Cyber Security Headlines
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Wed, April 16, 2025
BREAKING: CVE Funding Doesn't Lapse
CISA issued a statement that it execution an option on its contract with MITRE to continue funding the CVE program.
Wed, April 16, 2025
Government CVE funding set to end, 4chan down following an alleged hack, China accuses US of launching advanced cyberattacks
Government CVE funding set to end Tuesday 4chan, the internet's most infamous forum, is down following an alleged hack China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines .
Tue, April 15, 2025
Slopsquatting risks, Morocco leak, EC ups US-based staff security
AI code dependencies are a supply chain risk Morocco investigates social security leak European Commission increases security measures for US-bound staff Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines .
Mon, April 14, 2025
CISA cuts planned, Windows ‘inetpub’ warning, health lab breach
Major workforce cuts planned for CISA Microsoft warns Windows users not to delete ‘inetpub’ folder Data breach at testing lab affects 1.6 million people Thanks to this week's episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines . Find the stories behind the headlines at CISOseries.com .
Fri, April 11, 2025
Week in Review: Fake ChatGPT passport, Apple appeals UK encryption, Oracle’s obsolete servers
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Carla Sweeney , SVP, InfoSec, Red Ventures Thanks to our show sponsor, Nudge Security <img src= "//assets.libsyn.com/show/289580/Use_Case_Ads_SaaS_S
Fri, April 11, 2025
President fires Krebs, Nissan Leaf hack, Typhoon tariff warning
President orders probe of former CISA Director Chris Krebs Nissan Leaf cars can be hacked for remote spying and physical takeover Infosec experts warn of China Typhoon retaliation against tariffs Thanks to our episode sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security, you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. <span style="font-size: 12pt;"
Thu, April 10, 2025
OCC major incident, Oracle confirms hack, Smokeloader servers seized
U.S. Comptroller suffers ‘major incident’ Oracle confirms "obsolete servers" hacked Police seize Smokeloader malware servers and detain customers Thanks to our episode sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today For the stories behind the headlines, visit CISOseries.com .
Wed, April 09, 2025
New WhatsApp vulnerability, Microsoft patches 125 Windows Vulns, Fake Microsoft Office add-in tools push malware
WhatsApp vulnerability could facilitate remote code execution German defense tech firm faces criticized for high-priced drones Microsoft Patches 125 Windows Vulns, Including Exploited CLFS Zero-Day Thanks to our episode sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, Google Workspace, and other critical apps. With Nudge, you’ll be alerted of risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and on-going identity governance. Start a free 14-day trial today
Tue, April 08, 2025
Apple encryption appeal, Xanthorox AI tool, weaponizing CRM
Apple appeals UK encryption back door order Researchers warn about AI-driven hacking tool PoisonSeed campaign weaponizes CRM system Thanks to our episode sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you’ve never heard of. For each tool, you’ll see who introduced it, who else is using it, where it’s integrated into other tools, and a vendor security profile. Get your free GenAI inventory today.
Mon, April 07, 2025
NSA Haugh fired, New WinRAR flaw, ChatGPT fake passport
Haugh fired from leadership of NSA and Cyber Command WinRAR flaw bypasses Windows Mark of the Web security alerts Researcher creates fake passport using ChatGPT Thanks to our episode sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com .
Fri, April 04, 2025
Week in Review: Microsoft’s account bypass, CrushFTP CVE clash, 23andMe warning
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Howard Holton , COO and industry analyst, GigaOm Thanks to our show sponsor, Qualys <span lang="EN-US" style= "font-size
Fri, April 04, 2025
Google patches Quick Share, ChatGPT temporary outage, UK Mail breach
Google patches Quick Share vulnerability ChatGPT suffered brief outage Wednesday UK’s Royal Mail investigates data leak claims Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information." Find the stories behind the headlines at CISOseries.com .
Thu, April 03, 2025
North Korean IT workers move into Europe, Stripe API skimming unveils theft techniques, Verizon API flaw exposes call history
North Korean IT worker army expands operations in Europe Stripe API skimming campaign unveils new techniques for theft Verizon call filter API flaw exposed customers' incoming call history Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."
Wed, April 02, 2025
Mozilla Thunderbird takes on Gmail, surge in scans on PAN GlobalProtect VPNs, Microsoft uncovers bootloader vulnerabilities
Mozilla Thunderbird finally takes on Gmail with new email service Surge in scans on PAN GlobalProtect VPNs hints at attacks Microsoft Using AI to Uncover Critical Bootloader Vulnerabilities Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."
Tue, April 01, 2025
FTC’s warning to 23andMe buyer, global phishing threats, Samsung breach
FTC sends warning to future 23andMe buyer Global phishing threat targets 88 countries Samsung data breach tied to old stolen credentials Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information."
Mon, March 31, 2025
Document converter warning, Resurge exploits Ivanti, Blacklock hackers exposed
FBI warns of increase in free online document converter scams Resurge malware exploits Ivanti flaw BlackLock hackers exposed through leak site vulnerability Thanks to today's episode sponsor, Qualys "Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise TruRisk Management. Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction— while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter, and more efficient risk management. Your secure future starts today with Qualys Enterprise TruRisk Management. Visit qualys.com/etm for more information." Find the stories behind the headlines at CISOseries.com .
Fri, March 28, 2025
Week in Review: Microsoft Trust abuse, 23andMe bankruptcy risks, NIST’s growing backlog
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop , CISO, The Weather Company Jonathan will be speaking at The CrowdStrike Crowd Tour, on Tuesday, April 15, 2025 in Atlanta – details here . He will also be speaking at the C Vision International Think Tank on April 24, 2025, also in Atlanta – details here . Thanks to our show sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. <span lang="EN-US" style= "font-size: 12pt; line-height: 115%; font-family: 'Calibri', sans-serif;" xml:l
Fri, March 28, 2025
JavaScript injection campaign, solar power vulnerabilities, SIM swap lawsuit
150,000 sites compromised by JavaScript injection Vulnerabilities in numerous solar power systems found T-Mobile pays $33 million in SIM swap lawsuit Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com .
Thu, March 27, 2025
Ransomware group claims attack on US telecom firm, New ReaderUpdate malware variants target macOS users, Oracle customers claim stolen data
New ransomware group claims attack on US Telecom firm WideOpenWest NSA warned of vulnerabilities in Signal app a month before Houthi strike chat New ReaderUpdate malware variants target macOS users Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Wed, March 26, 2025
EncryptHub exploit, Copilot agents, PETs in government
EncryptHub linked to Microsoft Management Console exploit Security Copilot gets AI agents A call for more PETs in government Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Tue, March 25, 2025
Hundreds of cyber criminals arrested, 23andMe data, Ukraine railway partially taken down
More than 300 cyber criminals arrested in Africa 23andMe bankruptcy puts millions of DNA records at risk Ukraine’s state railway partially down after attack Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
Mon, March 24, 2025
Tornado cash sanctions lifted, Russia Cloudflare outage, Microsoft Trust abused
U.S. Treasury lifts sanctions on Tornado Cash Web service outage in Russia due to reported Cloudflare block Microsoft Trust Signing service abused to code-sign malware Huge thanks to our episode sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com .
Fri, March 21, 2025
Week in Review: Google acquires Wiz, water utility improvements, more GitHub attacks
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon , CIO, KIK Consumer Products Thanks to our show sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout. All links and the video of this episode can be found on CISO Series.com
Fri, March 21, 2025
Stalkerware company breach, Microsoft Zero Day, Global Jira attack
Stalkerware company SpyX suffers data breach Nation-state groups hit organizations with Microsoft Windows zero-day Swiss telecom Ascom the latest victim of HellCat’s Jira campaign Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout. Find the stories behind the headlines at CISOseries.com
Thu, March 20, 2025
PA teachers union breach, Infosys settles lawsuit, Sperm bank data theft
Attackers swipe data from Pennsylvania teachers union Infosys settles $17.5M lawsuit after third-party breach Top U.S. sperm bank discloses data breach Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout. For the stories behind the headlines, visit CISOseries.com .
Wed, March 19, 2025
Google Acquires Wiz, CISA must reinstate terminated employees, Commerce Department bans DeepSeek
CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’ Google acquires cybersecurity firm Wiz for $32 billion US Commerce department bureaus ban China's DeepSeek on government devices, sources say Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
Tue, March 18, 2025
GitHub repositories targeted, Apache Tomcat RCE exploit, BEC campaigns target Microsoft 365
23,000 repositories targeted in popular GitHub action Apache Tomcat RCE exploit hits servers—no authentication required Microsoft 365 users targeted in new BEC campaigns Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
Mon, March 17, 2025
VPN brute-force attacks, water utilities bill, LockBit developer extradited
Black Basta creates tool to automate VPN brute-force attacks Bipartisan Senate bill offers improved cybersecurity for water utilities LockBit developer extradited from Israel, appears in New Jersey court Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout. Find the stories behind the headlines at CISOseries.com .
Fri, March 14, 2025
Week in Review: ONCD dominates cyber, undocumented Bluetooth commands, DoJ Google breakup
Link to episode page Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access
Fri, March 14, 2025
Medusa ransoms infrastructure, Google breakup sought, more Booking.com phishing
Medusa ransomware continues to attack infrastructure DoJ seeks to break up Google Another phishing campaign hits Booking.com Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com .
Thu, March 13, 2025
Microsoft patches 57 security flaws, Sola aims to build the ‘Stripe for security’, US council wants to counter China threats
Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days US communications regulator to create council to counter China technology threats Signal no longer cooperating with Ukraine on Russian cyberthreats, official says Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Wed, March 12, 2025
New CISA head, Ballista botnet, PowerSchool breach report
Sean Plankey nominated to head CISA Ballista Botnet hits TP-Link devices PowerSchool publishes breach report Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Tue, March 11, 2025
Healthcare breaches expose thousands, X outage, MGM suit dropped
Four healthcare breaches expose over 560,000 records Cyber attack allegedly behind X outages Case against MGM ransomware attack dropped Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Mon, March 10, 2025
ONCD consolidates power, undocumented Bluetooth commands, Japan NTT Breach
ONCD set to consolidate power in U.S. cyber Undocumented commands found in Bluetooth chip used by a billion devices Japanese telecom NTT breach affects 18,000 companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com .
Fri, March 07, 2025
Week in Review: Hegseth orders stand down, ransomware by snailmail, Mark Cuban’s lifeline
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Brett Perry , CISO, Dot Foods Thanks to our show sponsor, ThreatLocker <img src= "//assets.libsyn.com/show/289580/ThreatLocker_CISO_Banner_3.png" alt="Thank
Fri, March 07, 2025
Company hacked via webcam, Toronto Zoo update, federal contractor obligations
Ransomware gang bypasses EDR via a webcam Toronto Zoo updates January 2024 attack damage House bill requires federal contractors to implement vulnerability disclosure policies Huge thanks to our sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . Then add: Find the stories behind the headlines at CISOseries.com .
Thu, March 06, 2025
Probationary firing protest, hacker names frustration, conversational scam detector
Former top NSA cyber official protests probationary firings Differing names for hackers hinders law enforcement, says security agent Google releases AI scam detection for Android to fight conversational fraud Huge thanks to our sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . Find the stories behind the headlines at CISOseries.com .
Wed, March 05, 2025
Apple vs UK encryption backdoor, VMware bugs allow sandbox escape, JavaGhost targets AWS
Apple goes to court to fight UK demand for iCloud encryption backdoor 3 VMware Zero-Day bugs allow sandbox escape The Firefox I loved is gone - how to protect your privacy on it now Huge thanks to our sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com .
Tue, March 04, 2025
CISA denies claims, Ransomware group claims attack, Latin America's security crisis
CISA denies claims of deprioritizing Russian threats Ransomware group claims attack on U.S. newspaper publisher Latin America's escalating cybersecurity crisis Huge thanks to our sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com .
Mon, March 03, 2025
Hegseth orders standdown, Microsoft terminates Skype, Cuban offers lifeline
Hegseth orders Cyber Command to stand down on Russia planning Microsoft hangs up on Skype after 14 years Mark Cuban offers to fund government tech unit that was cut Huge thanks to our sponsor, ThreatLocker ThreatLocker ® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . Find the stories behind the headlines at CISOseries.com .
Fri, February 28, 2025
Week in Review: Apple encryption, gamification for security, DISA breach
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Vetcor Thanks to our show sponsor, Conveyor <span lang="EN-US" style= "font-size: 12.0pt; line-height:
Fri, February 28, 2025
Cyber espionage increase, Nakasone cyber warning, PolarEdge exploits Cisco
Chinese cyber espionage jumped 150% last year Nakasone warns of U.S. falling behind adversaries in cyberspace PolarEdge botnet exploits Cisco, ASUS, QNAP, and Synology Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don’t have time for are close behind. What are you going to do? Here’s a better question: what would Sue do? Sue is Conveyor’s new AI Agent for Customer Trust . She handles the entire security review process like answering every customer request for a SOC 2 from sales, completing every questionnaire or executing every communications and coordination task in-between. No more manual work. Just a quick review when she’s done. Ready to let Sue take the reins? Learn more at www.conveyor.com . Find the stories behind the headlines at CISOseries.com .
Thu, February 27, 2025
Signal to withdraw from Sweden? HaveIBeenPwned adds 244M stolen passwords, Anagram gamifies cybersecurity training
Thousands of exposed GitHub repositories, now private, can still be accessed through Copilot Cellebrite halts product use in Serbia following Amnesty surveillance report New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus Huge thanks to our sponsor, Conveyor It’s 2025. This is your second sign to get a trust center if you don’t already have one. Reduce manual work by 80% when you can share one link to your trust center and let customers download what they need on demand. Trusted by the world’s top B2B companies, Conveyor’s enterprise-grade trust center is specially designed to handle multiple products, complex orgs, and with AI first so you can even push your customers to self-serve their own AI answers to questionnaires. Learn more at www.conveyor.com .
Wed, February 26, 2025
DISA breach, Swedish backdoors, Dems looking into system access
US employee screening firm confirms breach Swedish law enforcement seeking messaging app backdoors Dems warn of exposed entry points on government systems Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teams—all the grunt work nobody wants to do. Plus, having to finish the dang questionnaire itself. Well. That teammate exists— Conveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes every questionnaire and knocks out all the coordination in-between. Sue, Conveyor’s AI agent, handles it all so you don’t have to. Learn more at www.conveyor.com .
Tue, February 25, 2025
Australia bans Kaspersky, Government screens hijacked, EU sanctions Lazarus Group
Australia bans Kaspersky over security concerns Government screens hijacked with AI Video of President Trump and Musk EU sanctions North Korean official linked to Lazarus Group Huge thanks to our sponsor, Conveyor Does trying to get the security questionnaire done and back to your customer ever feel like you’re herding cats? It’s not just answering questions. It’s all of the manual back and forth that becomes a slog like communicating between teams, tracking people down to get their review, updating sources and updating systems. Between all of this, you’re also expected to field security documentation requests from customers. Well, Conveyor just launched an AI agent, Sue, to do all of these things and more for you. Learn about Sue at www.conveyor.com .
Mon, February 24, 2025
$1.5B Bybit hack, UK E2E pulled, PayPal phishing emails
Hacker steals nearly $1.5 billion from Bybit crypto wallet Apple pulls iCloud end-to-end encryption in the UK PayPal "New Address" feature abused in phishing scam Huge thanks to our sponsor, Conveyor It’s 2025. This is your sign to get a trust center if you don’t already have one. Speed up security reviews and reduce the headaches when you can share one link to your trust center and let customers download what they need on demand. Trusted by the world’s top B2B companies, Conveyor’s enterprise-grade trust center is specially designed to handle multiple products, complex orgs, and with AI first so you can even push your customers to self-serve their own AI answers to questionnaires. Learn more at www.conveyor.com . For the stories behind the headlines, visit CISOseries.com .
Fri, February 21, 2025
Week in Review: More telecoms breached, Chase blocks Zelle, more DeepSeek bans
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest TC Niedzialkowski , former CISO Thanks to our show sponsor, Scrut Automation <span lang=
Fri, February 21, 2025
NioCorp BEC scam, Australian IVF breach, SEC’s cyber unit
Minerals company loses $500,000 to BEC scam Australian IVF provider investigating cyber incident SEC replaces cryptocurrency fraud unit with emerging tech team Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOseries.com .
Thu, February 20, 2025
Signal conversations hacked, Ransomware group hits infrastructure, Patch Palo Alto flaw
Russian hackers tap into Signal conversations Ransomware group hits critical infrastructure globally CISA says patch Palo Alto flaw immediately Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io .
Wed, February 19, 2025
OpenSSH flaws enable new attacks, Microsoft prepares for deprecation, Zwipe files for bankruptcy
New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now Microsoft reminds admins to prepare for WSUS driver sync deprecation Zwipe runs out of time for biometric card revenues, files for bankruptcy Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io .
Tue, February 18, 2025
Zservers takedown, Zelle payment blocks, Finastra data breach
Dutch Police take down Zservers Chase to block Zelle payments to sellers on social media Finastra notifies victims of October data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . For the stories behind the headlines, visit CISOseries.com .
Mon, February 17, 2025
Device code attacks, phone TOAD solution, more telecoms breached
Hackers steal emails in device code phishing attacks Anti-TOAD feature seeks to prevent in-call sideloading attacks Chinese hackers breach more U.S. telecoms via unpatched Cisco routers Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io .
Fri, February 14, 2025
Week in Review: CISA officials furloughed, DeepSeek’s weak security, Cairncross as cyberdirector
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Doug Mayer , vp, CISO, WCG Thanks to our show sponsor, Vanta <img src= "//assets.libsyn.com/show/289580/Vanta_Banner_Ad_600x100_10.png" alt="Vanta" width="600" height="100
Fri, February 14, 2025
Apple backdoor spat, Sarcoma hits Unimicron, Sault Tribe attacked
U.S. lawmakers demand UK retraction of Apple backdoor Sarcoma ransomware claims breach at giant PCB maker Unimicron Ransomware attack disrupts Michigan’s Sault Tribe operations Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com .
Thu, February 13, 2025
DOGE hacks America? U.S. adversaries turn to cybercriminals? New LiDAR system ID faces a km away?
DOGE is hacking America This Ad-Tech company is powering surveillance of US military personnel Apple and Google take down malicious mobile apps from their app stores Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Wed, February 12, 2025
LockBit host sanctions, DeepSeek security, trojanized KMS
LockBit host sanctioned A peak at DeepSeek’s weak security Sandworm targeting Ukraine with trojanized KMS Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Tue, February 11, 2025
Urgent iOS update, CISA officials on administrative leave, newspaper operations impacted
Urgent iOS update fixes critical USB security flaw CISA officials placed on administrative leave Attack disrupts newspaper giant’s operations Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Mon, February 10, 2025
DOGE outrage and lawsuit, CISA KEV additions, DeepSeek encryption lapses
Shock and lawsuit over security failures in DOGE takeover CISA adds Microsoft Outlook and Sophos XG Firewall to its Known Exploited Vulnerabilities catalog DeepSeek App transmits sensitive user and device data without encryption Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com .
Fri, February 07, 2025
Week in Review: APTs using Gemini, ransomware payments decrease, abandoned AWS risk
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Caitlin Sarian , owner and CEO, Cybersecurity Girl LLC Thanks to our show sponsor, ThreatLocker <img src= "//assets.
Fri, February 07, 2025
Outlook RCE bug, Kimsuky forceCopy malware, Treasury tightens DOGE
Critical RCE bug in Microsoft Outlook now exploited in attacks Kimsuky uses forceCopy malware to steal browser-stored credentials Treasury agrees to block additional DOGE staff from accessing sensitive payment systems Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . Find the stories behind the headlines at CISOseries.com .
Thu, February 06, 2025
Spain arrests hacker, FCC Robocallers, Ransoms decrease 35%
Spain arrests hacker of U.S. and Spanish military agencies Robocallers called the FCC pretending to be from the FCC Ransomware payments decreased 35% year-over-year Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . For the stories behind the headlines, visit CISOseries.com .
Wed, February 05, 2025
Meta identifies risky AI systems, Ferret malware joins 'Contagious Interview' campaign, credential theft rises as a target
Meta says it may stop development of AI systems it deems too risky Ferret Malware Added to 'Contagious Interview' Campaign Credential Theft Becomes Cybercriminals' Favorite Target Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com . Find the stories behind the headlines at CISOseries.com .
Tue, February 04, 2025
Exploited vulnerabilities rising, ban on DeepSeek, crypto scams make comeback
Exploited vulnerabilities up significantly from previous year First U.S. state to declare ban on DeepSeek Crypto scams make comeback on X Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com .
Mon, February 03, 2025
APTs using Gemini, India’s Tata cyberattack, new WhatsApp spyware
Google describes APTs using Gemini AI India’s Tata Technologies suffers ransomware attack Meta confirms new zero-click WhatsApp spyware Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com .
Fri, January 31, 2025
Week in Review: Google vishing response, DeepSeek peak week, ransomware victim costs
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Alexandra Landegger , Global Head of Cyber Strategy & Transformation, RTX Thanks to our show sponsor, Conveyor <img src= "//assets.libsyn.com/show/289580/Conveyor_Banner_Ad_600x100.png" alt="Conveyor" width="600" height="100"
Fri, January 31, 2025
Blood Center cyberattack, DeepSeek data leak, CISA’s future unclear
New York Blood Center suffers ransomware attack DeepSeek’s exposed database leaks sensitive data CISA’s future unclear under new administration Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks you don’t have time for are close behind. What are you going to do? Here’s a better question: what would Sue do? Sue is Conveyor’s new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between. No more manual work. Just a quick review when she’s done. Ready to let Sue take the reins? Learn more at www.conveyor.com . Find the stories behind the headlines at CISOseries.com .
Thu, January 30, 2025
Cybersecurity News: Tenable acquires Vulcan Cyber, Chinese and Iranian hackers are using U.S. AI, US Navy bans use of DeepSeek
Tenable acquiring Israel’s Vulcan Cyber in $150 million deal Tenable, a Nasdaq-listed cybersecurity company valued at $5.3 billion, is acquiring Israeli cybersecurity firm Vulcan Cyber for approximately $150 million, with the deal expected to close in Q1 of this year. The acquisition aims to enhance Tenable’s security exposure management platform by integrating Vulcan Cyber’s capabilities, unifying security visibility and risk mitigation. Vulcan Cyber was founded in 2018 and has raised $55 million and employs 100 people, though it is unclear how many will remain post-acquisition. ( CalCalistech ) Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks Hackers linked to China, Iran, Russia, and North Korea are using AI, including Google’s Gemini chatbot, to enhance cyberattacks, according to U.S. officials and Google security research. These groups utilize AI for tasks like writing malicious code, identifying vulnerabilities, and researching targets rather than developing advanced hacking techniques. Meanwhile, China’s DeepSeek AI has raised global concerns about Beijing’s progress in the AI arms race, adding uncertainty to the technology’s impact on security and warfare. ( Wall Street Journal ) U.S. Navy bans use of DeepSeek due to ‘security and ethical concerns’ The U.S. Navy has warned its members to avoid using China’s DeepSeek AI due to security and ethical concerns, instructing them not to use it for work or personal tasks. DeepSeek’s newly released AI model, R1, has drawn global attention for its capabilities, sparking concerns over China’s AI advancements and impacting tech markets, with AI chipmakers like Nvidia and Broadcom losing $800 billion in market value. The warning comes amid growing U.S.-China AI competition, with figures like Trump and industry leaders emphasizing the urgency of maintaining American leadership in AI. ( CNBC ) South Africa’s government-run weather service knocked offline by cyberattack A cyberattack has taken the South African Weather Service (SAWS) offline, disrupting critical services for aviation, marine, and agriculture, while forcing SAWS to share weather updates via social media. The breach, the second attempted attack in two days, has also impacted regional allies like Mozambique and Zambia, with efforts underway to restore systems. While no ransomware group has claimed responsibility, South Africa has faced a wave of cyberattacks in recent years, targeting public institutions, including its defense department, pension organization, and national lab service
Wed, January 29, 2025
Ransomware shutdowns, GRU sanctions, Lynx ransomware details
Most ransomware victims shut down operations shutdowns EU sanctions GRU members for Estonia cyberattacks Lynx ransomware runs a tight ship Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires? Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects – she manages all the communication and follow-up too. You simply get notified when everything's done so you can do a quick review. Stop wrangling cats and see what Sue can do for you at www.conveyor.com .
Tue, January 28, 2025
Sophisticated voice phishing, Opengrep consortium, DeepSeek suspends registrations
Google responds to “most sophisticated” voice phishing attack Security consortium creates Opengrep DeepSeek suspends new user registrations Huge thanks to our sponsor, Conveyor Tired of herding cats to complete customer security questionnaires? Your team probably spends hours daily juggling the back and forth of completing these security requests. That's why Conveyor created Sue, the first AI Agent for Customer Trust. Sue doesn't just handle completing security questionnaires and sending SOC 2 to prospects – she manages all the communication and follow-up too. You simply get notified when everything's done so you can do a quick review. Stop wrangling cats and see what Sue can do for you at www.conveyor.com .
Mon, January 27, 2025
CISA Board closed, UnitedHealth numbers rise, Llama’s LLM vulnerability
DHS Advisory Committee memberships halted UnitedHealth updates number of data breach victims to 190 million Meta’s Llama Framework flaw exposes AI systems to remote code execution risks Huge thanks to our sponsor, Conveyor Conveyor launched the first AI Agent for Customer Trust. So wtf does that mean? It means the AI agent goes beyond just sharing NDA-gated documents like a SOC 2 with customers or answering security questionnaires. Conveyor’s AI Agent, Sue, handles the entire security review process from start to finish. She answers every customer request from sales, completes every questionnaire and executes every communications and coordination task in-between. It's perfect for B2B infosec teams sick of manual security review work. Check it out at www.conveyor.com . Find the stories behind the headlines at CISOseries.com .
Fri, January 24, 2025
Week in Review: Tik Tok’s return, Noem’s CISA plans, failed startup risks
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Shaun Marion , vp, CSO, Xcel Energy Thanks to our show sponsor, Vanta <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font:
Fri, January 24, 2025
TSA’s Pekoske ousted, CISOs’ boardroom gain, Cisco vulnerability fix
TSA cyber chief David Pekoske ousted by new administration CISOs gain boardroom traction Influence but still lack soft skills, says Splunk Cisco Fixes vulnerability in Meeting Management Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines . Find the stories behind the headlines at CISOseries.com .
Thu, January 23, 2025
US Cyber Security Review Board is terminated, cybersecurity vendors' credentials found on Dark Web, Trump pardons creator of Silk Road
Trump administration fires members of cybersecurity review board in ‘horribly shortsighted’ decision Major Cybersecurity Vendors' Credentials Found on Dark Web PowerSchool hacker claims they stole data of 62 million students Thanks to today’s episode sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines .
Wed, January 22, 2025
7-Zip flaw, CERT-UA impersonation, AI EO revoked
7-Zip flaw bypasses Windows security warnings Attackers impersonate Ukraine’s CERT-UA AI Executive Order revoked Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines .
Tue, January 21, 2025
HPE breach claims, CIA analyst guilty, Hotel data exposed
HPE investigates breach claims Former CIA analyst pleads guilty to sharing Top Secret files Data of nearly half million hotel guests exposed Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines . For the stories behind the headlines, visit CISOseries.com .
Mon, January 20, 2025
Tik Tok returns, Noem’s CISA plans, Avery labels breach
Tik Tok is back, with strings attached Noem promises to curtail CISA Label company Avery announces data breach Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta . Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines . Then add: Find the stories behind the headlines at CISOseries.com .
Fri, January 17, 2025
Week in Review: IRS PIN available, AI ransomware group, UK ransomware ban
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Phil Beyer , head of security, Flex Thanks to our show sponsor, Dropzone.ai <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-famil
Fri, January 17, 2025
Biden EO, Star Blizzard Using WhatsApp, Healthcare Breaches
Biden signs cybersecurity executive order Star Blizzard targeting WhatsApp US healthcare sector saw 585 breaches in 2024 Huge thanks to our sponsor, Dropzone AI What if your SOC could handle 10x the alerts without burning out your team? Dropzone AI automates Tier 1 investigations and frees your analysts to tackle bigger challenges. It’s how smart teams are staying ahead. See how it works—schedule a demo today at dropzone.ai . For the stories behind the headlines, head on over to CISOSeries.com
Thu, January 16, 2025
Get Meta out of your life, GoDaddy slapped, TikTok could stay alive
How to delete Facebook, Messenger, or Instagram - if you want Meta out of your life GoDaddy slapped with wet lettuce for years of lax security and 'several major breaches’ TikTok could possibly stay alive after Sunday’s upcoming ban Huge thanks to our sponsor, Dropzone AI Alert fatigue is real, and it’s draining. Dropzone AI takes on the tedious investigations, so you can focus on making an impact where it matters most. It’s smarter tools for a smarter SOC. Check it out at dropzone.ai . For the stories behind the headlines, head on over to CISOSeries.com
Wed, January 15, 2025
Snyk’s mysterious package, Baltic cable suspicions, second BeyondTrust vulnerability
Snyk mysteriously deploys apparently malicious packages Baltic sea cable cuts can’t be accident, says EU tech chief CISA warns of second BeyondTrust vulnerability Huge thanks to our sponsor, Dropzone AI Does your SOC feel like it’s drowning in alerts? Dropzone AI cuts through the noise, triaging 100% of alerts and giving you clear, actionable insights. Ready to break free? Check out the demo at dropzone.ai . For the stories behind the headlines, head on over to CISOSeries.com
Tue, January 14, 2025
Telefonica breach, new ransomware group leverages AI, Allstate accused of selling data
Telefonica breach exposes internal data and employee credentials New ransomware group leverages AI Allstate accused of selling consumer driving data Huge thanks to our sponsor, Dropzone AI Running a SOC is tough—too many alerts, not enough time. Dropzone AI changes that. It reduces manual investigations by up to 90%, giving your team the bandwidth to focus on strategic threats. Imagine the impact on your operations. Visit dropzone.ai today. For the stories behind the headlines, head on over to CISOSeries.com
Mon, January 13, 2025
IRS PIN available, CISA infrastructure enrollments, Winston-Salem cyberattack
IRS Identity Protection PIN now available for filing season CISA sees enrollment surge in cyberhygiene for critical infrastructure City services in Winston-Salem affected by cyberattack Huge thanks to our sponsor, Dropzone AI Feeling buried under endless alerts? We get it. Dropzone AI takes over the grind—investigating every alert 24/7. No more chasing false positives or wasting time on noise. It’s all about clarity and focus. Ready to transform your day? Head to dropzone.ai to learn more. For the stories behind the headlines, head on over to CISOSeries.com
Fri, January 10, 2025
Week in Review: Flax Typhoon sanctioned, French military ransomware, ICAO breach claims
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bil Harmer , operating partner and CISO, Craft Ventures Thanks to our show sponsor, Nudge Security <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-them
Fri, January 10, 2025
Worldwide Proton outage, Baymark Health breach, Treasury breach update
Proton recovers from worldwide outage BayMark Health Services announces data breach U.S. Treasury breach linked to Silk Typhoon group Huge thanks to our sponsor, Nudge Security Are you struggling to secure your exploding SaaS footprint? With Nudge Security , you can discover all SaaS apps and accounts, manage access, ensure secure configurations, vet unfamiliar tools, and automate daily identity security tasks. Start a free 14-day trial Find the stories behind the headlines at CISOseries.com .
Thu, January 09, 2025
PowerSchool hacked, Cyber Force study, EC gets GDPR fine
PowerSchool hacked Lawmakers expected to revive attempts for new Cyber Force study European Commission receives first GDPR fine Huge thanks to our sponsor, Nudge Security Nudge Security is the only solution for SaaS security and governance that can discover up to two years of historical SaaS spend along with usage insights so you can uncover wasted spend and sources of unnecessary risk. Start a free 14-day trial today
Wed, January 08, 2025
Cyber Trust label, UK deepfake laws, Treasury attack details
Cyber Trust marks to roll out in 2025 UK to criminalize sexually explicit deepfakes CISA says government hack limited to Treasury Huge thanks to our sponsor, Nudge Security Nudge Security provides advanced security posture management for Okta, Microsoft 365, and Google Workspace. With Nudge, you’ll be alerted of identity security risks like weak or missing MFA, inactive admin accounts, and risky integrations, plus you can automate remediation tasks and on-going identity governance. Start a free 14-day trial today
Tue, January 07, 2025
Wallet drainer impact, U.S. telecom breach list grows, Moxa router vulnerabilities
Wallet drainer malware makes major impact U.S. telecom breach list grows Urgent warning on Moxa router vulnerabilities Huge thanks to our sponsor, Nudge Security Nudge Security discovers every GenAI tool ever used in your org, even those you’ve never heard of. For each tool, you’ll see who introduced it, who else is using it, where it’s integrated into other tools, and a vendor security profile. Get your free GenAI inventory today.
Mon, January 06, 2025
Flax Typhoon sanctions, Atos dismisses ransomware, German airport outage
U.S. sanctions China’s Integrity Technology for role in Flax Typhoon attacks French military contractor Atos dismisses ransomware attack claims German airports hit by IT outage Huge thanks to our sponsor, Nudge Security Nudge Security helps you mitigate security risks stemming from SaaS sprawl by discovering every SaaS account ever created by anyone in your org within minutes of starting a free trial. And, you can automate on-going governance tasks like security posture checks, user access reviews, employee offboarding, and more. Start a free 14-day trial . Find the stories behind the headlines at CISOseries.com .
Fri, January 03, 2025
Week in Review: China hacks Treasury, Chrome extension hijack, tanker sabotages cables
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Quincy Castro , CISO, Redis Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with <a href= "https://www.threatlocker.com/pages/solutions?utm_source=ciso-series&utm_medium=sponsor&
Fri, January 03, 2025
China hacks Treasury, Russian tanker sabotage, Lumen ejects Typhoon
Beijing-linked hackers penetrated U.S. Treasury systems Russian tanker suspected of undersea data cable sabotage Lumen says it has locked the Salt Typhoon group out of its network Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); backgroun
Thu, January 02, 2025
U.S. soldier arrested, Election interference sanctions, RI data leak
U.S. soldier arrested for alleged leak of Trump and Harris call logs Iranian and Russian entities sanctioned for election interference Rhode Island’s health benefits data leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-
Tue, December 31, 2024
Cisco data leak, Microsoft domain transition, stories of the year
Cisco confirms data leak Microsoft announces urgent .NET domain transition Stories of the year from Cyber Security Headlines reporters Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertica
Mon, December 30, 2024
Cyberhaven extension hacked, ZAGG data breach, Volkswagen cloud leak
Cybersecurity company’s Chrome extension hijacked for data theft Hackers steal ZAGG customer credit cards in third-party breach Volkswagen software company Cariad suffers Amazon cloud breach Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span
Fri, December 27, 2024
Week in Review: Microsoft deactivation flaw, BeyondTrust on KEV, LLM generated malware
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski , CISO in Residence Thanks to our show sponsor, ThreatLocker <img src= "//assets.libsyn.com/show/289580/ThreatLocker_CISO_Banner_3.png"
Fri, December 27, 2024
General Dynamics phished, Japan Airlines attack, Addiction Centers breach
General Dynamics says employees targeted in phishing attack Japan Airlines systems are back to normal after cyberattack American Addiction Centers suffers data breach Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: tran
Thu, December 26, 2024
Disinformation office closes, Pittsburgh Transit cyberattack, Mirai NNVR botnet
State Department’s disinformation office to close after funding terminated Pittsburgh Regional Transit suffers ransomware attack Another Mirai botnet targets NVRs and TP-Link routers Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); backgr
Tue, December 24, 2024
Government to name witness in encrypted chat sting
Using LLMs to generate malware variants NSO liable for WhatsApp hacks OpenAI fined for privacy violations Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decorat
Mon, December 23, 2024
FlowerStorm attacks Microsoft 365, BeyondTrust on KEV, Ascension Health fallout
PaaS platform “FlowerStorm” attacking Microsoft 365 users CISA adds BeyondTrust flaw to its Known Exploited Vulnerabilities catalog Ascension Health ransomware attack impacted nearly 6 million people Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb
Fri, December 20, 2024
Week in Review: Data breach impact study, US weighs TP-Link ban, BeyondTrust cyberattack
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude , CISO, The Carlyle Group Thanks to our show sponsor, ThreatLocker <img src= "/
Fri, December 20, 2024
Amazon health malware, BeyondTrust suffers cyberattack, FortiNet wireless vulnerability
Android malware found on Amazon Appstore disguised as health app BeyondTrust suffers cyberattack Fortinet warns of critical flaw in Wireless LAN Manager Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: tran
Thu, December 19, 2024
Interpol romance baiting, TikTok at court, TP-Link investigation
Interpol kills off Pig Butchering Supreme Court to hear TikTok ban challenge US weighs TP-Link ban Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-
Wed, December 18, 2024
CISA cloud directive, Texas Tech breach, Meta GDPR fine
CISA delivers new directive for securing cloud environments Texas Tech reports a data breach affecting 1.4 million people Meta fined $263 million for alleged GDPR violations Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); b
Tue, December 17, 2024
Serbian authorities use spyware, Ransomware impacts Rhode Island, ConnectOnCall breach
Serbian authorities accused of using Cellebrite to spy on journalists Ransomware attack shuts down Rhode Island’s public assistance system ConnectOnCall breach exposes close to a million patients Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rg
Mon, December 16, 2024
Health chatbot exposed, credit union cyberattack, infrastructure cyberweapon attack
UnitedHealth’s AI-driven insurance claims chatbot left exposed to the internet South Carolina credit union suffers cyberattack IOCONTROL cyberweapon targets infrastructure in the US and Israel Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; col
Fri, December 13, 2024
Week in Review: Salt Typhoon saga, Microsoft MFA bypass, Yahoo cuts Paranoids
Link to episode page This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Jimmy Sanders , president, ISSA International . ISSA International April 2025- will be celebrating its 40th Anniversary in April 2025. Watch for notifications at ISSA.org Thanks to today’s episode sponsor, ThreatLocker <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-f
Fri, December 13, 2024
Microsoft MFA bypass, cybercrime marketplace takedown, Sophos hacker charged
Microsoft MFA bypassed in AuthQuake attack Cybercrime marketplace Rydox taken down U.S. charges Chinese national for hacking thousands of Sophos firewall devices Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-co
Thu, December 12, 2024
Operation PowerOFF, FCC telco rules, ZLoader returns
Operation PowerOFF hits DDoS sites FCC proposes new telco cybersecurity rules ZLoader returns Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decor
Wed, December 11, 2024
Telecom security bill, Google's quantum chip, Chinese cyber firm sanctions
Senator announces new bill to secure telecom companies Google unveils new quantum chip U.S. sanctions Chinese cybersecurity firm for firewall hacks Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transpar
Tue, December 10, 2024
Romanian energy attack, medical device disruption, Deloitte responds to data theft claims
Romanian energy giant battles ongoing attack Ransomware disrupts medical device maker Deloitte responds to data theft claims Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-v
Mon, December 09, 2024
Massachusetts hospital breach, Recall’s next deployment, Blue Yonder restoration
Anna Jaques Hospital confirms details of Christmas Day ransomware breach Microsoft expands Recall preview to Intel and AMD Copilot+ PCs Blue Yonder announces restoration progress after November 21 attack Thanks to today’s episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans
Sat, December 07, 2024
Week in Review: Cloudflare’s lost logs, cyber-unsafe employees, FBI encryption request
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Edward Frye , head of security, Luminary Cloud . Thanks to our show sponsor, Vanta <img src= "//assets.libsyn.com/show/289580/Vanta_Banner_Ad_600x100_7.png"
Fri, December 06, 2024
Feds investigate group 764, Russians hack hackers, AWS PQC migration
Feds find cybercriminal tools used by sextortion group Russian hackers hack hackers Amazon’s post-quantum migration plan Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind the headlines at CISOSeries.com
Thu, December 05, 2024
Phone encryption urged, Pegasus spyware discoveries, Japan I-O Data 0-day
FBI and CISA urge Americans to use encrypted apps rather than calling, iVerify scanner finds seven Pegasus spyware infections, Japan warns of IO-Data zero-day router flaws exploited in attacks Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind the headlines at CISOSeries.com
Wed, December 04, 2024
Stoli U.S. bankrupts, German Crimenetwork seized, FBI telecom advisory
Stoli files for bankruptcy in U.S. after ransomware attack Police seize largest German online criminal marketplace FBI advises telecoms to boost security following Chinese hacking campaign Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind the headlines at CISOSeries.com
Tue, December 03, 2024
Hydra Market leader sentenced, Pegasus spyware arrest, SpyLoan malware targets millions
Hydra Market leader sentenced to life Former Polish spy chief arrested in Pegasus spyware probe SpyLoan malware targets millions Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind the headlines at CISOSeries.com
Mon, December 02, 2024
Ransomware affiliate arrested, UK hospital hacked, Cloudflare’s lost logs
Ransomware affiliate Mikhail Matveev arrested Another UK hospital system hacked Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Get the stories behind the headlines at CISOSeries.com
Fri, November 29, 2024
Advantech WiFi flaws, T-Mobile block attack, UK hospital cyberattack
Patch alert after flaws identified in Advantech industrial Wi-Fi access points T-Mobile confirms Salt Typhoon attack was blocked UK hospital network postpones procedures after cyberattack Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . <span style= "font-size: 12pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-styl
Wed, November 27, 2024
Interpol's African operation, Blue Yonder ransomwared, Snowflake suspect update
Interpol takes down over 1,000 cybercrime suspects in Africa Starbucks and UK grocers impacted by supply chain attack Hacker in Snowflake extortions may be a U.S. soldier Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . <span style= "font-size: 11pt; font-family: Arial,sans-serif; color: #000000; background-color: transparent; font-weight: 400; font-style: normal; font-variant
Tue, November 26, 2024
Microsoft 365 outage update, China’s cyber campaign fallout, Fake IT worker scheme
Microsoft 365 outage update “Hair on Fire” over China’s cyber campaign North Korean fake IT worker scheme unveiled Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com .
Mon, November 25, 2024
DoJ seizes PopeyeTools, IGT suffers cyberattack, Windows update blocked
DoJ seizes credit card marketplace PopeyeTools Gambling giant IGT suffers cyberattack Windows update blocked on some gaming PCs Huge thanks to our sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Find the stories behind the headlines at CISOseries.com . </sp
Fri, November 22, 2024
Week in Review: Drinking water threat, CISO liability insurance, Microsoft zero-day event
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jimmy Benoit , vp, cybersecurity, PBS Thanks to our show sponsor, ThreatLocker <img src= "//assets.libsyn.com/show/289580/Threa
Fri, November 22, 2024
MITRE’s danger list, CISO liability insurance, BianLian changes tack
MITRE offers updated list of most dangerous software vulnerabilities CISOs can now obtain professional liability insurance BianLian group refines its game Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant:
Thu, November 21, 2024
Scattered Spider arrest, telcos attacked, Apple exploit
US charges Scattered Spider members Chinese threat actors infiltrate more telcos Apple issues emergency security update Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: none; ver
Wed, November 20, 2024
Easterly to step down, Maxar discloses breach, Microsoft hacking event
CISA director Jen Easterly to step down Space tech giant Maxar discloses employee data breach Microsoft launches Zero Day Quest hacking event Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text
Tue, November 19, 2024
EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters
EPA warns of critical risks in drinking water infrastructure Four million WordPress sites exposed Sextortion scams bypass Microsoft security filters Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: normal; te
Mon, November 18, 2024
T-Mobile confirms breach, AnnieMac data stolen, NewGlove malware threat
T-Mobile confirms telecom breach hack Customer data stolen from AnnieMac New Glove infostealer malware bypasses Chrome’s cookie encryption Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-de
Fri, November 15, 2024
Week in Review: Most common passwords, Secure-by-design, DNA firm vanishes
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Brett Conlon , CISO, American Century Investments Thanks to our show sponsor, ThreatLocker <span lang="EN-US" style= "f
Fri, November 15, 2024
NordPass popular passwords, Healthcare extortion sentence, China breached telecoms
China threat actors breached U.S. broadband providers to spy on U.S. government officials 123456 tops the list of most popular passwords again Hacker gets 10 years in prison for U.S. healthcare extortion scheme Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Get the stories behind the headlines at CISOSeries.com
Thu, November 14, 2024
Volt Typhoon's new botnet, China APT hits Tibet, DoD leaker sentenced
Volt Typhoon rebuilding botnet Chinese group targets Tibetan media DoD leaker sentenced Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Get the stories behind the headlines at CISOSeries.com
Wed, November 13, 2024
Giant Food cyberattack, Snowflake suspects indicted, zero-day vulnerability surge
Dutch cybersecurity incident affects Giant Food and Hannaford Indictment against Snowflake breach suspects is released Surge in zero-day vulnerability exploits is new normal, says Five Eyes Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Get the stories behind the headlines at CISOSeries.com
Tue, November 12, 2024
Halliburton cyberattack costs, Israel credit card DDoS, Forth announces breach
Cyberattack cost Halliburton $35 million thus far DDoS attack makes credit card readers malfunction in Israel Debt relief firm Forth announces data breach for customers and non-customers Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Get the stories behind the headlines at CISOSeries.com
Mon, November 11, 2024
Regulator limits phone use, Hacked police emails, UK seniors scammed
U.S. financial regulator calls for reduced cell phone use at FBI warns of spike in hacked police emails and fake subpoenas Cyberscoundrels target UK senior citizens with Winter Fuel Payment texts Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com . Get the stories behind the headlines at CISOSeries.com
Fri, November 08, 2024
Week in Review: Sophos Chinese hacker warning, AI flaws and vulnerabilities
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ken Athanasiou , CISO, VF Corporation Thanks to our show sponsor, Vanta <span lang="EN-US" style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-
Fri, November 08, 2024
Interlock targets healthcare, Canada dissolves TikTok, HP critical flaws
Interlock ransomware gang aims at U.S. healthcare, IT and government Canada tells TikTok to dissolve its Canadian business Hewlett Packard warns of critical RCE flaws in Aruba Networking software Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decorati
Thu, November 07, 2024
Nokia investigates breach claims, Nigerian cybercrime bust, SelectBlinds e-skimmer breach
Nokia says it has no evidence that hackers breached company data Nigerian cybercrime bust arrests 130 people 200,000 SelectBlinds customers impacted by e-skimmer Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: none; vertical-align: baseline
Wed, November 06, 2024
ElizaRAT hits India, Washington court outage, Snowflake hacker arrested
ElizaRAT hits India IT outage impacts Washington courts Alleged Snowflake hacker arrested Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.
Tue, November 05, 2024
Schneider Electric breached again, Russia behind fake video, Ohio’s ransomware lawsuits
Schneider Electric breached for second time this year U.S. says Russia behind fake Haitian voter video Ohio’s capital city faces lawsuits for handling of ransomware attack Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: underline; text-dec
Mon, November 04, 2024
Entra MFA mandatory, German pharma cyberattack, LightSpy iPhone enhancements
Microsoft Entra “security defaults” to make MFA setup mandatory Ransomware attack hits German pharmaceutical wholesaler AEP Upgraded LightSpy spyware targets iPhones with more destructive power Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: n
Fri, November 01, 2024
Week in Review: Deepfake targets Wiz, Black Basta leverages Teams, Russia’s Linux plans
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross , SVP/CISO, Oracle . Also check out David’s travel blog and recent “Secure by Default” white paper at IT ISAC . Thanks to our show sponsor, Dropzone AI <span lang="EN-US" style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Tim
Fri, November 01, 2024
Peruvian bank heist, Task Manager error, CyberPanel vulnerabilities exploited
Peruvian bank warns of data theft after dark web revelations Windows 11 Task Manager displays wrong number of running processes CyberPanel sees vulnerabilities exploited soon after disclosure Thanks to today's episode sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Find the stories behind the headlines at CISOseries.com .
Thu, October 31, 2024
CISA's plan, North Korea comes to Play, FakeCall's new tricks
CISA launches International Cybersecurity Plan North Korean hackers tied to Play ransomware FakeCall learns new tricks Thanks to today's episode sponsor, Dropzone AI Tired of false positives slowing your SOC down? Dropzone AI uses advanced AI to filter out the noise and focus on real threats. 24/7, every alert, no manual intervention. Want to learn more? Schedule a demo and see the power of Dropzone AI at dropzone.ai .
Wed, October 30, 2024
Five Eyes program, Chinese activity, Russian Linux
Five Eyes launches startup security program Canada and the Netherlands seeing increased Chinese activity Russia might fork the Linux community Thanks to today's episode sponsor, Dropzone AI Facing alert overload? Dropzone AI autonomously investigates every alert, reducing noise and providing decision-ready reports. Discover how our AI solutions can enhance your SOC’s efficiency. Check out our demo gallery and see how Dropzone AI works at dropzone.ai.
Tue, October 29, 2024
RedLine and Meta infostealer takedown, Russian-backed malware, French telecom breach
Global law enforcement gains access to RedLine and Meta infostealer networks Russian-backed malware poses as Ukrainian anti-recruitment tool Massive breach impacts French telecom giant Thanks to today's episode sponsor, Dropzone AI Imagine an AI analyst that never sleeps. Dropzone AI autonomously handles every alert, cutting manual analysis by 90%. It's like adding a new team member, but one that works 24/7. Experience the difference AI can make. Visit dropzone.ai to test drive the future of security operations.
Mon, October 28, 2024
Historic Change Healthcare breach, Telcom hacks investigation, Delta sues CrowdStrike
Change Healthcare data breach confirmed as largest-ever in U.S. healthcare history Authorities investigate telecom hacks following reports of campaign intrusions Delta sues CrowdStrike over sensor update that prompted mass flight disruptions Thanks to today's episode sponsor, Dropzone AI Is your SOC overwhelmed by endless alerts? Dropzone AI ’s autonomous SOC Analyst investigates 100% of alerts, around the clock. No playbooks, no code. Just actionable insights to reduce false positives and save your team time. Ready to see it in action? Schedule a demo today at dropzone.ai.
Fri, October 25, 2024
Week in Review: Solar Winds fines, Microsoft loses security logs, employee security awareness lacking
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dmitriy Sokolovskiy , senior vice president, information security, Semrush Thanks to our show sponsor, SpyCloud <img src= "//assets.libsyn.com/show/289580/banner-ad-SpyCloud-CSH-600x100-Friday-Day-05.webp" alt="SpyCloud" width="600" height= "100"
Fri, October 25, 2024
Qiliin ransomware upgrade, Sharepoint KEV flaw, Rhysida ransoms Easterseals
Researchers reveal upgraded Qilin ransomware-as-a-service CISA adds Microsoft SharePoint flaw to its KEV catalog Rhysida ransoms Easterseals Thanks to today's episode sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you’ll want to see – plus confirms some stark truths: that the industry you’re in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines . Find the stories behind the headlines at CISOseries.com .
Thu, October 24, 2024
CISA data rules, Fortinet zero-day, UK Cyber Essentials
CISA proposes new security requirements for personal data Fortinet patches actively exploited zero-day UK report on Cyber Essentials certification Thanks to today's episode sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud’s latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines .
Wed, October 23, 2024
SolarWinds disclosure fines, Zendesk helps Internet Archive, Samsung zero-day
Four cyber companies fined for SolarWinds disclosure failures Zendesk helps Internet Archive after hacker breached email system Samsung zero-day under active exploit Thanks to today's episode sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud’s new report at spycloud.com/headlines .
Tue, October 22, 2024
U.S. rule on selling sensitive data, Cisco data stolen, Nidec breach
Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today's episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics.
Mon, October 21, 2024
Microsoft logs lost, Omni Family breach, Internet Archive Zendesk breach
Microsoft warns it lost some customers’ security logs for a month Omni Family Health data breach impacts almost half a million individuals Internet Archive breached again through stolen access tokens Thanks to today's episode sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company’s ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Find the stories behind the headlines at CISOseries.com .
Fri, October 18, 2024
Week in Review: Amazon passkeys usage, healthcare ransomware stats, major cybercrime takedowns
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Person , CISO, Cambia Health Thanks to our show sponsor, Conveyor It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry— Conveyor is here to help. Conveyor’s market leading AI automates the most time-consuming parts of customer security revie
Fri, October 18, 2024
Globe Life extortion, hacker USDoD arrested, Anonymous Sudan indicted
Insurance giant Globe Life facing extortion attempts after data theft from subsidiary Infamous hacker USDoD possibly arrested in Brazil Anonymous Sudan masterminds indicted Thanks to today’s episode sponsor, Conveyor It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry— Conveyor is here to help. Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions. End the horror show. Try it for free at www.conveyor.com . Get the s
Thu, October 17, 2024
AI models tested, breaking encryption, Intel security review
Putting AI models to the EU test Chinese researchers don’t break classical encryption… yet Chinese group calls for security reviews on all Intel products Thanks to today’s episode sponsor, Conveyor There’s so many reasons why infosec and presales teams choose Conveyor for automating their security reviews, but here are the main three: One—Conveyor’s market-leading AI provides instant, accurate answers to any format of security questionnaire—without requiring constant knowledge base updates and maintenance. Two—Conveyor offers an enterprise-grade trust center that automates every customer security review request, so you’re not constantly distracted with questions and SOC 2 requests. And three—Conveyor’s sales team. They’re actually fun to work with. <span style= "font-size: 11pt; font-family: Arial, sans-serif
Wed, October 16, 2024
VW alleged data theft, Finland seizes Sipultie, Calgary library cyberattack
VW says IT infrastructure unaffected after alleged data theft Finland seizes servers of 'Sipultie' dark web market Calgary Public Library services limited after cyberattack Thanks to today’s episode sponsor, Conveyor Does the thought of a whopper 300 question security questionnaire in your most dreaded portal give you nightmares? Conveyor can help you sleep peacefully. How? They are the market leaders in instant and accurate AI answers to any format of security questionnaire. They even offer a zero-touch option for portal-based questionnaires—just paste the URL, and ConveyorAI automatically answers the questions and exports them back to the portal for you. <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal;
Tue, October 15, 2024
Pokémon game developer breached, TrickMo’s new variants, Ivanti zero-days exploited
Pokémon game developer breached TrickMo hits with 40 new trojan variants Nation-state actor exploits Ivanti zero-days Thanks to today’s episode sponsor, Conveyor It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry— Conveyor is here to help. Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions. End the horror show. Try it for free at <a href= "h
Mon, October 14, 2024
Iran exploits Windows, Microsoft deprecates tunnels, NATO cyberexpert swap
Iranian hackers exploit Windows flaw to elevate privileges Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server NATO’s ‘most experienced expert on cyber rotated out of cyber section Thanks to today’s episode sponsor, Conveyor What’s the ultimate jumpscare? That moment when the security questionnaire in the portal didn’t auto-save all your work. Good news: with Conveyor , that’s one horror you won’t have to face. Conveyor is the market leader in instant, generative AI answers for security questionnaires, no matter the format. They even offer a zero-touch option for portal-based questionnaires where you can just paste the URL, and the AI automatically answers the questions and exports them back to the portal for you. Don't let security questionnaires haunt your workflow. Learn more at www.conveyor.com . Get the story behind the headlines at CISOSeries.com .
Fri, October 11, 2024
Week in Review: Neuberger’s insurance warning, instant identification sunglasses, Salt Typhoon dangers
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Quincy Castro , CISO, Redis . Thanks to our show sponsor, Vanta <img src= "//assets.libsyn.com/show/289580/Vanta_SOC_2_Banner_Ad.webp" alt= "Vanta" wid
Fri, October 11, 2024
Coker’s Internet Security plan, hurricane scams, Firefox zero day
White House prioritizes secure internet routing, using memory safe languages Federal Trade Commission and CISA warn of hurricane-related scams Mozilla warns of Firefox zero day: patch now Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
Thu, October 10, 2024
Australia's cybersecurity bill, Qualcomm zero-day, Russia bans Discord
Australian Parliament introduces standalone cybersecurity law Qualcomm zero-day used to target Android devices Russia and Turkey ban Discord Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
Wed, October 09, 2024
GoldenJackal, LiteSpped Cache bug, Ukraine's milCERT
GoldenJackal uses new tools against governments Cross-site scripting flaw found in major WordPress plugin Ukraine’s defense ministry launched military CERT Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
Tue, October 08, 2024
Salt Typhoon attack, Cyberattack hits major U.S. water utility, Russia attacked on Putin's birthday
Salt Typhoon attack potentially exposes wiretap data Cyberattack hits major U.S. water utility A not- so- happy birthday present for Russia’s president Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
Mon, October 07, 2024
Neuberger’s Insurance suggestion, Kaspersky PlayStore removal, Detroit suffers cyberattack
Insurers should stop funding ransomware payments, says Neuberger Google removes Kaspersky antivirus software from Play Store Cyberattack hits Detroit-area government services Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
Fri, October 04, 2024
Week in Review: T-Mobile breach cost, Senate’s deepfake scam, Public records flaws
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop , CISO, The Weather Company . Here’s a link to CISA’s Cybersecurity Awareness Month announcement , sent to us by Jonathan. Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business, so you can take action on exposed identity data to prevent cyber attacks like ransomware. To learn more how to level the playing field against bad actors and combat cyber attacks, visit spycloud.com/headlines . All links and the video of this episode can be found on <span lang="EN-US" style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: mino
Fri, October 04, 2024
Largest DDoS blocked, Adobe Commerce compromise, neural data law
Cloudflare blocks largest recorded DDoS attack Adobe Commerce and Magento stores compromised by CosmicSting bug DOJ and Microsoft take down 107 domains used in Star Blizzard phishing attacks Huge thanks to our sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you’ll want to see – plus confirms some stark truths: that the industry you’re in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines . Get the story behind the headlines at CISOSeries.com
Thu, October 03, 2024
Russian cybercriminal arrests, Irish police fined, Rackspace blame game
Russian authorities arrest nearly 100 cybercriminals in raid Northern Ireland police fined for exposing officer identities Rackspace breach sparks vendor blame game Huge thanks to our sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud’s latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines . Get the story behind the headlines at CISOSeries.com
Wed, October 02, 2024
LockBit ties to Evil Corp, public records flaws, ransomware hits Texas hospital
UK ties LockBit affiliate to Evil Corp Public records systems riddled with security flaws Ransomware disrupts emergency services at Texas hospital Huge thanks to our sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud’s new report at spycloud.com/headlines . Get the story behind the headlines at CISOSeries.com
Tue, October 01, 2024
T-mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate
T-Mobile data breaches cost company $31.5 million Iranian hackers charged for targeting 2024 U.S. election Deepfake scam hits U.S. senate Huge thanks to our sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics. Get the story behind the headlines at CISOSeries.com
Mon, September 30, 2024
Recall redesigned again, Embargo attacks cloud, Dallas suburb cyberattack
Recall redesign: reinforced and removable Embargo moves ransomware attacks to cloud environments Dallas suburb deals with ransomware attack Huge thanks to our sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company’s ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Get the story behind the headlines at CISOSeries.com
Fri, September 27, 2024
Week in Review: CrowdStrike exec apologizes, NIST changes password rules, corporate hack-for-hire practices
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jason Elrod , CISO, Multicare Health System Missed the live show? Watch it on YouTube . And make sure to check out Jason’s book (coming soon) at CyberCISOmarksmanship.com , as well as his newsletter at LimitlessCyber.com . And huge thanks to our sponsor – Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. <span lang= "EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme
Fri, September 27, 2024
Train station WiFi hack, Mozilla tracking complaint, NIST password changes
Public Wi-Fi hacked at some of the UK’s busiest train stations Data privacy watchdog files complaint against Mozilla for ad tracking feature NIST drops password complexity, mandatory reset rules Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-v
Thu, September 26, 2024
DragonForce ransomware, Salt Typhoon hits ISPs, ChatGPT SpAIware
DragonForce uses ransomware’s greatest hits Salt Typhoon strikes US ISPs Finding SpAIware on the ChatGPT Mac app Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: underline; text-decoration-skip-ink: none; vertic
Wed, September 25, 2024
Kansas water targeted, CrowdStrike apology, MoneyGram goes dark
Kansas water plant pivots to analog after cyber event CrowdStrike exec apologizes in Congress for global IT outage MoneyGram goes offline after cyber incident Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: und
Tue, September 24, 2024
Proposed ban on autonomous vehicles, updated Telegram policy, Necro infects Android devices
U.S. proposes ban on Chinese, Russian tech in autonomous vehicles Telegram updates policies to expose ‘bad actors’ Necro Trojan infects 11 million android devices through Google Play apps Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <a style="text-decoration: none;" href= "https://ww
Mon, September 23, 2024
LinkedIn halts AI training, Ukraine bans Telegram, hack-for-hire lawsuit
LinkedIn halts AI data processing in UK due to privacy concerns, Ukraine bans Telegram Use for government and military, Dismissed German cyber chief falsely accused of associating with Russian spies Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit <span style="font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400; font-variant: norm
Fri, September 20, 2024
Week in Review: LinkedIn’s AI chicanery, AT&T FCC settlement, Craigslist defense network
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Rosen , CISO, ZwillGen , advisor to NightDragon and Villager at Team8, whose favorite story of the week was Starlink’s ability to detect stealth aircraft. Check it out . Thanks to our show sponsor, Conveyor <span lang="EN-US" style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor
Fri, September 20, 2024
INC targets healthcare, Providence schools cyberattack, Apple iPads bricked
New INC ransomware targets U.S. healthcare sector Providence public schools deal with irregular internet activity Apple pulls iPadOS 18 update that was bricking M4 iPad Pro devices Thanks to today's episode sponsor, Conveyor It’s Friday and Conveyor hopes you don’t have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market-leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work. Learn why we’re the software your infosec friends love at www.conveyor.com . Get the story behind the headlines at CISOSeries.com .
Thu, September 19, 2024
Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit
Feds derail Raptor Train Newmark creates Volunteer Network for Civil Cyber Defense US to host global AI safety summit Thanks to today's episode sponsor, Conveyor Does the next security questionnaire that hits your inbox make you want to throw your laptop out the window? If so, don’t do it. You should check out Conveyor first. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weigh
Wed, September 18, 2024
Exploding pager analysis, construction company vulnerability, cyberattack job loss
Exploding pager tragedy experts look towards supply chain sabotage Construction companies potentially vulnerable through accounting software Cyberattacks result in job losses Thanks to today's episode sponsor, Conveyor Are customer security reviews constantly interrupting your day? You should check out Conveyor. With an enterprise-grade trust center to securely share your security posture, SOC 2, and security FAQs and security questionnaires and market-leading AI accuracy for instant security questionnaire answers, you’ll fly through any customer security request and get back to your regular job. Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com . Mention this podcast for 5 free quest
Tue, September 17, 2024
Intellexa faces new sanctions, London hospitals impact, Apple releases update
Spyware giant Intellexa faces new U.S. sanctions Nearly 1 million impacted by ransomware attack on London hospitals Apple releases long-awaited update Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons. One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance. Two. Enterprise-grade trust center that automates every customer security request. Three. Conveyor’s sales team is actually fun to work with. <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color: transparent; font-weight: 400; font-variant: normal; text-decoration: none; vertical-ali
Mon, September 16, 2024
Fortinet confirms breach, RansomHub extorts Kawasaki, Update: TfL password resets
Fortinet confirms customer data breach RansomHub threatens to leak stolen Kawasaki data Update: Transport for London requires in-person password resets after hack Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com . <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(0, 0, 0); background-color
Fri, September 13, 2024
Week in Review: Wisconsin Medicare MOVEit, cop sues data broker, WHOIS vulnerability
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Patrick Heim , co-founder and partner, SYN Ventures Huge thanks to our sponsor, Vanta Whether you’re starting or scaling
Fri, September 13, 2024
Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA
Lazarus Group’s VMConnect campaign spoofs CapitalOne Mastercard buys security firm Recorded Future WordPress to require two-factor authentication for plugin developers Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . That’s vanta.com/headlines . Get the story behind the headlines at CISOSeries.com
Thu, September 12, 2024
$20 WHOIS vulnerability, India's Cyber Commandos, Word hits drone makers
The $20 WHOIS vulnerability India training thousands of “cyber commandos” A Word of warnings for Taiwanese drone makers Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta , you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines . Get the story behind the headlines at CISOSeries.com
Wed, September 11, 2024
Slim CD data breach, International sextortion bust, TfL mixed messages
Slim CD notifies 1.7M customers of data breach Delaware men charged in international sextortion scheme London transit agency drops claim it has ‘no evidence’ of customer data theft Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . That’s vanta.com/headlines . Get the story behind the headlines at CISOSeries.com
Tue, September 10, 2024
Payment processing breach, dark web admins charged, Predator spyware resurges
1.7 million impacted in payment processing breach Dark web administrators charged in U.S. Resurgence of Predator Spyware sparks privacy concerns Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta , you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines . Get the story behind the headlines at CISOSeries.com
Mon, September 09, 2024
Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach
Car rental company Avis discloses data breach Microsoft Office 2024 to disable ActiveX controls by default Wisconsin Medicare users had information leaked in MOVEit breach Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . Get the story behind the headlines at CISOSeries.com
Fri, September 06, 2024
Week in Review: MFA bypass bust, Airport security SQL, GitHub help malware
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Justin Somaini , partner, YL Ventures Thanks to our show sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: min
Fri, September 06, 2024
Planned Parenthood cyberattack, DoJ propaganda takedown, Microchip Technology theft
Planned Parenthood suffers cyberattack DoJ propaganda domains takedown Microchip Technology confirms data theft Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOseries.com .
Thu, September 05, 2024
Spyware research, Cicada rebrand, MacroPack malware
Spyware research report They found a way to make Cicadas more annoying MacroPack red teaming tool used for malware Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io .
Wed, September 04, 2024
Halliburton data stolen, Columbus sues researcher, White House protects internet
Halliburton confirms data stolen in cyberattack City of Columbus sues researcher after ransomware attack White House publishes plan to protect a key component of the internet Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . For the stories behind the headlines, visit CISOseries.com .
Tue, September 03, 2024
London transport cyberattack, German ATC attack, Sweden’s heightened risk
Transport for London suffers cyberattack German air traffic control agency confirms cyberattack Sweden warns of heightened risk of Russian sabotage Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOseries.com
Mon, September 02, 2024
Seattle airport woes, aircraft cockpit SQL, North Korea’s FudModule
Seattle Airport issues travelers’ advisory for Labor Day travel SQL injection able to bypass airport TSA security checks North Korea uses FudModule Rootkit in Chrome zero-day exploit Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOseries.com .
Fri, August 30, 2024
DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris
DICK’S Sporting Goods suffers cyberattack Brain Cipher claims attack on Paris museums, promises data leak Play ransomware hackers claim attack on Microchip Technology Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOSeries.com
Thu, August 29, 2024
Iran hacking, Labour Party backlog, more Telegram warrants
Iran targeting presidential administration officials Iran working with ransomware gangs UK Labour Party chided over cyberattack backlog Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOSeries.com
Wed, August 28, 2024
Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped
Texas credit union user data exposed in another MOVEit breach US Marshals Service disputes ransomware gang's breach claims Park’N Fly notifies 1 million customers of data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOSeries.com
Tue, August 27, 2024
SonicWall access flaw, Microsoft security summit, Telegram details
SonicWall warns of critical access control flaw Microsoft to host security summit More details on Telegram CEO’s arrest Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOSeries.com
Mon, August 26, 2024
Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit
Halliburton takes systems offline following cyberattack French police arrest Telegram CEO Pavel Durov DOJ joins suit against Georgia Tech over Defense Department cybersecurity failures Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io . Find the stories behind the headlines at CISOSeries.com
Fri, August 23, 2024
Week in Review: NPD breach update, Hawaii hacker sentenced, Poisoned LLM coders
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude , CISO, The Carlyle Group Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge S
Fri, August 23, 2024
Russia’s questionable DDoS, FAA’s cybersecurity proposal, Windows Recall reappears
Kremlin complains of DDoS attack, digital experts not so sure FAA proposes new cybersecurity rules for airplanes Windows Recall to reappear Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security . Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai For the stories behind the headlines, head to CISOseries.com .
Thu, August 22, 2024
Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting
Security initiative from Japanese auto companies Feds tapping into encrypted messaging haul Microsoft breaks Linux dual-boot systems Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security . Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries
Wed, August 21, 2024
Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns
Toyota confirms third-party data breach impacting customers Man who hacked Hawaii state registry sentenced U.S. Intelligence blames Iran for Trump campaign hack Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge Security . Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas For the stories behind the headlines, visit CISOseries.com .
Tue, August 20, 2024
National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue
‘Only’ 1.3 million affected by National Public Data Breach Flaws in Microsoft macOS Apps allowing secret recording Configuration issue exposes flight tracking site Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security . Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai
Mon, August 19, 2024
Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability
Microsoft Entra admins must enable MFA or lose access to admin portals Cybercrime gang uses fake Windows update screen to hide data theft Google Pixel devices shipped with vulnerable Verizon app Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security . Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries For the stories behind the headlines, head to CISOseries.com .
Fri, August 16, 2024
Week in Review: NIST encryption standards, NPD breach analyzed, Texas sues GM
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Edwin Covert , head of cyber risk engineering, Bowhead Specialty Underwriters and edwincovert.com Thanks to our show sponsor, ThreatLocker <span lang="EN-US" style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor-bidi; mso-ans
Fri, August 16, 2024
GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix
GitHub vulnerability warning regarding ArtiPacked RansomHub affiliate launches new EDR-killing tool SolarWinds issues hotfix for web help desk vulnerability Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. <span styl
Thu, August 15, 2024
Gemini AI privacy, AI Risk Repository, Russian phishing
Google details privacy commitments with Gemini AI MIT releases AI Risk Repository Russian spies using highly targeted phishing Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Wed, August 14, 2024
FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked
FBI shutters Radar ransomware gangs servers NIST finalizes post-quantum encryption standards 2.7 billion National Public Data records leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. <span style= "font-size: 1
Tue, August 13, 2024
U.S. “laptop farm” shut down, Ukranian computers compromised, Trump campaign hacked
U.S. operation of “laptop farm” for North Korea shutdown Over 100 Ukrainian government computers compromised Trump campaign says they were hacked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit <span style= "font-size: 11pt; font-family: Arial, sans-serif; color: rgb(17, 85, 204); background-color: transparent; font-weight: 400;
Mon, August 12, 2024
Iran election interference, AMD SinkClose flaw, ADT break-in
Iranian hackers ramping up U.S. election interference AMD SinkClose flaw helps install nearly undetectable malware ADT discloses breach that impacts more than 30,000 customers demands Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker . ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. <p dir="ltr" style= "line-height: 1.3800000000000001; margin-top: 12pt; margin
Fri, August 09, 2024
Week in Review: CrowdStrike releases Falcon, ransomware as terrorist threat
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen , distinguished security architect, Yahoo Thanks to our show sponsor, Vanta <img src= "//assets.libsyn.com/show/289580/Vanta-banner-ad-SOC_2_much_learn_more_600x100-resized_1.png"
Fri, August 09, 2024
Chameleon malware reappears, Rhysida hospital attack, Blacksuit’s $500m tally
Chameleon reappears targeting Canadian restaurant chain Rhysida claims attack on Bayhealth Hospital in Delaware BlackSuit/Royal achieves $500m in ransomware demands Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Thu, August 08, 2024
McLaren hospitals disrupted, CrowdStrike improves processes, Ronin Network hacked
McLaren hospitals disruption linked to INC ransomware attack CrowdStrike to give customers control over Falcon sensor updates Ronin Network hacked by "white hats" Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
Wed, August 07, 2024
Android kernel zero-day, voter portal flaw, ransomware as terrorism
Google patches Android kernel zero-day Researchers find flaws in Georgia voter portal Law would make ransomware a terrorist threat Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines .
Tue, August 06, 2024
CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz
CrowdStrike strikes back against Delta’s claims of negligence Ransomware attack costs Keytronic $17 million Patch required for high-severity flaw in Apache OFBiz Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
Mon, August 05, 2024
Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap
Hackers use ISP to send malware through software updates CrowdStrike sued by investors following update failure Historic prisoner swap includes cybercriminals returned to Russia Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Fri, August 02, 2024
Week in Review: CrowdStrike problems grow, record breaking ransom, Argentina’s Minority Report
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dennis Pickett , vp, CISO, Westat Thanks to our show sponsor, Dropzone AI <img src= "//assets.libsyn.com/show/289580/Dropzone_AI_banner_2.pn
Fri, August 02, 2024
Cencora patient breach, OneDrive phishing campaign, Argentina’s crime predictions
Cencora confirms patient data stolen in February cyberattack Phishing campaign targets OneDrive users Argentina will use AI to predict future crimes Huge thanks to our sponsor, Dropzone AI Picture an analyst who works tirelessly around the clock. Dropzone AI ’s Analyst investigates every alert and provides comprehensive, actionable reports. Boost your SOC’s capabilities with a 3-month free trial at dropzone.ai . For the stories behind the headlines, head to CISOseries.com
Thu, August 01, 2024
Elections and DDoS, dating apps leak locations, Germany blames China
DDoS attacks won’t impact US elections Dating apps leaked precise location data Germany formally blames China for 2021 cyberattack Huge thanks to our sponsor, Dropzone AI Think of Alex, your new team member who never takes a break. Dropzone AI ’s Analyst investigates every alert and delivers detailed reports without playbooks or code. Experience Alex’s dedication with a 3-month free trial at dropzone.ai .
Wed, July 31, 2024
Delta's legal maneuver, Record-breaking ransom, Meta $1.4B settlement
Delta enlists Microsoft's legal nemesis over CrowdStrike losses Dark Angels receives record-breaking ransom payment Meta to pay $1.4 billion biometric lawsuit Huge thanks to our sponsor, Dropzone AI Dropzone AI ’s Analyst investigates alerts and responds to threats with unmatched speed and precision. No playbooks, no code required. Transform your SOC’s performance with a 3-month free trial at dropzone.ai . For the stories behind the headlines, head to CISOseries.com .
Tue, July 30, 2024
HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit
4.3 million impacted by HealthEquity data breach Microsoft admits CrowdStrike incident far greater than first reported Proofpoint exploit allows for millions of fake emails Huge thanks to our sponsor, Dropzone AI Imagine an analyst who never misses an alert. Dropzone AI autonomously investigates every alert and provides decision-ready reports, enhancing your SOC’s efficiency. Try it free for 3 months at dropzone.ai .
Mon, July 29, 2024
PyPi package targets MacOS, Columbus, Ohio suffers cyber incident, Windows July update problems
Hackers exploiting PyPi package targets MacOS Columbus, Ohio suffers cyber incident Windows July updates come with some BitLocker and remote connectivity challenges Huge thanks to our sponsor, Dropzone AI Meet Dropzone AI , the analyst who never rests. Investigating every alert with unparalleled speed and precision, delivering clear, actionable reports. No playbooks, no code. Experience the power of AI with a 3-month free trial at dropzone.ai . For the stories behind the headlines, head to CISOseries.com .
Fri, July 26, 2024
Week in Review: CrowdStrike developments, LA court shutdown, MGM casino claims win
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jana Moore , CISO, Belron , also vice president, EmpoWer – Supporting women in infosec . Thanks to our show sponsor, Vanta <img src= "//assets.lib
Fri, July 26, 2024
Microsoft Defender exploited, assassin’s encryption frustration, NK elite hackers
Hackers exploiting Microsoft Defender SmartScreen bug IT leaders note increase in severity of cyber-attacks, ransomware and BEC stand out, Trump shooting investigation revives the end-to-end encryption issue Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com
Thu, July 25, 2024
CrowdStrike details, Chrome keeps cookies, BreachForums leaked
CrowdStrike dishes details Google scuttles third-party cookie deprecation BreachForums leaked on Telegram Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines .
Wed, July 24, 2024
Wiz deal crumbles, CrowdStrike aftermath, dYdX exchange hack
Google’s $23 billion plan to buy Wiz falls apart U.S. government looking for answers amidst CrowdStrike aftermath dYdX exchange hacked in DNS hijack attack Thanks to our episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta , you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, visit CISOseries.com .
Tue, July 23, 2024
CrowdStrike update, Russian criminals sanctioned, ransomware shuts down courts
CrowdStrike says “significant number” back up and running Russian cyber criminals sanctioned for infrastructure attacks Ransomware attack shuts down largest trial court in U.S. Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines .
Mon, July 22, 2024
CrowdStrike hits Cloud PCs, criminals exploit CrowdStrike fix, CISA rebuked
Microsoft confirms CrowdStrike update also hit cloud Windows PCs Cybercriminals exploit CrowdStrike problem to distribute malware CISA adds some big names to its KEV catalog Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta , you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Fri, July 19, 2024
Week in Review: Crowdstrike Microsoft outage, AT&T breach implications, CDK pays up
Link to blog post – get exact one from https://cisoseries.com This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Adam Arellano , former vp, enterprise cybersecurity, PayPal Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format – even PDFs! It will even auto-scroll and auto-complete portal-basedl questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com . <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-f
Fri, July 19, 2024
Windows outage, Fin7 sells malware, Synnovis blood shortage
Windows outage worldwide UK national blood stocks suffer the effects of ransomware Security flaws in SAP AI Core cloud-based platform Thanks to today's episode sponsor, Conveyor It’s Friday and Conveyor hopes you don’t have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work. Learn why we’re the software your infosec friends love at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
Thu, July 18, 2024
UK ransomware reporting, Project Oscar, ransoms spike
UK mandatory ransomware reporting gets watered-down Google introduces AI agent to look for software bugs Critical infrastructure ransomware costs spike Thanks to today's episode sponsor, Conveyor Does the anticipation of the next monster security questionnaire wrecking your day ever make you feel like a balloon floating above a cactus field? If so, you should check out Conveyor . Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com . Yesteryears (DECISION) by Sascha Ende Free download: https://filmmusic.io/song/244-yesteryears-decision License (CC BY 4.0): https://filmmusic.io/standard-license
Wed, July 17, 2024
Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data
Rite Aid says 'limited’ cybersecurity incident affected over 2 million people AT&T ransom laundered through mixers and gambling services Hacktivists leak Disney data to protect artist rights Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format - even PDFs! It will even auto-scroll and auto-complete portal-based questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Tue, July 16, 2024
Wiz acquisition, AT&T paid hacker, Squarespace domain defaults
Alphabet in talks to acquire Wiz AT&T allegedly paid hacker to delete data Details on Squarespace domain hacks Thanks to today's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like you're in a rowboat trying to make it through a tsunami? If so, you should check out Conveyor . As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete them fast, no matter the format they’re in, and never feel like you’re getting crushed by the wave of unfinished work. Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Mon, July 15, 2024
Rite Aid breach, AT&T breach implications, CDK paid ransom
Rite Aid announces data breach following June cyberattack The personal security implications of the AT&T breach US offers support to prevent Paris Olympics cyber and disinformation attacks Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full-time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor . Conveyor is the market leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Fri, July 12, 2024
Week in Review: AT&T breach, Security regulations attacked, 10 billion passwords stolen
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Cannata , CISO, Primo Water Thanks to our show sponsor, Entro Security <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-font: minor-bidi; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-langua
Fri, July 12, 2024
PHP vulnerability exploit, Auto Parts breach, dark patterns report
PHP vulnerability exploited, spreading malware and DDoS attacks Advance Auto Parts reveals damage from Snowflake breach FTC report reveals dark patterns used to trick consumers Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com .
Thu, July 11, 2024
Australia targets foreign tech, banks sunset OTP, Veeam vulnerability exploited
Australia targets government tech under foreign control Singapore banks replace OTP with digital tokens New group targets Veeam vulnerability Thanks to today's episode sponsor, Entro What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
Wed, July 10, 2024
Russian bot takedown, Burdensome cyber regs, Fujitsu data exposed
US disrupts Russian AI-powered disinformation bot farm Senate takes aim at ‘overly burdensome’ cybersecurity regs Fujitsu confirms customer data exposed in cyberattack Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. Like an air tag for your non-human identities, The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more. For the stories behind the headlines, visit CISOseries.com .
Tue, July 09, 2024
Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps
Record-breaking 10 billion stolen passwords exposed Supreme court ruling makes cybersecurity regulations even trickier Apple removes popular apps at Russia’s request Thanks to today's episode sponsor, Entro Did you know that an attack on non-human identities and secrets is one of the top 2 cyber attack vectors out there ? With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
Mon, July 08, 2024
Alabama Education breach, OpenAI secrets breach, Florida Health breach
Alabama Department of Education suffers data breach New York Times claims hackers stole OpenAI secrets in a 2023 security breach RansomHub claims to have published Florida health department data Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com .
Fri, July 05, 2024
Senator pressures CISA, Velvet Ant exploits Cisco, Europol crushes Cobalt
Senate leader demands answers from CISA re March Ivanti hack China’s Velvet Ant hackers exploiting new Cisco zero-day Europol law enforcement takes down Cobalt Strike servers Huge thanks to our sponsor, Demoed Buyers do 70% of their product research before talking to a company. That blew our minds. Why not give buyers as much information about your product as possible to help them decide? Eliminating friction has always been key to a solid sales strategy. With Demoed , buyers can research faster and more effectively. Sign up at demoed.com For the stories behind the headlines, head to CISOseries.com .
Wed, July 03, 2024
Evolve breach update, Patelco cyberattack, LockBit claims Croatian cyberattack
Evolve Bank data breach is evolving Patelco Credit Union cyberattack disrupts services for nearly 500,000 members LockBit claims cyberattack on Croatia’s largest hospital Huge thanks to our sponsor, Demoed Did you know that Demoed is the first platform that allows you to watch a live product demo and ask questions without receiving a barrage of follow-ups? We change buyer-vendor engagement: fewer follow-ups for buyers, more leads for vendors. Sign up now at demoed.com For the stories behind the headlines, visit CISOseries.com .
Tue, July 02, 2024
14 million Linux systems threatened, Critical patch for Juniper routers, Millions impacted by Prudential breach
14 million Linux systems threatened by ‘RegreSSHion’ vulnerability Critical patch issued for Juniper routers Millions not thousands impacted by Prudential breach Huge thanks to our sponsor, Demoed “I have extra time in my day” is something no security professional has ever said. Vendors on Demoed host 15-minute pitches highlighting their value and differentiation. Demoed allows buyers to browse and get educated without sales pressure—window shopping for enterprise sales. Sign up now at demoed.com
Mon, July 01, 2024
TeamViewer breach update, HubSpot customer attacks, Cyber insurance problems
Update on the TeamViewer network breach HubSpot looks into customer account hacks U.S. businesses struggle to obtain cyber insurance Huge thanks to our sponsor, Demoed Demoed is a unique platform that connects buyers and sellers. Buyers want to see more products, and vendors want more leads. Demoed solves this for both by making buyers anonymous. Buyers can watch demos without follow-ups, hiding their identity until they are ready. Sign up now at demoed.com . For the stories behind the headlines, head to CISOseries.com .
Fri, June 28, 2024
Week in Review: CDK Blacksuit developments, Criminal nuclear failures. U.S. Kaspersky ban
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie , CISO, Tampa General Hospital Thanks to our show sponsor, Prelude Security <img src= "//assets.libsyn.com/show/289580/Prelude_CSH_600x100_banner_4.png" alt="Prelude Security" width="600" heigh
Fri, June 28, 2024
Gas chromatograph vulnerabilities, Cloudflare rebukes Polyfill, Evolve Bank breach
Gas chromatograph vulnerabilities reveal medical IoT challenges We never authorized polyfill.io to use our name, says Cloudflare Evolve Bank confirms data breach, undermining LockBit’s Federal Reserve claim Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com .
Thu, June 27, 2024
Snowblind Android, identity services leaks data, Polyfill.io supply chain attack
Android lying Snowblind in the sun Identity verification service exposed data for over a year Polyfill.io JavaScript attack impacts thousands of sites Huge thanks to our sponsor, Prelude Security 30 minutes to peace of mind. That’s what you’ll get with Prelude’s automated threat management platform where you can upload any piece of threat intelligence and quickly generate threat-hunting queries, detection rules, and more. Visit preludesecurity.com and get all of this in 30 minutes or get a pizza on Prelude .
Wed, June 26, 2024
Julian Assange plea, Latest MOVEit bug, Neiman Marcus data sale
Julian Assange to plead guilty and return to Australia Fresh MOVEit bug under attack just hours after disclosure Criminal selling Neiman Marcus customer info for $150K Huge thanks to our sponsor, Prelude Security Don’t be left wondering if you’re protected the next time a new threat hits the news. Week in review listeners can upload their threat intelligence to Prelude and receive a free bundle of relevant detection rules, hunt queries, and security tests. Any piece of threat intelligence. All in 30 minutes. Upload yours at prelude security dot com forward slash threats .
Tue, June 25, 2024
Indonesia battles Lockbit, DOJ charges cybercrime group, SEC reports following CDK Global attack
Indonesia battles Lockbit 3.0 ransomware DOJ charges cybercrime group for $71 million in damages SEC reports pile in following CDK Global attack Huge thanks to our sponsor, Prelude Security What would your security teams do with more time back in their day? Prelude provides an end-to-end threat management automation platform that quickly generates hunt queries, detection rules, and security tests from your threat intelligence to help you stay ahead of threats. Upload your own threat intelligence at preludesecurity.com and get all of that in just 30 minutes or less.
Mon, June 24, 2024
BlackSuit behind CDK, Microsoft spoofing bug, Nuclear compliance failures
CDK Global outage caused by BlackSuit ransomware attack Bug allows Microsoft corporate email account spoofing UK’s largest nuclear site pleads guilty over cybersecurity failures Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com .
Fri, June 21, 2024
Week in Review: Breach restoration breached, Vermont privacy debate, Qilin blames victims, posts data
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Bil Harmer , operating partner and CISO, Craft Ventures , also at wilharm3.com . Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security Our listeners get $1,000 off at vanta.com/headlines . <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso
Fri, June 21, 2024
CDK Global hacked again, LockBit activity, Kraken extorted for bug bounty
CDK Global gets hacked twice LockBit Activity on the rise Kraken extorted by security researcher Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines .
Thu, June 20, 2024
Nvidia most valuable, Markopolo’s meeting infostealer, Medibank MFA blame
Nvidia becomes world’s most valuable company Markopolo scam delivers infostealer through fake meeting software Medibank hack blamed on MFA failure Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Wed, June 19, 2024
AMD investigates breach, Qilin demands ransom, Hackers derail Amtrak
AMD investigates breach after data for sale on hacking forum Qilin demands $50 million ransom from UK hospital Hackers derail Amtrak Guest Rewards accounts Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, visit CISOseries.com .
Tue, June 18, 2024
Snowflake breach escalates, MITRE has a memo for the president, Velvet Ant persists
Snowflake breach escalates with ransom demands and death threats MITRE has a memo for the president Velvet Ant maintains three-year cyber espionage campaign Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines .
Mon, June 17, 2024
CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware
CISA leads first tabletop exercise for AI cybersecurity Keytronic confirms data breach after ransomware gang leaks stolen files New Linux malware controlled through Discord emojis Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Fri, June 14, 2024
Week in Review: New York Times theft, Club Penguin hack, NHS wants blood
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Janet Heins , CISO, ChenMed and janetheins.com Thanks to our show sponsor, Vanta <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast
Fri, June 14, 2024
Cyberinsurance claims increase, NATO’s Russia vigilance, Remcos RAT phishing
Record high for North American cyber insurance claims NATO members to increase vigilance over Russian sabotage attempts Remcos RAT discovered inside UUEncoding emails Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Thu, June 13, 2024
Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows
Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines .
Wed, June 12, 2024
Snowflake hack update, BreachForums down again, Cylance data for sale
Pure Storage hacked via Snowflake workspace BreachForums down again and official Telegram channels deleted BlackBerry Cylance data up for sale Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, visit CISOseries.com .
Tue, June 11, 2024
Rural hospital support, 23andMe investigation, Snowflake breach notices
Cyber assistance coming to rural hospitals UK and Canada launch investigation into 23andMe breach Mandiant and Snowflake sending out breach notices Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines .
Mon, June 10, 2024
Microsoft resets Recall, LastPass outage update, New York Times breach
Microsoft resets Recall plans LastPass says outage caused by bad Chrome extension update New York Times source code stolen using exposed GitHub token Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines . For the stories behind the headlines, head to CISOseries.com .
Fri, June 07, 2024
Week in Review: CopIlot Recall disaster, Ticketmaster hack fallout, ChangeHealthcare notification change
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO , Community Veterinary Partners , also cybersecurityintheboardroom.com . Thanks to our show sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. <span lang= "EN-US" style= "font-size: 11.0pt; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-
Fri, June 07, 2024
FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub repositories
FCC moves forward with BGP security measures LockBit ransomware gang victims get lifeline from FBI Gitloker attacks target GitHub repositories Thanks to today's episode sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor , the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Thu, June 06, 2024
Psychology vs. threat actors, AI leveling up, Qilin hit Synnovis
US researches using psychology against threat actors AI leveling up unsophisticated threat actors London Hospital attacks linked to Qilin Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from easily sharing your security posture and SOC 2 to letting AI answer security questionnaires instantly with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. There’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com and mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Wed, June 05, 2024
London hospitals hit by ransomware, Christie's stolen data sold, RansomHub claims Frontier breach
Ransomware attack forces London hospitals to cancel operations Christie’s stolen data sold to highest bidder RansomHub claims responsibility for Frontier breach Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click auto complete of your security questionnaires with AI. Teams like Lucid Software are finding in a free proof of concept that our AI is more accurate than the rest. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Tue, June 04, 2024
Russian criminals unmasked, Background check firm breach, Creds added to HIBP
Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. A director of GRC told us the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales through the security review. See how best in class infosec teams measure their performance in Conveyor’s ultimate guide to the security review KPIs that matter. Go to www.conveyor.com and click the banner at the top. For the stories behind the headlines, visit CISOseries.com .
Mon, June 03, 2024
Ticketmaster breached, Ticketek Australia breached, HHS notification change
Ticketmaster hack affects 560 million customers, third-party denied liability Australia’s Ticketek sees customer details exposed in cyber security breach HHS changes tack, allows Change Healthcare to file breach notifications for others Thanks to today's episode sponsor, Conveyor Conveyor , the market-leading AI software for answering security questionnaires and securely sharing your security documents just released their ultimate guide to benchmarking your team’s performance on customer security reviews. Get all of the detailed metrics and learn how best in class infosec teams measure and tie their impact to revenue. Download the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, head to CISOseries.com .
Fri, May 31, 2024
Week in Review: Arc launch sabotaged, Cencora health breach, BlackBasta’s oil hit
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dimitri Van Zantvliet , CISO, Dutch Railways Thanks to our show sponsor, Vanta <span lang="EN-US" style= "font-size: 12.0pt;
Fri, May 31, 2024
UnitedHealth responsibility, Europol dropper takedown, malware bricks routers
Senator calls for UnitedHealth leadership to be held responsible Europol seizes 2,000 domains in dropper takedown Malware bricked over 600,000 routers Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Thu, May 30, 2024
New NK hackers, Dutch bank breached, Wayback Machine attacked
New North Korean hacking group emerges Dutch bank ABN Amro discloses data breach Internet Archive, including Wayback Machine, impacted by DDoS Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Wed, May 29, 2024
BreachForums returns, First American data breach, Chinese nationals sanctioned
BreachForums returns just weeks after FBI-led takedown First American data breach impacts 44,000 people Chinese nationals sanctioned for botnet that stole ‘billions’ in COVID-19 relief funds Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com .
Tue, May 28, 2024
Ransomware uses BitLocker, pharmacy supplier breach, ATM malware threat
New ransomware uses Windows BitLocker to encrypt victim data Sav-Rx discloses data breach impacting 2.8 million Americans New ATM malware poses significant global threat Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Mon, May 27, 2024
Arc browser sabotaged, Cencora pharma breach, Albany County breach
Arc browser’s Windows launch sabotaged by malvertising Cencora breach exposed patient info from 11 drug companies Albany County investigating cybersecurity breach ahead of holiday weekend Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Fri, May 24, 2024
Week in Review: Healthcare admin breach, China and Rockwell fallout, Military cyber service
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Mike Lockhart , CISO, EagleView . Make sure also to check out Mike's charity, the Grady Foundation for mental, physical and economic health. You can learn more and donate here . Thanks to our show sponsor, Tines <span lang="EN-US" style= "font-size: 12.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-them
Fri, May 24, 2024
Chinese hack military, Search engine outage, Mattis speaks out
Chinese hackers hide on military and government networks for 6 years Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search Mattis speaks out against separate military cyber service Thanks to today's episode sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso For the stories behind the headlines, head to CISOseries.com .
Thu, May 23, 2024
NY Stock Exchange owner fined, $50 million towards hospital security, LockBit no longer reigns supreme
NY Stock Exchange owner fined $10 million by SEC US agency pledges $50 Million to automate hospital security LockBit no longer reigns supreme Thanks to today's episode sponsor, Tines Digital threats evolve rapidly, making it difficult for security teams to keep pace. Tines security automation is different from traditional SOAR -- it allows teams to move faster and make better decisions in real-time. Built by security practitioners, for security practitioners, Tines powers mission-critical security workflows at McKesson, Canva, and Mars. Start building for free at tines.com/ciso
Wed, May 22, 2024
UK ransomware reporting, Tech Against Scams, secure Windows 11 defaults
Brits to propose mandatory ransomware reporting Industry heavyweights launch Tech Against Scams Microsoft targets secure defaults in Windows 11 Thanks to today's episode sponsor, Tines Automate the toil with SOAR that actually works for your team. With Tines, your whole team can build complex workflows, without having to write or manage code. Security teams at McKesson, Canva, and Mars use Tines to build, run, and monitor their most important workflows, from endpoint detection and response, to vulnerability management. Start building for free at tines.com/ciso
Tue, May 21, 2024
Cyber service amendment, GetCaught abuses services, chatbot jailbreaks
Military cyber service proposal picks up steam Threat actors abusing legitimate services in campaign Chatbots susceptible to jailbreaks Thanks to today's episode sponsor, Tines Security teams work best when all members are empowered to do their best work. With Tines, analysts and engineers have everything they need to automate the processes they’re closest to. The result? Hundreds or even thousands of hours that can be used on more impactful work. Built by security practitioners, for security practitioners. Get started today at tines.com/ciso
Mon, May 20, 2024
Grandoreiro Trojan reappears, Kimsuky’s new backdoor, More healthcare breaches
Grandoreiro banking Trojan reappears, hits banks worldwide Kimsuky deploys new backdoor in latest attack on South Korea Healthcare breaches in Australia and Texas Huge thanks to this week’s episode sponsor, Tines From endpoint detection and response to vulnerability management, Tines empowers security teams to automate even their most complex workflows. It’s fast, flexible, and secure by design. Your team can get up and running in minutes, not weeks. No code. No custom development. The world's smartest security teams trust Tines to support their mission-critical processes. Learn why at tines.com/ciso For the stories behind the headlines, head to CISOseries.com .
Fri, May 17, 2024
Week in Review: Okta chief speaks, Volt typhoon threat, FBI siezes BreachForums
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ryan Bachman , evp and global CISO, GM Financial Thanks to our show sponsor, vanta.com/ciso <img src= "//assets.libsyn.com/show/289580/Vanta-banner-ad-SOC_2_much_learn_more_600x100-resized_1.png" alt="Thanks to our show sponsor, Vanta.com/ciso" widt
Fri, May 17, 2024
Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws
Nissan North America breach impacts over 53,000 employees VMware fixes workstation flaws, thanks Pwn2Own hackers Security flaws discovered in GE Ultrasound machines Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Thu, May 16, 2024
FBI seized BreachForums, Android threat detection, US AI investment
FBI seizes BreachForums Android getting live threat detection Senators recommend billions for AI investments Editor's note: post updated to fix audio issue Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Wed, May 15, 2024
Singing River breach, D-Link exploit released, Google AI spots scams
Singing River patient data was swiped in ransomware attack PoC exploit released for D-Link router zero-day Google to use GenAI to help identify phone scams Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Tue, May 14, 2024
FCC implements new classification, MITRE releases embedded devices framework, World renowned auction house attacked
FCC implements new classification to combat robocall groups MITRE releases threat-modeling framework for embedded devices World renowned auction house attacked ahead of mega-auction Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Mon, May 13, 2024
Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked
Boeing confirms $200 million ransomware extortion attempt Dell announces data breach affecting 49 million customers Ascension healthcare suffers cyberattack, goes offline Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Fri, May 10, 2024
Week in Review: Neuberger’s operational approach, LockBit is back, Fed’s DMARC warning
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Sasha Pereira , CISO, WASH Thanks to our show sponsor, Vanta.com/ciso <span la
Fri, May 10, 2024
F5 Big-IP warning, UK Army breach, BetterHelp pays out
F5 Networks warns of new Big-IP vulnerabilities UK armed forces’ personal data hacked in MoD breach BetterHelp sends refund notices regarding data sharing lawsuit Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Thu, May 09, 2024
Lockbit hit Wichita, AI export bans, Pathfinder on Intel
Lockbit takes credit for Wichita attack US looks at AI model export bans The Spectre of Pathfinder haunts Intel CPUs Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Wed, May 08, 2024
LockBit ringleader indicted, DocGo cyberattack, UK military data compromise
US indicts LockBit ransomware ringleader DocGo discloses cyberattack that compromised patient health data Payroll data breach exposed data of UK military personnel Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com .
Tue, May 07, 2024
LockBit’s website is back, Germany takes action amid alleged Russian attack, Chinese-linked ArcaneDoor targets infrastructure
LockBit’s website is back Germany takes action amid alleged Russian attack Chinese-linked ArcaneDoor targets global network infrastructure Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
Mon, May 06, 2024
Neuberger proposes improvements, Olympic cybersecurity preparations, Microsoft VPN warning
NSC’s Neuberger suggests operational approach for on mitigating cyberattacks French cybersecurity teams prepare for “unprecedented” Olympic threat Feds warn about North Korean exploitation of improperly configured DMARC Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com .
Fri, May 03, 2024
Week in Review: Dropbox Sign breach, Cybersecurity consultant arrested, Ukraine Microsoft hack
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Phil Beyer , former CISO, Etsy Thanks to today’s episode sponsor, Dropzone.ai Dropzone.ai’s AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai . Request a trial today! All links and the video of this episode can be found on CISO Series.com
Fri, May 03, 2024
Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach
Goldoon botnet exploits D-Link routers CISA adds Gitlab flaw to its KEV catalog Dropbox discloses breach of digital signature service Thanks to our episode sponsor, Dropzone AI Dropzone.ai's AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai . Request a trial today! For the stories behind the headlines, head to CISOseries.com .
Thu, May 02, 2024
Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual NCSC release Advanced Mobile Solutions risk model China implements new State Secrets Law Thanks to our episode sponsor, Dropzone AI Cybersecurity leaders, are you being asked to leverage the power of Gen AI in your SOC? Dropzone.ai's AI Autonomous Analyst empowers your team to thoroughly investigate every alert. No playbooks, no code, just intelligent, adaptable alert investigation. Test drive on dropzone.ai to immediately see the results for yourself.
Wed, May 01, 2024
UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed Major U.S. wireless carriers face $200M FCC fine Marriott backtracks claims of encryption protection Thanks to our episode sponsor, Dropzone AI Dropzone.ai is proud to announce our selection as a Top 10 Finalist for the prestigious RSA Innovation Sandbox. Our AI Autonomous Analyst is revolutionizing the way SOC teams operate, replicating the techniques of elite analysts and autonomously investigating every alert. Meet us at RSAC and book a time at dropzone.ai.
Tue, April 30, 2024
USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? Dropzone.ai's AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit dropzone.ai to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can.
Mon, April 29, 2024
Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data DHS announces AI safety board Okta warns of “unprecedented” credential stuffing attacks on customers Thanks to our episode sponsor, Dropzone AI Introducing Dropzone.ai , the industry's first AI Autonomous SOC Analyst. Their patented LLM replicates the techniques of elite analysts, autonomously investigating every alert without playbooks or code. Force multiply your SOC team by 10X without adding headcount. Visit dropzone.ai to request a trial and experience the power of AI-driven cybersecurity. For the stories behind the headlines, head to CISOseries.com .
Fri, April 26, 2024
Week in Review: GitHub comments abused, networkless” attack techniques, Police bodycam AI reports
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon , CIO, KIK Consumer Products Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 with Veracode . Join us as we unveil cutting-edge innovations and insights to tackle today’s most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC! All links and the video of this episode can be found on CISO Series.com
Fri, April 26, 2024
Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how Veracode is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to CISOseries.com .
Thu, April 25, 2024
Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. Veracode knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose Veracode , your security partner in the AI-driven era of development.
Wed, April 24, 2024
Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode Are you truly listening to both your security and development teams? Make informed decisions with Veracode . Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit veracode.com for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com .
Tue, April 23, 2024
TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House Sandworm targets critical Ukrainian orgs North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while Veracode swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and Veracode . We’ll be your wingman anytime.
Mon, April 22, 2024
RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites
RedLine stealer GitHub connection MITRE’s breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of Veracode . Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with Veracode . For the stories behind the headlines, head to CISOseries.com
Fri, April 19, 2024
Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Walsh , CISO, Paxos Thanks to our show sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com . Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
Fri, April 19, 2024
LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability
Police bust reveals sophisticated phishing-as-a-service platform Overlooked Windows Fibers offer handy route for malicious payload deployment Michigan healthcare organization suffers data breach Thanks to today's episode sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com . Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com .
Thu, April 18, 2024
Water utility threats, GPT-4 hacking, SIM swap solicitation
Sandworm-linked group tied to attack on water utilities GPT-4 reads security advisories Cell carrier workers solicited for SIM swaps Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from sharing your security posture and SOC 2 in a single portal to using that same information to automate answering security questionnaires with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. It might sound like every other software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com
Wed, April 17, 2024
CISO MFA breach, Bad Bots surge, LockBit 3.0 propagates
Cisco announces breach of multifactor authentication message provider Bad bots drive 10% annual surge in account takeover attacks LockBit 3.0 variant generates custom, self-propagating malware Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires with AI so you can spend almost zero time on the manual tasks that make you want to cry into your laptop. Teams like Lucid Software are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com .
Tue, April 16, 2024
Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul
Meta to close Threads in Turkey Palo Alto fixes backdoor zero-day Details on Microsoft’s security overhaul Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on sales. As infosec teams become hands on in the sales cycle, proving your value becomes key. A director of GRC said last week that the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales. See these trends and more in Conveyor’s ‘2024 State of the Security Review” report at www.conveyor.com . Click the banner at the top.
Mon, April 15, 2024
U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies
House passes reauthorization of U.S. surveillance program Roku says 576,000 accounts compromised in latest security breach Microsoft breach exposed federal agencies Thanks to today's episode sponsor, Conveyor It’s Conveyor again, the market-leading AI software for answering security questionnaires and securely sharing your security posture and documents. Conveyor’s ‘State of the Security Review” report for 2024 was just released and it’s all about what the “new era” of infosec holds. Learn how positioning security and compliance early in the sales cycles increases win rates by 42% and what infosec teams need to prepare for as they move closer to the sales function. You can find the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, visit CISOseries.com .
Fri, April 12, 2024
Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Levin , deputy CISO, 3M Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated fast. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso . All links and the video of this episode can be found on CISO Series.com
Fri, April 12, 2024
Palo Alto patches, CISA’s Sisense warning, GitHub repos gamed
Palo Alto Networks fixes several DoS vulnerabilities in PAN-OS operating system Sisense breach exposes customers to potential supply chain attack Threat actors gaming GitHub Search Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso . For the stories behind the headlines, head to CISOseries.com .
Thu, April 11, 2024
CISA malware analysis, "hunt forward" missions, Spectre v2
CISA expands automated malware analysis US Cyber Command launched “hunt forward” missions Spectre v2: Linux Boogaloo CHECK OUT Capture the CISO season 2 here . Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso .
Wed, April 10, 2024
Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
Ukraine's head of cybersecurity suspended and assigned to combat zone Over 90,000 LG Smart TVs exposed to remote attack Microsoft exposed internal passwords in security lapse Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso . For the stories behind the headlines, visit CISOseries.com .
Tue, April 09, 2024
Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands
Cyberattack causes major disruptions for UK vet firm Data privacy bill pushes forward with bipartisan support Department of Justice hack exposes hundreds of thousands Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso .
Mon, April 08, 2024
Hospital hack warning, Five Eyes follow-up, NYC municipal hack
Government warns hospitals of hackers targeting IT help desks U.S. government contractor Acuity responds to alleged Five Eyes breach New York City becomes latest in municipal government hack attempts Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso . For the stories behind the headlines, head to CISOseries.com .
Fri, April 05, 2024
Week in Review: Five Eyes breach, Microsoft’s Chinese hack response, AT&T customer breach
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Steve Gentry , Advisor, Clari Thanks to our show sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso . All links and the video of this episode can be found on CISO Series.com
Fri, April 05, 2024
Five Eyes breach, cancer center breach, Pixel zero-day flaw
Classified Five Eyes data theft announced Cancer center data breach affects 800,000 Android Pixel phone zero-day flaws being exploited by forensic companies Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com .
Thu, April 04, 2024
Microsoft security failings, NIST NVD backlog, Chrome DBSC beta
Report criticizes Microsoft’s Chinese hack response NIST needs help with vulnerability backlog Chrome tests feature to prevent session hijacking Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more.
Wed, April 03, 2024
Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach
CISA releases draft rule for cyber incident reporting Google now blocks spoofed emails for better phishing protection Breach at online shopping platform PandaBuy affects 1.3 million customers Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com .
Tue, April 02, 2024
Incognito settlement, hallucinated software, phone protocols vulnerable
Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , businesses can automate compliance for in-demand frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to prove trust and monitor risk more efficiently and confidently than ever before. Watch Vanta’s on-demand demo at vanta.com/ciso .
Tue, April 02, 2024
Incognito settlement, hallucinated software, phone protocols vulnerable
Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta , businesses can automate compliance for in-demand frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to prove trust and monitor risk more efficiently and confidently than ever before. Watch Vanta’s on-demand demo at vanta.com/ciso .
Mon, April 01, 2024
AT&T data leak, Linux backdoor discovery, DHS phone data policy
Data of 73 million AT&T customers leaked on dark web Accidental Linux backdoor discovery likely prevented thousands of infections DHS expected to stop buying access to your phone info Thanks to today's episode sponsor, Vanta Managing the requirements for modern security programs is increasingly challenging. Vanta’s trust management platform helps you quickly assess risk, streamline security reviews, and automate compliance for SOC 2, ISO 27001, HIPAA, and more. Plus, you can save time by completing security questionnaires with Vanta AI. Join over 7,000 global companies that use Vanta to automate evidence collection, unify risk management, and secure customer trust. To learn more, go to vanta.com/ciso . For the stories behind the headlines, visit CISOseries.com .
Fri, March 29, 2024
Week in Review: Spyware boosts zero-days, MFA bombing targets Apple, Facebook snooped Snapchat
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Yaron Levi , CISO, Dolby , and sageinsights.io Thanks to our show sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
Fri, March 29, 2024
17 billion records exposed, Treasury FinSec warning, Hot Topic attacks
17 billion personal records exposed in data breaches in 2023 U.S. Treasury warns financial sector about AI cybersecurity threats Retail chain Hot Topic hit by new credential stuffing attacks Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis ’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, March 28, 2024
Zero-day rise, SharePoint vulnerability, Facebook sniffs app traffic
Spyware fuels rise in zero-day exploits CISA warns about Microsoft SharePoint vulnerability Facebook snooped on encrypted Snapchat traffic Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis ’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries .
Wed, March 27, 2024
APT31 targets families, UK newspaper attacked, Apple MFA bombing
APT31 targeting family members to surveil targets Ransomware gang attacks UK newspaper supporting the homeless MFA bombing attacks target Apple users Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis ’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries . For the stories behind the headlines, visit CISOseries.com .
Tue, March 26, 2024
EU targets tech giants, China bans US tech, US cyber force
EU targets tech giants with DMA China starts US tech ban in government Think tank calls for US military cyber service Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis ’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries .
Mon, March 25, 2024
New Kimsuky technique, KDE Linux warning, Atlassian critical flaws
Kimsuky turns to compiled HTML Help files for cyberattacks KDE issues warning after theme wipes Linux user’s files Critical flaw in Atlassian Bamboo data center and server must be fixed immediately Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis ’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, March 22, 2024
Week in Review: McDonald’s outage explained, SIM swap fraud, spyware agreement support
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, Vanta Managing the requirements for modern security programs is increasingly challenging. Vanta’s trust management platform helps you quickly assess risk, streamline security reviews, and automate compliance for SOC 2, ISO 27001, HIPAA, and more. Plus, you can save time by completing security questionnaires with Vanta AI. Join over 7,000 global companies that use Vanta to automate evidence collection, unify risk management, and secure customer trust. To learn more, go to vanta.com/ciso All links and the video of this episode can be found on CISO Series.com
Fri, March 22, 2024
Microsoft Server crashes, npm package discrepancies, Nemesis marketplace raided
Microsoft confirms Windows Server issue behind domain controller crashes Over 800 npm packages found with discrepancies Nemesis darknet marketplace raided in Germany-led operation Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Thu, March 21, 2024
Water task force, Loop DoS attacks, GitHub vulnerability fixer
US plans Water Sector Cybersecurity Task Force Loop DoS attack exploits the infinite regress of UDP GitHub tool uses AI to fix vulnerabilities Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Wed, March 20, 2024
Mid-stream ESports hack, System glitch costs millions, LockBit reemerges with vengeance
Mid-stream hack postpones ESports league Bank loses $40 million after “systems glitch” LockBit reemerges with vengeance Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Tue, March 19, 2024
Change Healthcare payout, FTC probe into Reddit, Japanese tech giant breached
UnitedHealth fronts over $2 billion in recovery efforts Spyware agreement gains more international support FTC probes Reddit's AI data licensing ahead of IPO Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Mon, March 18, 2024
McDonald’s outage update, Chrome URL protection, Birmingham Alabama outage
Global McDonald’s outage blamed on third-party vendor, not cyberattack Google adds real-Time URL protection for Chrome Network outages hit Birmingham Alabama Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Fri, March 15, 2024
Week in Review: Russian Microsoft exfiltration, JetBrains Rapid7 feud, Change Healthcare fallout
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Alexandra Landegger , Executive Director and CISO Collins Aerospace Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
Fri, March 15, 2024
Change Healthcare fallout, Fortinet SQL warning, Yacht company breach
Change Healthcare - AHA asks for aid, HHS questions HIPAA compliance Fortinet warns of severe SQLi vulnerability in FortiClientEMS software Yacht company MarineMax announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Thu, March 14, 2024
Gemini vulnerabilities, NYT-OpenAI drama, GitHub leak report
Researchers find vulnerabilities in Gemini New York Times denies it “hacked” OpenAI for lawsuit Leaked GitHub secrets up 28% Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Wed, March 13, 2024
LockBit claims hack, CISA understaffed, US and Russia election concerns
LockBit takes credit for hacking South African pension fund CISA’s OT attack response team understaffed US and Russia accuse each other of potential election cyberattacks Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Tue, March 12, 2024
Roku forces reset, French agencies targeted, Fintech firm taken offline
Roku forces reset after 15,000 accounts compromised French government agencies targeted in “unprecedented” attacks Fintech firm taken offline by ransomware attack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Mon, March 11, 2024
Microsoft breach update, CISA flags JetBrains, ChatGPT creds sale
Microsoft says Russian hackers breached its systems, accessed source code CISA adds JetBrains TeamCity bug to its KEV catalog Over 225,000 compromised ChatGPT credentials for sale Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Fri, March 08, 2024
Week in Review: German Webex gaffe, Google engineer indicted, Cloudflare’s AI firewall
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross , SVP/CISO, Oracle . Also check out David’s travel blog, DavidCrossTravels.com Thanks to our show sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnair
Fri, March 08, 2024
FlipperZero attacks Teslas, Google engineer indicted, PetSmart attack warning
Flipper Zero WiFi attack can unlock and steal Tesla cars Former Google engineer indicted for stealing AI secrets for Chinese companies PetSmart warns customers of credential stuffing attack Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com .
Thu, March 07, 2024
Online fraud hits record losses, states urge Meta to crack down on scammers, Apple issues update for zero-day flaw
Online fraud hits record losses States urge Meta to crack down on scammers Apple issues update for zero-day flaw Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI security review automation software? We’ll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
Wed, March 06, 2024
US cyber strategy update, spyware sanctions, ALPHV exits
US cybersecurity strategy update on the way US Treasury issues first spyware sanctions UK denies responsibility for ALPHV takedown Thanks to today's episode sponsor, Conveyor Conveyor is the only GPT-powered customer trust portal that automates the entire customer security review process — from sharing your security posture and documents in a single portal to automating security questionnaire responses with 90% accuracy so you can fly through any customer security review in minutes. It might sound like every other compliance software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test our market-leading AI in a free proof of concept at www.conveyor.com
Tue, March 05, 2024
North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers
North Korea targets semiconductor industry ALPHV infrastructure goes dark China to offer computing vouchers to AI startups Thanks to today's episode sponsor, Conveyor AI is getting pretty smart so you shouldn’t settle for mediocre security questionnaire automation software that only generates the right answer 20 to 50 percent of the time or have to wait a day for the vendor’s team to check the answers. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy reducing time spent on security reviews by 80%, but now also autofills in OneTrust portal questionnaires with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan.
Mon, March 04, 2024
NSO code verdict, Change Healthcare fallout, law firm breach
NSO Group to ordered to give Pegasus code to WhatsApp Change Healthcare confirms BlackCat, Schumer asks for aid Law firm announces data breach affecting 325,000 people Thanks to today's episode sponsor, Conveyor We’ve got a returning sponsor this week – Conveyor . They’re the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that their AI is better than the rest. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com .
Fri, March 01, 2024
Week in Review: GenAI BEC explodes, NIST updates framework, vending machine gaffe
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Russ Ayres , SVP of Cyber & Deputy CISO, Equifax Thanks to our show sponsor, Egress People are the biggest risk to your organization’s security, and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. <span lang="EN-US" style
Fri, March 01, 2024
Cencora pharma breach, Gen-AI explodes BEC, Chinese doorbell warning
Pharma giant Cencora announces data breach GenAI drives surge in BEC attacks Popular video doorbell easy hijacked Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com .
Thu, February 29, 2024
EO limits PII, Australia's espionage struggle, Lazarus zero-day
Biden signs order limiting the sale of personal data Australia claims its seeing unprecedented “foreign interference” Lazarus Group targeting Windows and PyPi Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
Wed, February 28, 2024
NIST framework 2.0, Optum linked to BlackCat, ScreenConnect exploitations continue
NIST releases cybersecurity framework 2.0 Optum attack linked to BlackCat ransomware ScreenConnect exploitations continue Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
Tue, February 27, 2024
Cyber Security Headlines: SVR tactics, brand spamming, steel giant cyberattack
SolarWinds attackers changing tactics Brand domains used in spam operation Steel giant hit with cyberattack Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
Mon, February 26, 2024
Police taunt LockBit, PayPal’s cookie patent, vending machine controversy
British police taunt LockBit administrator PayPal files patent for new stolen cookies detector Vending machine crash reveals face recognition tech Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com .
Fri, February 23, 2024
Week in Review: LockBit gets bitten, airline bot gaffe, exploding car keys
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Thom Langford , CISO, Velonetic Thanks to our show sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, we’ve been talking about it all week. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All links and the video of this episode can be found on CISO Series.com
Fri, February 23, 2024
LockBit’s thwarted upgrade, AT&T’s massive outage, Change Healthcare cyberattack
LockBit was building next gen encryptor before takedown Thousands of wireless customers suffer outage Prescription delays due to Change Healthcare cyberattack Thanks to today's episode sponsor, Conveyor Conveyor , the security questionnaire automation software one of their customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded our browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
Thu, February 22, 2024
LockBit gang doesn’t keep its word, the LockBit bounty, White House tackles U.S. maritime threats
Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI can now autofill OneTrust security questionnaires in one-click? Well, we’ll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept by booking a demo at www.conveyor.com . And mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
Wed, February 21, 2024
LockBit update, Signal usernames, NSA Cyber Director retires
LockBit takedown update Signal now lets users keep phone numbers private NSA Cybersecurity Director Rob Joyce to retire Thanks to today's episode sponsor, Conveyor No more portal scaries. Conveyor just launched AI autofill of OneTrust portal questionnaires. That means no more clicking question-by-question to copy-paste each answer when a customer sends you a OneTrust security questionnaire. Conveyor’s AI will read and autofill the whole page for you. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
Tue, February 20, 2024
LockBit disrupted, Cactus leaks Schneider data, ALPHV claims financial attacks
LockBit disrupted by global police operation Cactus leaks Schneider Electric data on dark web ALPHV gang takes credit for LoanDepot, Prudential attacks Thanks to today's episode sponsor, Conveyor Conveyor , the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded their browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
Mon, February 19, 2024
Chrome protects home, Zeus mastermind guilty, airline chatbot gaffe
Google Chrome feature blocks attacks against home networks Mastermind behind Zeus and IcedID malware pleads guilty Air Canada must honor refund invented by its chatbot, says court Thanks to today's episode sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, you heard us right. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com . Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
Fri, February 16, 2024
Week in Review: LLMs improve cyberattacks, Rhysida gets decrypted, US Blackcat bounty
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Trina Ford , CISO, iHeartMedia Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
Fri, February 16, 2024
Microsoft zero-day warning, Neuberger addresses Munich, trojan steals faces
Microsoft warns of new Exchange Server zero-day Neuberger: Pace of ransomware takedown operations isn’t enough Gold Pickaxe malware steals your face Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Thu, February 15, 2024
Trans-Northern breach, malicious LLM usage, massive email leak
Trans-Northern Pipelines confirms cyberattack Threat actors using LLMs to improve cyberattacks Email provider published internal emails in plain text Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Wed, February 14, 2024
February 14, 2024
Prudential Financial data breached in cyberattack Facebook Marketplace user records leaked on hacking forum Bank of America customers at risk after third party breach Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Tue, February 13, 2024
Repository framework, Romanian healthcare attack, Ivanti backdoored
CISA releases repository security framework Ransomware takes down Romanian healthcare management system Ivanti flaw used to deploy backdoor Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Mon, February 12, 2024
Raspberry Robin warning, Hyundai ransomware attack, Cisco job cuts
Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Fri, February 09, 2024
Week in Review: Volt Typhoon warning, Cloudflare’s nation-state breach, $25 million deepfake
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Doug Mayer , vp, CISO, WCG Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
Fri, February 09, 2024
Volt Typhoon warning, Cisco fixes Expressway, credit union theft
CISA, FBI issue sobering warning about Volt Typhoon Cisco fixes critical Expressway flaws 3 million records from thousands of credit unions exposed Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Thu, February 08, 2024
CISA collaboration challenges, Iran's cyber efforts, ransomware's $1 billion
CISA collaboration initiative on thin ice Iran focusing cyber efforts Ransomware payments cross $1 billion in 2023 Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Wed, February 07, 2024
United front against spyware, spyware to blame for most Google zero-days, insider data breach hits Verizon
Tech giants and world govs unite to tackle spyware threats Spyware vendors to blame for most Google zero-days Insider data breach hits almost half of Verizon’s employee base Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
Tue, February 06, 2024
Spoutible API Leak, Fake IDs at scale, Sudo Windows
Spoutible API vulnerability leaks user data Illicit service cranks out fake IDs Sudo coming to Windows Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Mon, February 05, 2024
Cloudflare announces breach, AnyDesk announces breach, Children’s hospital attacked
Cloudflare announces nation-state level breach AnyDesk says hackers breached production servers, reset passwords Chicago children’s hospital announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com .
Fri, February 02, 2024
Week in Review: Microsoft email explanation, Brazilian banking trojan, Mercedes GitHub error
Link to blog post Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mary Rose Martinez , vp, CISO Marathon Petroleum Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
Fri, February 02, 2024
FBI Director’s warning, Apple flaw warning, Pentagon supplier breach
FBI director warns of Chinese hacker threat to U.S. critical infrastructure CISA warns of exploited Apple flaw Pentagon Intelligence supplier allegedly hacked Thanks to today's episode sponsor, Vanta <img src= "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAABkCAYAAABaQU4jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAFd5SURBVHgB7Z0HfFRFF8VPei+Q0HvvVUAQQRABUUCKgAooWLAr8KEoIjYEERUEQQWRriAdpIMgvUvvvddACOnJ5pszu7O8LLupGyBh/v7WZPfNmzfzdsmcvffOvS63OndOgkaj0WiyHZ5dusDjySeh0WjuP1yh0Wg0mmxJ3JQpSDxwABqN5v5DCyyNRqPJxsT9+iuSrlyBRqO5v9ACS6PRaLIxpqtXETN8OJKioqDRaO4ftMDSaDSabI7p1ClpydJoNPcPWmBpNBpNDiBh+3bEjhkDjUZzf6AFlkaj0eQQEtasQdzs2dBoNPceLbA0Go0mBxEvBFbc5MnQaDT3Fi2wNBqNJocRv3QpYocN04HvGs09RAssjUajyYEwJiumXz+dwkGjuUdogaXRaDQ5FJnC4euv5S5DjUZzd3HRpXI0Go0m5+PRrh08xUPz4BITFYtDe09gx8Z92Lj6P5w8fBZXL4ch8hZdyS4ICPRDnvwhyF84FLXrV0XdxtVQuWY5eHp5QJN+tMDSaDSaBwS3ChXg1aMHXPLkgebB4drl65gzZRnmTl2BI/tOwpRksh4zJSWhQvVSSExIxJG9J+Hi4mI95uLiivJVSqJlh8bo9NrTCMoVAE3a0QJLo9FoHiBcfH2lNUsXic75JMQnYNKouRjz/TQpskiSEFT8r0SZwlJM0Xo1d/0oBAT5om7x5xCcKxC+/t44dui0EF0muLqYI4lC8uTCyz2fxfM9WklLlyZ1tMDSaDSaBxDX0FB4dOkC91q1oMl5nDt5Ef/rNhhlKxeDX6Avrl65gcAgP5SvXBIFi+TF6RPnUaBIPnz/2TgMHtULbm6u6P3KN/hkyFu4dP4q8uQLwfkzF3Fgz3FERceiQMFQXL14HccPnMO34/uiaMkC0KSMFlgajUbzAOMq3IaMzaL7UJMzWL9iO3q/OBhh166jcMn8+GvlMEwbvxD7/juK44fP4MSRc0hKTELdRtVQr1ENnD11AblDguHt74VVCzdh99bDSHJJQrHShVCmQjHUrFsBLdo0RI+On+HYvtPIlTsIP/7xKeo1rgGNY9z6Va36OTQajUbzQJJ09SpMBw9KSxbdh5rszayJS/Be568QFRUN/yAf9B3UA2tXbUMuIaCqP1wRPt5eMt7qorBS5c4XhFLliuLmjUj4BXjDw9sTe7YfQtiVcFSoVgqPNKqOxk/VhZu7O/btPIK6j1XH+lX/4dbNSCye+S9yhwaj8kNlobGPtmBpNBrNAwxFlc+gQXARLkNN9mbT6p14/dlPERURhVwFgjB8fD98//nv2LXxIExIQp78uVHn0Spo1vpReHi4wV+4Dlcv3SraRyMkbzASRat6DashNjoecbHxWDBrFf7bsB9hl28gwWRCk9Z10bRlfQzpNxY3r90Cdx6Omv45mrV5FPeSmzduYcX8ddi0ZjcO7jqKs6cvIkKIRhIQ7IfCRfOjUPH8qCPm1rR1fRQulh93Ay2wNBqN5gHGq1cvuD/0EB5EEoQlZ9+OI9gorDKb/t2JE4fOIPJWNKKF9SchIQGurm7w9vGWQd/FhbuM7rTaDaqiUo0yUpzcT5w7fQnPPvI2rl65jtACwfhixPv47L0RuHI+LNnOQImLWXi4u7nJ+T7zXBMpsH4fMQt+/j5yl2H4dSGgTHdep3z1kni1Zwf0f3s4YiJjERgUgBnrRqJk2SK422wW79mIgZNwYPdRq6BKCxRa7V5sjvZdmyMr0QJLo9FoHlC8GOT+AO4mpHVm2m9/Y+6U5Ti8/yRiY2Ll69xhlyj+kwrE/Ir83Q2uVpHCXXXFSxdGy+ceR6dXnkLeAiG418TFxeP1Np9g3crtcPN0w6dD38TIwVNw7eINu+3FNBEcEoC8BXPLe8GcVyF5g7Bk9lq4e7nh4pmruBUedacwg/kela5cDK07Po4fv5oEU4IJFaqWxsx1P921fFlnT13E131GCavVBmSGQsXyYcryH7LMoqUFlkaj0TyAMLDd4wFMPMrYoV+//RP7hCuJAorWmoBc/mj8ZB1Ur10BRUsVhH+Ar7BeucpYpRvXI3Bg1zHs3LJfPA5Kd5Q5dYEL8hcMRc/PuuGZLk/A3d0d94rZE5egb4/vhPgx4fUPOmLHlgPYtmavw/Yh+YIxb8MouHu6w8PdAwtm/gNvTy+0fr4Jwq7ckMLq5Tb9cGj3CbvnU2Q1a1MfUVExWLds
Thu, February 01, 2024
Volt Typhoon takedown, refusing ransoms, Binance's big leak
FBI grounds Volt Typhoon More companies refuse to pay ransoms Binance internal info exposed on GitHub Thanks to today's episode sponsor, Vanta <img src= "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAABkCAYAAABaQU4jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAFd5SURBVHgB7Z0HfFRFF8VPei+Q0HvvVUAQQRABUUCKgAooWLAr8KEoIjYEERUEQQWRriAdpIMgvUvvvddACOnJ5pszu7O8LLupGyBh/v7WZPfNmzfzdsmcvffOvS63OndOgkaj0WiyHZ5dusDjySeh0WjuP1yh0Wg0mmxJ3JQpSDxwABqN5v5DCyyNRqPJxsT9+iuSrlyBRqO5v9ACS6PRaLIxpqtXETN8OJKioqDRaO4ftMDSaDSabI7p1ClpydJoNPcPWmBpNBpNDiBh+3bEjhkDjUZzf6AFlkaj0eQQEtasQdzs2dBoNPceLbA0Go0mBxEvBFbc5MnQaDT3Fi2wNBqNJocRv3QpYocN04HvGs09RAssjUajyYEwJiumXz+dwkGjuUdogaXRaDQ5FJnC4euv5S5DjUZzd3HRpXI0Go0m5+PRrh08xUPz4BITFYtDe09gx8Z92Lj6P5w8fBZXL4ch8hZdyS4ICPRDnvwhyF84FLXrV0XdxtVQuWY5eHp5QJN+tMDSaDSaBwS3ChXg1aMHXPLkgebB4drl65gzZRnmTl2BI/tOwpRksh4zJSWhQvVSSExIxJG9J+Hi4mI95uLiivJVSqJlh8bo9NrTCMoVAE3a0QJLo9FoHiBcfH2lNUsXic75JMQnYNKouRjz/TQpskiSEFT8r0SZwlJM0Xo1d/0oBAT5om7x5xCcKxC+/t44dui0EF0muLqYI4lC8uTCyz2fxfM9WklLlyZ1tMDSaDSaBxDX0FB4dOkC91q1oMl5nDt5Ef/rNhhlKxeDX6Avrl65gcAgP5SvXBIFi+TF6RPnUaBIPnz/2TgMHtULbm6u6P3KN/hkyFu4dP4q8uQLwfkzF3Fgz3FERceiQMFQXL14HccPnMO34/uiaMkC0KSMFlgajUbzAOMq3IaMzaL7UJMzWL9iO3q/OBhh166jcMn8+GvlMEwbvxD7/juK44fP4MSRc0hKTELdRtVQr1ENnD11AblDguHt74VVCzdh99bDSHJJQrHShVCmQjHUrFsBLdo0RI+On+HYvtPIlTsIP/7xKeo1rgGNY9z6Va36OTQajUbzQJJ09SpMBw9KSxbdh5rszayJS/Be568QFRUN/yAf9B3UA2tXbUMuIaCqP1wRPt5eMt7qorBS5c4XhFLliuLmjUj4BXjDw9sTe7YfQtiVcFSoVgqPNKqOxk/VhZu7O/btPIK6j1XH+lX/4dbNSCye+S9yhwaj8kNlobGPtmBpNBrNAwxFlc+gQXARLkNN9mbT6p14/dlPERURhVwFgjB8fD98//nv2LXxIExIQp78uVHn0Spo1vpReHi4wV+4Dlcv3SraRyMkbzASRat6DashNjoecbHxWDBrFf7bsB9hl28gwWRCk9Z10bRlfQzpNxY3r90Cdx6Omv45mrV5FPeSmzduYcX8ddi0ZjcO7jqKs6cvIkKIRhIQ7IfCRfOjUPH8qCPm1rR1fRQulh93Ay2wNBqN5gHGq1cvuD/0EB5EEoQlZ9+OI9gorDKb/t2JE4fOIPJWNKKF9SchIQGurm7w9vGWQd/FhbuM7rTaDaqiUo0yUpzcT5w7fQnPPvI2rl65jtACwfhixPv47L0RuHI+LNnOQImLWXi4u7nJ+T7zXBMpsH4fMQt+/j5yl2H4dSGgTHdep3z1kni1Zwf0f3s4YiJjERgUgBnrRqJk2SK422wW79mIgZNwYPdRq6BKCxRa7V5sjvZdmyMr0QJLo9FoHlC8GOT+AO4mpHVm2m9/Y+6U5Ti8/yRiY2Ll69xhlyj+kwrE/Ir83Q2uVpHCXXXFSxdGy+ceR6dXnkLeAiG418TFxeP1Np9g3crtcPN0w6dD38TIwVNw7eINu+3FNBEcEoC8BXPLe8GcVyF5g7Bk9lq4e7nh4pmruBUedacwg/kela5cDK07Po4fv5oEU4IJFaqWxsx1P921fFlnT13E131GCavVBmSGQsXyYcryH7LMoqUFlkaj0TyAMLDd4wFMPMrYoV+//RP7hCuJAorWmoBc/mj8ZB1Ur10BRUsVhH+Ar7BeucpYpRvXI3Bg1zHs3LJfPA5Kd5Q5dYEL8hcMRc/PuuGZLk/A3d0d94rZE5egb4/vhPgx4fUPOmLHlgPYtmavw/Yh+YIxb8MouHu6w8PdAwtm/gNvTy+0fr4Jwq7ckMLq5Tb9cGj3CbvnU2Q1a1MfUVExWLdsu7xXQ3//CM+88ASymuXz16Pva0PSZbFKjXf7v4j3Pn0JzkYLrByE1+uvw71BA/k7y2MkHjgAZ8LkhNm9rpkK4s1pRXA5L13YV5NWHkRxRWHUr8f3WDpvjXzu6u6Cxi3r4rluLVGmQlEpuGZOXowTh8/i2qVwJMQnwtPbHfkKhaJsleJ4o/cL8PX1xu4dhzD557nYvl4ImCSzhaeisOCMmDYAxUoVwt0mMiIKzSp3x+WLVxGY2x8t2jXAtLGL7FqfFDXrV0Lvz1+SaRlqPlxJZnhPFPMNDg3E6hVbMWzcx5g9aSkWzVjjsI+EpER8PKgHfh46DbeE2ClUNB/+WjMy
Wed, January 31, 2024
Mercedes-Benz leak, Juniper Networks patch, ZLoader is back
Mercedes-Benz exposes sensitive data, source code Juniper Networks issues out-of-band fix for high severity flaws New ZLoader malware, now with 64-bit Windows compatibility Thanks to today's episode sponsor, Vanta <img src= "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAABkCAYAAABaQU4jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAFd5SURBVHgB7Z0HfFRFF8VPei+Q0HvvVUAQQRABUUCKgAooWLAr8KEoIjYEERUEQQWRriAdpIMgvUvvvddACOnJ5pszu7O8LLupGyBh/v7WZPfNmzfzdsmcvffOvS63OndOgkaj0WiyHZ5dusDjySeh0WjuP1yh0Wg0mmxJ3JQpSDxwABqN5v5DCyyNRqPJxsT9+iuSrlyBRqO5v9ACS6PRaLIxpqtXETN8OJKioqDRaO4ftMDSaDSabI7p1ClpydJoNPcPWmBpNBpNDiBh+3bEjhkDjUZzf6AFlkaj0eQQEtasQdzs2dBoNPceLbA0Go0mBxEvBFbc5MnQaDT3Fi2wNBqNJocRv3QpYocN04HvGs09RAssjUajyYEwJiumXz+dwkGjuUdogaXRaDQ5FJnC4euv5S5DjUZzd3HRpXI0Go0m5+PRrh08xUPz4BITFYtDe09gx8Z92Lj6P5w8fBZXL4ch8hZdyS4ICPRDnvwhyF84FLXrV0XdxtVQuWY5eHp5QJN+tMDSaDSaBwS3ChXg1aMHXPLkgebB4drl65gzZRnmTl2BI/tOwpRksh4zJSWhQvVSSExIxJG9J+Hi4mI95uLiivJVSqJlh8bo9NrTCMoVAE3a0QJLo9FoHiBcfH2lNUsXic75JMQnYNKouRjz/TQpskiSEFT8r0SZwlJM0Xo1d/0oBAT5om7x5xCcKxC+/t44dui0EF0muLqYI4lC8uTCyz2fxfM9WklLlyZ1tMDSaDSaBxDX0FB4dOkC91q1oMl5nDt5Ef/rNhhlKxeDX6Avrl65gcAgP5SvXBIFi+TF6RPnUaBIPnz/2TgMHtULbm6u6P3KN/hkyFu4dP4q8uQLwfkzF3Fgz3FERceiQMFQXL14HccPnMO34/uiaMkC0KSMFlgajUbzAOMq3IaMzaL7UJMzWL9iO3q/OBhh166jcMn8+GvlMEwbvxD7/juK44fP4MSRc0hKTELdRtVQr1ENnD11AblDguHt74VVCzdh99bDSHJJQrHShVCmQjHUrFsBLdo0RI+On+HYvtPIlTsIP/7xKeo1rgGNY9z6Va36OTQajUbzQJJ09SpMBw9KSxbdh5rszayJS/Be568QFRUN/yAf9B3UA2tXbUMuIaCqP1wRPt5eMt7qorBS5c4XhFLliuLmjUj4BXjDw9sTe7YfQtiVcFSoVgqPNKqOxk/VhZu7O/btPIK6j1XH+lX/4dbNSCye+S9yhwaj8kNlobGPtmBpNBrNAwxFlc+gQXARLkNN9mbT6p14/dlPERURhVwFgjB8fD98//nv2LXxIExIQp78uVHn0Spo1vpReHi4wV+4Dlcv3SraRyMkbzASRat6DashNjoecbHxWDBrFf7bsB9hl28gwWRCk9Z10bRlfQzpNxY3r90Cdx6Omv45mrV5FPeSmzduYcX8ddi0ZjcO7jqKs6cvIkKIRhIQ7IfCRfOjUPH8qCPm1rR1fRQulh93Ay2wNBqN5gHGq1cvuD/0EB5EEoQlZ9+OI9gorDKb/t2JE4fOIPJWNKKF9SchIQGurm7w9vGWQd/FhbuM7rTaDaqiUo0yUpzcT5w7fQnPPvI2rl65jtACwfhixPv47L0RuHI+LNnOQImLWXi4u7nJ+T7zXBMpsH4fMQt+/j5yl2H4dSGgTHdep3z1kni1Zwf0f3s4YiJjERgUgBnrRqJk2SK422wW79mIgZNwYPdRq6BKCxRa7V5sjvZdmyMr0QJLo9FoHlC8GOT+AO4mpHVm2m9/Y+6U5Ti8/yRiY2Ll69xhlyj+kwrE/Ir83Q2uVpHCXXXFSxdGy+ceR6dXnkLeAiG418TFxeP1Np9g3crtcPN0w6dD38TIwVNw7eINu+3FNBEcEoC8BXPLe8GcVyF5g7Bk9lq4e7nh4pmruBUedacwg/kela5cDK07Po4fv5oEU4IJFaqWxsx1P921fFlnT13E131GCavVBmSGQsXyYcryH7LMoqUFlkaj0TyAMLDd4wFMPMrYoV+//RP7hCuJAorWmoBc/mj8ZB1Ur10BRUsVhH+Ar7BeucpYpRvXI3Bg1zHs3LJfPA5Kd5Q5dYEL8hcMRc/PuuGZLk/A3d0d94rZE5egb4/vhPgx4fUPOmLHlgPYtmavw/Yh+YIxb8MouHu6w8PdAwtm/gNvTy+0fr4Jwq7ckMLq5Tb9cGj3CbvnU2
Tue, January 30, 2024
Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your data
Microsoft takes another hit Energy giant hit by ransomware The NSA is secretly buying your data Thanks to today's episode sponsor, Vanta <img src= "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAlgAAABkCAYAAABaQU4jAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAFd5SURBVHgB7Z0HfFRFF8VPei+Q0HvvVUAQQRABUUCKgAooWLAr8KEoIjYEERUEQQWRriAdpIMgvUvvvddACOnJ5pszu7O8LLupGyBh/v7WZPfNmzfzdsmcvffOvS63OndOgkaj0WiyHZ5dusDjySeh0WjuP1yh0Wg0mmxJ3JQpSDxwABqN5v5DCyyNRqPJxsT9+iuSrlyBRqO5v9ACS6PRaLIxpqtXETN8OJKioqDRaO4ftMDSaDSabI7p1ClpydJoNPcPWmBpNBpNDiBh+3bEjhkDjUZzf6AFlkaj0eQQEtasQdzs2dBoNPceLbA0Go0mBxEvBFbc5MnQaDT3Fi2wNBqNJocRv3QpYocN04HvGs09RAssjUajyYEwJiumXz+dwkGjuUdogaXRaDQ5FJnC4euv5S5DjUZzd3HRpXI0Go0m5+PRrh08xUPz4BITFYtDe09gx8Z92Lj6P5w8fBZXL4ch8hZdyS4ICPRDnvwhyF84FLXrV0XdxtVQuWY5eHp5QJN+tMDSaDSaBwS3ChXg1aMHXPLkgebB4drl65gzZRnmTl2BI/tOwpRksh4zJSWhQvVSSExIxJG9J+Hi4mI95uLiivJVSqJlh8bo9NrTCMoVAE3a0QJLo9FoHiBcfH2lNUsXic75JMQnYNKouRjz/TQpskiSEFT8r0SZwlJM0Xo1d/0oBAT5om7x5xCcKxC+/t44dui0EF0muLqYI4lC8uTCyz2fxfM9WklLlyZ1tMDSaDSaBxDX0FB4dOkC91q1oMl5nDt5Ef/rNhhlKxeDX6Avrl65gcAgP5SvXBIFi+TF6RPnUaBIPnz/2TgMHtULbm6u6P3KN/hkyFu4dP4q8uQLwfkzF3Fgz3FERceiQMFQXL14HccPnMO34/uiaMkC0KSMFlgajUbzAOMq3IaMzaL7UJMzWL9iO3q/OBhh166jcMn8+GvlMEwbvxD7/juK44fP4MSRc0hKTELdRtVQr1ENnD11AblDguHt74VVCzdh99bDSHJJQrHShVCmQjHUrFsBLdo0RI+On+HYvtPIlTsIP/7xKeo1rgGNY9z6Va36OTQajUbzQJJ09SpMBw9KSxbdh5rszayJS/Be568QFRUN/yAf9B3UA2tXbUMuIaCqP1wRPt5eMt7qorBS5c4XhFLliuLmjUj4BXjDw9sTe7YfQtiVcFSoVgqPNKqOxk/VhZu7O/btPIK6j1XH+lX/4dbNSCye+S9yhwaj8kNlobGPtmBpNBrNAwxFlc+gQXARLkNN9mbT6p14/dlPERURhVwFgjB8fD98//nv2LXxIExIQp78uVHn0Spo1vpReHi4wV+4Dlcv3SraRyMkbzASRat6DashNjoecbHxWDBrFf7bsB9hl28gwWRCk9Z10bRlfQzpNxY3r90Cdx6Omv45mrV5FPeSmzduYcX8ddi0ZjcO7jqKs6cvIkKIRhIQ7IfCRfOjUPH8qCPm1rR1fRQulh93Ay2wNBqN5gHGq1cvuD/0EB5EEoQlZ9+OI9gorDKb/t2JE4fOIPJWNKKF9SchIQGurm7w9vGWQd/FhbuM7rTaDaqiUo0yUpzcT5w7fQnPPvI2rl65jtACwfhixPv47L0RuHI+LNnOQImLWXi4u7nJ+T7zXBMpsH4fMQt+/j5yl2H4dSGgTHdep3z1kni1Zwf0f3s4YiJjERgUgBnrRqJk2SK422wW79mIgZNwYPdRq6BKCxRa7V5sjvZdmyMr0QJLo9FoHlC8GOT+AO4mpHVm2m9/Y+6U5Ti8/yRiY2Ll69xhlyj+kwrE/Ir83Q2uVpHCXXXFSxdGy+ceR6dXnkLeAiG418TFxeP1Np9g3crtcPN0w6dD38TIwVNw7eINu+3FNBEcEoC8BXPLe8GcVyF5g7Bk9lq4e7nh4pmruBUedacwg/kela5cDK07Po4fv5oEU4IJFaqWxsx1P921fFlnT13E131GCavVBmSGQsXyYcryH7LMoqUFlkaj0TyAMLDd4wFMPMrYoV+//RP7hCuJAorWmoBc/mj8ZB1Ur10BRUsVhH+Ar7BeucpYpRvXI3Bg1zHs3LJfPA5Kd5Q5dYEL8hcMRc/PuuGZLk/A3d0d94rZE5egb4/vhPgx4fUPOmLHlgPYtmavw/Yh+YIxb8MouHu6w8PdAwtm/gNvTy+0fr4Jwq7ckMLq5Tb9cGj3CbvnU2Q1a1MfUVExWLdsu7xXQ3//CM+88ASymuXz16Pva0PSZbFKjXf7v4j3Pn0JzkYLrByE1+uvw71BA/k7y2MkHjgAZ8LkhNm9rpkK4s1pRXA5L13YV5NWHkRxRWHUr8f3WDpvjXzu6u6Cxi3r4rluLVGmQlEpuGZOXowTh8/i2qVwJMQnwtPbHfkKhaJsleJ4o/cL8PX1xu4dhzD557nYvl4ImCSzhaeisOCMmDYAxUoVwt0mMiIKzSp3x+WLVxGY2x8t2jXAtLGL7FqfFDXrV0Lvz1+SaRlqPlxJZnhPFPMNDg3E6hVbMWzcx5g9aSkWzVjjsI+EpER8PKgHfh46DbeE2ClUNB/+WjMySy16I76aiJHCJZgVtBPuwiG/fQhnomsR5hBchfihuFKLrDP/eHLx9v7kE3i0bYvsjHvDhvAZPhzIYTuluFh69+8Pj
Mon, January 29, 2024
Jenkins patch alert, Cisco flaw alert, Russia’s intel wiped
Urgent patch alert for Jenkins Cisco flaw exposes Unified Comms systems Pro-Ukraine hackers wipe 2 petabytes of data from Russian intelligence center Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Fri, January 26, 2024
Week in Review: TeamViewer still abused, ransomware’s hidden costs, X supports passkeys
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Kelley , vp, CISO, The E.W. Scripps Company and partner, OTAWireless.com . Thanks to our show sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com . All links and the video of this episode can be found on CISO Series.com
Fri, January 26, 2024
Hewlett Packard breach, exposed API study, Ukraine infrastructure attacks
Hewlett Packard Enterprise (HPE) attacked through Microsoft 365 email system Study reveals 18,000 exposed API secrets, including $20 million in vulnerable Stripe tokens Ukrainian energy, postal, and transportation services hit by cyberattacks Thanks to today's episode sponsor, Conveyor Conveyor , the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, January 25, 2024
EquiLend offline, AI fueling ransomware, "mother of all breaches"
Cyberattack knocks EquiLend offline Brits warn of the AI impact on ransomware Data leak claims to hold over 26 billion records Thanks to today's episode sponsor, Conveyor Conveyor , the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. How? Conveyor’s AI can now use uploaded security documents like a SOC 2 or security policy document to auto-generate precise answers to entire security questionnaires in seconds. You can test the AI in a free proof of concept at www.conveyor.com .
Wed, January 24, 2024
CISA boss swatted, Subway investigates LockBit, Australia sanctions hacker
CISA boss targeted in “harrowing” swatting attack Subway puts a LockBit investigation on the menu Australia sanctions REvil hacker behind Medibank data breach Thanks to today's episode sponsor, Conveyor Ever wish AI could auto-generate answers to security questionnaires for you just based on your SOC 2 or other documents? Spoiler alert - it can and you can now try it for free with Conveyor’s AI security questionnaire automation software. Set up takes a few seconds. Get a free Conveyor account and simply upload your security documents. Then, upload a new questionnaire to see AI generate answers in seconds based on your documents. Try a free proof of concept today at www.conveyor.com . For the stories behind the headlines, visit CISOseries.co m.
Tue, January 23, 2024
Thailand's data leak, CISA's Ivanti order, security funding drips
Thailand court attempts to suppress data leak CISA issues emergency directive on Ivanti zero-days Cybersecurity startup funding down 50% Huge thanks to our episode sponsor, Conveyor What’s worse than a last minute security questionnaire in your inbox? Having to maintain a thousand question and answer pairs to use to respond to a questionnaire. Now, Conveyor’s AI security questionnaire automation software can use security documents like a SOC 2 and a pared down question and answer bank to auto-generate precise answers to entire questionnaires in seconds. Try a free proof of concept today at www.conveyor.com .
Mon, January 22, 2024
Russia Microsoft breach, JPMorganChase hacking increase, TeamViewer still abused
Russian hackers breach Microsoft executive emails to learn about themselves JPMorgan Chase says hacking attempts are increasing TeamViewer still being abused to breach networks in new ransomware attacks Thanks to today's episode sponsor, Conveyor AI can now literally answer any question in seconds, yet infosec teams are still in a living nightmare manually filling out questionnaires. Conveyor AI’s can now use your uploaded security documents to auto-generate precise answers to entire questionnaires. The software one of our customers dubbed “my favorite security tool of the year” in 2023 has gotten even better and it takes just minutes to get started. Try a free proof of concept at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Fri, January 19, 2024
Week in Review: SEC X breach, pwned highlights leak, Kyivstar attack cost
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jerich Beason , CISO, WM Thanks to our show sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines . All links and the video of this episode can be found on CISO Series.com
Fri, January 19, 2024
Atlassian Jira outage, iPhone spyware solution, Russia’s Europe espionage
Atlassian outage briefly affected multiple cloud services iShutdown helps discover spyware on iPhones Russian state hackers COLDRIVER deploy malware in European espionage campaign Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines . For the stories behind the headlines, head to CISOseries.com .
Thu, January 18, 2024
Drone threats, PixieFail firmware, HIBP dataset
Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds “statistically significant” data leak Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines .
Wed, January 17, 2024
Google patches zero-day, Citrix zero-day warning, Phemedrone stealer warning
Google patches first Chrome zero-day vulnerability of the year Urgent warning from Citrix to patch two zero-day vulnerabilities New malware strain persists despite patch Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines .
Tue, January 16, 2024
VPN blocks, OpenAI election tools, Calvia ransomware attack
Turkey blocks some VPNs OpenAI publishes election guidance Spanish municipality faces stiff ransomware demand Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines .
Mon, January 15, 2024
Water nonprofit targeted, Denmark energy update, SEC X update
Ransomware gang targets clean water nonprofit Denmark energy sector attacks likely not Sandworm after all SEC says X account breach did not lead to further breaches Thanks to our episode sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines . For the stories behind the headlines, head to CISOseries.com .
Fri, January 12, 2024
Week in Review: Merck settles NotPetya, Google accounts hacked, GitHub abuse rises
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Allan Cockriel , Group CISO, Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com </sp
Fri, January 12, 2024
Ivanti zero-day, Akira targets backups, school data exposed
Ivanti VPN hit by zero-days Akira targeting backups Sensitive school data accidentally exposed online Remember to subscribe to the Cyber Security Headlines newsletter here . Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
Thu, January 11, 2024
Texas healthcare breach, enormous Brazil leak, Tortilla decryptor released
Texas healthcare provider suffer data breach Entire population of Brazil possibly exposed in data leak Decryptor for Tortilla ransomware released Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Wed, January 10, 2024
SEC account hack spikes Bitcoin, Mandiant Twitter hijack, China cracks AirDrop
Bitcoin price spikes after SEC Twitter account hijack Twitter account hijack wave affects Mandiant China claims it cracked Apple AirDrop Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Tue, January 09, 2024
google hacked, loanDepot attacked, Netgear compromised
Google accounts hacked: No passwords required loanDepot joins growing list of US mortgage lenders attacked Netgear and Hyundai’s X accounts latest to be compromised in crypto scam Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
Mon, January 08, 2024
Merck settles NotPetya, Pompompurin breaches release, Iranian crypto mistake
Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com .
Fri, January 05, 2024
Week in Review: Hospitals sue cloud, Google settles Incognito, ransomware payment ban
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson , CEO, Nemertes , and podcaster at Heavy Strategy . Thanks to our show sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI’s ASM platform to hone in on what’s actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM All links and the video of this episode can be found on CISO Series.com
Fri, January 05, 2024
Mandiant Twitter hack, breach firm breached, Spanish mobile attacked
Mandiant Twitter account restored after crypto scam hack Law firm that handles data breaches hit by data breach Spanish mobile carrier suffers outage after account takeover Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to CISOseries.com .
Thu, January 04, 2024
Ransomware bans, voice cloning contest, slow data exports
A call for formal ban on ransomware payments FTC asks for ideas to fight voice cloning Cyberattack impacts French township Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.
Wed, January 03, 2024
Google $5 billion suit settled, Orbit Chain loses $80M, FDA cyber agreement
Google settles $5 billion ‘incognito mode’ lawsuit Over $80 million in crypto stolen from Orbit Chain Watchdog calls for updated medical device cyber agreement Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, visit CISOseries.com .
Tue, January 02, 2024
Sweden grocer cyberattack, Black Basta flaw, Boston hospital cyberattack
Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims’ files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to CISOseries.com .
Fri, December 29, 2023
German hospital ransomware, Ohio Lottery attacked, First American update
LockBit hits German hospital system over the holidays Ohio Lottery cyberattack claimed by DragonForce First American says funds are secure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com ! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Thu, December 28, 2023
Barracuda backdoors, undocumented iPhone hardware, NYT sues OpenAI
Threat actors install backdoor on Barracuda appliances iPhone triangulation exploit used undocumented features New York Times starts the publisher LLM lawsuits Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com ! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com .
Wed, December 27, 2023
National Amusements breached, Rockstar game leak, LoanCare parent hacked
CBS and Paramount owner hacked a year ago Rockstar Games allegedly suffers source code leak LoanCare says 1.3 million people affected by cyberattack Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com . Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com .
Tue, December 26, 2023
First American cyberattack, Iran APT campaign, ransomware victims spike
First American suffers cyberattack, website down Iran-linked group targets defense contractors worldwide November saw record numbers of ransomware leak site victims Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions , the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com . That's recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Fri, December 22, 2023
HCL investigates ransomware, Agent Tesla returns, JavaScript bank malware
Indian tech company HCL investigating ransomware attack Agent Tesla and an old Microsoft Office vulnerability create new problems New JavaScript malware targets banks Thanks to today's episode sponsor, Barricade Cyber Solutions Is ransomware affecting your business operations? Contact Barricade Cyber Solutions at recoverfromransomware.com . Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security prevention and recovery. Go to recoverfromransomware.com and set up a time to connect with the team today. Again, that's recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Thu, December 21, 2023
BlackCat is back, CSAM in AI data, ESO breach
BlackCat came back Child abuse images found in AI datasets ESO solutions breach impacts million Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com . Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation with the CEO at recoverfromransomware.com now.
Wed, December 20, 2023
FBI disrupts BlackCat, International operation nabs thousands, Sony data leak
FBI disrupts BlackCat ransomware network International operation arrests thousands of cybercriminals Sony’s video game plans leaked by ransomware group Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com ! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Head over to recoverfromransomware.com to learn more. For the stories behind the headlines, visit CISOseries.com .
Tue, December 19, 2023
Play ransomware warning, QakBot is back, Mr. Cooper hack
Play ransomware is no game The return of QakBot Hacking with Mr. Cooper Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions , the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today.
Mon, December 18, 2023
Box suffers outage, MongoDB suffers breach, States lag in tackling political deepfakes
Box storage platform suffers outage MongoDB suffers breach States lag in tackling political deepfakes Thanks to today's episode sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 businesses cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. All you need to remember is recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Fri, December 15, 2023
Week in Review: Irish water hack, Joe Sullivan speaks, UK ransomware predictions
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron , Chief Business Security Officer, ADP Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing your business MAJOR disruptions? Connect with Barricade Cyber Solutions, the trusted DFIR experts specializing in helping small to medium businesses, like yours, recover from ransomware. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting with advanced recovery services to quickly restore business data and services. Recover from ransomware with Barricade Cyber Solutions at recoverfromransomware.com . All links and the video of this episode can be found on CISO Series.com
Fri, December 15, 2023
Hive banker arrested, train bricking accusations, GambleForce SQL campaign
French police arrest alleged Hive banker Train bricking accusations lead to lawsuit against ethical hackers New Hacker Group ‘GambleForce’ Targets APAC through SQL injection Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization faced a ransomware attack? Keep calm, breathe, and head over to recoverfromransomware.com. Barricade Cyber Solutions is the industry choice for ransomware recovery services that small and medium business leaders can rely on. With a track record of rescuing over 3,000+ businesses like yours in the last 5 years alone, you can trust Barricade Cyber Solutions' elite DFIR team for the recovery of your business' data and systems. Schedule a complimentary consult today at recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Thu, December 14, 2023
UK ransomware report, OAuth abuse, push notification changes
UK ransomware report isn’t pretty MS warns of OAuth abuse Apple discloses pushback to push notification disclosure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com ! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com .
Wed, December 13, 2023
Ukraine telco down, Sullivan advocates for CISOs, GAO on AI
Cyberattack shuts down Ukrainian telco Former Uber CISO advocates for CISO protections GAO report on government AI usage Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com . Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com .
Tue, December 12, 2023
Internet fragmentation, EU AI Act, Lazarus loves Log4Shell
US tries to avoid internet fragmentation EU reaches agreement on AI Act North Korea finds continued success with Log4Shell Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com . That's recoverfromransomware.com .
Mon, December 11, 2023
5G network vulnerability, SLAM affects CPUs, CISA Qlik warning
5G network security vulnerabilities discovered, impacting chipset vendors and smartphones SLAM Spectre-based vulnerability affects CPUs CISA adds Qlik bugs to exploited vulnerabilities catalog Thanks to today's episode sponsor, Barricade Cyber Solutions Caught in a ransomware crisis? Barricade Cyber Solutions is your lifeline for recovery. Trust the industry's experienced DFIR experts, with a track record of saving over 3,000 businesses in the last 5 years. Remember to visit recoverfromransomware.com to connect with Barricade Cyber Solutions' trusted ransomware recovery team. This elite squad moves quickly to restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com .
Fri, December 08, 2023
Week in Review: Credit Union outages, Roblox, Twitch targeted, Nuclear site breached
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andy Ellis , operating partner YL Ventures Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing disruptions? Remember to stay composed and immediately contact Barricade Cyber Solutions, the trusted ransomware recovery experts specializing in small to medium businesses. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting- with advanced recovery services for rapid business restoration. Recover from ransomware with Barricade Cyber Solutions. Visit recoverfromransomware.com to learn more. All links and the video of this episode can be found on CISO Series.com
Fri, December 08, 2023
Aviva cyberattack warning, anti-aircraft data theft, car fleet vulnerability
Insurance firm sees cyberattacks as more likely than fire or theft North Korean hackers steal anti-aircraft system data Vulnerability discovered in fleet management software Huge thanks to our sponsor, Barricade Cyber Solutions Is ransomware affecting your business? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security. Remember recoverfromransomware.com , that’s recoverfromransomware.com . For the stories behind the headlines, head to CISOseries.com .
Thu, December 07, 2023
ICANN lookups, push notification spying, Google's Gemini
Krebs on ICANN Lookups Wyden warns of spying push notifications Google unveils Gemini Huge thanks to our sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com . Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation at recoverfromransomware.com now.
Wed, December 06, 2023
Mexican spyware trial, Breach of ColdFusion vuln, Malicious loan app downloaded 12MM
Spyware trial implicating former Mexican president kicks off Federal agency breached through Adobe ColdFusion vulnerability Malicious loan app downloaded 12 million times from Google Play Huge thanks to our sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Visit recoverfromransomware.com . That's recoverfromransomware.com . For the stories behind the headlines, visit CISOseries.com .
Tue, December 05, 2023
Nuclear site hacked, Iranian water breaches, ChatGPT data leaks
UK nuclear site attacked by state-linked attackers US confirms Iranian actors behind water breaches The infinite regress of ChatGPT data exfiltration Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today. That's recoverfromransomware.com .
Mon, December 04, 2023
Credit Unions outage, Roblox-Twitch extortion, Apple zero-days
Credit unions facing outages due to ransomware attack on cloud provider Roblox, Twitch allegedly targeted by ransomware cartel Apple fixes two new iOS zero-days in emergency updates Huge thanks to our sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 business cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com .
Fri, December 01, 2023
Week in Review: Okta breach expands, Former Uber CISO speaks, OpenAI’s chatbot leak secrets
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon , CIO, KIK Consumer Products Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business and your customers, so you can take action on exposed authentication data to prevent ransomware, session hijacking, account takeover, and online fraud. With knowledge of the specific data criminals have in hand – like credentials, cookies, and PII compromised by breaches and malware infections – security teams have better visibility into the expanding attack surface that puts their organization at risk of cyberattacks and can respond quickly with SpyCloud’s automated solutions. Find out what cybercriminals know about your business by visiting spycloud.com/ciso to get your free exposure report. That’s spycloud.com/ciso . All links and the video of this episode can be found on CISO Series.com
Fri, December 01, 2023
Manufacturing tops extortion, RETVec battles spam, new Zyxel warnings
Manufacturing industry tops cyber extortion trend Google’s RETVec the latest warrior on bad emails Zyxel warns of vulnerabilities in NAS devices Huge thanks to our sponsor, SpyCloud New research from SpyCloud reveals a critical discovery: nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. These infostealers exfiltrate authentication data from infected systems to aid follow-on attacks – everything from passwords to 2FA codes, and even cookies that enable session hijacking without the need for credentials at all. SpyCloud specializes in recapturing and remediating data siphoned from infostealers to protect businesses and their users from cybercrime. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso . For the stories behind the headlines, head to CISOseries.com .
Thu, November 30, 2023
Okta breach expands, JAXA cyberattack, leaky GPTs
All Okta customers exposed in breach JAXA hit by cyberattack OpenAI’s chatbots leak secrets Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso .
Wed, November 29, 2023
Ransomware gang busted in Ukraine, North Texas water utility cyberattack, Former Uber CISO breaks 6-year silence
Ransomware gang busted in Ukraine by international operation North Texas water utility hit with cyberattack Former Uber CISO speaks out after 6-year silence Huge thanks to our sponsor, SpyCloud SpyCloud has discovered that infostealer malware infections are an early warning signal for ransomware. In fact, nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. Are you thinking about infostealers as a precursor to ransomware? SpyCloud believes that knowing what criminals have stolen from your managed, unmanaged and undermanaged infected machines is step one to stopping ransomware attacks. Get SpyCloud’s new research on this topic and check your company’s exposure from malware infections at spycloud.com/ciso . For the stories behind the headlines, visit CISOseries.com .
Tue, November 28, 2023
International AI agreement, water utility attack, Ukraine cyberattack on Russian aviation
International AI agreement PA water utility hit by cyberattack Ukraine claims cyber attack against Russian aviation Huge thanks to our sponsor, SpyCloud Our sponsor today, SpyCloud , wants us to pay attention to a ransomware precursor that’s not being talked about enough: infostealer malware. If you think you’re covered by endpoint protection and anti-virus solutions, think again. The SpyCloud team discovered that the presence of infostealers including Racoon, Vidar, and Redline on machines accessing work applications may indicate a likely future ransomware attack. They believe the first step in thwarting ransomware lies in knowing the data criminals have stolen from malware-infected systems and remediating it quickly. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso .
Mon, November 27, 2023
London & Zurich, Fidelity National Financial attacks, Royal Family’s hospital, Vanderbilt University Med Center attacks, US Nuclear lab and Gulf Air breaches
London & Zurich, and Fidelity National Financial attacks Royal Family’s hospital and Vanderbilt University Med Center suffer cybersecurity incidents Gulf Air exposed to data breach Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to s pycloud.com/ciso .
Wed, November 22, 2023
Cyber exec hacked hospital, ‘Citrix Bleed’ vuln targeted, Binance CEO steps down in $4 billion settlement
Cyber exec admits hacking hospital as a sales tactic ‘Citrix Bleed’ vulnerability targeted by nation-state hackers Binance CEO steps down in $4 billion settlement Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, visit CISOseries.com .
Tue, November 21, 2023
Healthcare hit with MOVEit, malware uses trig, OpenAI shakeup
Healthcare platform impacted by MOVEit Threat actors find a use for trigonometry What’s happening with OpenAI Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
Mon, November 20, 2023
Clorox CISO departure, BlackCat’s SEC complaint, Dudley interim NCD
Clorox CISO departs months after cyberattack ALPHV/BlackCat Ransomware gang files SEC complaint Drenan Dudley acting national cyber director while Coker confirmation process continues Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, head to CISOseries.com
Fri, November 17, 2023
Week in Review: UK Health data shared, SSH keys vulnerable
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jay Wilson , CISO, Insurity Thanks to our show sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. Learn more at Sysdig.com All links and the video of this episode can be found on CISO Series.com
Fri, November 17, 2023
Fortinet Injection bug, Another Samsung breach, government Rhysida warning
Fortinet warns of critical command injection bug in FortiSIEM Another data breach for Samsung Rhysida warning from FBI and CISA Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second. For the stories behind the headlines, head to CISOseries.com .
Thu, November 16, 2023
Microsoft Copilot, YouTube addresses AI uploads, CISA's AI roadmap
Microsoft goes all in on Copilot YouTube’s AI disclosure requirement CISA’s AI Roadmap Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second.
Wed, November 15, 2023
IPStorm botnet dismantled, Social media giants will face child safety lawsuits, Authorities warn of Royal ransom gang threat
IPStorm botnet dismantled after hacker’s guilty plea Federal court rules social media giants must face child safety lawsuits Authorities warn of Royal ransom gang’s activities and rebranding Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second. For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second. For the stories behind the headlines, visit CISOseries.com .
Tue, November 14, 2023
Cyber Security Headlines: Australian ports attacked, impacts of AI on terrorist content, Google sees faked Bard ads
Australian ports hit with cyberattack AI companies join on to Christchurch Call to Action Generative AI threatens to dismantle terrorist content detection Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second.
Mon, November 13, 2023
China bank ransomed, UK health data shared, Boeing data published
Industrial and Commercial Bank of China suffers ransomware attack UK health data donated for medical research shared with insurance companies Boeing data published by LockBit Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig . Secure every second. For the stories behind the headlines, head to CISOseries.com .
Fri, November 10, 2023
Week in Review: Okta explains hack, Google Calendar as C2, Selling military data
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton , CTO, GigaOm Thanks to today’s episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you’ll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization’s security. Register now at offsec.com/evolve All links and the video of this episode can be found on CISO Series.com
Fri, November 10, 2023
US most breached, ChatGPT gets DDoS, Clop exploits SysAid
US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com .
Thu, November 09, 2023
Shields Ready campaign, AI imagery rules for the election, App Defense Alliance moves to Linux Foundation
US launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve
Wed, November 08, 2023
Marina Bay Sands customer data hacked, Atlassian bug escalated to 10.0 severity, Fake crypto app steals over $700,000
Singapore’s Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, visit CISOseries.com .
Tue, November 07, 2023
Dropper bypasses Google, CISA’s zero-day worries, Google Calendar as C2
Android Dropper-as-a-Service Bypasses Google’s Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com .
Mon, November 06, 2023
Okta’s hack explanation, Looney Tunables exploited, Lazarus likes KandyKorn
Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com .
Fri, November 03, 2023
Week in Review: Cloudflare’s power outage, Washington breaches, Wiki-Slack attack
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Shawn Bowen , CISO, World Kinect Corporation Thanks to our show sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. All links and the video of this episode can be found on CISO Series.com
Fri, November 03, 2023
Cloudflare’s power outage, Apache HelloKitty attempt, Boeing incident continues
Power outage darkens Cloudflare dashboard and APIs Apache ActiveMQ flaw sees HelloKitty attempt Boeing says cyber incident affects parts and distribution Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, head to CISOseries.com .
Thu, November 02, 2023
UK summit pledge to tackle AI risks, ‘Kill switch’ shuts down Mozi botnet, EU regulator bans Meta's ad practices
Countries at UK summit pledge to tackle AI risks ‘Kill switch’ deliberately shuts down notorious botnet EU regulator bans Meta's targeted advertising practices Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, visit CISOseries.com .
Wed, November 01, 2023
Canada bans WeChat, no ransom pledge, India's opposition sees state-sponsored attacks
Canada bans WeChat on government devices 40 countries sign no ransom pledge Apple warns Indian opposition leaders about iPhone attacks Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters to replace their SIEM eliminating the burden of redundant detection engineering and manual event correlation. Solaris Group’s SOC analysts can now focus their time and energy on higher-value tasks. Visit hunters.security to learn how to replace your SIEM today.
Tue, October 31, 2023
AI Executive Order, Russia' VirusTotal, Roaming leaks locations
Executive order outlines generative AI rules in the US Russia launchings its own VirusTotal Roaming data could leak geolocations Thanks to today's episode sponsor, Hunters Piecing together a SIEM not only takes forever, but it wastes your security team’s valuable resources. Hunters is a SIEM alternative purpose built to help your Security Operations mature to the next level in a fraction of the time. Spontnana, a next-generation Travel-as-a-Service platform, uses Hunters’ built-in correlation and enrichment capabilities to make better security decisions and experienced value from day one. Are you ready to evaluate Hunters as a SIEM alternative? Visit Hunters.security to learn more.
Mon, October 30, 2023
DC Elections breach, LockBit Boeing breach, StripedFly’s stealthy sting
DC Board of Elections breach may include entire voter roll LockBit claims Boeing breach StripedFly malware infects 1 million Windows and Linux hosts Thanks to today's episode sponsor, Hunters Hunters is a SIEM alternative, built for your security team. Hunters empowers companies to replace their SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer “tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%.” To learn more about the benefits of replacing your legacy SIEM with Hunters visit hunters.security today. For the stories behind the headlines, head to CISOseries.com
Fri, October 27, 2023
Week in Review: Okta’s compromise issues, Cisco’s additional headache, CISA protests cuts
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Arvin Bansal , former CISO, Nissan Americas Thanks to our show sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. <span lang="EN-US" style= "font-size: 12pt; line-height: 115%; font-family: Calibri, sans-serif;" xml:lang="EN-US"
Fri, October 27, 2023
iLeakage threatens Apple, CISA’s catastrophic cuts, HTTP DDoS surge
ILeakage attack steals emails, passwords from Apple devices and browsers CISA protests potential 25% budget cut as “catastrophic” Surge in hyper-volumetric HTTP DDoS attacks Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. <span style="font-size: 12pt;" data-sheets-value= "{"1":2,"2":"Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk.\n\nVanta's market-leading trust management platform brings GRC and
Thu, October 26, 2023
SMIC advanced chips, Roundcube exploit, Philadelphia email access
SMIC making advanced chips with ASML tech Roundcube webmail exploited with zero-day Philadelphia’s week somehow gets worse Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
Wed, October 25, 2023
Cisco IOS XE infections remain high, California sidelines GM’s driverless cars, Canada accuse China of ‘Spamouflage’ campaign
Cisco IOS XE Update: Number of infected devices via zero-day remains high California sidelines GM’s driverless cars, citing safety risk Canada accuse China of ‘Spamouflage’ disinformation campaign Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. <span data-sheets-value= "{"1":2,"2":"Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk.\n\nVanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing.\n\nAnd by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance.\n\nJoin 5,000 fast-growing companies that leve
Tue, October 24, 2023
Chrome IP Protection, Microsoft Security Copilot, Cisco patches IOS XE
Chrome testing IP Protection Microsoft tests Security Copilot Cisco releases IOS XE patches Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
Mon, October 23, 2023
Okta system attacked, another Cisco vulnerability, RagnarLocker arrest
Okta HAR support system attacked Cisco identifies additional IOS XE vulnerability Key Ragnar Locker player arrested in Paris Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. <span style="font-size: 12pt;" data-sheets-value= "{"1":2,"2":"Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk.\n\nVanta's market-leading trust management platform brings GRC and security efforts together. Integrate information
Fri, October 20, 2023
Week in Review: Water cyber-regs rescinded, Cisco zero-day attacks, Signal debunks zero-day
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder , CISO, Community Veterinary Partners Thanks to our show sponsor, Vanta “Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. All links and the video of this episode can b
Fri, October 20, 2023
Cops sting RagnarLocker, more 23andMe leaks, Casio discloses breach
International sting operation brings down RagnarLocker More 23andMe records leaked Casio discloses data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com .
Thu, October 19, 2023
WinRAR exploitation, Five Eyes warns about China, ServiceNow data exposure
State-backed attackers exploit WinRAR zero-day Five Eyes warns of Chinese IP theft ServiceNow data exposure issue identified Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
Wed, October 18, 2023
Zero-day attacks affect 10,000 Cisco devices, US government warns of Confluence vuln exploitation, D-Link confirms data breach
Zero-day attacks affect over 10,000 Cisco devices US government warns of widespread exploitation of Confluence vulnerability D-Link confirms data breach caused by phishing attack Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, visit CISOseries.com .
Tue, October 17, 2023
Security camera warnings, Signal denies zero-day, Equifax fined in UK
Israeli government warns to secure home security cameras Signal debunks zero-day report Equifax fined for 2017 data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
Mon, October 16, 2023
CDW possibly attacked, AvosLocker joint advisory, EPA rescinds water regs
LockBit claims attack on CDW FBI and CISA publish joint advisory regarding AvosLocker ransomware EPA rescinds cyber regulations for water sector Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com .
Fri, October 13, 2023
Week in Review: Internet-wide zero-day DDoS, 23andMe data breach, curl flaw overhyped
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Martin Choluj , VP Security ClickHouse Thanks to our show sponsor, Hyperproof Are you struggling to showcase the value of your work? It’s a classic challenge in the risk and compliance space: leadership just doesn’t understand what exactly you do and why it matters. With Hyperproof, the leading risk and compliance management platform, you get access to real-time reports that can help your leadership team understand the impact of the valuable work you do every day. Get a demo at hyperproof.io . All links and the video of this episode can be found on CISO Series.com
Fri, October 13, 2023
Microsoft thwarts Akira, Sullivan appeals conviction, ToddyCat targets telcos
Microsoft thwarts large-scale ransomware attack Former Uber CISO files appeal ToddyCat group targets telcos Thanks to today's episode sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today.
Thu, October 12, 2023
Hijacked 404 pages, Chinese attackers target Confluence, Adobe's "icon of transparency"
404 pages hijacked Atlassian Confluence attacked by state-backed actors Adobe’s “icon of transparency” Thanks to today's episode sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io .
Wed, October 11, 2023
Zero-day fuels largest-ever DDoS attack, 23andMe resets user passwords after data leak, Exchange gets ‘better’ patch for critical bug
Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets ‘better’ patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io . For the stories behind the headlines, visit CISOseries.com .
Tue, October 10, 2023
Middle East hacktivists, Curl security flaw, HelloKitty improves ransomware
Hacktivist attacks abound in the Middle East Network protocol open-source tool Curl faces worst security flaw in a long time HelloKitty ransomware source code leaked on hacking forum Thanks to today's episode sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io . For the stories behind the headlines, head to CISOseries.com .
Mon, October 09, 2023
MGM ransomware costs, Blackbaud breach settlement, 23andMe breach claims
MGM Resorts quotes ransomware tab at $110 million Blackbaud in $49.5 million settlement for May 2020 ransomware attack 23andMe investigates breach claims Thanks to today's episode sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com .
Fri, October 06, 2023
Week in Review: Progress FTPbug, CloudFlare DDoS mistake, Lazarus Meta recruiters
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Bob Schuetter , CISO, Ashland Thanks to our show sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at <a href= "https://www.conveyor.com/questionnaire-response?utm_medium=sponsorsh
Fri, October 06, 2023
Apple zero-day patch, Cisco 911 patch, ICS exposure warning
Apple rolls out patch for active iOS Zero-Day Cisco patches urgent Emergency Responder flaw Researchers warn of 100,000 exposed ICS systems Thanks to our episode sponsor, Conveyor We can all agree that AI can take one job from us: answering security questionnaires. Enter Conveyor : the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, October 05, 2023
Red Cross hacktivist rules, Looney Tunables hit Linux, CISA violates First Amendment
Red Cross issues hacktivist rules Looney Tunables hits major Linux distros CISA may have violated the First Amendment Thanks to our episode sponsor, Conveyor Will security questionnaires ever go away? Maybe. But as long as they’re still here, you might as well get AI to complete them for you. Enter Conveyor . The AI security questionnaire automation software that auto-generates 80-90% accurate answers to entire questionnaires in seconds so all you have to do is review. There’s even a browser extension for the world’s worst portals. Not sure if it’ll work for you? Try a free one-week proof of concept at www.conveyor.com .
Wed, October 04, 2023
GPU driver exploits, EU strengthens spyware protections, NSA's AI Security Center
Arm and Qualcomm warn about exploited GPU drivers EU Parliament strengthens spyware protections for journalists NSA creates AI Security Center Thanks to our episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor : the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com .
Tue, October 03, 2023
Progress FTP bug under active exploit, Norway urges Europe-wide Meta data collection ban, KillNet claims attack against Royal Family website
Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor : the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com . For the stories behind the headlines, visit CISOseries.com .
Mon, October 02, 2023
Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter
Cloudflare DDoS protections bypassed using Cloudflare McLaren Health Care becomes latest ALPHV/BlackCat victim Lazarus Group poses as Meta recruiters to spearfish Spanish engineers Thanks to our episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Fri, September 29, 2023
Week in Review: New MOVEIt troubles, fallout from government email breach, H&R Block faces RICO charges
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Andrew Storms , VP of security, Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni . <span lang= "EN-US" style= "line-height: 115%; font-family: Ca
Fri, September 29, 2023
Government email damage, Johnson Controls attacked, Google’s 5th zero-day
Chinese hackers stole emails from US State Dept in Microsoft breach Johnson Controls faces $51 million ransomware demand Google fixes year’s fifth Chrome zero-day Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Thu, September 28, 2023
GPU pixel-stealing, info-stealing on GitHub, Sony hackers hit NTT Docomo
GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni .
Wed, September 27, 2023
Multiple threat actors lay claim to Sony hack, Philippines health org struggling with ransomware recovery, Flair Airlines leaked user data for months
Multiple threat actors lay claim to Sony hack Philippines health org struggling to recover from ransomware attack Canadian Flair Airlines leaked user data for months Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com . For the stories behind the headlines, visit CISOseries.com .
Tue, September 26, 2023
Mixin Network breach, Kia and Hyundai thefts explode, stress testing voting equipment
Mixin Network loses $200 million Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni .
Mon, September 25, 2023
Clarion audio hacked, Egyptian Predator threat, Dallas cyberattack analysis
Car audio manufacturer Clarion hacked – ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Fri, September 22, 2023
Week in Review: UK and US cyberlaws, Microsoft’s bad week, Cisco buys Splunk
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Shawn Bowen , CISO, World Kinect Corporation Thanks to our show sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com
Fri, September 22, 2023
UK’s new cyberlaws, Cisco buys Splunk, Transunion denies breach
UK launches comprehensive new online safety laws Cisco buys Splunk TransUnion denies breach Huge thanks to our sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof , you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. For the stories behind the headlines, head to CISOseries.com .
Thu, September 21, 2023
Canadian airport DDoS, Huawei ships chips, Signal goes post-quantum
Cyber attack disrupted Canadian airports Huawei ships chips for surveillance cameras Signal adds quantum-resistant encryption Huge thanks to our sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io .
Wed, September 20, 2023
DHS to simplify cyber incident reporting rules, UK passes Online Safety Bill, PIILOPUOTI marketplace takedown
DHS council seeks to simplify cyber incident reporting rules UK passes the Online Safety Bill Finland and Europol take down PIILOPUOTI marketplace Huge thanks to our sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof ? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io . For the stories behind the headlines, visit CISOseries.com .
Tue, September 19, 2023
Microsoft leaks AI data, UK CMA AI principles, Germany warns of natural gas terminal attacks
Microsoft leaks terabytes of internal data UK CMA outlines principles for AI regulation Germany warns of attacks on LNG terminals Huge thanks to our sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform , this could be your reality. Get a demo at hyperproof.io .
Mon, September 18, 2023
Lazarus hit CoinX, Thailand’s CardX breach, trucking software attack
Lazarus Group suspected in CoinEx robbery Thailand financial company CardX discloses leak Ransomware hits trucking software provider Huge thanks to our sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof , you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com .
Fri, September 15, 2023
Week in Review: Las Vegas heists, mental health, Tesla’s no-hands option
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Davi Ottenheimer, VP, Trust and Ethics, Inrupt Thanks to our show sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software – powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the show, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com . All links and the video of this episode can be found on CISO Series.com
Fri, September 15, 2023
Caesars, MGM attacks, Weather Network down, LockBit dual deployment
Caesars reportedly paid millions to stop Scattered Spider Cybersecurity incident impacts Canada’s Weather Network Blocked LockBit affiliate deploys 3AM instead Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, September 14, 2023
US asks to not pay ransoms, CISA's open source roadmap, Save the Children ransomware attack
NSC asks governments not to pay ransoms CISA’s open source software security roadmap Save the Children hit with ransomware Huge thanks to our sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor - the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate answers and decreasing the time spent on questionnaire answering by 91%. We’re excited about the success customers like Lucid and Carta have seen using Conveyor. Try a free proof of concept at w ww.conveyor.com .
Wed, September 13, 2023
MGM Resorts "cybersecurity incident", Hackers access Airbus vendor info, Cryptoqueen’s sidekick sentenced
MGM Resorts slot machines and ATMs disrupted by "cybersecurity incident" Hackers access sensitive data of thousands of Airbus vendors Cryptoqueen’s sidekick sentenced for $4 billion scam Huge thanks to our sponsor, Conveyor Here’s how to measure if your security questionnaire answering software is effective. We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time. Ready for 80-90% auto-generated accurate answers so you can fly through your review? Then you should try Conveyor’s AI-security questionnaire automation tool . Don’t believe us? Try a free proof of concept at www.conveyor.com For the stories behind the headlines, visit CISOseries.com .
Tue, September 12, 2023
Rising infrastructure attacks, Sponsor backdoor, Sri Lanka loses data in attack
UK government sees record critical IT infrastructure attacks Charming Kitten unleashes Sponsor backdoor Ransomware costs Sri Lankan government months of data Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com .
Mon, September 11, 2023
Fake Telegram apps, Akamai defeats mega-DDoS, Rhysida hospital attacks
Evil Telegram fake apps send spyware Akamai announces mitigation of largest DDoS on a US financial company Rhysida attacks three more hospitals Huge thanks to our sponsor, Conveyor What’s scarier than the Sunday scaries? Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor's AI security questionnaire automation tool , powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with Conveyor at www.conveyor.com For the stories behind the headlines, head to CISOseries.com .
Fri, September 08, 2023
Week in Review: Microsoft MSA answers, Keystroke monitoring software, G-Man Mudge
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Dan Walsh , CISO, VillageMD Thanks to our show sponsor, Comcast DataBee DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee . All links and the video of this episode can be found on CISO Series.com
Fri, September 08, 2023
China's MSA key hack, cyberwar crimes, North Korea targeting Russia
How Chinese hackers stole a Microsoft signing key The ICC to prosecute cyberwar crimes North Korean cyberattacks against Russian targets Thanks to today's episode sponsor, Comcast DataBee™, from Comcast Technology Solutions , is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee .
Thu, September 07, 2023
CISA reporting rules, LastPass key crack, connected cars fail on privacy
CISA close to finalizing incident reporting rules Krebs on cracked LastPass keys Connected cars not great for privacy and security Thanks to today's episode sponsor, Comcast Are you still using whiteboards and pivoting between tools to find out who owns what data sources and the relationships between data points? It’s time to improve your OODA loop and enhance your security and compliance efforts with DataBee, from Comcast Technology Solutions . Learn how DataBee weaves together and enriches data from across the enterprise to provide deeper insights into your security, risk and compliance posture. Visit https://comca.st/DataBee .
Wed, September 06, 2023
CISA hires ‘Mudge’, Call for Congress to address AI-generated CSAM, Stake.com loses $41 million in crypto
CISA hires ‘Mudge’ to work on security-by-design principles All 50 states call on Congress to address AI-generated CSAM Stake.com loses $41 million to hot wallet hackers Thanks to today's episode sponsor, Comcast What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues? You can. With DataBee™, from Comcast Technology Solutions . Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit https://comca.st/DataBee . For the stories behind the headlines, visit CISOseries.com .
Tue, September 05, 2023
PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks
New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks Thanks to today's episode sponsor, Comcast Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee™, from Comcast Technology Solutions . Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit https://comca.st/DataBee For the stories behind the headlines, head to CISOseries.com .
Mon, September 04, 2023
X collects employment histories, Sandworm Chisel analysis, Callaway breach
X to collect member employment data Technical details of Sandworm malware ‘Infamous Chisel’ released Golf club maker Callaway suffers breach Thanks to today's episode sponsor, Comcast DataBee “Data is the currency of the 21st century”, yet for so many cybersecurity professionals, it’s still too difficult to access, correlate and use this ‘currency’ for better, faster security and compliance decision-making. That’s why Comcast Technology Solutions created DataBee™ , a cloud-native security data fabric platform that can help you turn your security data into valuable business ‘currency’. Learn more at https://comca.st/DataBee . For the stories behind the headlines, head to CISOseries.com .
Fri, September 01, 2023
Gamaredon hits Ukraine, Paramount suffers breach, OpenFire gets swarmed
Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Thu, August 31, 2023
China hacked Japan's NISC, trafficking fuels cyber scams, China approves generative AI
Chinese threat actors breached Japan’s cybersecurity agency Human trafficking into cyber scams China set to approve first generative AI services Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com .
Wed, August 30, 2023
FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty
FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . For the stories behind the headlines, visit CISOseries.com .
Tue, August 29, 2023
UK flight outage, the malware Big 3, spyware firm breached
UK network outage grounds flights The malware loader Big 3 Another spyware firm breached Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com .
Mon, August 28, 2023
Cisco fixes flaws, Windows BSOD reappears, FBI Barracuda warning
Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Fri, August 25, 2023
Week in Review: Health hackers evolve, generative AI cyberattacks, NK spooks drills
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest Gerald Auger Ph.D ., Chief Content Creator, Simply Cyber Thanks to our show sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com
Fri, August 25, 2023
Lazarus exploits ManageEngine, Rockwell ThinManager vulnerabilities, Mississippi hospital attack
Lazarus Group exploits ManageEngine to drop new RATS on internet and healthcare Vulnerabilities in Rockwell ThinManager threaten industrial control systems Mississippi hospital system suffers cyberattack Huge thanks to our sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof , you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit to get started today. For the stories behind the headlines, head to CISOseries.com .
Thu, August 24, 2023
Tornado Cash indictment, UN cybercrime treaty, Lazarus crypto cashout
Tornado Cash developers face indictment UN begins final cybercrime treaty talks FBI warns of North Korean crypto cash out Huge thanks to our sponsor, HyperProof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io .
Wed, August 23, 2023
CISOs’ cybersecurity confidence, Healthcare cyberbreach report, Duo outage
CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents Cyber Health Report: Hacker entry point shifts from email to network Duo outage causes Azure Auth authentication errors Huge thanks to our sponsor, HyperProof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof ? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io . For the stories behind the headlines, head to CISOseries.com .
Tue, August 22, 2023
ChatGPT botnet, Brits tip ransomware targets, Tesla's insider breach
ChatGPT used in crypto botnet Brits tipping off ransomware targets Tesla data breach caused by insiders Huge thanks to our sponsor, HyperProof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform , this could be your reality. Get a demo at hyperproof.io .
Mon, August 21, 2023
NK attacks drills, Android APK malware, space industry warning
North Korean hackers suspected of targeting S. Korea-US drills Android malware apps use APK compression to evade detection Security agencies warn space industry of increased attacks Huge thanks to our sponsor, HyperProof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof , you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com .
Fri, August 18, 2023
Week in Review: Ford WiFi vulnerability, LockBit’s publication struggle, Government ZeroTrust confidence
Link to blog post This week’s Cyber Security Headlines – Week in Review , is hosted by Rich Stroffolino with guest, Jon Oltsik , distinguished analyst and fellow, Enterprise Strategy Group Thanks to our show sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. All links and the video of this episode can be found on CISO Series.com
Fri, August 18, 2023
Cybercriminals finetune AI, Government ZeroTrust confidence, Citrix vulnerability warning
Influence operators fine-tuning AI to deceive targets 67% of government agencies claim confidence in adopting zero trust CISA warns of urgent Citrix vulnerability Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com .
Thu, August 17, 2023
LockBit struggles, Google's quantum resilient key, orgs excitedly unprepared for AI
LockBit struggles to publish leaked data Google’s quantum resilient security key Organizations optimistic and unprepared for AI Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
Wed, August 16, 2023
LinkedIn accounts hijacked, Chinese spies hack US congressman's email, US watchdog plans to regulate data brokers
Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, visit CISOseries.com .
Tue, August 15, 2023
Moovit bug, Black Hat's NOC, DDoS origins
Moovit bug allowed for free rides A look at Black Hat’s network operations center Business and gaming disputes lead to DDoS attacks Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
Mon, August 14, 2023
Ford WiFi vulnerability, Government reviews Azure hack, TripAdvisor ransomware
Ford says cars with WiFi vulnerability still safe to drive Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack Knight ransomware distributed in fake TripAdvisor complaint emails Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com .
Fri, August 11, 2023
Week in Review: Microsoft slapped by Tenable, Tampa Hospital lawsuit, Zoom's AI decision
Link to blog post This week’s Cyber Security Headlines – Week in Review , August 7-11, is hosted by Rich Stroffolino with guest, Michael Woods , CISO, GE Thanks to our show sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate ins
Fri, August 11, 2023
CISA’s .NET warning, Compellent exposes VMWare, DEFCON AI challenge
CISA Warns organizations of exploited vulnerability affecting .NET, Visual Studio Dell Compellent hardcoded key exposes VMware vCenter admin creds DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas Thanks to today's episode sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, August 10, 2023
AI Cyber Challenge, eavesdropping typing app, Android cellular security
AI Cyber Challenge announced at Black Hat Tencent typing app had real time “eavesdropper” Google adds cellular security to Android Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are HUNDREDS of questions long are no match for Conveyor’s GPT-security questionnaire tool - the most accurate questionnaire automation tool on the market. It’s so accurate that you can even let customers upload their own questions in your portal to get instant answers generated from your content. For questionnaires you still need complete, infosec and sales teams are spending 89% less time on answering questionnaires because they’re getting accurate answers to entire questionnaires that they don’t have to re-write. Try a free proof of concept with your own data. Learn more at www.conveyor.com
Wed, August 09, 2023
Google’s Messages app now encrypts chats, Electoral Commission apologizes to UK voters, Banks hit with fines for using chat apps
Google’s Messages app now uses RCS to encrypt chats Electoral Commission apologizes for security breach involving UK voters’ data Banks hit with over $500 million in fines for using out-of-band chat apps Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
Tue, August 08, 2023
K-12 cyber initiatives, Russian missile contractor breached, LLMs getting worse
White House rolls out school cyber initiatives North Koreans breach Russian missile developer Large language models getting worse at math Thanks to today's episode sponsor, Conveyor GPT for security questionnaires? Conveyor has already built that for you. Conveyor’s GPT-questionnaire response tool is so accurate, you can use it in two ways. One: Let your customers upload their own questions in your trust portal to get AI-generated answers based on the content in your portal. And Two: It’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Try a free proof of concept with your own data to see it in action. Learn more at www.conveyor.com
Mon, August 07, 2023
Tenable smacks Microsoft, hospital ransomware attacks, accurate acoustic spyware
Microsoft resolves vulnerability following criticism from Tenable CEO FBI investigating ransomware attack crippling hospitals across 4 states New acoustic attack steals data from keystrokes with 95% accuracy Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
Fri, August 04, 2023
Week in Review: IDOR vulnerability warning, Israel refinery cyberattack, spies bemoan AI training
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , July 31-August 4, is hosted by Rich Stroffolino with guest, Jeff Hudesman , CISO, Pinwheel Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev .
Fri, August 04, 2023
Fortinet tops vuln list, malicious Chrome Rilite, more Ivanti issues
Fortinet VPN bug tops CISA’s list of most exploited vulnerabilities in 2022 Chrome malware Rilide targets enterprise users via PowerPoint guides Researchers discover bypass for recently fixed Ivanti EPMM vulnerability Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev . For the stories behind the headlines, head to CISOseries.com .
Thu, August 03, 2023
Australia considers WeChat ban, US company aiding APTs, Veilid coming to DEF CON
Australian Senate recommends banning WeChat US company accused of aiding APT Hacking group to detail P2P protocol at DEF CON Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev .
Wed, August 02, 2023
Musk sues disinformation researchers, Cloud host found facilitating state-backed cyberattacks, UK spy agencies want to relax ‘burdensome’ AI laws
Musk sues disinformation researchers for driving away advertisers Researchers claim cloud host facilitated state-backed cyberattacks UK spy agencies want to relax ‘burdensome’ laws on AI data use Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev . For the stories behind the headlines, visit CISOseries.com .
Tue, August 01, 2023
National plan for cyber education, DeFi code exploit, study on cyber insurance
White House releases National Cyber and Workforce Education Strategy Latest DeFi exploit sees millions in losses No link found between cyber insurance and paying ransoms Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev .
Mon, July 31, 2023
Israel refinery cyberattack, TSA pipeline guidelines, CISA’s IDOR warning
Israel’s largest oil refinery website offline amid cyber attack claims TSA renews cybersecurity guidelines for pipelines CISA AND Australia warn of IDOR vulnerabilities after major breaches Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev . For the stories behind the headlines, head to CISOseries.com .
Fri, July 28, 2023
Week in Review: Stolen Microsoft key, government Maximus breach, Clop on clearweb
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , July 24-28, is hosted by Rich Stroffolino with guest, TC Niedzialkowski , CISO, Nextdoor Thanks to today’s episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . All links and the video of this episode can be found on CISO Series.com
Fri, July 28, 2023
Maximus breach, Ubuntu Linux vulnerabilities, Cardio company cyberattack
Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Thu, July 27, 2023
Cyber exec convicted, SEC disclosure, how the government gets breached
Russian court convicts cyber security executive of treason SEC to require incident disclosure Government cyber attacks rely on valid credentials Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com .
Wed, July 26, 2023
TETRA encryption flaws, Zenbleed strikes, Norway's government hit with Ivanti flaw
Vulnerability found in TETRA encryption Ryzen CPUs vulnerable to Zenbleed exploit Norwegian government breached with Ivanti zero-day Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com .
Tue, July 25, 2023
Cyber Security Headlines: Clop leaks on clearweb, EU pushes back on CSA centralization, rising data breach costs
Clop moves leaked data to clearweb sites EU governments push back on centralized cyber reporting Cost of data breaches up 15% Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com .
Mon, July 24, 2023
Azure hack deepens, JumpCloud is Lazarus, DHL MOVEIt victim
Microsoft key stolen by Chinese hackers provided access far beyond Outlook JumpCloud breach traced back to North Korean state hackers DHL investigating MOVEit breach as number of victims surpasses 20 million Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric , secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Fri, July 21, 2023
Week in Review: Fast acting Gamaredon, WormGPT AI weapon, Microsoft Azure mystery
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , July 17-21, is hosted by Rich Stroffolino with our guest, Dimitri van Zantvliet , CISO, Dutch Railways Thanks to our show sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more here . All links and the video of this episode can be found on CISO Series.com
Fri, July 21, 2023
New Redis worm, more ColdFusion confusion, Estée Lauder breached
New P2PInfect worm targeting Redis servers on Linux and Windows systems Adobe releases new patches for exploited ColdFusion vulnerabilities Estée Lauder breached by two ransomware groups And now a word from our sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “ Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com .
Thu, July 20, 2023
A rise in complex DDoS attacks, Mi6 warns of data traps, Microsoft expands log access
Complex DDoS attacks on the rise MI6 warns of Chinese data traps Microsoft expands cloud log access And now a word from our sponsor, OpenVPN Karim Hakim, CTO at Hakim Misr Paco, says that CloudConnexa has given him some long-sought peace of mind. “ OpenVPN has helped my company to access remote nodes securely without worrying about security protocols,” he says. “My company has been looking for a similar solution for years, and we finally got what we were looking for.” Read more at the link in our show notes.
Wed, July 19, 2023
US launches IoT security labeling program, Renewable tech could pose electric grid risk, US blacklists two more spyware firms
US government launches IoT security labeling program Renewable technologies could pose risk to US electric grid US blacklists two spyware firms run by Israeli former general And now a word from our sponsor, OpenVPN Stephen Haecker, Chief Technology Officer at Carteras Colectivas, relies on Cloud Connexa customer support for his remote team. “I have used them about once per month to help with our growing networks,” he says, “and the service quality is great with quick turnarounds.” Haecker appreciates the consistency of the support team, and their personalized approach. Read more at the link in our show notes. For the stories behind the headlines, visit CISOseries.com .
Tue, July 18, 2023
JumpCloud Breach, LockBit attacks Wisconsin, Typos leak military emails
JumpCloud breached by APT Wisconsin allegedly hit by LockBit Typos leaking military emails And now a word from our sponsor, OpenVPN Zach Belhadri, the Infrastructure Manager at Knight Capital, shares why using Cloud Connexa for his team’s security has been a game changer. With the Cybershield feature, he’s able to prevent malware, phishing, and other threats by restricting access to only authorized and trusted internet destinations. He calls Cloud Connexa “an awesome product with huge potential.” Read more at the link in our show notes.
Mon, July 17, 2023
Fast-acting Gamaredon, WormGPT improves phishing, Microsoft email mystery
Russia-linked Gamaredon starts stealing data 30 to 50 minutes after initial compromise New AI tool – WormGPT allows for sophisticated cyber attacks Microsoft still unsure how hackers stole Azure AD signing key And now a word from our sponsor, OpenVPN We asked Anthony Hook, the CTO at Dataweavers, if he would recommend Cloud Connexa to other companies. His response? A resounding yes! With Cloud Connexa, he says “we bypassed the clunky client-owned VPNs and networks, gaining a seamless, secure, and efficient connectivity solution.” Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com .
Fri, July 14, 2023
Week in Review: Threat actors access government email, USB drive attacks spiking, cloud environment breaches
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , July 10-14, is hosted by Sean Kelly with our guest, Yaron Levi , CISO, Dolby Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev . All links and the video of this episode can be found on CISO Series.com
Fri, July 14, 2023
USB malware spikes, Honeywell, Rockwell vulnerabilities, ransomware remains profitable
USB drive malware attacks spiking again in first half of 2023 Users of Honeywell Experion DCS platforms urged to patch 9 vulnerabilities immediately Ransomware gangs have extorted $449 million this year Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to CISOseries.com .
Thu, July 13, 2023
NATO cyber pledges, tax prep data shared, a decrease in crypto crime
What we know about NATO cyber pledges Tax prep companies “recklessly” shared data Report finds decrease in crypto crime Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
Wed, July 12, 2023
Silk Road advisor sentenced, HCA Health data breach, Google hit with AI tool training lawsuit
Silk Road’s senior advisor sentenced to 20 years in prison 11 million HCA patients impacted by data breach Google hit with lawsuit alleging it stole user data to train its AI tools Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, visit CISOseries.com .
Tue, July 11, 2023
JumpCloud resets API keys, Genesis Market for sale, an EU-US data transfer agreement
JumpCloud resets customer API keys Would you be interested in a slightly used dark web market? US and EU agree on new data transfer agreement Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
Mon, July 10, 2023
BigHead Windows ransomware, RedEnergy targets utilities. more MOVEIt problems
New ‘Big Head’ ransomware displays fake Windows update alert RedEnergy stealer-as-a-ransomware threat targeting energy and telecom sectors Three new MOVEit bugs spur CISA warning as more victims report breaches Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to CISOseries.com .
Fri, July 07, 2023
Week in Review: TSMC supplier attacked, cardiac device warning, hospital ransomware increasing
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , July 3-7, is hosted by Rich Stroffolino with our guest, Hadas Cassorla , CISO, M1 Thanks to today’s episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today . All links and the video of this episode can be found on CISO Series.com
Fri, July 07, 2023
Shell MOVEit breach, Pepsi bottler breach, INTERPOL nabs OPERA1ER
Shell confirms MOVEit-related breach after ransomware group leaks data 28,000 impacted by data breach at Pepsi Bottling Ventures INTERPOL nabs hacking crew OPERA1ER’s leader behind $11 million cybercrime Thanks to today's episode sponsor, SlashNext SlashNext , a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com .
Thu, July 06, 2023
Japanese port hit with ransomware, EU court orders Meta data changes, White House can't contact social companies
Japan’s major port hit with ransomware European court orders changes to Meta’s data practices Injunction restricts White House contact with social media companies Thanks to today's episode sponsor, SlashNext SlashNext , a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today.
Wed, July 05, 2023
BlackCat pushes CobaltStrike, cardiac device warning, unpatched Fortigate firewalls
BlackCat ransomware pushes Cobalt Strike via WinSCP search ads CISA issues warning for cardiac device system vulnerability 330,000 FortiGate firewalls still unpatched to CVE-2023-27997 RCE flaw Thanks to today's episode sponsor, SlashNext SlashNext , a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com .
Mon, July 03, 2023
Semiconductor giant attacked, State websites hacked, Russian Telecom infiltrated
Semiconductor giant says IT supplier was attacked, LockBit makes related claims Several US states investigating ‘SiegedSec’ hacking campaign Russian telecom confirms hack after group backing Wagner boasted about an attack Thanks to today's episode sponsor, SlashNext For the stories behind the headlines, head to CISOseries.com .
Fri, June 30, 2023
Week in Review: SolarWinds CISO blamed, Military smartwatch mystery, submarine cable risk
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 26-30, is hosted by Rich Stroffolino with our guest, Cassio Goldschmidt , CISO, ServiceTitan Thanks to our show sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com . All links and the video of this episode can be found on CISO Series.com
Fri, June 30, 2023
SolarWinds CISOs blamed, ThirdEye Windows malware, Government extends canary
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry Newly uncovered ThirdEye Windows-based malware steals sensitive data Cyber Command to expand ‘canary in the coal mine’ unit working with private sector Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com .
Thu, June 29, 2023
Federal networks fail CISA rules, US AI chip bans, MOVEit victims grow
Federal network devices fail CISA requirements US considering more AI chip export bans The scope of MOVEit vulnerability Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni . Secure your organization’s most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
Wed, June 28, 2023
Over 6,500 arrested since EncroChat hack, Third-party vendor hack exposes American and Southwest data, Microsoft service outage woes continue
Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com .
Tue, June 27, 2023
Monopoly darknet charges, Activision Blizzard DDoS, 5G aircraft deadline
Monopoly darknet operator charged Activision Blizzard games hit with DDoS 5G deadline could impact flights Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni . Secure your organization’s most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
Mon, June 26, 2023
CISA adds vulnerabilities, mysterious military smartwatches, more Office problems
CISA adds 6 flaws to known exploited vulnerabilities catalog US military personnel report receiving smartwatches in the mail Microsoft 365 users new Outlook and Teams problems Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com
Fri, June 23, 2023
Week in Review: Microsoft confirms cyberattack, more MOVEit damage, reddit hit with ransomware
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 19-23, is hosted by Rich Stroffolino with our guest, Janet Heins , CISO, iHeartMedia Thanks to our show sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. All links and the video of this episode can be found on CISO Series.com
Fri, June 23, 2023
Canadian breaches increase, new China backdoor, kinetic warfare threat
Cybersecurity breaches more than double among Canadian businesses Experienced China-based hacking group has new backdoor tool Cyberattacks on OT, ICS lay groundwork for kinetic warfare Thanks to today's episode sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. For the stories behind the headlines, head to CISOseries.com .
Thu, June 22, 2023
DoJ targets nation-state actors, Apple fixes Triangulation zero-day, Schumer unveils strategy to regulate AI
New DoJ cyber prosecution team will go after nation-state threat actors Apple fixes zero-days used to deploy Triangulation spyware Schumer unveils strategy to regulate AI Thanks to today's episode sponsor, Wing Security Shadow IT is an evolving pain and a security risk, especially in today’s decentralized work environments. Now’s the time to regain control of your SaaS usage by taking advantage of Wing’s Free SaaS Shadow IT discovery solution. Check out wing.security to self-onboard today, no strings attached. For the stories behind the headlines, visit CISOseries.com .
Wed, June 21, 2023
Rorschach ransomware, Australian government data leak, security market outpaces tech
Rorschach ransomware takes the speed crown Data leak impacts Australian government Cyber security market growth outpaces tech sector Thanks to today's episode sponsor, Wing Security Can you answer these three questions confidently? 1. How many SaaS applications are used in your organization? 2. Which permissions did users provide these applications? and 3. What is the data that flows in and in between these applications? Wing provides the answers. In fact, it discovers your SaaS usage completely for free, no time limit. Visit wing.security to self-onboard.
Tue, June 20, 2023
Reddit's ransom, UK shuffles cyber chief, Binance reaches SEC deal
Reddit hit with ransom demand UK’s cyber chief moves on to organized crime Binance reaches deal with the SEC Thanks to today's episode sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. It takes minutes to discover your organization's SaaS usage.
Mon, June 19, 2023
Microsoft’s June cyberattacks, third MOVEit vulnerability, US Clop bounty
Microsoft says early June service outages were cyberattacks Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted US govt offers $10 million bounty for info on Clop ransomware Thanks to today's episode sponsor, Wing Security The folks at Wing believe that SaaS Shadow IT discovery is the basic first step to securing your SaaS usage. They believe it so strongly that they launched a completely free SaaS Shadow IT Discovery solution. Check out wing.security to self-onboard today, no strings attached, no time limit. Wing.security . For the stories behind the headlines, head to CISOseries.com .
Fri, June 16, 2023
Week in Review: Microsoft banking warning, undetectable BatCloak malware, more MOVEit vulnerabilities
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 12-16, is hosted by Sean Kelly with our guest, Phil Beyer , former Head of Security, Etsy Thanks to our show sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor’s GPT-questionnaire tool – now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don’t have to re-write. Try a free proof of concept with your own data to see it in action. See what security and sales teams are raving about at www.conveyor.com All links and the video of this episode can be found on CISO Series.com
Fri, June 16, 2023
US federal agencies affected by MOVEit breach, Pentagon leak suspect indicted, Suspected LockBit ransomware affiliate nabbed
US federal agencies affected by MOVEit vulnerability Pentagon leak suspect indicted by a federal grand jury Suspected LockBit ransomware affiliate nabbed Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor’s GPT-questionnaire tool - now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don’t have to re-write. Try a free proof of concept with your own data to see it in action. See what security and sales teams are raving about at www.conveyor.com For the stories behind the headlines, visit CISOseries.com .
Thu, June 15, 2023
China ESXi exploit, WooCommerce vulnerability, Lockbit ransom report
China-linked APT group spotted exploiting a VMware ESXi zero-day Hundreds of thousands of ecommerce sites impacted by critical plugin vulnerability 7-Nation LockBit report shows US paid over $90m in ransoms since 2020 Thanks to today's episode sponsor, Conveyor Let’s gladly pass the most thankless job in cybersecurity – completing customer security questionnaires – to the AI bots. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools that only provide lousy “near hits” from your library. Try a free proof of concept with your own data. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com .
Wed, June 14, 2023
Amazon server outage, Fortinet zero-day exploited, US intelligence buys personal data
Amazon server outage broke fast food apps among other things Update: Fortinet warns of possible zero-day exploited in limited attacks US intelligence confirms it buys Americans’ personal data Thanks to today's episode sponsor, Conveyor What’s better than using Conveyor’s GPT-questionnaire response tool to generate precise answers to security questionnaires? Letting customers upload their own questionnaires to your portal and getting back answers in seconds - all based on the content in your knowledge base. Think of it like a security questionnaire ATM. A prospect clicks through an NDA, uploads questions and gets all the answers they need from the bot, all without ever having to speak to you. We call that a win-win. Learn more at www.conveyor.com . For the stories behind the headlines, visit CISOseries.com .
Tue, June 13, 2023
Fortigate firewall flaw, BatCloak’s undetectable malware, Swiss government cyberattacks
Critical RCE flaw discovered in Fortinet FortiGate firewalls BatCloak engine makes malware fully undetectable Swiss Government targeted by series of cyberattacks Thanks to today's episode sponsor, Conveyor Tried to use GPT to fill out questionnaires yet? We already built that for you. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s also a browser extension for complex portals and other scary questionnaires. Best part is, it actually works. Try a free proof of concept with your own data to see it in action. You won’t be disappointed. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com .
Mon, June 12, 2023
Faked journalist hack, Strava leaks locations, Reddit API protests
Faked crypto journalists steal real crypto Strava heat maps leak addresses API changes lead to Reddit protests Thanks to today's episode sponsor, Conveyor Let’s gladly pass the most thankless job in cybersecurity – completing customer security questionnaires – to the AI bots. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools that only provide lousy “near hits” from your library. Try a free proof of concept with your own data. Learn more at www.conveyor.com .
Fri, June 09, 2023
Week in Review: Hipponen’s malware warning, outwitting hackers, Clop’s MoveIt attack
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 5-9, is hosted by Rich Stroffolino with our guest, Joshua Scott , Head of Security and IT, Postman Thanks to our show sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries All links and the video of this episode can be found on CISO Series.com</
Fri, June 09, 2023
PowerDrop targets Defense, YKK zipper attacked, Barracuda urges replacement
New PowerDrop malware targets U.S. aerospace defense industry Zipper giant YKK confirms cyberattack targeted U.S. networks Barracuda urges customers to replace vulnerable appliances immediately Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, head to CISOseries.com .
Thu, June 08, 2023
Google email authentication, SEC data breaches, Clop asks victims to email
Google improves brand email authentication SEC drops cases due to data protection failures Clop asks victims to contact it for a ransom Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries
Wed, June 07, 2023
Microsoft $20M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC accuses Coinbase of breaking US regulations
Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, visit CISOseries.com .
Tue, June 06, 2023
Satellite hacking, Atomic Wallet breach, SEC sues Binance
Satellite hacking at DEF CON Atomic Wallet investigating losses SEC sues Binance Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries
Mon, June 05, 2023
Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana
Xplain hack impacts Swiss cantonal police and Fedpol BlackSuit shows similarities to Royal Microsoft is retiring Cortana on Windows Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, head to CISOseries.com .
Fri, June 02, 2023
Week in Review: Amazon Ring privacy violations, Gigabyte firmware problems, AI extinction threat
Link to Blog Post This week’s Cyber Security Headlines - Week in Review , May 29-June 2, is hosted by Sean Kelly with our guest, Howard Holton , CTO, GigaOm Thanks to today’s episode sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com All links and the video of this ep isode can be found on CISO Series.com
Fri, June 02, 2023
Amazon Ring privacy violations, Kaspersky triangulation APT, CyberCommand Hartman
Amazon Ring, Alexa accused of privacy violations by FTC Kaspersky reports on new mobile APT campaign targeting iOS devices White House to choose Army general Hartman to be Cyber Command No. 2 Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com .
Thu, June 01, 2023
More Toyota leaks, Gigabyte firmware issues, Twitter Community Notes for images
Toyota finds more cloud leaks Gigabyte firmware update system insecure Twitter expands Community Notes to images Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com
Wed, May 31, 2023
Experts warn of extinction from AI, Hackers demand $3 million from Scandinavian Airlines, Theranos founder surrenders to 11-year prison term
Leading experts warn of a risk of extinction from AI Hackers demand $3 million from Scandinavian Airlines Theranos founder turns herself in for 11-year prison term Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, visit CISOseries.com .
Tue, May 30, 2023
GobRAT targets Linux, RPMSG messages exploited, Augusta Georgia cyberattack
New GobRAT remote access trojan targeting Linux routers in Japan Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks Hackers hold city of Augusta hostage in a ransomware attack Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com .
Fri, May 26, 2023
Week in Review: Industrial infrastructure threat, BEC attempts on the rise, TikTok’s Texas progress
Link to Blog Post Cyber Security Headlines – Week in Review , May 22-26, is hosted by Rich Stroffolino with our guest, Rich Greenberg , ISSA Distinguished Fellow and Honor Roll Thanks to our show sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It’s a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com . All links and the video of this episode can be found on CISO Series.com
Fri, May 26, 2023
GDPR turns 5, GitLab patches vulnerability, Russian industrial malware
GDPR is 5 years old, and over 1 million people have asked to be forgotten GitLab security update patches critical vulnerability Mysterious malware designed to cripple industrial systems linked to Russia And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com . For the stories behind the headlines, head to CISOseries.com .
Thu, May 25, 2023
Google launches GUAC, Barracuda zero-day, campaign targets Kenyan debt
Google launches GUAC Barracuda gateways breached by zero-day Cyberattacks focus on Kenya’s Chinese debt And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com .
Wed, May 24, 2023
TikTok sues Montana, US sanctions orgs behind North Korea’s 'illicit' IT worker army, Fake Twitter images spook stock market
TikTok sues Montana after state bans app US sanctions orgs behind North Korea’s ‘illicit’ IT worker army Fake images on Twitter briefly spook the stock market And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com . For the stories behind the headlines, visit CISOseries.com .
Tue, May 23, 2023
Meta's Record EU fine, China bans Micron, Tornado Cash hacked
Meta receives record fine over EU data transfers China bans Micron over cybersecurity risks Crypto mixer hijacked And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com .
Mon, May 22, 2023
HP’s bricked printers, PyPi repository attack, Samsung security flaw
HP rushes to fix bricked printers after faulty firmware update PyPI repository under attack: User sign-ups and package uploads temporarily halted New security flaw exposed in Samsung devices And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com . For the stories behind the headlines, head to CISOseries.com .
Fri, May 19, 2023
Week in Review: Supreme Court’s 230 ruling, Tech giants hit, TLD phishing vectors
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 15-19, is hosted by Rich Stroffolino with our guest, Dave Hannigan , CISO, Nubank Thanks to our show sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity and cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. All links and the video of this episode can be found on CISO Series.com
Fri, May 19, 2023
Supreme Court’s 230 ruling, Montana bans TikTok, Guerilla smartphone malware
Supreme Court shields Twitter from liability and leaves Section 230 untouched Montana governor bans TikTok Millions of smartphones distributed worldwide with preinstalled ‘Guerrilla’ malware Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, head to CISOseries.com .
Thu, May 18, 2023
Lancefly in Asia, Meta EU fine, TLD phishing
Lancefly group hits Asia Meta facing record EU privacy fine New TLDs a vector for phishing Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.
Wed, May 17, 2023
Inside RaaS, cyber education initiatives, attacking TP-Link routers
An inside look at RaaS White House cyber strategy goes big on education Chinese attackers hit TP-Link routers Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of redundant detection engineering and manual event correlation – allowing SOC analysts to focus on higher-value tasks. Visit hunters.security to learn how your SOC can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.
Tue, May 16, 2023
Philadelphia Inquirer cyber attack, DOT breach exposes federal employee data, 3 million data breach notices sent to SchoolDude users
Cyber attack hits Philadelphia Inquirer Transportation Department cyber breach exposes federal employee data 3 million data breach notices being sent to SchoolDude users Thanks to today's episode sponsor, Hunters Relying on a SIEM in 2023 is like living in a college dorm room, post-graduation - you’re operating in an environment you’ve out-grown. The Hunters SOC Platform is purpose built to help your Security Operations mature to the level you need to be at. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. It’s time to Move Beyond SIEM. Visit Hunters.security to learn more and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, visit CISOseries.com .
Mon, May 15, 2023
Discord suffers data breach, Toyota data exposed, ABB confirms incident
Discord suffers data breach Car location data of 2 million Toyota customers exposed for ten years Swiss tech giant ABB confirms ‘IT security incident’ Thanks to today's episode sponsor, Hunters Hunters is a SOC platform, built for your security team. Hunters empowers companies to move beyond SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer “tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%.” It’s time to Move Beyond SIEM. Visit hunters.security to learn more and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, head to CISOseries.com .
Fri, May 12, 2023
Week in Review: Easterly AI warning, Windows admin alerts, Dallas ransomware fallout
Link to Blog Post Cyber Security Headlines – Week in Review , May 8-12, is hosted by Rich Stroffolino with our guest, Paul Connelly, Former CISO, HCA Healthcare Thanks to today’s episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, May 12, 2023
Twitter encrypts messages, Microsoft’s Outlook patch, Seoul hospital breached
Twitter launches encrypted private messages Microsoft releases fix for patched Outlook issue exploited by Russian hackers North Korea-linked APT group breaches the Seoul National University Hospital Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, May 11, 2023
Leaked Intel keys, trading security for fps, new phishing-as-a-service tool
The long term impact of leaked Intel Boot Guard keys AtlasOS shrugs at Windows security features Cisco warns of new phishing-as-a-service tool Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Wed, May 10, 2023
‘Snake’ malware network takedown, ‘PlugwalkJoe’ behind massive 2020 Twitter hack, Justice Department takes down 13 DDoS-for-Hire sites
Operation Medusa takes down ‘Snake’ malware network ‘PlugwalkJoe’ pleads guilty to massive 2020 Twitter hack Justice Department takes down 13 DDoS-for-Hire sites Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, visit CISOseries.com .
Tue, May 09, 2023
Dallas ransomware, spoofed Facebooks ads, Merck insurance ruling
Dallas still reeling from ransomware Hacked Facebook pages buying Facebook ads Court rules on Merck cyber insurance claim Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Mon, May 08, 2023
Easterly’s AI warning, Ex-Uber Sullivan sentenced, Play’s Massachusetts ransomware
Top US cyber official warns AI may be the ‘most powerful weapon of our time’ Ex-Uber CSO given three-year probation sentence, avoids prison after guilty verdict Ransomware group behind Oakland attack targets city in Massachusetts Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, May 05, 2023
Week in Review: Ex-Uber Sullivan’s sentence, SolarWinds detected earlier, AI godfather quits
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 1-5, is hosted by Rich Stroffolino with our guest, Allison Miller , Cybersecurity and Technology Executive Thanks to our show sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, May 05, 2023
Royal ransoms Dallas, new PaperCut exploit, CISA’s Mirai warning
City of Dallas hit by Royal ransomware attack impacting IT services Researchers uncover new exploit for PaperCut vulnerability that can bypass detection Mirai botnet loves exploiting unpatched TP-Link routers, CISA warns Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, May 04, 2023
Meta FTC troubles, CISA urges Covered List, malicious HTML attachments
FTC comes down on Meta monetizing minors CISA urges adoption of Covered List Almost half of HTML attachments found malicious Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Wed, May 03, 2023
Authorities seize 9 crypto exchanges, T-Mobile discloses 2nd data breach of 2023, ‘Godfather of AI’ quits Google
Authorities seize 9 crypto exchanges used for money laundering T-Mobile discloses 2nd data breach of 2023 ‘Godfather of AI’ quits Google and warns of misinformation dangers Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, visit CISOseries.com .
Tue, May 02, 2023
Juice jacking, data breach lawsuits, Telegram ban lifted
The academic threat of juice jacking Data breach lawsuits on the rise Telegram ban lifted in Brazil Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Mon, May 01, 2023
Veeam backup targeted, DOJ SolarWinds discovery, Americold frozen out
Hackers target vulnerable Veeam backup servers exposed online DOJ detected the SolarWinds hack 6 months earlier than first disclosed Cold storage giant Americold outage caused by network breach Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, April 28, 2023
Week in Review: Energy sector 3CX attack, PaperCut pain continues, all-in-one infostealer
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , April 24-28, is hosted by Sean Kelly with our guest, Steve Zalewski , former CISO, Levi Strauss and co-host, Defense in Depth. Thanks to today’s episode sponsor, Tines Ready to take security automation up a notch? With Tines, it’s easier than ever! The no-code automation platform is redefining and simplifying security operations – start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more! All links and the video of this episode can be found on CISO Series.com
Fri, April 28, 2023
New BellaCiao malware, PaperCut is Clop, Europe tech crackdown
Charming Kitten APT uses a new BellaCiao malware Microsoft blames clop affiliate for PaperCut attacks Big tech crackdown looms as EU, UK ready new rules And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines , it’s easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more! For the stories behind the headlines, head to CISOseries.com .
Thu, April 27, 2023
Messaging malware update, China reclassifies cyberattacks, more cyberattacks don't use malware
Messaging app update distributes malware China reclassifies cyberattacks Malware-free cyberattacks on the rise And now a word from our sponsor, Tines Ask anyone at RSA; security teams can’t operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines, users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more!
Wed, April 26, 2023
US policing AI use for civil rights violations, Bill proposes security testing centers for government tech, Microsoft Edge leaking browsing data to Bing
US policing use of AI for civil rights violations Bill proposes new security testing centers for critical government tech Microsoft Edge is leaking user browsing data to Bing And now a word from our sponsor, Tines To proactively protect against threats, you need a culture of cybersecurity - and solutions that facilitate this. With Tines ’ no-code automation platform, you can: 1. Remediate threats faster. 2. Improve automation. 3. Control access to your data. 4. Create a culture of cybersecurity. Tines allows users to leverage real-time information across any stage of an automated workflow! Visit Tines.com to learn more. For the stories behind the headlines, visit CISOseries.com .
Tue, April 25, 2023
Threat group taxonomy, disabling EDR, North Dakota's AI cyber tools
A call to standardize threat group naming Threat actors using new tool to disable EDR North Dakota turns to AI for cyber And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines , it’s easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more.
Mon, April 24, 2023
3CX hits utilities, CISA PaperCut warning, Hyena devours GPT4
Energy sector orgs in US, Europe hit by same supply chain attack as 3CX CISA adds 3 actively exploited flaws to KEV catalog, including critical PaperCut bug Hyena code poised to devour GPT4 And now a word from our sponsor, Tines Ask anyone at RSA; security teams can’t operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines , users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more! For the stories behind the headlines, head to CISOseries.com .
Sun, April 23, 2023
"New class" of Russian attackers, GitHub helps open source security, used routers leak info
NCSC warns of “new class” of Russian adversaries GitHub adds Action to help open source security Used routers hold on to secrets Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera . Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io
Fri, April 21, 2023
Week in Review: 3CX double supply chain attack, Remcos Tax-Day RAT, Surveillance kills morale
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , April 17-21, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services Thanks to our show sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io All links and the video of this episode can be found on CISO Series.com
Fri, April 21, 2023
Microsoft 365 outage, Capita burglary evidence, 3CX attack update
Microsoft 365 outage blocks access to web apps and services Capita has 'evidence' customer data was stolen in digital burglary 3CX supply chain attack was the result of a previous supply chain attack Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera . Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com .
Wed, April 19, 2023
Elon Musk wants to develop TruthGPT, Southwest disrupted by ‘technical issue’, Officials warn of hackers targeting Cisco routers
Elon Musk wants to develop TruthGPT Southwest’s operations resume after a ‘technical issue’ US, UK warn of govt hackers targeting Cisco routers Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera . Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com .
Tue, April 18, 2023
LockBit on macOS, low code security, and QuaDream shuts down
Ransomware comes for macOS The security considerations of low code Israeli offensive cyber company shutting down Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera . Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io
Mon, April 17, 2023
Tax Day RAT warning, NCR POS outage, Urgent Chrome fix
Microsoft warns of Remcos RAT campaign targeting tax accountants NCR suffers POS outage after BlackCat ransomware attack Google releases urgent Chrome update to fix actively exploited zero-day vulnerability Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera . Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com .
Fri, April 14, 2023
Week in Review: Pentagon papers leak, keeping breaches quiet, Cisco air-gaps Webex
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , April 10-14, is hosted by Rich Stroffolino with our guest, Dmitriy Sokolovskiy , CISO, Avid Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salesforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com
Fri, April 14, 2023
Google Cloud's weak passwords, pressure on breach disclosure, Discord cooperating on Pentagon leak
Weak passwords targeted on Google Cloud Potential IT snitches warned about employment stitches Discord cooperating with leaked document investigation And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment.
Thu, April 13, 2023
Windows Nokoyawa ransomware, LinkedIn pushes verification, Russia’s Ukraine cyberwar
Windows zero-day exploited in Nokoyawa ransomware attacks LinkedIn and Microsoft Entra introduce a new way to verify professional contacts Russian places Ukraine internet infrastructure clearly in its sights, both high tech and low And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Wed, April 12, 2023
Microsoft warns of Azure shared key abuse, Attackers hide stealer behind AI Facebook ads, OpenAI bug bounty program
Microsoft warns of Azure shared key authorization abuse Attackers hide stealer behind AI chatbot Facebook ads OpenAI to launch bug bounty program And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, visit CISOseries.com .
Tue, April 11, 2023
Netherlands adopting RPKI, WordPress backdoor, tracing the Pentagon leak
Netherlands to adopt RPKI Widespread backdoor installed on WordPress sites Tracing leaked Pentagon documents And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment.
Mon, April 10, 2023
Apple zero-day updates, Flipper Zero ban, China Micron probe
Apple releases updates to address zero-day flaws Flipper Zero banned by Amazon for being a ‘card skimming device’ China to probe Micron over cybersecurity, in chip war’s latest battle And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Fri, April 07, 2023
Week in Review: North Korea hacks 3CX, DISH ransomware lawsuits, Genesis Market seized
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , April 3-7, is hosted by Rich Stroffolino with our guest, Rich Gautier , former CISO, Department of Justice, Criminal Division Was your address caught up in the Genesis Market? Check it here: https://www.politie.nl/en/information/checkyourhack.html#check Thanks to our show sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Dis
Fri, April 07, 2023
Criminal records incident, Samsung’s ChatGPT leak, Money Message ransomware
Criminal records office yanks web portal offline amid 'cyber security incident' Samsung reportedly leaked its own secrets through ChatGPT Money Message ransomware gang claims MSI breach, demands $4 million Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai . For the stories behind the headlines, head to CISOseries.com .
Thu, April 06, 2023
Spanish hacker arrested, UK offensive cyber principles, eFile malware
Prominent Spanish hacker arrested The UK’s Offensive Cyber Capabilities Principles eFile site serving malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai .
Wed, April 05, 2023
Genesis Market seized by police, Rorschach now the fastest ransomware encryptor, Tax software serving malware
Genesis Market platform seized by police Rorschach is now the fastest ransomware encryptor Tax return software caught serving up malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai . For the stories behind the headlines, visit CISOseries.com .
Tue, April 04, 2023
TMX data leak, remote work security, WD network breach
TMX reveals customer data leak The security costs of remote work Western Digital confirms network breach Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai .
Mon, April 03, 2023
3CX’s NK connection, WordPress Elementor hack, DISH faces lawsuits
More evidence links 3CX supply-chain attack to North Korean hacking group Hackers exploiting WordPress Elementor Pro Vulnerability, leaving millions of sites at risk DISH slapped with multiple lawsuits after ransomware cyber attack Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing teams who can access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai . For the stories behind the headlines, head to CISOseries.com .
Fri, March 31, 2023
Week in Review: Supply-chain attack on 3CX, AI pause request, WiFi protocol flaw
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , March 27-31, is hosted by Rich Stroffolino with our guest, Brett Conlon , CISO, American Century Investments Thanks to today’s episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Fri, March 31, 2023
3CX supply chain attack, Vulkan files leaked, Bing hijacked
Supply-chain attack on business phone provider 3CX could impact thousands of companies Vulkan files leak reveals Putin’s global and domestic cyberwarfare tactics Bing search results hijacked via misconfigured Microsoft app Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, March 30, 2023
802.11 flaw, activists targeted in threat campaign, call for an AI "pause"
Flaw found in WiFi protocol Environmental activists targeted by threat actors Open letter calls for AI “pause” Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Wed, March 29, 2023
Microsoft unveils OpenAI-based cyber tools, Google accused of destroying antitrust evidence, A million pen tests show security is getting worse
Microsoft unveils OpenAI-based chat tools to combat cyberattacks Google accused of willfully destroying evidence in antitrust battle A million pen tests show companies' security postures are getting worse Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, visit CISOseries.com .
Tue, March 28, 2023
Pinduoduo malware, CFTC sues Binance, Twitter takes down source code
Pinduoduo malware confirmed Binance sued by CFTC Twitter source code takedown Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries .
Mon, March 27, 2023
UK bans TikTok, Windows Snipping patch, Puerto Rico hack
UK bans TikTok from government mobile phones Microsoft pushes OOB security updates for Windows Snipping tool flaw Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro , the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, March 24, 2023
Week in Review: post-ransomware lawsuits, cybersecurity as a hindrance, ChatGPT imposters
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , March 20-24, is hosted by David Spark with our guest, Kurt Sauer , VP, Information security, Workday Thanks to today’s episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com . All links and the video of this episode can be found on CISO Series.com
Fri, March 24, 2023
Dole data breach, Nexus banking trojan, Pwn2Own Vancouver 2023
Dole discloses data breach after February ransomware attack New Android banking trojan targets financial apps Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor : the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, March 23, 2023
More markup leaks, Clop victims go public, Big Tech lobbies on spy law
Another image editor leaks data More Clop victims come forward Big tech lobbies to limit spying law Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you feel like clearing out the ice cream section at your local grocery store? Though we fully support the ice cream thing, you might want to check out Conveyor first: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download security info and for any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com .
Wed, March 22, 2023
BreachForums to shut down, Zero-day used to drain Bitcoin ATMs, DC Health Link hacker motivated by Russian patriotism
BreachForums to shut down amidst law enforcement concerns Hackers use zero-day to drain $1.6 million from Bitcoin ATMs DC Health Link hacker motivated by Russian patriotism Thanks to this week's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor : the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com . For the stories behind the headlines, visit CISOseries.com .
Tue, March 21, 2023
China leads zero-days, HinataBot DDoS attacks, screenshot vulnerability
China led zero-days in 2022 HinataBot focuses on DDoS attacks Vulnerability lets you uncrop screenshots Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor : the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com .
Mon, March 20, 2023
NBA data breach, Emotet in OneNote, Dutch shipping ransomware
NBA is warning fans of a data breach after a third-party newsletter service hack Emotet malware now distributed in Microsoft OneNote files to evade defenses Dutch shipping giant Royal Dirkzwager confirms Play ransomware attack Thanks to this week's episode sponsor, Conveyor Love security questionnaires? Then you’re going to hate Conveyor : the end-to-end trust platform built to eliminate questionnaires. Infosec teams have reduced questionnaires by 80% by giving their customers access to our self-serve trust portal to download docs and answers. For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to knock them off your to-do list. Use all 3 parts of the platform to solve the questionnaire problem or start with one. Learn more at www.conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Fri, March 17, 2023
Week in Review: Critical Outlook bug PoC, CISA Plex warning, YouTube AI infostealers
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , March 13-17, is hosted by Rich Stroffolino with our guest, JJ Agha , CISO, FanDuel All links and the video of this episode can be found on CISO Series.com
Fri, March 17, 2023
Telerik breaches Government, Critical Outlook bug, LockBit threatens SpaceX
US Government IIS server breached via Telerik software flaw Critical Microsoft Outlook bug PoC shows how easy it is to exploit LockBit threatens release of thousands of SpaceX blueprints Brought to you by the CISO Series . For the stories behind the headlines, head to CISOseries.com .
Thu, March 16, 2023
Suspects charged in DEA hack, Americans lose billions to scams, TikTok divestment
Two charged in DEA portal hack Americans lose billions in scams TikTok considering divestment Brought to you by the CISO Series .
Wed, March 15, 2023
Microsoft phishing warning, Amazon Ring hacked, CISA’s vulnerability program
Microsoft warns of large-scale use of phishing kits to send millions of emails daily Ransomware group claims hack of Amazon's Ring CISA creates new ransomware vulnerability warning program Brought to you by the CISO Series . For the stories behind the headlines, head to CISOseries.com .
Tue, March 14, 2023
North Korea targets security researchers, the UK's National Protective Security Authority, bank failures hit crypto
North Korea targets security researchers UK launches National Protective Security Authority Bank failures bleed into crypto Brought to you by the CISO Series .
Mon, March 13, 2023
Authorities bust NetWire RAT, CISA warns of Plex bug after LastPass breach, Blackbaud to pay $3 million for misleading disclosure
FBI and international authorities catch a NetWire RAT CISA warns of actively exploited Plex bug after LastPass breach Blackbaud to pay $3 million for misleading ransomware disclosure For the stories behind the headlines, visit CISOseries.com .
Fri, March 10, 2023
Week in Review: Royal ransomware warning, water system warning, cloud exploitation rising
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , March 6-10, is hosted by Rich Stroffolino with our guest, Nick Espinosa , Host, The Deep Dive Radio Show ( Daily Podcast & Daily Videos ) Thanks to our show sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at ciso.packetlabs.net and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization’s security needs. All links and the video of this episode can be found on CISO Series.com
Fri, March 10, 2023
Biden’s cybersecurity budget, AT&T breach alert, GitHub adds 2FA
Biden’s budget seeks increase in cybersecurity spending AT&T alerts 9 million customers of data breach after vendor hack GitHub makes 2FA mandatory next week for active developers Thanks to today's episode sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide a t ciso.packetlabs.net and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization's security needs. For the stories behind the headlines, head to CISOseries.com .
Thu, March 09, 2023
TSA cybersecurity regulations, Lazarus Group zero-day, a video ransom note
TSA issues cybersecurity regulations Lazarus Group deploys zero-day Ransomware gang uses video ransom note Thanks to today's episode sponsor, Packetlabs Reduce cyber insurance premiums and minimize risk. Learn how a thorough penetration test can benefit your business. Download our Penetration Testing Buyers Guide at ciso.packetlabs.ca . Packetlabs is an ethical hacking firm that will simulate real-world, covert attacks to get answers to your “what if” scenarios. Protect your business from cyber attacks and get the most out of your penetration testing investment with Packetlabs , your friendly neighborhood ethical hackers.
Wed, March 08, 2023
Bipartisan bill allows US TikTok ban, Twitter content moderation concerns, Emotet malware returns
Bipartisan bill allows for US ban of TikTok EU concerned with Twitter’s content moderation plans Emotet malware returns after three-month hiatus Thanks to today's episode sponsor, Packetlabs Looking for the right cybersecurity service provider can be a daunting task. How do you know if they're trustworthy and reliable? Packetlabs has made it easier for you with our free Penetration Testing buyers guide . We've compiled a list of the top 20 questions you should ask potential providers to ensure you make an informed decision. Download the guide today at ciso.packetlabs.net . For the stories behind the headlines, visit CISOseries.com .
Tue, March 07, 2023
DoppelPaymer disrupted, EPA warns about water security, rising cloud exploitation
Police disrupt DoppelPaymer EPA releases cybersecurity notice for water systems Cloud exploitation on the rise Thanks to today's episode sponsor, Packetlabs Struggling to justify cybersecurity investments to decision-makers? Meet ROSI, the superhero of cybersecurity investments! Calculate your Return On Security Investment to quantify the value of prevention and save money by avoiding cybersecurity breaches. ROSI builds synergies between your business, security, and finance teams, bringing everyone together. Download our free buyer's guide to learn the ROSI formula, how to reduce cyber insurance premiums, and what to look for in a provider. Visit ciso.packetlabs.net and unleash the power of ROSI in your c-suite discussions today!
Mon, March 06, 2023
CISA’s Royal warning, Chick-fil-A attacked, Play leaks Oakland
U.S. Government warns of Royal ransomware attacks against critical infrastructure Credential Stuffing attack on Chick-fil-A Play Ransomware gang has begun to leak data stolen from City of Oakland Thanks to today's episode sponsor, Packetlabs Concerned about your organization's data security? Privacy breaches, ransomware attacks, insider threats, and intellectual property theft are on the rise. A one-size-fits-all vulnerability assessment scan no longer suffices. Get our Penetration Testing Buyer's guide to help plan, scope, and execute your projects. Discover valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. Choose the right ethical hacking firm to uncover vulnerabilities in your IT and network systems. Download your free copy at ciso.packetlabs.net and take control of your cybersecurity today. For the stories behind the headlines, head to CISOseries.com .
Fri, March 03, 2023
Week in Review: National Cyber Strategy, CISA scolds software industry, NewsCorp lurked
Link to Blog Post This week’s Cyber Security Headlines - Week in Review , February 27-March 3, is hosted by Rich Stroffolino with our guest, Nick Vigier , CISO, Talend Thanks to our show sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com . All links and the video of this episode can be found on CISO Series.com
Fri, March 03, 2023
National Cybersecurity Strategy, CISA delivers Decider, Bookstore chains hacked
White House gets tough with new National Cyber Strategy CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping British retail chain WH Smith says data stolen in cyberattack Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor , we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Thu, March 02, 2023
Russia bans foreign messaging apps, GitHub scans for secrets, Bootkit beats Secure Boot
Russia bans foreign private messaging apps GitHub expands secret scanning Bootkit bypasses Secure Boot Thanks to this week's episode sponsor, Conveyor “I HATE security questionnaires with the fury of a thousand suns.” said one of our customers. Makes sense, since tools used to answer them haven’t changed in years. At Conveyor , we’re on a mission to get teams out of the questionnaire stone age by implementing GPT-3 into our first-of-its-kind questionnaire eliminator. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com .
Wed, March 01, 2023
US Marshals hit by ransomware, DISH outages caused by ransomware, More bad news for LastPass
US Marshals hit by ransomware DISH outages caused by confirmed ransomware attack Some more bad news for LastPass Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still in a living nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. It provides perfectly crafted answers to questionnaires all within minutes and review now takes seconds. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com . For the stories behind the headlines, visit CISOseries.com .
Tue, February 28, 2023
CISA wants security responsibility, changes in security since Russia invaded Ukraine, Canadian government bans TikTok on its devices
CISA says to stop passing the security buck The cyber security fallout of Russia’s war in Ukraine Canada bans TikTok on government devices Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor , we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com .
Mon, February 27, 2023
NewsCorp reveals attack, TELUS investigating leak, Dish goes offline
News Corp reveals that attackers remained on its network for two years TELUS investigating leak of stolen source code, employee data Dish Network goes offline after likely cyberattack, employees cut off Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still living a nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need in minutes. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com . For the stories behind the headlines, head to CISOseries.com .
Fri, February 24, 2023
Week in Review: European airport attacks, military email spill, Dole ransomware attack
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , February 20-24, is hosted by Rich Stroffolino with our guest, Jared Mendenhall , Head of Information Security, Impossible Foods Thanks to our show sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us for the security of your data and systems. Visit barricadecyber.com <span style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: '
Fri, February 24, 2023
Dole ransomware attack, stress devours CISOs, new Lazarus backdoor
Fruit giant Dole suffers ransomware attack impacting operations Stress pushing CISOs out the door Lazarus group likely using new backdoor to exfiltrate sensitive data Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com .
Thu, February 23, 2023
Havok framework, Carbon Black flaw, ransomware attack time
Threat actors cry Havoc, let slip a new post-exploitation framework VMware warns of critical Carbon Black flaw Ransomware attack time shrinking rapidly Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com
Wed, February 22, 2023
Apple updates advisories, US military email leak, Russian TV website crash
Apple updates advisories as security firm discloses new class of vulnerabilities Sensitive US military emails spill online Russian state TV website goes down during Putin speech Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com .
Tue, February 21, 2023
Samsung guards against zero-clicks, ransomware cat and mouse, Norway seizes Laxarus crypto
Samsung guards against zero-click attacks Rethinking ransomware cat and mouse Norway seizes Lazarus Group crypto Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com
Mon, February 20, 2023
Hackers backdoor Microsoft IIS, Twitter limits SMS 2FA, Fortinet issues patches
Hackers backdoor Microsoft IIS servers with new Frebniis malware Twitter limits SMS-based 2-factor authentication to Blue subscribers only Fortinet issues patches for 40 flaws Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com .
Fri, February 17, 2023
Week in Review: Clop’s GoAnywhere claims, Bing Search injection attack, AI flies F-16
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , February 13-17, is hosted by Sean Kelly with our guest, George Al-Koura , CISO, Ruby Thanks to our show sponsor, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at info@cisoseries.com . All links and the video of this episode can be found on CISO Series.com
Fri, February 17, 2023
VM Server problems, Google Translate BEC, DFIR burnout increases
February updates break some Windows Server 2022 VMs BEC groups use Google Translate to target high value victims Evolving cyberattacks and alert fatigue creating DFIR burnout Thanks to today's episode sponsor, US, yes, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, head to CISOseries.com .
Thu, February 16, 2023
Exposed Israeli influence group, a record DDoS attack, Cut cables knocks out airline
Israeli influence group exposed Another day, another record DDoS Cut cables lead to Lufthansa outage Thanks to today's episode sponsor, US, yes, CISO Series “Every week, one of the stories from Cyber Security Headlines comes up in our team meetings,” said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It’s a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn more about pricing and audience, email us at info@cisoseries.com.
Wed, February 15, 2023
Hackers breached Pepsi Bottling, AI flies F-16 fighter jet, Hyundai and Kia issue security update
Hackers breached Pepsi Bottling network AI has successfully piloted an F-16 fighter jet Hyundai and Kia to update anti-theft software on millions of vehicles Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, visit CISOseries.com
Tue, February 14, 2023
Namecheap phishes customers, Bing hit with injection attack, regulators stop BUSD minting
Namecheap sent phishing emails to customers New Bing search hit with injection attack Regulators stop minting of BUSD stablecoin Thanks to today's episode sponsor, US, yes, CISO Series “Those cyber security headlines are fantastic. It’s the first thing I look at in the am.” That’s a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It’s grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That’s because at only 6-7 minutes every day, Cyber Security Headlines does not need a commute to consume. Listen before you start your day. To learn more about pricing and audience, email us at info@cisoseries.com .
Mon, February 13, 2023
Reddit admits breach, Clop exploits GoAnywhere, CISA’s VMware fix
Reddit admits it was hacked and data stolen, says “don’t panic” Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day CISA has a possibly-maybe fix for VMware ESXi ransomware campaign Thanks to today's episode sponsor, US, yes, CISO Series If you’re looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines , a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That’s pretty impressive for a show that’s a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand awareness in newsletters, blog posts, and this very podcast. To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, head to CISOseries.com .
Fri, February 10, 2023
Week in Review: Critical CVEs predicted, FAA needs 7 years, background check breach
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , February 6-10, is hosted by Rich Stroffolino with our guest, Ed Covert , head of Cyber Risk Engineering, Bowhead Specialty Thanks to our show sponsor, us! CISO Series! “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? If you’re interested in sponsorship, email us at info@cisoseries.com . <span style= "font-size: 11.0pt; line-height: 115%; font-family: 'Calibri',sans-serif; mso-ascii-theme-font: minor-latin; mso-fareast-font-family: Calibri; mso-fareast-theme-font: minor-latin; mso-hansi-theme-font: minor-latin; mso-bidi-font-family: 'Times New Roman'; mso-bidi-theme-f
Fri, February 10, 2023
Microsoft Outlook outage, UK/US ransomware sanctions, Killnet IPs published
Microsoft Outlook outage prevents users from sending, receiving emails Britain and US make major move against ransomware gangs by sanctioning seven individuals Experts publish a list of proxy IPs used by the pro-Russia group Killnet Thanks to today's episode sponsor, us, yes, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, head to CISOseries.com.
Thu, February 09, 2023
NIST IoT encryption, Chinese phones collect PII, the AI chatbot race is on
NIST standardizes crypto for IoT Chinese phones collect PII Chinese firms also working on AI chatbots Thanks to today's episode sponsor, US, yes, CISO Series “Every week, one of the stories from Cyber Security Headlines comes up in our team meetings,” said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It’s a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn more about pricing and audience, email us at info@cisoseries.com.
Wed, February 08, 2023
Tech firms race to integrate AI, FAA needs until 2030 to fix safety system, Biden addresses children’s online safety
ARMO, Microsoft, Google race to integrate AI into their products FAA needs until 2030 to fix its safety system Biden’s State of the Union addresses children’s online safety and privacy… again Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, visit CISOseries.com .
Tue, February 07, 2023
Cyber insurance predictions, British steel supplier cyber attack, Microsoft pins Charliue Hebdo attack
Cyber insurer predicts a rise in critical CVEs British steel supplier hit by “cyber incident” Microsoft pins recent attack on Charlie Hebdo Thanks to today's episode sponsor, US, yes, CISO Series “Those cyber security headlines are fantastic. It’s the first thing I look at in the am.” That’s a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It’s grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That’s because at only 6-7 minutes every day, Cyber Security Headlines does not need a commute to consume. Listen before you start your day. To learn more about pricing and audience, email us at info@cisoseries.com .
Mon, February 06, 2023
Fortra ZeroDay, Tallahassee hospital cyberattack, sneaky Fraudulent apps
Hackers actively exploiting zero-day in Fortra's GoAnywhere MFT Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack Fraudulent “CryptoRom” apps slip through Apple and Google App Store review process Thanks to today's episode sponsor, US, yes, CISO Series If you’re looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines , a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That’s pretty impressive for a show that’s a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand awareness in newsletters, blog posts, and this very podcast. To learn more about pricing and audience, email us at info@cisoseries.com . For the stories behind the headlines, head to CISOseries.com .
Fri, February 03, 2023
Week in Review: Charter Communications breach, ChatGPT grows stronger, Microsoft verifies phishers
Link to Blog Post This week’s Cyber Security Headlines - Week in Review , January 30-February 3, is hosted by Rich Stroffolino with our guest, David Nolan , VP, Enterprise Risk & Chief Information Security Officer – Aaron’s Thanks to our show sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more. All links and the video of this episode can be found on CISO Series.com
Fri, February 03, 2023
London ransomware alert, FDIC cyberdefense fail, UK fears ChatGPT
City of London on high alert after ransomware attack Watchdog warns FDIC fails to test banks’ cyberdefenses effectively Foreign states already using ChatGPT maliciously, UK IT leaders believe Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com .
Thu, February 02, 2023
FDIC cyber risk improvements, high-risk containers, record crypto hacks
Watchdog calls for improved bank cyber testing Containers hold high-risk vulnerabilities 2022 set a record for crypto hacks Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more.
Wed, February 01, 2023
Microsoft phishers are 'Verified' Cloud Partners, DocuSign brand impersonation attack, Google Fi data breach
Microsoft grants phishers 'Verified' Cloud Partner status DocuSign brand impersonation attack targets thousands of users Google Fi says hackers accessed customer information Thanks to this week's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of threat detection and correlation – allowing SOC analysts to focus on higher-value tasks. It's time to move beyond SIEM. Visit hunters.ai to learn more. For the stories behind the headlines, visit CISOseries.com
Tue, January 31, 2023
Criminal crypto flows, TikTok CEO heads to the House, Killnet launches German DDoS
Criminal crypto goes through 5 exchanges TikTok CEO heads to the House KillNet launches German DDoS Thanks to this week's episode sponsor, Hunters The Hunters SOC Platform helps your security team identify, understand, triage, and respond to incidents at a much faster pace. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. Visit Hunters.ai to learn more.
Mon, January 30, 2023
Charter Communications breach, Sandworm hacks Ukraine, VMware exploit release
Charter Communications says vendor breach exposed some customer data Russia’s Sandworm hackers blamed in fresh Ukraine malware attack Experts plans to release VMware vRealize log RCE exploit this week Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, built for your security team. By providing unlimited ingestion and normalization of security data without ruining your bottom line, a CISO at a leading online retailer was able to “triple her data ingestion while cutting costs from her SIEM provider by 75%.” It's time to move beyond SIEM, with Hunters. Visit hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com .
Fri, January 27, 2023
Week in Review: FBI seizes Hive, PayPal accounts breached, ODIN Intelligence hack
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , January 23-27, is hosted by David Spark with our guest, Kathleen Mullin , CISO, Cancer Treatment Centers of America Thanks to our show sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase – learn more at safebase.com All links and the video of this episode can be found on CISO Series.com
Fri, January 27, 2023
FBI seizes Hive, Layoffs at IBM, Microsoft outage over
FBI seizes Hive ransomware group infrastructure after lurking in servers for months Layoffs come to IBM - Kyndryl, Watson and Russia to blame Microsoft says services have recovered after widespread outage Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase - learn more at safebase.com For the stories behind the headlines, head to CISOseries.com .
Thu, January 26, 2023
North Korean crypto tactics, Russian DDoS record, China tech exports
A look at North Korean crypto stealing tactics Russia saw record DDoS attacks China leads in facial recognition tech exports Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase . After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com
Wed, January 25, 2023
Pakistan investigating nationwide blackout, FBI identifies Horizon Bridge hackers, GoTo hack larger than first reported
Pakistani authorities investigating whether cyberattack caused nationwide blackout FBI identifies hackers behind Horizon Bridge crypto theft GoTo says hackers stole encrypted backups and MFA settings Thanks to this week's episode sponsor, SafeBase Jump start your journey to long-lasting customer trust with SafeBase . Our Smart Trust Center helps your organization build customer trust through improved transparency, secure document sharing, process control and insights, and proactive communication. Security and GRC leaders at companies like Jamf, Instacart, and Snyk all rely on SafeBase as a central enabler of their trust program. Learn more and check out the case studies at SafeBase.com For the stories behind the headlines, visit CISOseries.com
Tue, January 24, 2023
LA School leaks, GAO security ignored, PLAY ransomware in UK
LA School attack exposed Social Security numbers Government Accountability Office names and shames PLAY ransomware hits UK car dealerships Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase - learn more at safebase.com
Mon, January 23, 2023
PayPal accounts breached, Yum! Brands attacked, ODIN Intelligence hacked
PayPal accounts breached in large-scale credential stuffing attack Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner ODIN Intelligence hack exposes a huge trove of police raid files Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase . After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com For the stories behind the headlines, head to CISOseries.com .
Fri, January 20, 2023
Week in Review: NortonLifeLock password breach, Ransomware revenue falls, ChatGPT goes phishing
Link to Blog Post This week’s Cyber Security Headlines - Week in Review , January 16-20, is hosted by Rich Stroffolino with our guest, George Finney , CISO, Southern Methodist University Thanks to our show sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com . All links and the video of this episode can be found on CISO Series.com
Fri, January 20, 2023
Ransomware revenue falls, Vice attacks university, Android Hook malware
Ransomware revenue falls by $300 million in 2022 as more victims refuse to pay Vice Society claims ransomware attack against University of Duisburg-Essen Android users beware of new Hook malware with RAT capabilities Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com . For the stories behind the headlines, head to CISOseries.com .
Thu, January 19, 2023
Bypassing patches, ChatGPT polymorphic malware, Bitwarden goes passwordless
Vendors bypassing security patches ChatGPT creates polymorphic malware Bitwarden acquires Passwordless.dev Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com .
Wed, January 18, 2023
Ransomware impacts 1,000 ships, Crypto influencer victimized by malware, Microsoft patches Azure flaws
Ransomware attack impacts 1,000 ships Crypto influencer victimized by malware pushed by ads on Google Microsoft patches flaws in Azure cloud services Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com . For the stories behind the headlines, visit CISOseries.com
Tue, January 17, 2023
Cyber attack disrupts esports, Qbot overtakes Emotet, CircleCI breached
Cyber attack disrupts esport event Qbot overtakes Emotet CircleCI breach caused by infostealer Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com .
Mon, January 16, 2023
NortonLifeLock password breach, Canadian liquor hack, severe jsonwebtoken flaw
NortonLifeLock warns that hackers breached Password Manager accounts Hacker steals credit card info from Canada’s largest alcohol retailer Severe security flaw found in "jsonwebtoken" library Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com . For the stories behind the headlines, head to CISOseries.com .
Fri, January 13, 2023
Week in Review: FAA system failure delays flights, LastPass hit with lawsuit, Writing malware with ChatGPT
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , January 9-13, is hosted by Rich Stroffolino with our guest, Shaun Marion , CISO, McDonald’s Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salesforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com
Fri, January 13, 2023
Chromium browser flaw, Twitter leak developments, IcedID strikes again
Experts detail Chromium browser security flaw putting confidential data at risk Twitter says 200 million-user leak not obtained from its systems, others disagree IcedID malware strikes again: Active Directory domain compromised in under 24 hours Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Thu, January 12, 2023
FAA system failure, Royal Mail cyber incident, police app leaks ops data
FAA system failure delays flights Royal Mail hit by “cyber incident” Police app leaked operations data Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
Wed, January 11, 2023
Iowa schools closed by cyberattack, TikTok CEO questioned by EU, OIG cracks fed agency passwords
Iowa school district cancels classes due to cyberattack TikTok CEO questioned by EU about its data practices Government watchdog cracks federal agency’s passwords Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, visit CISOseries.com
Tue, January 10, 2023
Car API flaws, Experian bypass, ChatGPT malware
API vulnerabilities found across car brands Bypassing Experian Security Trying to write malware with ChatGPT Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
Mon, January 09, 2023
Turla hackers return, LastPass faces lawsuit, Windows reporter hacked
Russian Turla hackers hijack decade-old malware infrastructure to deploy new backdoors LastPass hit with lawsuit over August breach Hackers abuse Windows error reporting tool to deploy malware Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Fri, January 06, 2023
Week in Review: PyTorch malicious compromise, Ransomware cloned victim, LockBit gang apologizes
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , January 2-6, is hosted by Sean Kelly with our guest, Bryan Willett , CISO, Lexmark Thanks to our show sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . All links and the video of this episode can be found on CISO Series.com
Fri, January 06, 2023
Slack's GitHub theft, CircleCI breach warning, NATO tests AI
Slack's private GitHub code repositories stolen over holidays CircleCI warns of security breach — rotate your secrets! NATO tests AI’s ability to protect critical infrastructure against cyberattacks Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Thu, January 05, 2023
‘Mudge’ joins Rapid7, Meta fined $400 million, GDPR costs Coinbase $100 million
‘Mudge’ joins cybersecurity firm Rapid7 Meta fined $400 million by European regulator Coinbase strikes a $100 million deal with regulators Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, visit CISOseries.com
Wed, January 04, 2023
FTX founder pleads not guilty, LA housing authority cyberattack, Ukrainian vishing operation bust
FTX founder has pleaded not guilty to fraud charges LA housing authority operations disrupted by cyberattack Ukrainian authorities bust major vishing call center Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, visit CISOseries.com
Tue, January 03, 2023
Google tracking lawsuits, ransomware victim cloned, LockBit hospital apology
Google to pay $29.5 million to settle lawsuits over user location tracking Ransomware gang cloned victim’s website to leak stolen data LockBit gang apologizes, gives SickKids Hospital free decryptor Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Mon, January 02, 2023
NetGear urgent patch, malicious PyTorch compromise, LockBit ransoms Lisbon
NETGEAR fixes a severe bug in its routers. Patch it ASAP! PyTorch discloses malicious dependency chain compromise over holidays LockBit ransomware claims attack on Port of Lisbon in Portugal Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Fri, December 30, 2022
Google Home snooping, 3Commas API leak, Ireland investigating Twitter data sale
Snooping bug found on Google Home speakers 3Commas API database leaked Ireland investigating Twitter users data for sale Thanks to this week's episode sponsor, Tines Tines is the solution for security teams struggling with too much work, a talent shortage, and inevitable security incidents. Tines breaks the silos that exist between technologies and teams, so employees can focus on meaningful, not menial, tasks. Fewer manual errors and faster response times. Visit Tines.com to learn more.
Thu, December 29, 2022
Ransomware hammers hospitals, Citrix servers not applying patches, Log4Shell at 1-year old
Ransomware continues to hammer hospitals Citrix servers found vulnerable despite patches Log4Shell celebrates an anniversary Thanks to this week's episode sponsor, Tines If you're overwhelmed by your workload, Tines is the solution you've been looking for. Tines no-code automation checks boxes legacy SOAR tools can only dream of. Break the silos between tools and teams, focus on meaningful work, and eliminate manual errors while improving your response times. Visit Tines.com to stay ahead of the curve without breaking a sweat!
Wed, December 28, 2022
Facebook reaches Cambridge Analytica settlement, BTC.com lost $3 million in cyberattack, Hackers steal $8 million from BitKeep users
Facebook reaches settlement related to Cambridge Analytica scandal BTC.com lost $3 million in cyberattack Hackers use trojan to steal $8 million from BitKeep users Thanks to this week's episode sponsor, Tines Ever feel like you're stuck in a never-ending cycle of alerts? It's exhausting and frustrating. But here's the good news: Tines! Tines helps you focus on meaningful, not menial, tasks. Fewer mistakes, faster response times. And best of all, Tines’ no-code automation platform can handle massive complexity and easily connect to your unique tech stack. Visit Tines.com now! For the stories behind the headlines, visit CISOseries.com
Tue, December 27, 2022
Severe LastPass breach, Inglis resigns post, Xfinity accounts hacked
LastPass admits to severe data breach, encrypted password vaults stolen Chris Inglis to resign as national cyber director Comcast Xfinity accounts hacked in widespread 2FA bypass attacks Thanks to our episode sponsor, Tines Wondering how the world’s leading security teams are figuring out how to do more with less? The answer is Tines! Tines is a hyper-flexible automation platform loved by customers like Okta, Canva, Kayak, and Coinbase. Tines enables security teams to focus on what matters most by taking care of the grunt work! Learn more at Tines.com . For the stories behind the headlines, head to CISOseries.com .
Thu, December 22, 2022
Malware in search ads, Guardian hit with ransomware, Okta source code accessed
FBI warns of malware in search ads Guardian hit with suspected ransomware Attackers grab Okta source code Thanks to this week's episode sponsor, Tines Tis the season for more alerts and fewer resources available to manage them. But you can still be jolly--with Tines ! Tines eliminates the need for security teams to waste time on repetitive, manual tasks. Powered by a no-code approach, security teams create—and maintain—powerful automations that deliver immediate results. Visit Tines.com to learn more!
Wed, December 21, 2022
McGraw Hill data leak, UK ICO names breached firms, Twitter aided Pentagon propaganda
McGraw Hill exposed student grades and personal info UK privacy regulator names and shames breached firms Twitter aided the Pentagon in covert online propaganda campaign Thanks to this week's episode sponsor, Tines If you're like most security teams, you currently face more phishing attacks and alert fatigue. The holiday season is the most wonderful time of the year for shoppers... but it's also a busy time for cybercriminals. Tines ’ no-code automation platform can help you transform your SecOps and stay one step ahead. Visit Tines.com to sign up for free today! For the stories behind the headlines, visit CISOseries.com
Tue, December 20, 2022
Cyber Security Headlines: Glupteba botnet returns, the future of ransomware, and Epic Games' privacy fine
Botnet shrugs off Google The future of ransomware Epic Games receives record privacy fines Thanks to this week's episode sponsor, Tines If you’re like most security teams, you’re juggling multiple mission-critical priorities. But what if there was a way to break the silos in your environment? A way to focus on meaningful tasks? A way to reduce errors and achieve faster response times? Check out Tines.com to start experiencing the true benefits of proactive security operations powered by no-code automation.
Mon, December 19, 2022
Russia infiltrates satellites, Gmail’s end-to-end encryption, NSA’s Russia warning
CISA says Russia's Fancy Bear infiltrated US satellite network Google introduces end-to-end encryption for Gmail on the web NSA cyber director warns of Russian digital assaults on global energy sector Thanks to this week's episode sponsor, Tines Before Tines , co-founders Eoin and Thomas spent 15 years as senior security operators. Frustrated by the inability to solve for the challenges their teams were facing, they built their own solution. Tines allows security teams to robustly automate mundane, repetitive tasks – without code – so they can focus on their most important work. Visit Tines.com to learn more! For the stories behind the headlines, head to CISOseries.com .
Fri, December 16, 2022
Week in Review: Antivirus data wipers, TSA expands facial recognition, Uber breach
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , December 12-16, is hosted by Rich Stroffolino with our guest, Jeremy Embalabala , CISO, HUB International Thanks to our show sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That’s why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra’s integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com All links and the video of this episode can be found on CISO Series.com
Fri, December 16, 2022
Japanese MirrorStealer malware, HTML smuggling SVGs, DDoS-for-hire arrests
Hackers target Japanese politicians with new MirrorStealer malware Crooks use HTML smuggling to spread QBot malware via SVG files FBI charges 6, seizes domains linked to DDoS-for-hire service platforms Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, s
Thu, December 15, 2022
EU drafts new US-data sharing agreement, Microsoft signed malicious drivers, InfraGard data leak
EU gets closer to US-data sharing agreement Microsoft signed malicious drivers InfraGard data for sale on dark web Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at <a style= "color: #4db2ec; transition: none 0s ease 0s; outline: 0px; text-decoration: none; font-fami
Wed, December 14, 2022
Twitter data leak, Uber hit with another breach, Chinese police arrest crypto laundering gang
Twitter addresses claims of recent data leak Uber hit with another breach after attack on third-party vendor Police in China arrest gang who laundered $1.7 billion via crypto Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at <a style= "color: #4db2ec; transition: non
Tue, December 13, 2022
India leaks expat passport info, Cloudflare expands free security tools, Greece outlaws spyware
India’s foreign ministry leaks passport details Cloudflare Zero Trust suite available to at-risk groups Greece outlaws spyware Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at <a style= "color: #4db2ec; transition: none 0s ease 0s; outline: 0px; text-decoration: non
Mon, December 12, 2022
Pwn2Own Toronto winners, EDR data wipers, MuddyWater’s new campaign
Pwn2Own Toronto 2022 nets almost $1M for 63 zero days Antivirus and EDR solutions tricked into acting as data wipers Iran-linked MuddyWater APT launches new campaign Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers fac
Fri, December 09, 2022
Week in Review: DHS reviews Lapsus$, AI generated malware, unsupported applications warning
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , December 5-9, is hosted by Rich Stroffolino with our guest, Ken Athanasiou , CISO, VF Corporation Thanks to our show sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. All links and the video of this episode can be found on CISO Series.com
Fri, December 09, 2022
APT37 exploits zero-day, Firewalls bypassed generically, Zombinder's Android malware
North Korea-linked APT37 exploits Internet Explorer zero-day flaw Firewalls of several major vendors bypassed with generic attack method New 'Zombinder' platform binds Android malware with legitimate apps Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. For the stories behind the headlines, head to CISOseries.com .
Thu, December 08, 2022
Pentagon cloud deal, Apple now encrypts iCloud backups, CloudSEK hacked by cybersecurity firm?
Pentagon awards cloud deal to four major providers Apple finally adds encryption to iCloud backups CloudSEK claims it was hacked by another cybersecurity firm Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. For the stories behind the headlines, visit CISOseries.com
Wed, December 07, 2022
AI generated malware, Rackspace confirms ransomware, Meta Oversight Board rules on cross-check
Are we in the age of AI generated malware Rackspace confirms ransomware attack Meta Oversight Board rules on cross-check system Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform.
Tue, December 06, 2022
Baseboard software vulnerabilities, threat group stole COVID funds, AI generated code
Vulnerabilities found in popular baseboard software Chinese threat group stole COVID-19 relief funds The question of AI generated code Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Mon, December 05, 2022
Fosshost goes dark, DHS reviews Lapsus$, Rackspace security incident
Open source software host Fosshost shutting down, CEO unreachable DHS Cyber Safety Review Board to review Lapsus$ attacks Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. For the stories behind the headlines, head to CISOseries.com .
Fri, December 02, 2022
Week in Review: Encouraging cyber volunteers, TikTok invisible malware, SiriusXM car issues
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , November 28-December 2, is hosted by Rich Stroffolino with our guest, Terrance Cooley , CISO, Air Force JADC2 R&D Center. Thanks to our show sponsor, Automox Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox, you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you’ll save time and sleep better at night knowing your IT environment is secure. Visit Automox.com to learn more and start a free trial today. All links and the video of this episode can be found on CISO Series.com
Fri, December 02, 2022
LastPass data accessed, Sirius smartcar flaw, Medibank data dump
Intruders gain access to user data in LastPass incident Sirius XM flaw unlocks smart cars thanks to code flaw Medibank hackers announce ‘case closed’ and dump huge data file on dark web Thanks to this week's episode sponsor, Automox And now a word from our sponsor, Automox. Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox , you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you’ll save time and sleep better at night knowing your IT environment is secure. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CISOseries.com .
Thu, December 01, 2022
White House targeted, Google links spyware, Android apps fake accounts
Elon Musk’s Starlink and the White House targeted by Killnet hackers Google links Windows exploit framework used to send spyware Malicious Android app creates fake accounts on multiple platforms Thanks to this week's episode sponsor, Automox Threat exposure is a growing business risk. Today, vulnerabilities are piling up faster than traditional remediation processes and tools can fix them. But fixing vulnerabilities doesn’t have to be a fire drill. Now you can eliminate threats and manage exposed endpoints with Automox Automated Vulnerability Remediation, the only cloud-native solution that harmonizes your SecOps and ITOps workflow and lets you fix vulnerabilities dramatically faster – in minutes, not months. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CisoSeries.com
Wed, November 30, 2022
TikTok Challenge malware, Cyber Monday record, Sandworm’s Ukraine attack
Hackers use trending TikTok 'Invisible Challenge' to spread malware Cyber Monday online sales hit record Sandworm gang launches Monster ransomware attacks on Ukraine Thanks to this week's episode sponsor, Automox Are you tired of using multiple tools to patch your third-party applications? With Automox you’ll gain complete visibility of all your software and the ability to patch it, automatically, from a single platform. Fix missing third-party patches with the click of a button to dramatically reduce the time, effort, and complexity it takes to maintain a strong security posture. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CISOseries.com .
Tue, November 29, 2022
Google warns of "patch gap," Chinese spam hits Twitter
Project Zero warns of “patch gap” Twitter hit with spam campaign Canadian food company refuses ransom demands Thanks to this week's episode sponsor, Automox Are you ready to say goodbye to manual patching? With Automox you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching can and should be easy. Save time and sleep better at night knowing your IT environment is secure with automated cross-OS patching. Visit Automox.com to learn more and start a free trial today.
Mon, November 28, 2022
FCC China ban, Windows servers freeze, WhatsApp data leak
FCC announces ban on Chinese telecom and surveillance equipment New Windows Server updates cause domain controller freezes, restarts WhatsApp data leak: 500 million user records for sale Thanks to this week's episode sponsor, Automox Automox allows you to automate the configuration, patching, and compliance of your Windows, macOS, and Linux systems all from the cloud. Visit Automox.com to start a free trial and have all your endpoints safe and secure in just 15 minutes. Automox is also offering special pricing from now until December 31st so you can start 2023 off right and get automated patching without breaking your budget. For the stories behind the headlines, head to CISOseries.com .
Wed, November 23, 2022
Twitter enlists George Hotz, $575 million crypto scheme, DrafKings $300K theft
Twitter enlists hacker George Hotz for 12 week “internship” Estonian duo arrested for masterminding $575 million Ponzi scheme Hackers steal $300K from DraftKings customers Thanks to today’s episode sponsor, Compyl Preparing a Thanksgiving meal can be stressful, but managing your security and compliance program doesn't have to be. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete visibility and comprehensive reporting along the way. Learn about Compyl today at www.compyl.com . For the stories behind the headlines, visit CISOseries.com
Tue, November 22, 2022
Emotet returns, Google helps with Cobalt Strike, Ticketmaster blames bots for Swift snafu
Emotet returns with a malspam vengeance Google publishes YARA rules for Cobalt Strike Ticketmaster blames “bot attacks” for ticketing fiasco Thanks to today’s episode sponsor, Compyl This thanksgiving, sit around the table and be thankful for Compyl . Compyl is an all-in-one platform that supercharges your security program and takes control of your compliance and audits. Automate workflows, audit collection, compliance management, and all the boring security stuff. Learn about Compyl today at www.compyl.com .
Mon, November 21, 2022
Ransomware infects Discord, Twitter welcomes Trump, Black Friday scams
New ransomware encrypts files, then steals your Discord account Donald Trump returns to Twitter after Elon Musk's poll More than half of Black Friday spam emails are scams Thanks to today’s episode sponsor, Compyl We all know that CISOs are overworked and stressed. CISOs made Compyl to reduce the noise, accelerate security maturity and let you and your team quickly make decisions that directly affect what's important to your business. Learn about Compyl at www.compyl.com. For the stories behind the headlines, head to CISOseries.com .
Fri, November 18, 2022
Week in Review: The fall of FTX, Australia Medibank fallout, supply chain failures
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , November 14-18, is hosted by Rich Stroffolino with our guest, John Scrimsher , CISO, Kontoor Brands Thanks to today’s episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like SalesForce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com
Fri, November 18, 2022
Musk’s ultimatum, Iran breaches government using Log4Shell, Amazon RDS data leak
Musk’s ultimatum to employees leaves Twitter at risk Iranian APT breaches government agency using Log4Shell Hundreds of Amazon RDS snapshots discovered leaking user data And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni .com to request a free risk assessment.
Thu, November 17, 2022
Disneyland phishing, Ukraine's IT army in action, NSA goes low-key with private researchers
Disneyland phishes with Punycode The effectiveness of Ukraine’s IT army NSA seeks to lower barriers to work with private sector And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni .com to request a free risk assessment.
Wed, November 16, 2022
Cyber Security Headlines
Amazon to cut 10,000 employees in tech and corporate roles Privacy experts cautious about FIFA World Cup Apps 98% of organizations have been severely impacted by cyber supply chain breach And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Tue, November 15, 2022
Australia ransom ban, scourge of brand impersonation sites, GitHub gets private reporting
Australia considers ban on ransomware payments Thousands of sites used for brand impersonation GitHub gets private reporting And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni .com to request a free risk assessment.
Mon, November 14, 2022
Android lockscreen bypass, Lockbit hits Thales, FTX funds disappear
Android phone owner accidentally finds a way to bypass lock screen Thales hit by Lockbit 3.0 again At least $1 billion of client funds missing at FTX And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni , you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni .com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com .
Fri, November 11, 2022
Lockbit operator extradited, Twitter CISO quits, NotPetya insurance shakeup
Alleged LockBit operator to be extradited from Canada to U.S. Musk’s ends remote work and promised to fight spam. CISO Kissner quits. Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Thu, November 10, 2022
Crypto Winter comes for FTX, oil and gas flow control vulnerability, images hide malware in PyPI
Crypto Winter comes for FTX Vulnerability found in oil and gas utilities Vulnerability found in oil and gas utilities And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Wed, November 09, 2022
Powerball drawing delayed, Australian health record leak, Hushpuppi gets 11 year sentence
$2 billion Powerball drawing delayed by security issues Hackers leak Australian health records on dark web Hushpuppi gets 11 years in prison for cyber fraud And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Tue, November 08, 2022
China stocking up vulnerabilities, DOJ seizes 50,000 bitcoin, DOJ takes down Z-Library
China stockpiling vulnerabilities US seizes Silk Road bitcoins DOJ takes down Z-Library And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Mon, November 07, 2022
Treasury thwarts Killnet, UK scanning devices, Denmark train cyberattack
US Treasury thwarts DDoS attack from Russian Killnet group British government scanning all Internet devices hosted in UK Denmark trains halted by cyberattack And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com . For the stories behind the headlines, head to CISOseries.com .
Fri, November 04, 2022
Week in Review: Thomson Reuters leak, LockBit dominates ransomware, Stripe cuts jobs
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , October 31-November 4, is hosted by Rich Stroffolino with our guest, Marcos Marrero , CISO, H.I.G. Capital Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs All links and the video of this episode can be found on CISO Series.com
Fri, November 04, 2022
Boeing subsidiary incident, Stripe job cuts, news website malware
Cyber incident at Boeing subsidiary causes flight planning disruptions Stripe to lay off 14% of workforce Over 250 US news websites deliver malware via supply chain attack Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/ufos For the stories behind the headlines, head to CISOseries.com .
Thu, November 03, 2022
W4SP stings PyPI, password hubris, Dropbox breached
W4SP malware stings PyPI LastPass warns of security hubris Dropbox breached Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
Wed, November 02, 2022
LockBit dominates ransomware, CISA on voting integrity, ransomware reporting
LockBit dominates ransomware CISA on voting integrity A call for more ransomware reporting Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
Tue, November 01, 2022
Antivirus used to spread malware, White House ransomware summit, Ed tech company hit with FTC complaint
Threat group rides antivirus software to install malware White House organizes ransomware summit Ed tech company exposed user data Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
Mon, October 31, 2022
Thomson Reuters leak, Polish Parliament cyberattack, trolls bombard Twitter
Thomson Reuters leaks 3TB of sensitive data Massive cyberattack hits Slovak and Polish Parliaments Twitter trolls bombard platform after Elon Musk takeover Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/ufos . For the stories behind the headlines, head to CISOseries.com .
Fri, October 28, 2022
Week in Review: Musk buys Twitter, Russia’s satellite warning, Industrial ransomware attacks rise
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , October 24-28, is hosted by Rich Stroffolino with our guest, Will Gregorian, former Senior Director, Technology Operations and Security, Rhino Thanks to this week’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs . All links and the video of this episode can be found on CISO Series.com
Fri, October 28, 2022
Russia’s satellite warning, New York Post hacked, Fast Company breach
Russia warns West: We can target your commercial satellites New York Post says its site was hacked after posting offensive tweets White House announces 100-day cyber sprint for chemical sector Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs For the stories behind the headlines, head to CISOseries.com .
Thu, October 27, 2022
Sigstore opens free service, Medibank hacked, 20-year old SQLite bug
Sigstore opens free software signing service Australian health insurer hacked Researcher details 20-year old SQLite bug Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs
Wed, October 26, 2022
See Tickets card breach, US charges Chinese agents, Tata Power’s data leaked
See Tickets discloses 2.5 year-long credit card breach US charges Chinese agents in Huawei obstruction case Hive begins leaking Tata Power’s data Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs For the stories behind the headlines, visit CISOseries.com
Tue, October 25, 2022
Daixin Team, PoCs host malware, Iranian nuclear agency hacked
CISA warns of Daixin Team Exploit POCs used to host malware Iranian nuclear agency hacked Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs
Mon, October 24, 2022
Windows JavaScript zero-day, Iran-based hack-and-leak, METRO retailer attack
Exploited Windows zero-day lets JavaScript files bypass Mark of the Web security warnings FBI warns of ‘hack-and-leak’ operations from group based in Iran Wholesale giant METRO confirmed to have suffered a cyberattack Thanks to this week’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – U nidentified F ile O bjects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs For the stories behind the headlines, head to CISOseries.com .
Fri, October 21, 2022
Week in Review: Dutch Police Trick DeadBolt, GenZ meh on Cybersecurity, Submarine cable severed
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , October 17-21, is hosted by Rich Stroffolino with our guest, Lee Parrish , CISO, Newell Brands Thanks to this week’s episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That’s where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It’s the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com All links and the video of this episode can be found on CISO Series.com
Fri, October 21, 2022
Submarine cables severed, Microsoft’s BlueBleed problem, Health system breach
Internet connectivity worldwide impacted by severed EU subsea cables Microsoft BlueBleed customer data leak claimed to be 'one of the largest' in years Health system data breach due to Meta Pixel hits 3 million patients Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com For the stories behind the headlines, head to CISOseries.com .
Thu, October 20, 2022
Ransom Cartel linked to REvil, Gen Z security awareness, Open Compute Project's Caliptra
Ransom Cartel linked to REvil Do we need cybersecurity training for Gen Z? Open Compute Project announces Caliptra Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase . SafeBase’s Smart Trust Center is a centralized source of truth for your organization’s security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you’d save. Visit safebase.com to find out more.
Wed, October 19, 2022
Verizon customer accounts breached, German cyber chief removed, Fortinet vuln actively exploited
Verizon notifies customers their accounts were breached German cyber chief removed over alleged Russian ties Fortinet vulnerability being actively exploited Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com For the stories behind the headlines, head to CISOseries.com
Tue, October 18, 2022
Ransomware hits German newspaper, Meta battles on content moderation report, and KakaoTalk goes down in Korea
Ransomware halts German newspaper circulation Meta disputes Indian content moderation report KakaoTalk called a “national communication network” in Korea Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com
Mon, October 17, 2022
Ukraine novel ransomware, Drones drop pineapple, Tata Power attacked
Microsoft says Ukraine, Poland targeted with novel ransomware attack Wi-Fi spy drones snoop on financial firm Indian power generation giant Tata Power hit by a cyber attack Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase . SafeBase’s Smart Trust Center is a centralized source of truth for your organization’s security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you’d save. Visit safebase.com to find out more. For the stories behind the headlines, head to CISOseries.com .
Fri, October 14, 2022
Week in Review: CISOs’ Uber scapegoating, US Airport DDoS, Digital license plates
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , October 10-14, is hosted by Rich Stroffolino with our guest, Matt Honea , Head Of Security, SmartNews Thanks to today’s episode sponsor, NoName Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security . Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection All links and the video of this episode can be found on CISO Series.com
Fri, October 14, 2022
Polonium targets Israel, CISO-Board relationships, UK Supply chain
Polonium APT targets Israel with a new custom backdoor dubbed PapaCreep RSA Conference reveals CISO-Board relationships UK government urges action to enhance supply chain security Thanks to today’s episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security . Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection For the stories behind the headlines, head to CISOseries.com .
Thu, October 13, 2022
Npm timing attack, legit software spreading malware, Mango Markets hacked for $100 million
Npm timing attack could impact supply chain Legit software used to spread malicious WhatsApp mod Mango Markets hit by $100 million hack Thanks to today’s episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management
Wed, October 12, 2022
UK warns of Chinese security threat, Toyota data leak, CISOs at risk of being overworked
UK warns of Chinese global security threat Toyota data leak impacts 300,000 customers CISOs at risk of being overworked Thanks to today’s episode sponsor, Noname Security Stop API vulnerabilities before production with Noname Security. Automatically run over 100 dynamic tests that simulate malicious traffic, including the OWASP API Top Ten. Integrate with your existing CI/CD pipelines and tools, such as Jenkins and Postman, as well as all your ticketing and workflow tools such as ServiceNow, Slack, and Jira. Learn more at nonamesecurity.com/active-testing For the stories behind the headlines, head to CISOseries.com
Tue, October 11, 2022
Cyber Security Headlines: Heat leaks passwords, KillNet hits airports, Intel UEFI leak
Finger heat can leak your password US airport sites targeted by KillNet Intel confirms UEFI leak Thanks to today’s episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security . Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection
Mon, October 10, 2022
Urgent Fortinet vulnerability, Windows update flaw, CISO scapegoating danger
Fortinet warns admins to patch critical auth bypass bug immediately Windows 11 22H2 errors break provisioning Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict Thanks to today’s episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management For the stories behind the headlines, head to CISOseries.com .
Fri, October 07, 2022
Week in Review: Lazarus hits Dell, Uber chief guilty, Musk’s Twitter Takeover
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , October 3-7, is hosted by Sean Kelly , with our guest, Patrick Benoit , VP, Global Cyber, GRC/BISO, CBRE Thanks to this week’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited data ingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. All links and the video of this episode can be found on CISO Series.com
Fri, October 07, 2022
Uber coverup ruling, Optus data spilled, Easylife’s trigger fine
Former Uber security chief found guilty of data breach coverup Optus confirms 2.1 million ID numbers exposed in data breach Retailer Easylife fined £1.5m for data protection breaches Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com .
Thu, October 06, 2022
CommonSpirit Health "IT security issue," MySQL backdoor, P2P payment fraud rises
CommonSpirit Health hit with “IT security issue” MySQL servers backdoored Fraud hitting P2P payment apps Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more.
Wed, October 05, 2022
Musk Twitter deal update, TikTok security deal politics, Netwalker affiliate sentenced
Musk offers to proceed with Twitter deal TikTok security deal becomes a political pawn Netwalker ransomware affiliate sentenced to 20 years in prison Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operation team. Cimpress, theparent company of VistaPrint, implemented Hunters SOC Platform to replace its SIEM. Thanks to Hunters, Cimpress no longer needs to babysit alerts and detection logic – they’ve improved their SOC’s efficiency, and optimized costs. Visit Hunters.ai to learn more. For the stories behind the headlines, visit CISOseries.com
Tue, October 04, 2022
LA School Data Leaked, Exchange mitigations bypassed, Supreme Court looks at Section 230
LA school data published on leak site Exchange zero-day mitigations bypassed Supreme Court will look legal protections for apps and sites Thanks to today’s episode sponsor, Hunters Hunters helps your security team overcome data volume and complexity – while significantlyreducing false positives. Upwork uses Hunters SOC Platform to “remain threat focused”. Because of Hunters, Upwork has been able to stop going through the daily repetitive task of looking at alerts, and doing repetitive, manual investigations. Learn more at: Hunters.ai
Mon, October 03, 2022
Microsoft Zero days, Lazarus attacks Dell, NSA employee caught
Microsoft confirms two Exchange Server zero days are being used in cyberattacks Lazarus hackers abuse Dell driver bug using new FudModule rootkit Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com .
Fri, September 30, 2022
Week in Review: Uber hacker arrested, cyberattacks deluge organizations, Lazarus hacks Macs
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , September 26-30, is hosted by Rich Stroffolino with our guest, Sara Lazarus , VP and head of trust and security, Stavvy Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . All links and the video of this episode can be found on CISO Series.com
Fri, September 30, 2022
Russia’s cyber winter, military contractor attack, IRS smishing warning
Finnish intelligence warns Russia ‘highly likely’ to turn to cyber in winter Researchers uncover covert attack campaign targeting military contractors IRS warns of "industrial scale" smishing surge Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Thu, September 29, 2022
Leaked ransomware used in attack, Cloudflare Turnstile, Fast Company hit with cyber attack
Leaked ransomware builder used in attacks Cloudflare hopes Turnstile can replace CAPTCHAs Fast Company goes dark after cyber attack Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Wed, September 28, 2022
Lazarus targets macOS, Geopolitical DDoS, Meta takes down influence networks
Lazarus Group targets macOS users Geopolitics behind recent DDoS surge Meta takes on influence networks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Tue, September 27, 2022
Jamf buys ZecOps, porn phishing DDoS, Cloudflare Zero Trust SIM
Jamf buys ZecOps Porn phishing scam turns into a DDoS Cloudflare announced secure eSIM offering Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Mon, September 26, 2022
Uber hacker arrested, Microsoft SQL hacked, CircleCI GitHub hack
London Police arrest 17-year-old hacker suspected of Uber and GTA 6 breaches Microsoft SQL servers hacked in TargetCompany ransomware attacks Attackers impersonate CircleCI platform to compromise GitHub accounts Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Fri, September 23, 2022
Week in Review: Uber and Twitter hacks, MFA exploits, Ransomware in decline?
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , September 19-23, is hosted by Rich Stroffolino with our guest, Joseph Lewis , Director, Cyber Assessment Strategy, US Department of Energy Thanks to this week’s sponsor, 6clicks 6clicks is your AI-powered GRC platform, featuring a fully integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit 6clicks.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, September 23, 2022
MFA fatigue hacking, Senate blasts counterintelligence, Australian telco breach
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Senate reports details inefficiencies, confusion at key U.S. counterintelligence center Australian telco Optus suffers massive data breach Thanks to today’s episode sponsor, 6clicks With 6clicks , organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle – all while informing your holistic GRC posture with built-in data linkages. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, September 22, 2022
15-year old Python bug, LinkedIn Smart Link phishing, US military using Augury
15-year old Python bug causing problem LinkedIn Smart Links used for phishing US military buys Augury network monitoring tool Thanks to today’s episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs.. For more information visit 6clicks.com/cisoseries .
Wed, September 21, 2022
American Airlines hack, $160M swiped from Wintermute, 2K and Rockstar cyberattacks
American Airlines announce breach of customer and staff info Crypto market maker hacked for $160 million 2K and Rockstar fall victim to cyber attacks Thanks to today’s episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com
Tue, September 20, 2022
Chromeloader evolves, ransomware falls, US reviews social media campaigns
The shifting ways of Chromeloader Ransomware attacks fall in first half Pentagon orders review of social media influence campaigns Thanks to today’s episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks. For more information visit 6clicks.com/cisoseries .
Mon, September 19, 2022
Uber downplays breach, LastPass downplays hack, Netgear router vulnerability
Uber says there is no evidence that users’ private information was compromised LastPass says hackers accessed its systems for just 4 days Netgear Routers impacted by FunJSQ module flaw Thanks to today’s episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, September 16, 2022
Week in Review: Uber hacked, intermittent encryption ransomware, Twitter overheats
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Quincy Castro , CISO, Redis Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance. Edgescan.com All links and the video of this episode can be found on CISO Series.com
Fri, September 16, 2022
Gamers targeted on YouTube, Biden supply chain order, Queen Elizabeth II phishing scam
Gamers targeted by self-spreading stealer on YouTube Biden order further scrutinizes foreign tech supply chains Phishing attacks being launched in the name of Queen Elizabeth II Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com
Thu, September 15, 2022
Teams leaks tokens, cyberscammer human trafficking, Treasury Tornado Cash guidance
Teams stores tokens in cleartext Cyberscammers caught up in human trafficking US Treasury issues guidance on Tornado Cash Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
Wed, September 14, 2022
Apple’s second zero-day, heat beats tweets, herd mentality phishing
Apple Releases iOS and macOS updates to patch actively exploited zero-day flaw Extreme California heat knocks key Twitter data center offline New phishing scheme uses 'herd mentality' approach to dupe victims Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com .
Tue, September 13, 2022
Google buys Mandiant, Redbleed mitigations hurt, Meta hands over PyTorch
Google closes on Mandiant Paying the iron price for Retbleed mitigation Meta hands over the keys to PyTorch Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
Mon, September 12, 2022
Intermittent encryption warning, HP firmware bugs, SEC crypto office
Ransomware gangs switching to new intermittent encryption tactic Firmware bugs in many HP computer models left unfixed for over a year U.S. SEC to set up new office for crypto filings Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com .
Fri, September 09, 2022
Week in Review: TikTok breach, China accuses US, CISA feedback
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Jason Elrod , CISO, Multicare Health System Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments… all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity All links and the video of this episode can be found on CISO Series.com
Fri, September 09, 2022
China accuses US, London buses hacked, New APT42 group
China accuses US of cyberattacks and cyberespionage London's biggest bus operator hit by cyber "incident" Researchers reveal new Iranian threat group APT42 Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com .
Thu, September 08, 2022
CISA incident reporting, Linux-focused IoT malware, Albania cuts ties over cyberattack
CISA asks for feedback on reporting rules New Linux-focused malware targets IoT Albania cuts diplomatic ties over cyberattack Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
Wed, September 07, 2022
Ex-Uber exec heads to trial, Twitter fires back at Mudge, FBI K-12 warning
Uber's ex-cyber exec heads to trial Twitter fires back at Mudge for “parroting” Elon Musk FBI warns of ransomware attacks on school districts Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com
Tue, September 06, 2022
Sextortion ring busted, TikTok denies breach, Cloudflare cuts off Kiwi Farms
Transnational sextortion ring dismantled TikTok denies breachtok Cloudflare cuts off Kiwi Farms Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
Fri, September 02, 2022
Fed agency supply chain tips, Apple lawsuit settlement, Neopets 18 month hack
Federal agencies share supply chain security tips Apple settles lawsuit with developer over App Store rejections and scams Hackers were inside Neopets systems for 18 months Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com
Thu, September 01, 2022
Google's open-source bug bounty, Ragnar Locker hits airline, Cloudflare won't cut off services
Google launches open-source bug bounty Ragnar Locker claims attack on airline Cloudflare won’t terminate services for controversial customers Thanks to today’s episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
Wed, August 31, 2022
Google Translate malware, White House aviation briefing, book distributor ransomed
Google Translate app is actually Windows crypto-mining malware White House to give aviation executives classified cyberthreat briefing Book distributor Baker & Taylor hit by ransomware Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Tue, August 30, 2022
Log4Shell Hits Israel, Russian cyberattacks on Montenegro, AlphaBay Turns 1
Microsoft warns Iranians using Log4Shell Montenegro hit with Russian cyberattacks AlphaBay Turns 1 Thanks to this week's episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme .
Mon, August 29, 2022
Hackers breach LastPass, new Agenda ransomware, Facebook Cambridge settlement
Hackers breach LastPass developer system to steal source code New Agenda ransomware appears in the threat landscape Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement Thanks to this week’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Fri, August 26, 2022
Week in Review: Satellite hacks, Insurers balk, Twitter's cybersecurity
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, John McClure , CISO, Sinclair Broadcast Group Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme . All links and the video of this episode can be found on CISO Series.com
Fri, August 26, 2022
North Korea at BlackHat, Ransomware attacks jump, Pentagon software requirements
North Korean malware present at Black Hat Ransomware attacks jump as new malware strains proliferate Pentagon may require flaw-free software Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com .
Thu, August 25, 2022
Nobelium’s MagicWeb, pro-Western influence campaigns, $100 million in NFTs stolen
Microsoft reveals Nobelium’s MagicWeb Details emerge on large-scale pro-Western influence campaigns Stolen NFTs prove big business Thanks to today’s episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
Wed, August 24, 2022
Twitter ex-security chief whistleblower, Ukraine and Poland join forces, Binance deepfake scam
Ex-security chief accuses Twitter of cybersecurity negligence Ukraine and Poland join forces to counter Russian cyberattacks Hackers use Binance exec deepfake in crypto exchange scam Thanks to today’s episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme . For the stories behind the headlines, head over to CISOseries.com
Tue, August 23, 2022
State-backed attacks not insured, LockBit hit with DDoS, Cozy Bear gets around MFA
State-backed attacks excluded from cyber insurance LockBit hit with DDoS Cozy Bear using Microsoft accounts to bypass MFA Thanks to today’s episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme .
Mon, August 22, 2022
Urgent iPhone update, ZIP password fault, Hacking decommissioned satellites
iPhone users urged to update to patch 2 zero-days Encrypted ZIP files can have two correct passwords White hat hackers broadcast through decommissioned satellite Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com .
Fri, August 19, 2022
Week in Review: Ukraine at Black Hat, Starlink hacked, cybersecurity workforce inequity
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Stephen Harrison , VP Cyber Defense, MGM Resorts Thanks to today’s episode sponsor, 6clicks With 6clicks , organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, August 19, 2022
Google blocks DDoS, Moore leaves Cyber Command, BlackByte’s ransomware options
Google blocks largest HTTPS DDoS attack 'reported to date' Cyber Command loses Moore A new version of BlackByte offers extortion options Thanks to today’s episode sponsor, 6clicks With 6clicks , organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, August 18, 2022
PyPi backdoors, Project Sugarush, Redalpha phishing
PyPi packages turn installed apps to backdoors Project Sugarush targets Israeli shipping RedAlpha ramps up phishing efforts Thanks to today’s episode sponsor, 6clicks Manage the full assessment lifecycle and get your business audit-ready more easily than ever using 6clicks . Identify overlap from completed audits and assessments with other standards and frameworks using Hailey-AI to streamline compliance with multiple audit requirements. With built-in content, organizations can get started on their audit and assessments faster than ever before. For more information visit 6clicks.com/cisoseries .
Wed, August 17, 2022
Oracle audits Tik Tok, Digital Ocean dumps Mailchimp, Twilio targets Signal
Oracle begins auditing TikTok's algorithms Digital Ocean dumps Mailchimp after attack leaked customer data Signal users exposed in targeted Twilio attack Thanks to today’s episode sponsor, 6clicks 6clicks is where vulnerability management and GRC unite. With 6licks, organizations can ingest their vulnerabilities from all scanners, link assets to vulnerabilities, raise risks and issues to remediate, and close vulnerabilities as they are remediated – all while informing their risk and compliance posture in a single platform for cohesive reporting. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Tue, August 16, 2022
Chat app backdoor, PyPi cryptominer, corporate access prices drop
Chat app used as a backdoor PyPi package drops crytominer Access to corporate networks sees a value dip Thanks to today’s episode sponsor, 6clicks Protect your supply chain from third-party risk with the power of 6clicks . Organizations can better manage their vendor risk by automating the vendor assessment lifecycle and detecting vendor assessment findings. Users can identify and raise risks linked to vendors post-assessment and group them into risk registers. Then, manage, remediate and report on risks directly from 6clicks. For more information visit 6clicks.com/cisoseries .
Mon, August 15, 2022
Ukraine cyber chief at Black Hat, Lockheed Martin breach?, $25 Starklink hack
Ukraine's cyber chief makes surprise visit to Black Hat Killnet claims to have hacked Lockheed Martin Starlink successfully hacked using $25 modchip Thanks to today’s episode sponsor, 6clicks Identify, track, respond, and remediate issues and incidents from your various GRC workflows with 6clicks . With an issue submission form, 6clicks makes it easy and efficient for employees to submit incidents directly to an incident management team for triaging and response. Use the built-in incident response playbooks, or your own, to standardize incident response across the organization. For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com
Fri, August 12, 2022
Week in Review: Emergency Alert flaws, Twilio confirms hack, Rebuild CISA - Krebs
Link to Blog Pos t This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Jack Kufahl , CISO, Michigan Medicine Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com
Fri, August 12, 2022
Cisco’s Lapsus$ breach, Rebuild CISA – Krebs, ransomware BEC epidemic
Cisco admits corporate network compromised by gang with links to Lapsus$ CISA should split from DHS says Chris Krebs Ransomware data theft epidemic fueling BEC attacks Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com .
Thu, August 11, 2022
Open Cybersecurity Schema Framework launches, Intel SGX flaw, CISA adds DogWalk to patch list
Introducing the Open Cybersecurity Schema Framework New flaw found in Intel SGX CISA adds to its Known Exploited Vulnerabilities database Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
Wed, August 10, 2022
Chinese kids defrauded, Twitter Saudi spy, Facebook data divulged
Chinese fraudsters target kids playing online games Former Twitter employee convicted in Saudi spy case Facebook divulges data leading to abortion prosecution Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
Tue, August 09, 2022
Treasury sanctions Tornado Cash, Twilio confirms hack, Chinese hacking group targets backdoors
Treasury sanctions Tornado Cash Twilio confirms hack Chinese hacking group targets backdoors Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
Mon, August 08, 2022
Emergency Alert flaws, Kaspersky VPN bug, Pick Fick quick
Critical flaws found in US Emergency Alert System Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador High-severity bug in Kaspersky VPN client opens door to PC takeover Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com .
Fri, August 05, 2022
Week in Review: Cyberattacks hit Taiwan, Missile manufacturer hit, Class action donuts
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Yael Nagler, CISO, Walker & Dunlop Thanks to this week’s sponsor, HYAS “Did you know a cybersecurity breach doesn’t have to mean that your business is shut down or your data is stolen? Malware, ransomware, data exfiltration: They all report to a command and control infrastructure to receive instructions. HYAS’s unrivaled understanding of adversary infrastructure empowers you to cut off threats from their command and control, along with any related infrastructure. Like that old roach motel, hackers can get in, but they can’t communicate out, rendering their attack worthless. When HYAS has your back, you can proactively prevent attacks from being executed — letting your business keep moving full forward. Visit HYAS.com “ All links and the video of this episode can be found on CISO Series.com
Fri, August 05, 2022
Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper
Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit4 Cisco addresses critical flaws in Small Business VPN routers DOJ now relies on paper for its most sensitive court documents, official says Thanks to today’s episode sponsor, HYAS We know IT and security teams are already overloaded — facing constant pressure to improve security without additional resources. That’s why it’s so important to find solutions that bolster your security, not your workload. HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn’t require day-to-day hand-holding — letting you focus on keeping your business moving full forward. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com .
Thu, August 04, 2022
Ukraine takes down bot farm, Solana wallets drained, Semikron cyberattack
Ukraine takes down massive bot farm Thousands of Solana wallets drained Semikron hit by cyberattack Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com
Wed, August 03, 2022
$190M crypto theft, T-Mobile store owner busted, EU missile maker extorsion
US crypto firm hit by $190 million theft T-Mobile store owner busted running phone unlocking scheme EU missile maker denies breach but confirms extortion attempt Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight . Visit HYAS.com
Tue, August 02, 2022
Akamai distrubs massive DDoS, Australian faces spyware charges, Meta struggles with Kenya hate speech
Akamai disrupts record DDoS in Europe Australian man faces spyware charges Meta accused of failing to tackle hate speech in Kenya Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com
Mon, August 01, 2022
Fake investment network, DawDropper Android malware, North Korea’s SharpTongue
Huge network of 11,000 fake investment sites targets Europe DawDropper Android apps serve up banking malware North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Thanks to today's episode sponsor, Hyas. Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don’t just react, take your security back with HYAS. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com .
Fri, July 29, 2022
Week in Review: Chinese, Huawei misdeeds, Poor cybersecurity training, Data breach costs
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Deneen DeFiore , VP, CISO, United Airlines Thanks to our show sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure… all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity . All links and the video of this episode can be found on CISO Series.com
Fri, July 29, 2022
Hackers dodge macros, 365 down again, 22M health record breach
Hackers opting for new attack methods after Microsoft blocked macros by default Microsoft 365 outage knocks down admin center in North America 22 million US health records breached thus far in 2022 Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity . For the stories behind the headlines, head to CISOseries.com .
Thu, July 28, 2022
Subzero malware, JusTalk logs leak, average data breach cost
Microsoft warns of Subzero malware JusTalk logs leak The cost of an average data breach Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity .
Wed, July 27, 2022
$6 million music platform hack, Rogers coding error, increased North-Korean bounty
Hacker swipes $6 million from blockchain music platform Coding error to blame for Rogers outage US doubles reward for tips on North Korean-backed hackers Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity . For the stories behind the headlines, head to CISOseries.com
Tue, July 26, 2022
LockBit hits Italy, Quantum bill heads to Senate, Windows adds brute force defense
LockBit hits Italy Quantum cybersecurity bill heads to the Senate Windows adds brute force defense Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity .
Mon, July 25, 2022
FBI nabs Huawei, Android leaks Twitterers, Microsoft’s printer warning
FBI uncovers Chinese and Huawei misdeeds 5.4 million Twitter accounts available for sale Microsoft warns that new Windows updates may break printing Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk . Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity . For the stories behind the headlines, head to CISOseries.com .
Fri, July 22, 2022
Week in Review: Hiring slows, new infrastructure woes, Tik Tok grows
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Renee Guttmann , Former CISO, Campbell Soup, Coca Cola, Time Warner Thanks to this week’s sponsor, 6clicks 6clicks is your AI-powered GRC platform, featuring a fully-integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit 6clicks.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, July 22, 2022
Microsoft Teams outage, heatwave melts Oracle, hiring cyber mercenaries
Microsoft Teams outage also takes down Microsoft 365 services Heatwave forced Google and Oracle to shut down in London Hackers for hire: adversaries employ “cyber mercenaries” Thanks to today’s episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks . For more information visit 6clicks.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, July 21, 2022
Microsoft security job cuts, Neopet data leak, Russia malware trickery
Microsoft cuts security jobs amidst weakening economy Is your cute little Neopet leaking your personal data? Russia disguises malware as Ukrainian app for hacking Russia Thanks to today’s episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/content . For the stories behind the headlines, head over to CISOseries.com
Wed, July 20, 2022
Leaky GPS Trackers, Russian Malware Spoof Pro-Ukraine App, MacOS Backdoor to the Cloud
Car GPS tracker exposes location data Russian malware groups spoof pro-Ukraine apps MacOS backdoor speaks to the cloud Thanks to today’s episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs. For more information visit 6clicks.com/analytics/overview .
Tue, July 19, 2022
Cyberattack hits Albania, Speculative execution not patched, DARPA studies open-source
Albania hit with cyberattack Vendors not patching for speculative execution DARPA looks into open-source Thanks to today’s episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.c om/lp-enterprise-hub-spoke .
Mon, July 18, 2022
Towns paying for remote workers, CISA orders agency patch, PLC software delivers Sality
Dozens of cities and towns are paying tech workers to abandon Silicon Valley CISA orders agencies to patch new Windows zero-day used in attacks Password recovery tool infects industrial systems with Sality malware Thanks to today’s episode sponsor, 6clicks The 6clicks AI-powered GRC platform with an integrated content library is the most intelligent way to get ISO 27001 certified. It allows you to automate audits, manage risks, track assets, and report in real-time. Join hundreds of businesses that trust 6clicks and start your ISO 27001 journey today. For more information visit 6clicks.com/lp-iso-27001 . For the stories behind the headlines, head to CISOseries.com .
Fri, July 15, 2022
Week in Review: Microsoft phishing warning, Callback phishing scams, Log4J forever
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Carla Sweeney , VP Information Security Red Ventures Thanks to our episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com
Fri, July 15, 2022
C.I.A. Vault 7 engineer convicted, Hackers targeted Jan6 journalists, Twitter’s brief outage
Ex-C.I.A. engineer convicted in biggest theft ever of Agency secrets Chinese hackers targeted U.S. political reporters just ahead of January 6 attack, researchers say Twitter outage briefly hits thousands Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com .
Thu, July 14, 2022
Massive phishing operation, Android malware gets millions of millions, Spectre-like x86 attack
Microsoft warns of massive phishing operation Android malware downloaded over 3 million times More speculative-execution attacks found for x86 Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
Wed, July 13, 2022
FTC anonymization crackdown, TikTok privacy change, gov't contractor pays $9 million
FTC is cracking down on false claims of anonymizing data TikTok halts privacy policy change in Europe Government contractor pays $9 million over whistleblower allegations Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
Tue, July 12, 2022
Ransomware hits French telco, NSO Group acquisition called off, Krebs on Experian security
Ransomware hits French telco NSO Group acquisition called off Krebs on Experian security Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
Mon, July 11, 2022
China censors 1B hack, Pentagon's bug bounty, Tech hiring cools
China tries to censor what could be biggest data hack in history Pentagon: We'll pay you if you can find a way to hack us Tech’s red-hot hiring spree shows signs of cooling Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com .
Fri, July 08, 2022
Week in Review – July 4-8, 202
Link to Blog Post Cyber Security Headlines – Week in Review – July 4-8, 2022 This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, David Cross , SVP/CISO Oracle SaaS Cloud Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . All links and the video of this episode can be found on CISO Series.com
Fri, July 08, 2022
July 8, 2022
Cisco and Fortinet release security patches for multiple products Canada’s RCMP have been using powerful malware to snoop on people’s communications Online programming IDEs can be used to launch remote cyberattacks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Thu, July 07, 2022
July 7, 2022
Attackers moving off Cobalt Strike Cyberattacks against law enforcement on the rise Apple announces lockdown mode Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Wed, July 06, 2022
July 6, 2022
Hacker may have stolen personal data of 1 billion Chinese citizens Ukrainian police take down phishing gang behind payments scam NIST unveils ‘quantum-proof’ cryptography algorithms Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com
Tue, July 05, 2022
July 5, 2022
Jenkins discloses dozens of zero-day bugs in multiple plugins Rogue HackerOne employee steals bug reports to sell on the side Patchable and preventable security issues lead causes of Q1 attacks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Fri, July 01, 2022
July 1, 2022
A new sophisticated malware is attacking SOHO routers New study shows over half of employees use prohibited apps Google battles bots, puts Workspace admins on alert Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr . For the stories behind the headlines, head to CISOseries.com .
Thu, June 30, 2022
June 30, 2022
NATO to create rapid response cyber force FBI warns of deep fakes for remote work Ship controls identified as another major attack surface Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr .
Wed, June 29, 2022
June 29, 2022
Stolen PII and deepfakes used to apply for tech jobs Russia fines foreign firms for data violations Premier League crypto sponsorships expose fans to big losses Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr . For the stories behind the headlines, head to CISOseries.com
Tue, June 28, 2022
June 28, 2022
Ransomware gang launches bug bounty KillNet claims DDoS on Lithuania ICS security bill passes House Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr .
Mon, June 27, 2022
June 27, 2022
New phishing method bypasses MFA using Microsoft WebView2 apps Russian threat actors may be behind the explosion at Texas liquefied natural gas plant Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr For the stories behind the headlines, head to CISOseries.com .
Fri, June 24, 2022
Week in Review – June 20-24, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Marnie Wilking , CISO, Wayfair Thanks to today’s episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft . All links and the video of this episode can be found on CISO Series.com
Fri, June 24, 2022
June 24, 2022
Cloud email threats soar 101% in a year NHS warns of scam COVID-19 text messages Fancy Bear uses nuke threat lure to exploit 1-click bug Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft . For the stories behind the headlines, head to CISOseries.com .
Thu, June 23, 2022
June 23, 2022
Daycare apps found insecure Encryption flaws found in Mega Microsoft retires cloud facial recognition Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft .
Wed, June 22, 2022
June 22, 2022
Cloudflare outage impacts crypto exchanges Biden signs a pair of cybersecurity bills 7-zip now supports Windows ‘Mark-of-the-Web’ security feature Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft . For the stories behind the headlines, head to CISOseries.com
Tue, June 21, 2022
June 21, 2022
Windows downloads blocked in Russia The importance of receipts Chrome extensions can be used for fingerprinting Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft .
Mon, June 20, 2022
June 20, 2022
US DoJ announces shut down of Russian RSOCKS Botnet Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS Mixed results for Russia's aggressive Ukraine information war, experts say Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv , discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft . For the stories behind the headlines, head to CISOseries.com .
Fri, June 17, 2022
Week in Review – June 13-17, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Ariel Weintraub , CISO, MassMutual Thanks to today’s episode sponsor, Datadog Check out Datadog ‘s on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
Fri, June 17, 2022
June 17, 2022
House Armed Services chair calls national security software, systems 'too vulnerable' Microsoft Office 365 AutoSave can assist cloud ransomware attacks OMIGOD! There’s more to OMIGOD Thanks to today’s episode sponsor, Datadog Watch Datadog 's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com .
Thu, June 16, 2022
June 16, 2022
Cloudflare repels another record DDoS Africa’s largest supermarket chain hit with ransomware Resurgence in travel not ignored by threat actors Thanks to today’s episode sponsor, Datadog Check out Datadog 's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
Wed, June 15, 2022
June 15, 2022
US defense contractor discusses takeover of NSO spyware DoJ will no longer prosecute ethical hackers Attack on Kaiser Permanente exposes data of thousands of customers Thanks to today’s episode sponsor, Datadog Watch Datadog 's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com
Tue, June 14, 2022
June 14, 2022
Leaky continuous integration logs Exchange servers used to deploy Black Cat Bluetooth can be used to track phones Thanks to today’s episode sponsor, Datadog Check out Datadog 's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
Mon, June 13, 2022
June 13, 2022
Amazon’s chat app has a child sex abuse problem Ransomware decryptors now for sale on gaming platform China’s biggest online influencers go dark Thanks to today’s episode sponsor, Datadog Watch Datadog 's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com
Fri, June 10, 2022
Week in Review – June 6-10, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , June 6-10, is hosted by Rich Stroffolino with our guest, Upendra Mardikar , CSO, Snap Finance Thanks to our sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. All links and the video of this episode can be found on CISO Series.com
Fri, June 10, 2022
June 10, 2022
MFA could be long haul for some federal agencies says CISA official New Emotet variant stealing users' credit card information from Google Chrome Symantec: More malware operators moving in to exploit Follina Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. For the stories behind the headlines, head to CISOseries.com .
Thu, June 09, 2022
June 9, 2022
Lack of reporting hurting the ransomware fight CISA warns of China-linked network snooping Personal information marketplace taken down Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Wed, June 08, 2022
June 8, 2022
Passwords are finally dead Hackers steal credit cards from online gun shops Shields data breach affects 2 million patients Thanks to today’s episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and management platform. For the stories behind the headlines, head to CISOseries.com
Tue, June 07, 2022
June 7, 2022
The once and future AlphaBay Karakurt adopts bill collector tactics China concludes its cybersecurity review of Didi Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.” Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
Mon, June 06, 2022
June 6, 2022
Evasive phishing mixes reverse tunnels and URL shortening services Exploit released for Atlassian Confluence RCE bug, patch now Lawmakers are racing to pass tech antitrust reforms before midterms Thanks to today’s episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac . PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and management platform. For the stories behind the headlines, head to CISOseries.com .
Fri, June 03, 2022
Week in Review – May 30-June 3, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 30-June 3, is hosted by Rich Stroffolino with our guest, Steve Zalewski , Co-host, Defense in Depth Thanks to today’s episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com
Fri, June 03, 2022
June 3, 2022
Leaked Conti chats confirm gang’s ability to conduct firmware-based attacks Critical UNISOC chip vulnerability affects millions of Android smartphones ExpressVPN removes servers in India after refusing to comply with government order Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com .
Thu, June 02, 2022
June 2, 2022
Europol shuts down FluBot Hive ransomware kicks Costa Rica when its down CISA issues advisory on voting machine vulnerabilities Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com .
Wed, June 01, 2022
June 1, 2022
Follina vulnerability under active exploitation Tension inside Google over conduct of fired researcher IBM to pay $1.6 billion for poaching customer account Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com
Tue, May 31, 2022
May 31, 2022
China censoring open-source code Follina zero-day hits Office EnemyBot botnet acts fast Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com .
Mon, May 30, 2022
May 30, 2022
Pro-Russian hacker group KillNet plans to attack Italy today Microsoft warns that hackers are using more advanced techniques to steal credit card data China makes offer to ten nations help to run their cyber-defenses Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com .
Fri, May 27, 2022
May 27, 2022
Up to 83% of known compromised passwords would satisfy regulatory requirements Broadcom confirms deal to acquire VMware Experts warn of rise in ChromeLoader malware Thanks to today’s episode sponsor, Optiv Up for a Zero Trust Crash Course ? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv’s Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by going to www.optiv.com/zerotrust . For the stories behind the headlines, head to CISOseries.com .
Thu, May 26, 2022
May 26, 2022
Popular open source libraries leaked keys for “research” DuckDuckGo gives Microsoft a pass on trackers Microsoft weathers the vulnerability storm Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust.
Wed, May 25, 2022
May 25, 2022
Interpol warns nation-state malware could become a commodity on dark web soon General Motors Hit by cyber-attack exposing car owners' personal info Canada to ban China's Huawei and ZTE from its 5G networks Thanks to today’s episode sponsor, Optiv Up for a Zero Trust Crash Course ? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv’s Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by going to www.optiv.com/zerotrust . For the stories behind the headlines, head to CISOseries.com .
Tue, May 24, 2022
May 24, 2022
Cyberattack divorces Zola users from registries A look at the RansomHouse data-extortion operation Now we have to worry about pre-hijacking attacks Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com
Mon, May 23, 2022
May 23, 2022
Ransomware victim trolls hackers with obscene pics CISOs list top cyber threats to enterprises in 2022 YouTube removes more than 9,000 Ukraine war-related channels Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey ? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com
Fri, May 20, 2022
Week in Review – May 16-20, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 16-20, is hosted by Rich Stroffolino with our guest, Jerich Beason , CISO, Commercial Bank, CapitalOne Thanks to today's episode sponsor, Torq All links and the video of this episode can be found on CISO Series.com
Fri, May 20, 2022
May 20, 2022
Greenland health services limited from cyberattacks Phishing attacks surge in Q1 Google details 2021 zero-days And now let’s thank today’s sponsor, Torq Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io .
Thu, May 19, 2022
May 19, 2022
VMware bugs abused to deliver Mirai malware Microsoft to debut of zero trust GDAP tool Bank of Zambia refuses to pay ransom to cyberattack group Hive And now let’s thank today’s sponsor, Torq Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Wed, May 18, 2022
May 18, 2022
Buffalo massacre suspect signaled plans on Discord for months Google faces litigation for unauthorised use of medical records Venezuelan doctor accused of developing and distributing ransomware And now let’s thank today’s sponsor, Torq Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com
Tue, May 17, 2022
May 17, 2022
Costa Rican ransomware rhetoric somehow gets uglier DOJ files its first criminal cryptocurrency sanctions case Trying to fix open source supply chain security And now let’s thank today’s sponsor, Torq Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io .
Mon, May 16, 2022
May 16, 2022
Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Microsoft fixes new PetitPotam Windows NTLM relay attack vector Hackers are exploiting critical bug in Zyxel firewalls and VPNs And now let’s thank today’s sponsor, Torq Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Fri, May 13, 2022
Week in Review – May 9-13, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 9-13, is hosted by Rich Stroffolino with our guest, Rich Lindberg , CISO, JAMS Thanks to our sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog ’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
Fri, May 13, 2022
May 13, 2022
Google will use mobile devices to thwart phishing attacks CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability Kick China off social media, says tech governance expert Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog ’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com .
Thu, May 12, 2022
May 12, 2022
Old botnets are new again Meta withdraws Oversight Board guidance request EU proposes new CSAM rules Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at d atadoghq.com/ciso/
Wed, May 11, 2022
May 11, 2022
Russian TV hacked on Victory Day US pledges to help Ukraine keep internet and lights running Pentagon’s concerns China may prompt vetting startups Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at d atadoghq.com/ciso/
Tue, May 10, 2022
May 10, 2022
Ransomware state of emergency in Costa Rica Microsoft launches service to fill the cyber skills gap College closes permanently due to ransomware Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog ’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
Mon, May 09, 2022
May 9, 2022
Google Play now blocks paid app downloads, updates in Russia NIST releases updated guidance for defending against supply-chain attacks US State Department offering $10 million reward for information about Conti members Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at d atadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com .
Fri, May 06, 2022
Week in Review – May 2-6, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , May 2-6, is hosted by Rich Stroffolino with our guest, Shawn Bowen , CISO, World Fuel Services Thanks to our episode sponsor, Censys Why Censys ? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It’s the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io . All links and the video of this episode can be found on CISO Series.com
Fri, May 06, 2022
May 6, 2022
Decade-old bugs discovered in Avast, AVG antivirus software Thailand and Hong Kong Banks used most in BEC Every ISP in the US must block these 3 pirate streaming services Thanks to today's episode sponsor, Censys Why Censys ? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It’s the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io . For the stories behind the headlines, head to CISOseries.com .
Thu, May 05, 2022
May 5, 2022
CuckooBees campaign stings targets for years Health and Human Services hammered over security Docker images used to DDoS Russian sites Thanks to today's episode sponsor, Censys Censys’ Attack Surface Management tool discovers and inventories all Internet-facing assets including traditional assets like hosts, IPs, and cloud services like storage buckets across all accounts and networks. ASM gives you a continuous picture of your attack surface. Start with Censys at censys.io .
Wed, May 04, 2022
May 4, 2022
Google claims to have blocked billions of malicious app downloads NortonLifeLock willfully infringed malware patents Former eBay exec pleads guilty to cyber stalking Thanks to today's episode sponsor, Censys Tom the CTO can’t go into the boardroom unprepared. It’s his job to know all the risks to his company – especially the one that could land him on the front page of the newspaper. His best bet for survival is staying ahead of the most critical threats. Tom, you can be that source of truth; start with Censys at censys.io right now. For the stories behind the headlines, head to CISOseries.com
Tue, May 03, 2022
May 3, 2022
Solana network goes dark after bot swarm The spyware in Spain falls mostly on the politicians Security isn’t top of mind for mental health apps Thanks to today's episode sponsor, Censys All Pat the Security Practitioner wants is to do a good job and be the frontline in keeping his company safe. He’s got great tools, but nothing that can show him if there are company assets that have somehow made their way onto the internet. If only Pat knew about C ensys’ Attack Surface Management tool. Now you do – start with Censys at censys.io .
Mon, May 02, 2022
May 2, 2022
Top 15 exploited security vulnerabilities in 2021 India gives orgs 6 hours to report cyber incidents The White House wants more powers to crack down on rogue drones Thanks to today's episode sponsor, Censys What Chris the CISO wants is to protect against revenue loss and damage to his company’s brand from data breaches and compliance failures. But he’s got a blind spot around his internet exposure. What assets are out there on the internet that his team doesn’t know about? Well, Chris, it’s simple – start with Censys at censys.io . For the stories behind the headlines, visit CISOseries.com .
Fri, April 29, 2022
Week in Review – Apr 25-29, 2022
Link to Blog Post This week’s Cyber Security Headlines - Week in Review , Apr 25-29, is hosted by Rich Stroffolino with our guest, Hadas Cassorla , CISO, M1 Financial Thanks to our episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com
Fri, April 29, 2022
April 29, 2022
Global security spending set to hit $198bn by 2025 New malware loader Bumblebee adopted by known ransomware access brokers Cloudflare thwarts record DDoS attack Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com .
Thu, April 28, 2022
April 28, 2022
Russia experiences hacks at scale State Department puts a price on NetPetya’s head Two-thirds of organizations hit with ransomware Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com .
Wed, April 27, 2022
April 27, 2022
Elon Musk’s Twitter takeover could be bad for security and privacy Stormous Ransomware targets Coca Cola US offers $10 million reward for help locating Russian hackers Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com .
Tue, April 26, 2022
April 26, 2022
Mandiant finds record zero-days in 2021 Bored Ape Yacht Club hacked Oracle patches critical Java vulnerability Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com .
Mon, April 25, 2022
April 25, 2022
Hackers find 122 vulnerabilities, 27 deemed critical, during first round of DHS bug bounty program Anonymous has leaked 5.8 TB of Russian data since declaring cyber war AWS's Log4j patches blew holes in its own security Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com . For the stories behind the headlines, head to CISOseries.com .
Fri, April 22, 2022
April 22, 2022
Critical chipset bugs open millions of Android devices to remote spying New Five Eyes alert warns of Russian threats targeting critical infrastructure Machine-learning models vulnerable to undetectable backdoors And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Thu, April 21, 2022
April 21, 2022
Okta reports on Lapsus$ breach Popular VPNs use risky certificates Project Zero disclosed a new vulnerability record And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Wed, April 20, 2022
April 20, 2022
LinkedIn is now the most popular phish bait Lenovo patches firmware vulnerabilities impacting millions of users Ukraine war stokes internet connectivity concerns in Taiwan And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com
Tue, April 19, 2022
April 19, 2022
Catalan leaders targeted by NSO spyware Researchers share a deep dive into PYSA ransomware operations Most security teams feeling the talent shortage And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com .
Mon, April 18, 2022
April 18, 2022
Microsoft: Office 2013 will reach end of support in April 2023 Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Mute button in conferencing apps may not actually mute your mic And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com . For the stories behind the headlines, head to CISOseries.com .
Fri, April 15, 2022
April 15, 2022
Data breach disclosures surge 14% in Q1 2022 Windows 11 tool to add Google Play secretly installed malware DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Thu, April 14, 2022
April 14, 2022
Industrial cybersecurity companies form coalition Microsoft disrupts ZLoader T-Mobile hired someone to get their data back Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme .
Wed, April 13, 2022
April 13, 2022
RaidForums hacker marketplace shut down in cross-border law enforcement operation Sandworm hackers fail to take down Ukrainian energy provider CISA warns of Russian state hackers exploiting WatchGuard bug Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more. For the stories behind the headlines, head to CISOseries.com .
Tue, April 12, 2022
April 12, 2022
NSO Group spyware reportedly used against European Commission The malware is coming from inside the phone OpenSSH gets ready for quantum computing Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme .
Mon, April 11, 2022
April 11, 2022
New Meta information stealer distributed in malspam campaign NB65 group targets Russia with a modified version of Conti’s ransomware Elon Musk unveils vision for Twitter after joining board Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Fri, April 08, 2022
Week in Review – Apr 4-8, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Apr 4-8, is hosted by Rich Stroffolino with our guest, Brett Conlon , CISO, American Century Investments Thanks to our sponsor, Code42 It’s not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme .
Fri, April 08, 2022
April 8, 2022
Newly discovered flaw could allow hacking of Samsung Android devices Adobe Creative Cloud Experience makes malware easier to hide Parrot redirect service infects 16,500 sites to push malware Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Thu, April 07, 2022
April 7, 2022
US disrupted Russian botnet Twitter shadowbans Russian government accounts DOJ charges Russian national with operating Hydra Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
Wed, April 06, 2022
April 6, 2022
Germany takes down world's largest darknet market Anonymous leaks personal details of Russian soldiers CISA adds Spring4Shell to list of exploited vulnerabilities Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme . For the stories behind the headlines, visit CISOseries.com
Tue, April 05, 2022
April 5, 2022
Russian secret police exposed in data leak MailChimp hit with breach The Bureau of Cyberspace and Digital Policy goes live Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme .
Mon, April 04, 2022
April 4, 2022
New Borat remote access malware is no laughing matter Apple rushes out patches for 0-days in MacOS, iOS National Security Agency employee indicted for 'leaking top secret info' Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme . For the stories behind the headlines, head to CISOseries.com .
Fri, April 01, 2022
Week in Review – Mar 28-Apr 1, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Mar 28-Apr 1, is hosted by Rich Stroffolino with our guest, Fredrick Lee , CISO, Gusto Thanks to our episode sponsor, Varonis All links and the video of this episode can be found on CISO Series.com
Fri, April 01, 2022
April 1, 2022
Palo Alto Networks error exposed customer support cases, attachments New AcidRain data wiper malware targets modems and routers Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, head to CISOseries.com .
Thu, March 31, 2022
March 31, 2022
Hackers abusing the power of subpoena Lapsus$ claims hack of Globant Brian Krebs sued by Ubiquiti for defamation Thanks to our episode sponsors, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis . Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries .
Wed, March 30, 2022
March 30, 2022
Ukraine destroys panic-spreading bot farms Yandex is sending iOS user data to Russia Ronin Network victimized in record-breaking crypto heist Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com .
Tue, March 29, 2022
March 29, 2022
Ukraine ISP taken down by cyber attack Windows can now block drivers Deepfakes take a turn for the banal Thanks to our episode sponsors, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries .
Mon, March 28, 2022
March 28, 2022
Critical Sophos Firewall vulnerability allows remote code execution Okta: "We made a mistake" delaying the Lapsus$ hack disclosure CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog Thanks to our episode sponsors, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, March 25, 2022
Week in Review – Mar 21-25, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Mar 21-25, is hosted by Rich Stroffolino with our guest, John Prokap , CISO, Success Academy Charter Schools Thanks to our episode sponsor, Varonis Customer: "The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis . Varonis reduces the ransomware blast radius and monitors our most important data, automatically." Hear more at www.varonis.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, March 25, 2022
March 25, 2022
UK police arrest 7 people in connection with Lapsus$ North Korean hackers exploit Chrome zero-day weeks before patch Anonymous claims to have hacked the Central Bank of Russia Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis . Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Thu, March 24, 2022
March 24, 2022
Microsoft expands program to fill cyber skills gap Cyber Crime Losses Up 64% in 2021 Microsoft confirms Lapsus$ breach Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis . Visit www.varonis.com/cisoseries.
Wed, March 23, 2022
March 23, 2022
Ransomware attack on Okta leads to data breach Lapsus$ leaks 37GB of Microsoft source code Anonymous hacks Nestlè for operating in Russia Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com
Tue, March 22, 2022
March 22, 2022
Ransomware puts the breaks on Bridgestone Phishing with browser-in-a-browser attacks Conti Leaks leaks Conti code Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries .
Mon, March 21, 2022
March 21, 2022
CISA, FBI tell satellite communications network owners to watch out for hacks after Ukraine attack Hackers claim to breach TransUnion South Africa with 'Password' password Developer sabotages own npm module prompting open-source supply chain security questions Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, March 18, 2022
Week in Review – Mar 14-18, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Mar 14-18, is hosted by David Spark with our guest, Eric Hussey , CISO, Aptiv Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis . Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries . All links and the video of this episode can be found on CISO Series.com
Fri, March 18, 2022
March 18, 2022
Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis . Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries .
Thu, March 17, 2022
March 17, 2022
Phony Instagram ‘support staff’ emails hit insurance company Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018 Microsoft Defender tags Office updates as ransomware activity Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis . Visit www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com .
Wed, March 16, 2022
March 16, 2022
More destructive wiper malware strikes Ukraine German security agency recommends replacing Kaspersky antivirus HackerOne apologizes to Ukrainian hackers for blocking payouts Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com
Tue, March 15, 2022
March 15, 2022
Ukraine’s IT army hit with malware Mobile endpoints see a lot of malicious apps AMD vulnerable to Spectre v2 Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries .
Mon, March 14, 2022
March 14, 2022
Ubisoft changes employee passwords after “cyber security incident” Cyber Command chief tells Congress chip shortage has national security implications LockBit claims hack on Bridgestone tires Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries . For the stories behind the headlines, head to CISOseries.com .
Fri, March 11, 2022
Week in Review – Mar 7-11, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Mar 7 – 11, is hosted by Rich Stroffolino with our guest, Anshu Gupta , Investor, Silicon Valley CISO Investments Thanks to our sponsor, Torq Security Automation Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io . All links and the video of this episode can be found on CISO Series.com
Fri, March 11, 2022
March 11, 2022
Russia creates its own TLS certificate authority to bypass sanctions Online sleuths are using face recognition to ID Russian soldiers Basic text-color trick can fool phishing filters There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Thu, March 10, 2022
March 10, 2022
Chipmakers warn of new speculative execution bugs US worked to shore up Ukraine’s cyber defense in 2021 Twitter Tor service launches There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io .
Wed, March 09, 2022
March 9, 2022
Google to purchase cybersecurity firm Mandiant for $5.4 billion Security vendors help infrastructure orgs protect against Russian cyberattacks Russian VPN demand soars amidst social media crackdown There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head over to CISOseries.com
Tue, March 08, 2022
March 8, 2022
Leaked Nvidia data used in malware Russia says it's okay to download a car Sharkbot takes a bite out of the Play Store There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io .
Mon, March 07, 2022
March 7, 2022
Charities and NGOs that provide support to Ukraine hit by malware 'Most advanced' China-linked backdoor ever raises alarms for cyber-espionage investigators Hackers allegedly leak Samsung data, source code There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Fri, March 04, 2022
Week in Review – Feb 28-Mar 4, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Feb 28-Mar 4, is hosted by Rich Stroffolino with our guest, Ody Lupescu , CISO, Ethos Life Thanks to our episode sponsor, Torq There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io . All links and the video of this episode can be found on CISO Series.com
Fri, March 04, 2022
March 4, 2022
Cyberattack attempts on Ukraine surge tenfold Ukraine's “IT army” targets Belarus railway network, Russian GPS Eight-character passwords can be cracked in less than 60 minutes There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Thu, March 03, 2022
March 3, 2022
Conti and Trickbot code leaks API attacks surge in 2021 Log4Shell still being used in the wild There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io .
Wed, March 02, 2022
March 2, 2022
Russia-Ukraine War update Nvidia confirms company data was stolen in hack Half of employees use unauthorized file services at work There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, go to cisoseries.com
Tue, March 01, 2022
March 1, 2022
Toyota suspends Japanese production due to cyberattack Microsoft providing threat intelligence to Ukraine Twitter to label tweets from state-owned media There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io .
Mon, February 28, 2022
February 28, 2022
Ukraine recruits volunteer IT army to hack list of Russian entities Russia demands Google restore access to its media YouTube channels in Ukraine Chipmaker giant Nvidia hit by ransomware attack There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io . For the stories behind the headlines, head to CISOseries.com .
Fri, February 25, 2022
Week in Review – Feb 21-25, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Feb 21-25, is hosted by Rich Stroffolino with our guest, Mark Eggleston , CISO, CSC Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It’s free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. All links and the video of this episode can be found on CISO Series.com
Fri, February 25, 2022
February 25, 2022
Cyberattacks accompany Russian military assault on Ukraine Putin's government warns Russian critical infrastructure of potential cyberattacks Manufacturing was the top industry targeted by ransomware last year Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com .
Thu, February 24, 2022
February 24, 2022
Samsung shipped devices with flawed encryption New York state gets cybersecurity center Microsoft Defender adds support for GCP Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
Wed, February 23, 2022
February 23, 2022
IRS is allowing taxpayers to opt out of facial recognition UK Defence Secretary warns Russia of cyber-retaliation Slack confirms outage for some users Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to cisoseries.com
Tue, February 22, 2022
February 22, 2022
Researches find decryption for Hive ransomware In the Google Play Store, no one can hear you scream Linux leads in patching speeds Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
Mon, February 21, 2022
February 21, 2022
White House attributes Ukraine DDoS incidents to Russia's GRU Master key for Hive ransomware retrieved using a flaw in its encryption algorithm New phishing campaign targets Monzo online-banking customers Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com .
Fri, February 18, 2022
Week in Review – Feb 14-18, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Feb 14-18, is hosted by Rich Stroffolino with our guest, Mike Hanley , CSO, GitHub Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program’s capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! All links and the video of this episode can be found on CISO Series.com
Fri, February 18, 2022
February 18, 2022
DOJ beefs up efforts to combat criminal use of cryptocurrencies Canada's major banks go offline in mysterious hours-long outage Hackers slip into Microsoft Teams chats to distribute malware Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program’s capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com .
Thu, February 17, 2022
February 17, 2022
State-sponsored hackers hits defense contractors Unskilled hacker targeted aviation industry for years Privacy Sandbox heading to Android Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac . Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team’s day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
Wed, February 16, 2022
February 16, 2022
Cyberattacks take down Ukrainian military and bank websites Super Bowl ad shines a light on QR code risks CISA directs agencies to patch actively exploited Chrome and Magento bugs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, visit cisoseries.com
Tue, February 15, 2022
February 15, 2022
FTC warns VoIP providers about robocalls SEC outlines new cybersecurity rules for investment firms Rampant plagiarism hits NFT marketplace Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
Mon, February 14, 2022
February 14, 2022
San Francisco 49ers hit by Blackbyte ransomware attack Linux malware attacks are on the rise, and businesses aren't ready for it Fake Windows 11 upgrade installers deliver RedLine malware Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com .
Fri, February 11, 2022
Week in Review – Feb 7-11, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Feb 7-11, is hosted by Rich Stroffolino with our guest, Dave Stirling , CISO, Zions Bancorporation Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
Fri, February 11, 2022
February 11, 2022
Donation site for Ottawa truckers’ “Freedom Convoy” protest exposed donors’ data FritzFrog botnet returns to attack healthcare, education, government sectors If you use Zoom on a Mac, you might want to check your microphone settings Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com .
Thu, February 10, 2022
February 10, 2022
Ukraine takes down social media bot farm Federal use of cell siphoning tech on the rise Microsoft expands security business Thanks to our episode sponsor, Datadog Datadog’s Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog’s observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
Wed, February 09, 2022
February 9, 2022
DOJ arrests New York couple, seizing $3.6 billion in bitcoin Google sees 50% drop in compromises after 2SV enrollment Puma employee data stolen as a result of Kronos attack Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to cisoseries.com
Tue, February 08, 2022
February 8, 2022
Stolen crypto used to fund North Korean missile program Microsoft disables protocol used by malware Meta may pull out of the EU Thanks to our episode sponsor, Datadog Datadog’s Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog’s observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
Mon, February 07, 2022
February 7, 2022
US House passes bill to boost chip manufacturing and R&D One in seven ransomware extortion attempts leak key operational tech records New Argo CD bug could let hackers steal secret info from Kubernetes apps Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com .
Fri, February 04, 2022
Week in Review – Jan 31-Feb 4, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Jan 24-Feb 4, is hosted by Rich Stroffolino with our guest, Brian Lozada , CISO, HBOMax Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io All links and the video of this episode can be found on CISO Series.com
Fri, February 04, 2022
February 4, 2022
iPhone flaw exploited by second Israeli spy firm Target shares its own web skimming detection tool with the world MFA adoption pushes phishing actors to reverse-proxy solutions Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com .
Thu, February 03, 2022
February 3, 2022
Iran-linked APT activity on the rise Hacker claims responsibility for North Korean internet disruptions TikTok: the once and future national security threat Thanks to our episode sponsor, Pentera To continuously know the exploitable attack surface, automate your validation. Security validation must be as dynamic as the attack surface it’s securing. Periodical and manual tests aren’t enough to challenge the changes an organization undergoes. Security teams need to have an on-demand view of their assets and exposures, and the only way to get there is by automating your testing. Find out more at pentera.io
Wed, February 02, 2022
February 2, 2022
Cyber attack disrupts German oil firm operations Tesla recalls Full Self Driving feature that lets cars roll through stop signs FBI recommends using burner phones at the Olympics Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, security teams need to cover the full scope of potential attacks. Adversaries take the path of least resistance to the critical assets. This means using a variety of techniques to progress an attack, leveraging any vulnerability and its relevant correlations along the way. For this reason, the validation methods used must match - they need to go beyond the static vulnerability scan or control attack simulation to include a full penetration test scope. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com
Tue, February 01, 2022
February 1, 2022
Your GPU knows your secrets UPnP behind Eternal Silence router campaign DeFi platform hacked for $80 million Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, take the adversarial perspective. The way to know which vulnerabilities are exploitable is to…well, exploit them. This way, security teams get a concise attack vector pointing to the organization’s weakest link. From here remediation requests handed to IT are focused, manageable, and based on true business impact. Find out more at pentera.io
Mon, January 31, 2022
January 31, 2022
Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their ‘Tip of the Day’. Or visit pentera.io to find out more. For the stories behind the headlines, head to CISOseries.com .
Fri, January 28, 2022
Week in Review – Jan 24-28, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Jan 24-28, is hosted by Rich Stroffolino with our guest, Gary Hayslip , CISO, Softbank Investment Advisers Thanks to our episode sponsor, deepwatch All links and the video of this episode can be found on CISO Series.com
Fri, January 28, 2022
January 28, 2022
US says national water supply 'absolutely' vulnerable to hackers Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users BotenaGo Mirai botnet code leaked to GitHub Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com .
Thu, January 27, 2022
January 27, 2022
White House releases new cybersecurity strategy Trickbot gets trickier VPNLab shuttered in global takedown Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Wed, January 26, 2022
January 26, 2022
Canada's foreign ministry hacked Hactivists target Belarus rail system to stop Russian military buildup Segway victimized by Magecart attack Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
Tue, January 25, 2022
January 25, 2022
SBA launches cybersecurity program Ransomware gangs step up insider recruitment American Olympians warned to take cybersecurity precautions Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Mon, January 24, 2022
January 24, 2022
Ukraine attack update: experts find strategic similarities with NotPetya Molerats use Google Drive and Dropbox as attack infrastructure Senators introduce bill to protect satellites from getting hacked Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com .
Fri, January 21, 2022
Week in Review – Jan 17-21, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Jan 17-21, is hosted by Rich Stroffolino with our guest, Julie Tsai, Cybersecurity Leader Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. All links and the video of this episode can be found on CISO Series.com
Fri, January 21, 2022
January 21, 2022
NATO and Ukraine sign deal to boost cybersecurity Microsoft Sees Log4j attacks exploiting SolarWinds Serv-U bug Large-scale cyberattack hits the Red Cross Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com .
Thu, January 20, 2022
January 20, 2022
CISA warns of data-wiping attacks EU working on its own DNS service Biden expands the NSA’s cybersecurity purview Thanks to our episode sponsor, Datadog In Datadog 's upcoming webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
Wed, January 19, 2022
January 19, 2022
Beijing 2022 Winter Olympics app loaded with privacy risks Europol shuts down cybercriminals' VPN service of choice Newspaper accuses Israeli police of spying on its own citizens Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com
Tue, January 18, 2022
January 18, 2022
Ukraine points fingers in recent cyber attacks Another dark web marketplace calls it quits Renewable energy targeted for cyber espionage Thanks to our episode sponsor, Datadog In Datadog 's upcoming webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
Mon, January 17, 2022
January 17, 2022
Microsoft discloses malware attack on Ukraine government networks New unpatched Apple Safari browser bug allows cross-site user tracking Now you can get your vulnerability alerts by phone Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com .
Fri, January 14, 2022
Week in Review – Jan 10-14, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Jan 10-14, is hosted by Rich Stroffolino with our guest, Tyler Young , Director, Information Security, Relativity Thanks to our episode sponsor, BlackBerry All links and the video of this episode can be found on CISO Series.com
Fri, January 14, 2022
January 14, 2022
New undetected backdoor runs across three OS platforms Microsoft RDP bug enables data theft, smart-card hijacking Ukrainian police arrests ransomware gang that hit over 50 firms Thanks to our episode sponsor, BlackBerry CISO’s…Listen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We’re here to help. BlackBerry ® Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com For the stories behind the headlines, head to CISOseries.com .
Thu, January 13, 2022
January 13, 2022
EU planning supply chain attack simulations TellYouThePass ransomware returns A look at Senate confirmations for cyber positions Thanks to our episode sponsor, BlackBerry With ransomware attacks like REvil, DarkSide, Conti, and recently Log4Shell, how confident are you in your cyber solution to prevent threats today and into the future? With BlackBerry ’s Prevention-First endpoint security, we prevent breaches vs responding to and mitigating future attacks. With our Cylance Artificial Intelligence(AI), threats are detected and prevented pre-execution. Traditional AV vendors can’t do this. Get Prevention-First protection to keep your data and organization safe. Learn more at BlackBerry.com .
Wed, January 12, 2022
January 12, 2022
Apple to allow third-party app payment options in South Korea Hotel chain switches to Chrome OS to recover from ransomware attack Hackers leveraging Log4j to install NightSky ransomware Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry ’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online. With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware. For the stories behind the headlines, head to CISOseries.com
Tue, January 11, 2022
January 11, 2022
Open source developer poisons his own well Hacker group self-pwns Microsoft finds TCC bypass vulnerability in macOS Thanks to our episode sponsor, BlackBerry CISO’s…Listen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We’re here to help. BlackBerry ® Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com
Mon, January 10, 2022
January 10, 2022
Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts Swiss army asks its personnel to use the Threema instant-messaging app Norton 360 faces blowback for crypto feature Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry ’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online. With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware. For the stories behind the headlines, head to CISOseries.com .
Fri, January 07, 2022
Week in Review – Jan 3-7, 2022
Link to Blog Post This week’s Cyber Security Headlines – Week in Review , Jan 3-7, is hosted by Rich Stroffolino with our guest, Adam Glick , CISO, SimpliSafe Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. All links and the video of this episode can be found on CISO Series.com
Fri, January 07, 2022
January 7, 2022
Honda, Acura cars hit by Y2K22 bug that rolls back clocks New trick could let malware fake iPhone shutdown to spy on users secretly Attackers exploit flaw in Google Docs’ comments feature Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com .
Thu, January 06, 2022
January 6, 2022
Microsoft’s digital signature verification exploited New York AG warns of credential stuffing attacks Google acquires Siemplify Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Wed, January 05, 2022
January 5, 2022
FTC warns of potential penalties for failing to fix Log4j flaws UScellular discloses data breach after billing system hack SlimPay fined for exposing data of 12 million customers for 5 years Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
Tue, January 04, 2022
January 4, 2022
Broward Health discloses major data breach Beware of the command line copy-paste backdoor HomeKit bug can crash iOS devices Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
Mon, January 03, 2022
January 3, 2022
Microsoft Exchange year 2022 bug breaks email delivery Uber email breach allows anyone to email as Uber Crypto security breaches cause $4.25 billion in losses in 2021 Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com .
Thu, December 30, 2021
December 30, 2021
Defense bill includes cybersecurity provisions for private-sector Server firmware rootkit discovered Microsoft Defender showing Log4j false positives Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc .
loading...