Chronicles of a CISO Daily News for March 26, 2021. New critical RCE in Solarwinds Orion, OpenSSL closes two high-severity vulns, MacOS malware surging, CISA identified two new webshells in compromised Exchange servers, and a new 5G flaw enables location tracking.
Chronicles of a CISO Daily News for March 25, 2021. Identity fraud losses soar to $56 billion, Fixing App/SPI sec after the cloud push, What a Federal Data Privacy law would mean, Service Account best practices, and CopperStealer malware stealing user credentials.
Chronicles of a CISO Daily News for March 24, 2021. Women in Cybersecurity, A peek into the SilverFish espionage group, IT admin contractor who wiped out O365 accounts gets 2 years, PurpleFox malware targets SMBs and worms across windows, and the Cybercriminal supply chain.
Chronicles of a CISO Daily News for March 23, 2021. The clock is ticking for NIST SP800-53 compliance, Understanding quantum’s threat to cryptography, Healthcare’s costly data breaches, O365 spoof targeting CEO’s, and Electric utilities under threat from GE’s vulns.
Chronicles of a CISO Daily News for March 22, 2021. Critical F5 BIG-IP flaw under active attack, APT group used 11 zero-days in recent campaign, US-CERT: Using CHIRP to detect post-breach activity, DDoS attacks get cheap, and Quantum-safe security.
Chronicles of a CISO Daily News for March 19, 2021. BEC cost $1.8B in 2020, Security researcher hides ZIP files in Twitter PNG’s, TTPs for SolarWinds compromise, Is misinformation slowing down SASE adoption, Trojan xcode infects apple devs and the Fed gets serious about IoT security.
Chronicles of a CISO Daily News for March 18, 2021. Microsoft releases a one-click Exchange fix, RDP attacks at record levels, Application Security maturity, Addressing Call Center fraud, CISA-FBI advisory on TrickBot, and A Requiem For The Password.
Chronicles of a CISO Daily News for March 17, 2021.Cybercrime to hit $10 trillion by 2025, Stop pretending SMS is secure, The challenge of patching OT devices, 2017 Microsoft vuln is still being exploited, and the Twitter Bitcoin Scammer gets 3 years behind bars.
Chronicles of a CISO Daily News for March 16, 2021. Fundamental cyberattack changes a year into COVID, Mystery around the Exchange 0-Days, Browser-based Spectre attack PoC code released, TrickBot fills in the hole left by Emotet, and Cybersecurity as an Ecosystem.
Chronicles of a CISO Daily News for March 15, 2021. Microsoft probes internal leak as the cause of Exchange mess, US legislators look at enacting a Breach Law, MS Exchange exploits are doubling every hour, 3 critical Linux flaws hiding since 2006, and US Government looks at real-time threat sharing with the private sector.
Chronicles of a CISO Daily News for March 12, 2021. DearCry ransomware targets Exchange zero-days, New RedXOR malware targets Linux, Four new awareness trends, Recent breakthroughs in quantum networking, and How cloud entitlements have become the new perimeter.
Chronicles of a CISO Daily News for March 11, 2021. New Linux backdoor operated by nation state, At least 10 APT groups exploited Exchange zero-days, Critical F5 BIG-IP patch released, NIM-based spear phishing, and a Joint FBI-CISA advisory on the Exchange compromise.
Chronicles of a CISO Daily News for March 10, 2021. Patch Tuesday includes 89 CVE’s and 14 critical bugs, Secrets leaked in public repos by developers, is MFA a ‘Security Illusion’?, REvil ransomware embarrasses victims into paying, and what most get wrong about zero-trust (ZTNA).
Chronicles of a CISO Daily News for March 9, 2021. A timeline of the mass Exchange hack, Webshells explained, Docker hub cryptojacking attack, Trying to make the DARPA Encryption project a reality, and Are we living in 1984?
Chronicles of a CISO Daily News for March 8, 2021. *Five critical alerts/IoCs/tools to help deal with the recent Microsoft Exchange Zero-days*, The supply-chain risks of ‘poison packages’, It still takes 280 days to patch production, and Malware attacks new Intel CPU flaw.
Chronicles of a CISO Daily News for March 5, 2021. COVID-19 Vaccine phishing attacks jump 26%, Microsoft/FireEye uncover new malware linked to SolarWinds breach, and Top Russian cybercrime forums hacked.
Chronicles of a CISO Daily News for March 4, 2021. Two critical reads on the Microsoft Exchange Zero-days, Qualys breached via Accellion, Malicious packages ‘Code Bomb’ major sites, Is cyber-insurance worth it?, and the difference between a SOC 2 and ISO27001.
Chronicles of a CISO Daily News for March 3, 2021. Four Exchange server zero-days under active attack, Ryuk new wormable features, Compromised website images avoid detection to deliver malware, BSides – How to build a SecOps program, and New breakthrough steps us closer to a Quantum internet.
Chronicles of a CISO Daily News for March 2, 2021. Drive towards edge computing raises security concerns, Defense companies targeted with new malware, New whitepapers released on the impact of quantum computing to information security, and Security’s post-pandemic responsibility.
Chronicles of a CISO Daily News for March 1, 2021. Microsoft releases open-source tool to hunt for SolarWinds code, NSA issues guidance on zero-trust, The future of destructive malware, 6 tools every security team should be aware of, and Are we living in 1984?
Chronicles of a CISO Daily News for February 26, 2021. Today’s articles include: New cloud security guidelines for healthcare, Understanding your insider threats, How Bitcoin is enabling a botnet, Six critical cloud challenges, and Developing an effective Vulnerability Management program.
Chronicles of a CISO Daily News for February 25, 2021. Half of all credential phishing attacks use Microsoft as a lure, Cisco issues 3 critical warnings, Building a cybersecurity awareness culture, LazyScripter targets airline industry, and celebrating black quantum scientists.
Initial Access Brokers pose a growing risk to enterprises, Clop malware targets executives, Critical RCE flaw in VMware ESXi, and the importance of diversity in Cybersecurity.
Chronicles of a CISO Daily News for February 23, 2021. Today’s articles include: Fighting fileless malware, APT31 used NSA tool, Scary things about Kubernetes and containers, Are your API’s a honeypot, The evolving CISO role, and What’s scarier than the SolarWinds breach.
Chronicles of a CISO Daily News for February 22, 2021. Today’s articles include: New malformed URL prefix attack, A new macOS malware uncovered, FBI issues warning on TDoS attacks, WhatsApp moves ahead with privacy changes, and The challenges of cybersecurity hiring.
