Accountability, CISO and Internet - Cyber Security Informer

10 Holiday Cybersecurity Tips for CISOs

Security Boulevard

NOVEMBER 22, 2023

Chief information security officers (CISOs) should proactively implement strategies and protect their infrastructures against hacking months and weeks leading up to this busy time of the year.  Top holiday cybersecurity tips for CISOs With so many things going on, where should you focus your resources?

CISO

CISO Cybersecurity Phishing Backups

Thousands of Data Center Management Apps Exposed to Internet

eSecurity Planet

FEBRUARY 2, 2022

Tens of thousands of applications that are critical to the operations of data centers around the globe are exposed to the internet, with many secured with default factory passwords, posing a significant cyber risk to enterprises worldwide. Exposing that to the public internet is like allowing terrorists to direct air traffic control.”.

Internet

Internet Internet Passwords Software

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

The Last Watchdog

APRIL 1, 2024

Forrester’s report lays out a roadmap for CIOs, CISOs and privacy directors to drive this transformation – by weaving informed privacy and security practices into every facet of their business; this runs the gamut from physical and information assets to customer experiences and investment strategies. LW: Cultural change is acutely difficult.

Cybersecurity

Cybersecurity CISO B2B Risk

RSAC Fireside Chat: Extending ‘shift left’ to achieve SSCS — ‘software supply chain security’

The Last Watchdog

APRIL 18, 2023

Related: How SBOMs instill accountability Interestingly, you could make the argument that SSCS runs counter-intuitive to the much-discussed “ shift left ” movement. Guest expert: Matt Rose, Field CISO, ReversingLabs I had the chance to visit with Matt Rose, Field CISO at ReversingLabs , which is in the thick of the SSCS movement.

Software

Software CISO Internet Internet

How CISOs Can Impact Security for All

Cisco Security

APRIL 26, 2021

Insights from our new Advisory CISO, Helen Patton. If there’s anyone who’s been put through their paces in the security industry, it’s Helen Patton , our new Advisory Chief Information Security Officer (CISO). Helen has come to Cisco from The Ohio State University, where she served as CISO for approximately eight years.

CISO

CISO Education Technology Media

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

AUGUST 2, 2018

Schrade r: The legacy is a group of CISOs from companies like Facebook, Google, Microsoft, Cisco, Oracle, Mastercard, Visa, Bank of America, Wells Fargo and a lot of others. They built a very robust group of committed cybersecurity professionals in their own businesses. LW : What are you doing for small and medium sized businesses?

Internet

Internet Internet Cybersecurity Education

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches

Data breaches Social Engineering Malware Hacking

[updated] Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

Malwarebytes

NOVEMBER 2, 2023

or later Atlassian strongly advises you apply the patch, even for instances that are not exposed to the public internet. Instances accessible over the public internet, including those with user authentication, should be restricted from external network access until they have been patched. or later 8.3.4 or later 8.4.4 or later 8.5.3

Authentication

Authentication CISO Internet Internet

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

The Last Watchdog

SEPTEMBER 6, 2022

The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Stay tuned.

Cloud Migration

Cloud Migration Cybersecurity Marketing CISO

Second-Guessing the CISO in an Emergency

Duo's Security Blog

FEBRUARY 8, 2021

Setting Up an Instant Unique Login Then we want to set a password for that registered citizen account, because in order to deliver the service, we are asking for some personally identifiable information (PII) that we now need to protect as best we can. Ask me how I know this.)

CISO

CISO Passwords Authentication Accountability

Minnesota Passes Data Privacy Law, Joining Growing State Movement

SecureWorld News

MAY 21, 2024

Narrow consumer privacy bills that address a range of issues—including protecting biometric identifiers and health data or governing the activities of specific entities like data brokers or internet service providers—have been introduced in several states, as well. CIPP/E, CIPP/US, Member, Data Privacy & Cybersecurity, Clark Hill Law.

Data privacy

Data privacy CISO Small Business CSO

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

The Last Watchdog

MARCH 6, 2020

Related: How ‘credential stuffing’ enables online fraud As a result, some CEOs admit they’ve stopped Tweeting and deleted their LinkedIn and other social media accounts – anything to help reduce their organization’s exposure to cyber criminals. That’s the ‘cheat code’ for CISO success. Corporate inertia still looms large.

CISO

CISO VPN Digital transformation Internet

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Consider that kids are constantly connected on the internet with online games, streaming devices, virtual schooling, and zoom play dates. Companies must take this into account and consider extending employee training to also promote security and privacy habits among all family members, especially children. We’re all connected.

Education

Education CISO Security Awareness Cybersecurity

Cybersecurity Is the Most Prevalent ESG Issue We're Not Talking About

SecureWorld News

AUGUST 14, 2022

The recent analysis by SecurityScorecard and Cyentia Institute found that 53% of the 1,623,118 organizations assessed have at least one open vulnerability exposed to the internet. The benefit, however, of the connected world is that the supply chain is digitally connected, creating an opportunity to build the chain of cyber accountability.

Cybersecurity

Cybersecurity Data breaches Cyber Risk Accountability

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

The Last Watchdog

AUGUST 19, 2021

The configuration issue made this access point publicly available on the Internet. The attacker claims to have compromised an end-of-lifed GPRS system that was exposed to the internet and was able to pivot from it to the internal network, where they were able to launch a brute force authentication attack against internal systems.

Mobile

Mobile Data breaches Authentication Accountability

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

The Security Ledger

MAY 15, 2021

Intel 471 CISO Brandon Hoffman joins us to to discuss Darkside, the ransomware group that attacked the Colonial Pipeline, why the crew may have bitten off more than it can chew and what the attack says about the state of America's Critical Infrastructure. ” -Brandon Hoffman, CISO Intel 471. Read the whole entry. »

Ransomware

Ransomware CISO Government Cyber Risk

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

MAY 23, 2023

Your passwords are on the internet. Compromised or stolen credentials is the second most common type of cybersecurity incident accounting for 27% of reported breaches, according to the Office of the Australian Information Commissioner (OAIC). Today, we cover best practices for an environment that has been compromised. They don’t work.

Authentication

Authentication Passwords Data breaches Phishing

Mitigate insider threats by focusing on people, process and technology

SC Magazine

MARCH 12, 2021

The pandemic has challenged CISOs worldwide to adapt their security strategies—often years early—to create a safe work-from-home environment. CISOs need to promptly identify risky behavior and determine whether that threat warrants additional research. Global Resident CISO, Proofpoint, Inc. Technology: Work smarter, not harder.

Technology

Technology CISO Risk Government

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Cisco Security

OCTOBER 18, 2021

The primary job of the Chief Information Security Officer (CISO) is to exercise continuous diligence in reducing risk, within the risk appetite and risk tolerance of the organization, so that the likelihood of a boom is low, and the corresponding magnitude of harm is limited. Some “Left of Boom” Processes. Frameworks.

Cybersecurity

Cybersecurity CISO Insurance Risk

Security resilience: 4 ways to achieve company-wide buy-in

Cisco Security

JUNE 15, 2022

Also, “Accidental CISO” (AC), Chief Information Security Officer , who was just trying to get SOC2 and ISAC certifications for a vendor when he was abruptly named CISO of his organization. And finally, Christos Syngelakis, CISO, and Data Privacy Officer at Motor Oil Group. That’s a pretty big call.

CISO

CISO Digital transformation Risk Data privacy

167 counterfeit apps used for financial scams against Android and iOS users

SC Magazine

MAY 12, 2021

If targets later tried to withdraw funds or close the account, the attackers would block access. Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, said employees continue to fall for these scams because the notices are so authentic looking and it’s difficult to tell the difference from the real app. “One

Scams

Scams Cryptocurrency Social Engineering Banking

New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems

SC Magazine

MARCH 26, 2021

The Chinese espionage group Spiral twice exploited an internet-facing SolarWinds server in 2020, according to researchers from the Secureworks Counter Threat Unit. (“SolarWinds letters” by sfoskett at [link] is licensed under CC BY-NC-SA 2.0 ). In essence, the attacker can take any action the System account can take.

Authentication

Authentication CISO Media Engineering

The Era of Ransomware: How to Respond in a Crisis

CyberSecurity Insiders

MARCH 13, 2022

Step 5: File a thorough, detailed report about the incident to the FBI’s Internet Crime Complaint Center (IC3). Accounting for all of your assets not only increases your operational productivity, but it can also lower your overall security risk. Backing Up Data. Securing Endpoints. Asset Discovery.

Ransomware

Ransomware Backups Software CISO

Security researchers applaud Google’s move towards multi-factor authentication

SC Magazine

MAY 7, 2021

Google made the announcement on World Password Day , in which Mark Risher, Google’s director of product management, identity and user security, pointed out in a blog that 66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one fails. “We

Authentication

Authentication Passwords Password Management Mobile

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

eSecurity Planet

JULY 23, 2021

On its own, it’s not going to give a remote attacker access to anything, but if combined with other attacks, it’s possible an attacker could leverage a user account from somewhere else and pivot into this to get root access,” Smith said.

Accountability

Accountability Big data CISO Architecture

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

SecureWorld News

JULY 31, 2023

Sam Masiello , CISO, The Anschutz Corporation: "I would expect that many CISOs today are feeling as if their job just got harder and now has a brighter spotlight shining specifically on them. Many CISOs are already burnt out, and there is shortage of qualified CISOs globally. CISOs are expected to be a unicorn already.

CISO

CISO InfoSec Risk Cybersecurity

China's 'Volt Typhoon' Targeting U.S. Infrastructure, Microsoft Warns

SecureWorld News

MAY 25, 2023

Leighton, who will present the closing keynote, "Cyber World on Fire: A Look at Internet Security in Today's Age of Conflict," at SecureWorld Chicago on June 8, said the targeting of Guam should be viewed as a key threat. "Volt Panda also appears to be targeting critical cyber infrastructure throughout the U.S." Guam is critical to the U.S.

Firewall

Firewall Cyber threats Telecommunications Internet

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

MARCH 14, 2019

The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. In 2016, Jay Leek – then CISO at the Blackstone investment firm, and now a CyberGRX board member — was collaborating with CSOs at several firms Blackstone had invested in when a common theme came up.

Cyber Risk

Cyber Risk Risk Digital transformation Accountability

Spotlight on Cybersecurity Leaders: Randy Raw

SecureWorld News

MARCH 31, 2022

Answer: I was a systems/network admin for several years when the internet was young and mostly benign. Answer: Effective, cross-platform and easy-to-implement password-less authentication with regular assessment of account/system behavior to enforce expected behavior and identify anomalous actions. Get to know Randy Raw.

Cybersecurity

Cybersecurity InfoSec Authentication DDOS

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

The Last Watchdog

APRIL 11, 2019

ExtraHop’s CISO Jeff Costlow walked me through what’s different about the approach NTA vendors are taking to help companies detect and deter leading-edge threats. Imposter apps and browser extensions masquerading as legit tools represent a clear and present risk that companies must account for. Practicing restraint. Talk more soon.

Digital transformation

Digital transformation Adware Technology Software

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

The Last Watchdog

MARCH 10, 2020

I spoke with Maurice Côté, VP Business Solutions, and Martin Lemay, CISO, of Devolutions , at the RSA 2020 Conference in San Francisco recently. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW Last Watchdog’s Melanie Grano contributing.

Authentication

Authentication Risk Digital transformation Passwords

Australia Recorded the Highest Rate of iOS & Android App Threats

Appknox

JUNE 23, 2022

More threats were detected on iOS than Android devices; 68% of Australian CISOs expect their organization to suffer a material cyber-attack within the next year. Navigating the internet in 2022 is more dangerous than ever for Australian netizens. The trojan- Banker.AndroidOS.Gustuff.d

Social Engineering

Social Engineering Mobile Scams Engineering

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

McAfee

OCTOBER 31, 2021

Equally, direct messages have been used by groups to take control over influencer accounts to promote messaging of their own. After all, it does demand a level of research to “hook” the target into interactions and establishing fake profiles are more work than simply finding an open relay somewhere on the internet. Who Can Regulate?

Cybercrime

Cybercrime Government Malware Media

Making Security Personal: Warn End Users About New Bank App Alert

SecureWorld News

JUNE 15, 2020

It's a common best practice among CISOs trying to get their employees invested in cybersecurity for the corporate network: make things personal. If you help an employee secure the personal accounts of their family and friends, good cyber practices can become a relevant concern that they learn to take seriously.

Banking

Banking Spyware Authentication Passwords

Attack Surface Management for the Adoption of SaaS

CyberSecurity Insiders

SEPTEMBER 20, 2022

Earlier this year, I had the opportunity to speak before a group of CISOs about the topic of attack surface management (ASM). As security professionals, we must evolve our security programs and controls to account for SaaS. DNS subdomain scanning is a useful tactic to discover internet-exposed SaaS application portals and their APIs.

Threat Detection

Threat Detection Risk Penetration Testing DNS

What Is The Cyber Helpline?

SecureWorld News

AUGUST 3, 2023

We are just scratching the surface, with the FBI's Internet Crime Complaint Center (IC3) receiving 800,000 reports of cybercrime last year, but this is only those that have reported the crime; the number is likely to be closer to 5.6 from a lady who had her intimate images sent to her; she had only saved them on her own Snapchat account.

Cybercrime

Cybercrime Cybersecurity Accountability CISO

Hacker Compromises FBI Server to Send Fake Emails

eSecurity Planet

NOVEMBER 15, 2021

According to intelligence organization Spamhaus and subsequent reports, the hackers sent out emails with the false accusations in two waves to more than 100,000 addresses, using email addresses gleaned from a number of sources, including a database used by the American Registry for Internet Numbers. Zero Trust Means Having Zero Assumptions.

Hacking

Hacking Social Engineering Cybersecurity CISO

Five Tips for Ensuring Communications Security in Your Organization

CyberSecurity Insiders

MARCH 13, 2022

Sensitive information, such as personally identifiable information (PII), protected health information (PHI), controlled unclassified information (CUI), federal contract information (FCI), and personal account numbers (PANs), should be protected by ensuring they are never sent by end-user messaging technologies (e.g.,

Encryption

Encryption Firewall Computers and Electronics Wireless

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Last Watchdog

OCTOBER 9, 2019

By turning off the auditing agent and disabling security logging, the attacker is free to modify accounts, alter policies and create back-doors that can be used at a later stage. While the agency discourages ransom payments, it also advises CISOs to evaluate all options to protect shareholders, employees and customers.

Ransomware

Ransomware CISO Backups Encryption

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

Security Boulevard

JANUARY 18, 2024

This demand leads to the development of cybersecurity predictions which must take into account underlying drivers of the attackers, defenders, and technology where the battles will play out. The highly controversial regulation took effect at the end of 2023 and publicly owned businesses in 2024 are now held accountable for compliance.

Risk

Risk Cybersecurity CISO Technology

Here’s how security pros can lock down their remote networks

SC Magazine

FEBRUARY 19, 2021

Before executing a security strategy, it’s important to have a complete account and inventory of all device types and assets, as well as an accurate blueprint of the organization’s network infrastructure. Here are some steps they can take to improve security: Know the organization’s network and assets. Train employees on cyber.

IoT

IoT Data breaches CISO Passwords

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

The Last Watchdog

JULY 19, 2023

I had the chance to discuss this with Shinichi Yokohama, NTT Global CISO and John Petrie, Counselor to the NTT Global CISO, at RSA Conference 2023. As companies adjusted in the post pandemic operating environment, Internet-centric services rose to the fore. Towards zero-trust So how should CISOs steer their organizations?

CISO

CISO Architecture Cloud Migration Technology

Local government cybersecurity: 5 best practices

Malwarebytes

SEPTEMBER 30, 2022

End use of unsupported/end of life software and hardware that are accessible from the Internet. In Michigan’s Cyber Partners Program , for example, local communities receive services from a CISO-level consultant. Enhanced logging. Data encryption for data at rest and in transit. Consider outsourcing.

Government

Government Cybersecurity Cyber Insurance Insurance

10 Holiday Cybersecurity Tips for CISOs

Thousands of Data Center Management Apps Exposed to Internet

Trending Sources

Best Practices Q&A: The importance of articulating how cybersecurity can be a business enabler

RSAC Fireside Chat: Extending ‘shift left’ to achieve SSCS — ‘software supply chain security’

How CISOs Can Impact Security for All

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

[updated] Atlassian: “Take immediate action” to patch your Confluence Data Center and Server instances

NEW TECH SNAPSHOT: The role of ‘MSSPs’ in helping businesses manage cybersecurity

Second-Guessing the CISO in an Emergency

Minnesota Passes Data Privacy Law, Joining Growing State Movement

SHARED INTEL: Here’s why CEOs who’ve quit Tweeting are very smart to do so

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

Cybersecurity Is the Most Prevalent ESG Issue We're Not Talking About

Why CISA is Warning CISOs About a Breach at Sisense

ROUNDTABLE: Why T-Mobile’s latest huge data breach could fuel attacks directed at mobile devices

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

3 Steps to Prevent a Case of Compromised Credentials

Mitigate insider threats by focusing on people, process and technology

“Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks

Security resilience: 4 ways to achieve company-wide buy-in

167 counterfeit apps used for financial scams against Android and iOS users

New, critical vulnerability discovered that could let attackers gain entry to SolarWinds systems

The Era of Ransomware: How to Respond in a Crisis

Security researchers applaud Google’s move towards multi-factor authentication

Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros

InfoSec Leaders Weigh in on New SEC Rules Making CISO Hotseat Hotter

China's 'Volt Typhoon' Targeting U.S. Infrastructure, Microsoft Warns

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

Spotlight on Cybersecurity Leaders: Randy Raw

NEW TECH: ‘Network Traffic Analysis’ gets to ground truth about data moving inside the perimeter

NEW TECH: Devolutions’ ‘PAM’ solution helps SMBs deal with rising authentication risks

Australia Recorded the Highest Rate of iOS & Android App Threats

Nation States Will Weaponize Social and Recruit Bad Guys with Benefits in 2022

Making Security Personal: Warn End Users About New Bank App Alert

Attack Surface Management for the Adoption of SaaS

What Is The Cyber Helpline?

Hacker Compromises FBI Server to Send Fake Emails

Five Tips for Ensuring Communications Security in Your Organization

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Unseen Threats: Anticipating Cybersecurity Risks in 2024

Here’s how security pros can lock down their remote networks

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

Local government cybersecurity: 5 best practices

Stay Connected