Cyber Security Headlines
CISO Series

Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 13-17, 2021, is hosted by Rich Stroffolino with our guest, Geoff Belknap, CISO, LinkedIn Thanks to our episode sponsor, Sonrai Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com All links and the video of this episode can be found on CISO Series.com

New Windows security updates break network printing Bitdefender releases decryptor as REvil shows signs of return Biden announces joint deal with U.K. and Australia to counter China Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more. For the stories behind the headlines, head to CISOseries.com

Travis CI security vulnerability is bad news for open source Ransomware accounts for a quarter of cyber insurance claims Microsoft goes passwordless Thanks to our episode sponsor, Sonrai Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com

Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Update Google Chrome to patch 2 new zero-day flaws under attack New Zloader attacks disable Windows Defender to evade detection Thanks to our episode sponsor, Sonrai Sonrai is gaelic for data - and that’s what Sonrai Security is all about. Finding, classifying, and locking down sensitive data in AWS, Azure, or Google Cloud. Sonrai can see every identity’s path to every piece of data - continuously. Learn more at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.  

SSID Stripping is a new take on spoofing Industrial control systems hammered by cyber attacks Olympus has fallen...to ransomware Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more.

Windows MSHTML zero-day exploits shared on hacking forums REvil ransomware operators targeting new victims Yandex pummeled by Meris DDoS botnet Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 6-10, 2021, is hosted by Rich Stroffolino with our guest, Matt Crouse, CISO, Taco Bell Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. All links and the video of this episode can be found on CISO Series.com    

US considers limiting CISA director’s term ‘Azurescape’ Kubernetes attack allows cross-container cloud compromise Hackers leak VPN account passwords from 87,000 FortiGate devices Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com

Brad Smith relives early days of the SolarWinds attack Internet Explorer zero-days are still something to worry about German police bought NSO Pegasus spyware Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.

Ransomware gang threatens to leak data if victim contacts FBI, police Personal details of French visa applicants exposed by cyber-attack Brazil President Bolsonaro restricts powers of social media companies to remove accounts and content Thanks to our episode sponsor, Semperis It’s no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven’t checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from Semperis that checks for 70-plus indicators of exposure and compromise. Go to Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.  

ProtonMail shares user IP address with law enforcement IoT attacks double in six months Study looks at criteria for ransomware targeting Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%—a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.

Cyber Command urges patching of massively exploited Confluence bug DDoS hits New Zealand – back up again in 30 minutes Salesforce email service used for phishing campaign Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Aug 30-Sep 3, 2021, is hosted by Steve Prentice with our guest, Marnie Wilking, Global Head of Security & Technology Risk Management, Wayfair Thanks to our episode sponsor, Semperis All links and the video of this episode can be found on CISO Series.com  

WhatsApp faces $267M fine for breaching Europe’s GDPR UK VoIP telcos disrupted by cyberattacks White House doubles down on holiday cyberattack warnings Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com

BrakTooth bites major SoC vendors The cost of ransomware to schools Posts surrounding January 6th disappear from Facebook data Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.

QNAP announces OpenSSL bugs fallout Cyberattackers are now quietly selling off their victim's internet bandwidth Indonesian government’s Covid-19 app accidentally exposes over 1 million people Thanks to our episode sponsor, Semperis It’s no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven’t checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from Semperis that checks for 70-plus indicators of exposure and compromise. Go to Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.

Manual Windows 11 installs might not get updates LockBit to publish Bangkok Air customer data Intermittent encryption hopes to make ransomware worse Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%—a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.

“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure Work from home increased worldwide phishing attacks T-Mobile hacker brute-forced his way through the network Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.  

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, August 23-27, 2021, is hosted by Steve Prentice with our guest, Edward Contreras, (@CISOEdwardC)CISO, Frost Bank Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you’re shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you’re never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! All links and the video of this episode can be found on CISO Series.com  

21-year-old claims responsibility for massive T-Mobile hack Microsoft and Google to invest billions to bolster US cybersecurity Ragnarok ransomware releases master decryptor after shutdown Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com