Chronicles of a CISO Daily News for March 26, 2021. New critical RCE in Solarwinds Orion, OpenSSL closes two high-severity vulns, MacOS malware surging, CISA identified two new webshells in compromised Exchange servers, and a new 5G flaw enables location tracking.
Chronicles of a CISO Daily News for March 25, 2021. Identity fraud losses soar to $56 billion, Fixing App/SPI sec after the cloud push, What a Federal Data Privacy law would mean, Service Account best practices, and CopperStealer malware stealing user credentials.
Chronicles of a CISO Daily News for March 24, 2021. Women in Cybersecurity, A peek into the SilverFish espionage group, IT admin contractor who wiped out O365 accounts gets 2 years, PurpleFox malware targets SMBs and worms across windows, and the Cybercriminal supply chain.
Chronicles of a CISO Daily News for March 23, 2021. The clock is ticking for NIST SP800-53 compliance, Understanding quantum’s threat to cryptography, Healthcare’s costly data breaches, O365 spoof targeting CEO’s, and Electric utilities under threat from GE’s vulns.
Chronicles of a CISO Daily News for March 19, 2021. BEC cost $1.8B in 2020, Security researcher hides ZIP files in Twitter PNG’s, TTPs for SolarWinds compromise, Is misinformation slowing down SASE adoption, Trojan xcode infects apple devs and the Fed gets serious about IoT security.
Chronicles of a CISO Daily News for March 17, 2021.Cybercrime to hit $10 trillion by 2025, Stop pretending SMS is secure, The challenge of patching OT devices, 2017 Microsoft vuln is still being exploited, and the Twitter Bitcoin Scammer gets 3 years behind bars.
Chronicles of a CISO Daily News for March 16, 2021. Fundamental cyberattack changes a year into COVID, Mystery around the Exchange 0-Days, Browser-based Spectre attack PoC code released, TrickBot fills in the hole left by Emotet, and Cybersecurity as an Ecosystem.
Chronicles of a CISO Daily News for March 15, 2021. Microsoft probes internal leak as the cause of Exchange mess, US legislators look at enacting a Breach Law, MS Exchange exploits are doubling every hour, 3 critical Linux flaws hiding since 2006, and US Government looks at real-time threat sharing with the private sector.
Chronicles of a CISO Daily News for March 12, 2021. DearCry ransomware targets Exchange zero-days, New RedXOR malware targets Linux, Four new awareness trends, Recent breakthroughs in quantum networking, and How cloud entitlements have become the new perimeter.
Chronicles of a CISO Daily News for March 11, 2021. New Linux backdoor operated by nation state, At least 10 APT groups exploited Exchange zero-days, Critical F5 BIG-IP patch released, NIM-based spear phishing, and a Joint FBI-CISA advisory on the Exchange compromise.
Chronicles of a CISO Daily News for March 10, 2021. Patch Tuesday includes 89 CVE’s and 14 critical bugs, Secrets leaked in public repos by developers, is MFA a ‘Security Illusion’?, REvil ransomware embarrasses victims into paying, and what most get wrong about zero-trust (ZTNA).
Chronicles of a CISO Daily News for March 8, 2021. *Five critical alerts/IoCs/tools to help deal with the recent Microsoft Exchange Zero-days*, The supply-chain risks of ‘poison packages’, It still takes 280 days to patch production, and Malware attacks new Intel CPU flaw.