Cybersecurity, Hacking, InfoSec and Risk

US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’

Security Boulevard

MARCH 10, 2022

cleverly anticipated the Russian invasion of Ukraine and skilfully helped the country shore up its defences against Russian hacking. The post US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’ appeared first on Security Boulevard. Mainstream media has been full of stories about how the U.S.

InfoSec

InfoSec Media Hacking Social Engineering

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger

MAY 16, 2024

In this Spotlight Podcast, host Paul Roberts talks with Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT) and how organizations that manage OT - including critical infrastructure owners can best manage increased cyber risks to OT environments. For Hacking. Read the whole entry. »

CSO

CSO Risk Energy and Utilities Social Engineering

Burnout: The Hidden Cost of Working in Cybersecurity & Other High Risk Fields

Jane Frankland

JUNE 20, 2023

Since 2011, I’ve consistently spoken, and written about the dangers of burnout in cybersecurity, and proposed leadership strategies for employee wellbeing. In this blog, and ahead of my talk at Infosec this week , I’m delving into this, and giving you tips for recognising its signs and preventing it as a leader.

Cybersecurity

Cybersecurity Risk InfoSec CISO

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk VPN Internet Internet

CISA releases Insider Risk Mitigation Self-Assessment Tool

Security Affairs

SEPTEMBER 30, 2021

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats. Pierluigi Paganini.

Risk

Risk InfoSec Ransomware Technology

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

The Security Ledger

FEBRUARY 26, 2021

The post Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of. Are Local Governments Ready To Turn Back Election Hacks? Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin Episode 202: The Byte Stops Here – Biden’s Cyber Agenda. Read the whole entry. »

Cyber Risk

Cyber Risk Risk InfoSec Information Security

Personal Cybersecurity Concerns for 2023

Security Through Education

JANUARY 18, 2023

Not too long ago, many of us thought that cybersecurity was something for corporations to worry about. Perhaps we thought, who would want to hack a completely unknow person like me? What are some personal cybersecurity concerns for 2023? The truth is technology has grown at an exponential rate and so has cybercrime.

Cybersecurity

Cybersecurity Social Engineering Scams IoT

CyberSaint STRONGER 2022 Conference Call for Speakers is Open!

CyberSecurity Insiders

FEBRUARY 1, 2022

BOSTON–( BUSINESS WIRE )– CyberSaint , the developer of the leading platform delivering cyber risk automation, today announced that the company is seeking speaker submissions for its virtual STRONGER conference, set to occur September 13th-15th 2022. Conference Tracks: Frameworks, Security, & Risk. InfoSec 360.

Digital transformation

Digital transformation InfoSec CISO Education

The 7 Biggest Cybersecurity Scoops from February 2015

SiteLock

AUGUST 27, 2021

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. 2015 Cyber Security Risks. TechRadar recently posted an article covering the top seven cyber security risks that businesses should be aware of for 2015. Anthem Cyber Attack. Worst Passwords of 2014.

Passwords

Passwords Cybersecurity Internet Internet

BSides Sofia 2023 – Radoslav Gerganov – Hyundai Head Unit Hacking

Security Boulevard

JULY 18, 2023

Permalink The post BSides Sofia 2023 – Radoslav Gerganov – Hyundai Head Unit Hacking appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Hacking

Hacking Architecture CISO Education

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

Security Boulevard

JULY 16, 2023

Permalink The post BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions appeared first on Security Boulevard. Our thanks to BSides Sofia for publishing their presenter’s tremendous BSides Sofia 2023 content on the organizations’ YouTube channel.

Government

Government Hacking Architecture CISO

CISA adds VMware’s Cloud Foundation bug to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 11, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 (CVSS score: 9.8), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

InfoSec

InfoSec Hacking Cybersecurity Risk

US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat)

Security Boulevard

FEBRUARY 3, 2022

An infosec researcher was hacked by North Korea. law enforcement did nothing, so he took matters into his own hands. The post US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat) appeared first on Security Boulevard.

InfoSec

InfoSec Hacking Social Engineering Engineering

Cyber CEO: 3 Key Components for Resilient Third Party Risk Management

Herjavec Group

APRIL 26, 2021

Third-party risk is a hot topic in the world of cybersecurity. The recent SolarWinds breach was a tough reminder that technological advancement will always carry inherent risks. former CEO of RSA Security) for a virtual fireside chat last week to chat about third-party risk. So where does that leave us?

Risk

Risk Government InfoSec Cybersecurity

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

AUGUST 18, 2021

The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle. The real puzzle was how to get public and private institutions to work together to solve the problems infosec faces today.

Hacking

Hacking InfoSec Cybersecurity Education

GUEST ESSAY: How and why ‘pen testing’ will continue to play a key role in cybersecurity

The Last Watchdog

MARCH 15, 2021

Since we are quickly putting out large technologies, security risks always come with this. Penetration tests are one way of mitigating the security risks that arise and make sure that we are not endangering users, their data, and the trust they inherently place in technology. Related: Integrating ‘pen tests’ into firewalls.

Penetration Testing

Penetration Testing Social Engineering Cybersecurity Engineering

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

MARCH 13, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog. CISAgov added #CVE -2020-5741 & CVE-2021-39144 to the Known Exploited Vulnerabilities Catalog.

Media

Media InfoSec Password Management Engineering

Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens

The Security Ledger

APRIL 30, 2019

In this week's podcast, Joe Grand of Grand Idea Studio and Kyle Wiens of iFixit join me to talk about the launch of securepairs.org and fighting cybersecurity FUD in the right to repair. The post Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens appeared first on The Security Ledger.

InfoSec

InfoSec Computers and Electronics Telecommunications Software

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

The company states that organizations that fail to address known vulnerabilities in the firmware of SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack. Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. ” reported BleepingComputer.

Ransomware

Ransomware Firmware Mobile InfoSec

Opinion: We need a way to talk about Cyber Physical Risk

The Security Ledger

JULY 15, 2019

It has to do with our evolving and still immature system of rating (and therefore thinking about) cyber risk. Read the whole entry. »

Risk

Risk InfoSec Cyber Risk Hacking

DOJ Cybercrime Watchdog’s First Settlement Signals Crackdown on Small Businesses

Security Boulevard

APRIL 7, 2023

Justice Department’s new Civil-Cyber Fraud Initiative announced its first settlement last month in a novel action that brought false claims allegations over infosec failures against, notably, a sole proprietor. Aerojet Rocketdyne Holdings, Inc. , Aerojet Rocketdyne Holdings, Inc. ,

Small Business

Small Business Cybercrime Insurance Government

CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw

Security Affairs

FEBRUARY 5, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. link] #Cybersecurity #InfoSec pic.twitter.com/Tu7MoTEETC — US-CERT (@USCERT_gov) February 4, 2022. Pierluigi Paganini.

InfoSec

InfoSec Authentication Hacking Cybersecurity

Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed

Security Boulevard

JULY 30, 2023

Join […] The post Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed appeared first on Shared Security Podcast. The post Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed appeared first on Security Boulevard.

Risk

Risk Technology Data privacy InfoSec

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. For bored and smart teenagers, this was the perfect way to learn how to hack. Much like the BBS of yesterday, these social media sites can be used to teach people how to hack. Or share gaming cheats. Massive numbers.

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Social Media

ForAllSecure

JUNE 2, 2021

With more than 600K followers on YouTube, LiveOverflow is one of infosec’s first social media influencers. For bored and smart teenagers, this was the perfect way to learn how to hack. Much like the BBS of yesterday, these social media sites can be used to teach people how to hack. Or share gaming cheats. Massive numbers.

Media

Media Hacking InfoSec Marketing

The Hacker Mind: Hacking Aerospace

ForAllSecure

MARCH 14, 2022

Can you hack an airplane? Vamosi: Maybe you remember this: In 2014, researchers Charlie Miller and Chris Valasek succeeded in hacking a Jeep Cherokee while a reporter was driving it on a freeway during rush hour in St Louis, Missouri. So, given that we can now hack into cars remotely, could we hack into other systems as well?

Hacking

Hacking Computers and Electronics Government Media

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Samios believes a good first step to address the situation is to bring seismologists up to speed on cybersecurity, informing them how their equipment can be exploited by malicious actors.

IoT

IoT InfoSec Data collection Encryption

US Federal systems must be covered by vulnerability-disclosure policies by March 2021

Security Affairs

SEPTEMBER 7, 2020

A new Cybersecurity and Infrastructure Security Agency (CISA) mandate requires U.S. government’s cybersecurity agency CISA has issued a mandate that requires federal agencies to implement vulnerability-disclosure policies (VDPs) by March 2021. SecurityAffairs – hacking, vulnerability-disclosure policies). Learn more: [link].

InfoSec

InfoSec Advertising Government Cybersecurity

How To Defend the Extended Network Against Web Risks

Threatpost

APRIL 5, 2021

Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.

Risk

Risk Cybersecurity InfoSec Hacking

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. Using older software within your own software always carries risk. What if they don’t? Apple Podcasts.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

And what parallels might infosec learn from COVID-19? In this episode, Mike Ahmadi draws on his years of experience in infosec, his years hacking medical devices. Listen to EP 12: Hacking Healthcare. Using older software within your own software always carries risk. What if they don’t? Apple Podcasts.

Healthcare

Healthcare Hacking InfoSec Software

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Remember GDPR? Expect another set of cyber regulations around vulnerabilities

SC Magazine

APRIL 14, 2021

For the first time in its 60-year history, the OECD offered policy guidelines for risk reduction through vulnerability management. For the first time in its history this past February, the Organization for Economic Cooperation and Development (OECD) offered policy guidelines for digital risk reduction through vulnerability management.

Government

Government Risk Information Security InfoSec

Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchison

The Security Ledger

OCTOBER 7, 2021

Related Stories Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchinson Spotlight: When Ransomware Comes Calling Spotlight: Is There A Cure For InfoSec’s Headcount Headache? Click the icon below to listen. Enterprises today have a full plate of challenges when it comes to cyber security. Proliferating Threats: Enter MDR!

CISO

CISO InfoSec Backups Ransomware

Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchinson

The Security Ledger

OCTOBER 7, 2021

Related Stories Spotlight: When Ransomware Comes Calling Spotlight: Is There A Cure For InfoSec’s Headcount Headache? In addition to doing the basic blocking and tackling like software updates and user management, organizations hav e cloud and third party risks to worry about. Click the icon below to listen.

CISO

CISO InfoSec Backups Ransomware

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber

The Security Ledger

MARCH 19, 2021

» Related Stories Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin. Read the whole entry. »

Cyber Risk

Cyber Risk Surveillance InfoSec Mobile

Episode 207: Sara Tatsis of Blackberry on finding and Keeping Women in Cyber

The Security Ledger

MARCH 19, 2021

» Related Stories Encore Edition: Veracode CEO Sam King on Infosec’s Leaky Talent Pipeline Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin. Read the whole entry. »

Cyber Risk

Cyber Risk Surveillance InfoSec Mobile

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

Security Affairs

MARCH 7, 2021

At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies. Cyber #Cybersecurity #InfoSec — US-CERT (@USCERT_gov) March 6, 2021. SecurityAffairs – hacking, Microsoft Exchange). ” reported Krebs.

Hacking

Hacking Accountability Government Small Business

CISO workshop slides

Notice Bored

AUGUST 5, 2022

Other slides in the deck appear to equate ' security posture ' to vulnerability management and software/systems patching - a rather narrow/specific technical concern for metrics suggested to senior management, although arguably it is a major factor in cybersecurity - or to security strategy.

CISO

CISO Risk Artificial Intelligence Marketing

Security Roundup January 2021

BH Consulting

JANUARY 12, 2021

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. From a cybersecurity perspective, the year had more than its share of incidents. Unsurprisingly, the SolarWinds supply chain attack stars in the year’s worst hacks and breaches from both Wired and Ars Technica.

Data privacy

Data privacy InfoSec DNS CISO

MobileIrony backdoor allows complete takeover of mobile security product and endpoints.

DoublePulsar

JULY 25, 2023

It became clear this was being exploited in the wild a few days ago, after the Norwegian government disclosed 12 of their ministries were hacked using this MobileIron zero day , and they had to tell Ivanti about the issue. infosec #mobileiron #ivanti / Twitter" If you are using Ivanti MobileIron, check out the Ivanti support forum now.#infosec

Mobile

Mobile InfoSec Government Accountability

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Security Affairs

DECEMBER 17, 2019

Infosec researchers have uncovered an unsecured Elasticsearch database containing 1.3TB of web server log entries held by Chinese e-commerce website LightInTheBox.com. “Led by cybersecurity analysts Noam Rotem and Ran Locar, vpnMentor’s research team discovered a leak in a database belonging to the online retailer LightInTheBox.”

Retail

Retail InfoSec Data breaches Advertising

US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

Trending Sources

Burnout: The Hidden Cost of Working in Cybersecurity & Other High Risk Fields

CISA Order Highlights Persistent Risk at Network Edge

CISA releases Insider Risk Mitigation Self-Assessment Tool

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

Personal Cybersecurity Concerns for 2023

CyberSaint STRONGER 2022 Conference Call for Speakers is Open!

The 7 Biggest Cybersecurity Scoops from February 2015

BSides Sofia 2023 – Radoslav Gerganov – Hyundai Head Unit Hacking

BSides Sofia 2023 – Vasil Velichkov – Hacking Attacks Against Government Institutions

CISA adds VMware’s Cloud Foundation bug to Known Exploited Vulnerabilities Catalog

US Hacker ‘P4x’ Gets Back at Pyongyang (but We Smell a Rat)

Cyber CEO: 3 Key Components for Resilient Third Party Risk Management

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

GUEST ESSAY: How and why ‘pen testing’ will continue to play a key role in cybersecurity

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens

HelloKitty ransomware gang targets vulnerable SonicWall devices

Opinion: We need a way to talk about Cyber Physical Risk

DOJ Cybercrime Watchdog’s First Settlement Signals Crackdown on Small Businesses

CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw

Your Digital Immortality is Coming, Apple and Google Are Data Gatekeepers, Satellite Security Risks Revealed

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Social Media

The Hacker Mind: Hacking Aerospace

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

US Federal systems must be covered by vulnerability-disclosure policies by March 2021

How To Defend the Extended Network Against Web Risks

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Remember GDPR? Expect another set of cyber regulations around vulnerabilities

Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchison

Spotlight: Operationalizing MDR with Pondurance CISO Dustin Hutchinson

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Episode 207: Sarah Tatsis of BlackBerry on finding and Keeping Women in Cyber

Episode 207: Sara Tatsis of Blackberry on finding and Keeping Women in Cyber

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

CISO workshop slides

Security Roundup January 2021

MobileIrony backdoor allows complete takeover of mobile security product and endpoints.

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Stay Connected