for some federal agencies says CISA official New Emotet variant stealing users' credit card information from Google Chrome Symantec: More malware operators moving in to exploit Follina Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effec...
Jun 10, 2022•8 min
Lack of reporting hurting the ransomware fight CISA warns of China-linked network snooping Personal information marketplace taken down Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in ef...
Jun 09, 2022•7 min
Passwords are finally dead Hackers steal credit cards from online gun shops Shields data breach affects 2 million patients Thanks to today's episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an asse...
Jun 08, 2022•8 min
The once and future AlphaBay Karakurt adopts bill collector tactics China concludes its cybersecurity review of Didi Thanks to today's episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a "5X ROI in 1 year," a "30% increase in efficiency," have "c...
Jun 07, 2022•7 min
Evasive phishing mixes reverse tunnels and URL shortening services Exploit released for Atlassian Confluence RCE bug, patch now Lawmakers are racing to pass tech antitrust reforms before midterms Thanks to today's episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy acc...
Jun 06, 2022•8 min
Link to Blog Post This week's Cyber Security Headlines – Week in Review , May 30-June 3, is hosted by Rich Stroffolino with our guest, Steve Zalewski , Co-host, Defense in Depth Thanks to today's episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com...
Jun 03, 2022•23 min
Leaked Conti chats confirm gang's ability to conduct firmware-based attacks Critical UNISOC chip vulnerability affects millions of Android smartphones ExpressVPN removes servers in India after refusing to comply with government order Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code ...
Jun 03, 2022•8 min
Europol shuts down FluBot Hive ransomware kicks Costa Rica when its down CISA issues advisory on voting machine vulnerabilities Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as...
Jun 02, 2022•7 min
Follina vulnerability under active exploitation Tension inside Google over conduct of fired researcher IBM to pay $1.6 billion for poaching customer account Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous...
Jun 01, 2022•7 min
China censoring open-source code Follina zero-day hits Office EnemyBot botnet acts fast Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimm...
May 31, 2022•7 min
Pro-Russian hacker group KillNet plans to attack Italy today Microsoft warns that hackers are using more advanced techniques to steal credit card data China makes offer to ten nations help to run their cyber-defenses Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facil...
May 30, 2022•8 min
Up to 83% of known compromised passwords would satisfy regulatory requirements Broadcom confirms deal to acquire VMware Experts warn of rise in ChromeLoader malware Thanks to today's episode sponsor, Optiv Up for a Zero Trust Crash Course ? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv's Zero Trust principles - How to visualize you...
May 27, 2022•8 min
Popular open source libraries leaked keys for "research" DuckDuckGo gives Microsoft a pass on trackers Microsoft weathers the vulnerability storm Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to...
May 26, 2022•7 min
Interpol warns nation-state malware could become a commodity on dark web soon General Motors Hit by cyber-attack exposing car owners' personal info Canada to ban China's Huawei and ZTE from its 5G networks Thanks to today's episode sponsor, Optiv Up for a Zero Trust Crash Course ? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv's Zer...
May 25, 2022•8 min
Cyberattack divorces Zola users from registries A look at the RansomHouse data-extortion operation Now we have to worry about pre-hijacking attacks Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies ...
May 24, 2022•7 min
Ransomware victim trolls hackers with obscene pics CISOs list top cyber threats to enterprises in 2022 YouTube removes more than 9,000 Ukraine war-related channels Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrat...
May 23, 2022•8 min
Link to Blog Post This week's Cyber Security Headlines – Week in Review , May 16-20, is hosted by Rich Stroffolino with our guest, Jerich Beason , CISO, Commercial Bank, CapitalOne Thanks to today's episode sponsor, Torq All links and the video of this episode can be found on CISO Series.com...
May 20, 2022•24 min
Greenland health services limited from cyberattacks Phishing attacks surge in Q1 Google details 2021 zero-days And now let's thank today's sponsor, Torq Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an applicat...
May 20, 2022•7 min
VMware bugs abused to deliver Mirai malware Microsoft to debut of zero trust GDAP tool Bank of Zambia refuses to pay ransom to cyberattack group Hive And now let's thank today's sponsor, Torq Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead del...
May 19, 2022•8 min
Buffalo massacre suspect signaled plans on Discord for months Google faces litigation for unauthorised use of medical records Venezuelan doctor accused of developing and distributing ransomware And now let's thank today's sponsor, Torq Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance...
May 18, 2022•8 min
Costa Rican ransomware rhetoric somehow gets uglier DOJ files its first criminal cryptocurrency sanctions case Trying to fix open source supply chain security And now let's thank today's sponsor, Torq Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration ...
May 17, 2022•7 min
Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Microsoft fixes new PetitPotam Windows NTLM relay attack vector Hackers are exploiting critical bug in Zyxel firewalls and VPNs And now let's thank today's sponsor, Torq Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and...
May 16, 2022•8 min
Link to Blog Post This week's Cyber Security Headlines – Week in Review , May 9-13, is hosted by Rich Stroffolino with our guest, Rich Lindberg , CISO, JAMS Thanks to our sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog 's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to r...
May 13, 2022•24 min
Google will use mobile devices to thwart phishing attacks CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability Kick China off social media, says tech governance expert Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog 's engineers on how teams can speed up investigations by assessing security and observability...
May 13, 2022•9 min
Old botnets are new again Meta withdraws Oversight Board guidance request EU proposes new CSAM rules Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog...
May 12, 2022•7 min