Thank you Brian Levine for some insightful advice to CISOs about contractual protections organizations ought to provide to them.
While not a contractual protection, might a risk-based compliance program provide another layer of protection for CISOs?
M…https://t.co/7oQbYJPFF3
New technology leads to new social engineering attacks.
"Scammers are using artificial intelligence to sound more like family members in distress. People are falling for it and losing thousands of dollars."
"Although impostor sc…https://t.co/L7VXm6Khmt https://t.co/7MaoS2BcAI
Jen Easterly's article in Foreign Affairs is definitely worth a read. While I have several concerns about her recommendations, my comments below conclude with reasons to be optimistic about a current trend driving improved cybersecurity.
1. I'm not sure…https://t.co/gR3V2HtOLI
#ransomware good news and bad news. #Chainanalysis reported that ransomware payments were down in 2022. Although they acknowledge that they don't see all payments, the trend is reasonable. And that is good news.
However, it's not…https://t.co/5BrIUXzBYt https://t.co/5aX8VnwS6o
Today's post by Phil Venables is a must read. After defining #ceremonialsecurity and #cargocults, Phil provides 12 examples.
The first one is "[Check Box] Compliance." Phil describes the "original importance" of compliance and how it can devolve into a…https://t.co/o8hKzUs521
#EvilPLC attack in #OT environments target industrial engineers who configure programmable logic controllers (PLCs). Attackers initially compromise an engineering workstation and move to #PLCs. From there can pivot to other engine…https://t.co/hq0kcV9B31 https://t.co/kX3ZGZ2jFA
Short summary of #BlackBasta#ransomware attack sequence.
"After harvesting credentials and mapping the network the Black Basta attackers execute code on other systems using #PsExec with the goal of locating and compromising the…https://t.co/S4KssF9qgL https://t.co/bJTDTWM4gp
#Protestware - a rising #cybersecurity issue when using open source software.
"Open source developers are discovering new and creative avenues that no longer limit them to implementing new features for their projects, but to activ…https://t.co/l0gUag7i2A https://t.co/cSkRu7Om2u
#Microsoft published an article yesterday describing an active, large-scale #phishing attack in which the attacker offers a link to a proxy between the user and the real target website. Microsoft calls this #AiTM (adversary-in-the-middle) phishing sites.…https://t.co/XB6skgxR20
Swiss Cyber Forum's 10 Steps for enhancing cybersecurity are in the wrong order. A risk management regime should be Step 1 rather than Step 10 to provide a decision-support process for prioritizing the other nine steps.
No organization has the resources…https://t.co/2mc7pCE52y
ICYMI, there was an interesting article at #csoonline about how to respond to ten different excuses for not deploying multi-factor authentication (#mfa).
Number 8 is, “The risk is not high enough for the investment in MFA.”
Fro…https://t.co/F9ww3jPNPQ https://t.co/jAP6yBCSp0
#tmobile was breached for the seventh time in the past four years, according to #Techcrunch!! This time by the #lapsus group.
To the best of my knowledge, during the same time period #verizon has not been breached.
Yet during t…https://t.co/99pIqbx00H https://t.co/RRoaizWE0p
If you are an #Okta customer, how are you responding to the alleged breach that was reported? Regardless of the #SIEM you use, you should be able to perform the tasks #Hunters recommends below. If you are using a managed security service, they should be p…https://t.co/KksOz3QYqf
Thank you @canyon289 for your post about this excellent online book, "Bayes Rules, An Introduction to Bayesian Modeling." For those not aspiring to become statisticians, but just want to familiarize yourselves with #Bayesian#statistics, the first section…https://t.co/vct9wrm8IE