Winamp Logo
Cyber Security Headlines Cover
Cyber Security Headlines Profile

Cyber Security Headlines

English, Daily News, 1 season, 1254 episodes, 1 day, 13 hours, 45 minutes
About
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode Artwork

Qiliin ransomware upgrade, Sharepoint KEV flaw, Rhysida ransoms Easterseals

Researchers reveal upgraded Qilin ransomware-as-a-service CISA adds Microsoft SharePoint flaw to its KEV catalog Rhysida ransoms Easterseals Thanks to today's episode sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you’ll want to see – plus confirms some stark truths: that the industry you’re in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Find the stories behind the headlines at CISOseries.com.
10/25/20247 minutes, 19 seconds
Episode Artwork

CISA data rules, Fortinet zero-day, UK Cyber Essentials

CISA proposes new security requirements for personal data Fortinet patches actively exploited zero-day UK report on Cyber Essentials certification Thanks to today's episode sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud’s latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines.
10/24/20247 minutes, 44 seconds
Episode Artwork

SolarWinds disclosure fines, Zendesk helps Internet Archive, Samsung zero-day

Four cyber companies fined for SolarWinds disclosure failures Zendesk helps Internet Archive after hacker breached email system Samsung zero-day under active exploit Thanks to today's episode sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud’s new report at spycloud.com/headlines.
10/23/20247 minutes, 34 seconds
Episode Artwork

U.S. rule on selling sensitive data, Cisco data stolen, Nidec breach

Proposed rules ban U.S. companies from selling sensitive data Cisco data stolen by IntelBroker Nidec breach exposes 50,000+ documents Thanks to today's episode sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics.
10/22/20248 minutes, 34 seconds
Episode Artwork

Microsoft logs lost, Omni Family breach, Internet Archive Zendesk breach

Microsoft warns it lost some customers’ security logs for a month Omni Family Health data breach impacts almost half a million individuals Internet Archive breached again through stolen access tokens Thanks to today's episode sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company’s ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Find the stories behind the headlines at CISOseries.com.
10/21/20247 minutes, 35 seconds
Episode Artwork

Week in Review: Amazon passkeys usage, healthcare ransomware stats, major cybercrime takedowns

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Person, CISO, Cambia Health Thanks to our show sponsor, Conveyor It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry—Conveyor is here to help.  Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers. Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions. End the horror show. Try it for free at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  
10/18/202428 minutes, 7 seconds
Episode Artwork

Globe Life extortion, hacker USDoD arrested, Anonymous Sudan indicted

Insurance giant Globe Life facing extortion attempts after data theft from subsidiary Infamous hacker USDoD possibly arrested in Brazil Anonymous Sudan masterminds indicted Thanks to today’s episode sponsor, Conveyor  It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry—Conveyor is here to help.   Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers.   Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions.   End the horror show. Try it for free at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
10/18/20248 minutes, 18 seconds
Episode Artwork

AI models tested, breaking encryption, Intel security review

Putting AI models to the EU test Chinese researchers don’t break classical encryption… yet Chinese group calls for security reviews on all Intel products Thanks to today’s episode sponsor, Conveyor  There’s so many reasons why infosec and presales teams choose Conveyor for automating their security reviews, but here are the main three:   One—Conveyor’s market-leading AI provides instant, accurate answers to any format of security questionnaire—without requiring constant knowledge base updates and maintenance.   Two—Conveyor offers an enterprise-grade trust center that automates every customer security review request, so you’re not constantly distracted with questions and SOC 2 requests.   And three—Conveyor’s sales team. They’re actually fun to work with.   Learn more at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
10/17/20248 minutes, 8 seconds
Episode Artwork

VW alleged data theft, Finland seizes Sipultie, Calgary library cyberattack

VW says IT infrastructure unaffected after alleged data theft Finland seizes servers of 'Sipultie' dark web market Calgary Public Library services limited after cyberattack Thanks to today’s episode sponsor, Conveyor  Does the thought of a whopper 300 question security questionnaire in your most dreaded portal give you nightmares?   Conveyor can help you sleep peacefully.   How? They are the market leaders in instant and accurate AI answers to any format of security questionnaire.   They even offer a zero-touch option for portal-based questionnaires—just paste the URL, and ConveyorAI automatically answers the questions and exports them back to the portal for you.   End the nightmares. Try it for free at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
10/16/20248 minutes, 11 seconds
Episode Artwork

Pokémon game developer breached, TrickMo’s new variants, Ivanti zero-days exploited

Pokémon game developer breached TrickMo hits with 40 new trojan variants Nation-state actor exploits Ivanti zero-days Thanks to today’s episode sponsor, Conveyor  It’s spooky season, and nothing’s scarier than all of your account execs asking if you’re done with their customer security questionnaires. Don’t worry—Conveyor is here to help.   Conveyor’s market leading AI automates the most time-consuming parts of customer security reviews: answering security questionnaires and sharing security docs like your SOC 2 with customers.   Get instant AI answers to questionnaires and host an enterprise-grade trust center where customers can download documents and self-serve answers to their own questions.   End the horror show. Try it for free at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
10/15/20248 minutes, 39 seconds
Episode Artwork

Iran exploits Windows, Microsoft deprecates tunnels, NATO cyberexpert swap

Iranian hackers exploit Windows flaw to elevate privileges Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server NATO’s ‘most experienced expert on cyber rotated out of cyber section Thanks to today’s episode sponsor, Conveyor  What’s the ultimate jumpscare?  That moment when the security questionnaire in the portal didn’t auto-save all your work.  Good news: with Conveyor, that’s one horror you won’t have to face.  Conveyor is the market leader in instant, generative AI answers for security questionnaires, no matter the format. They even offer a zero-touch option for portal-based questionnaires where you can just paste the URL, and the AI automatically answers the questions and exports them back to the portal for you.  Don't let security questionnaires haunt your workflow. Learn more at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
10/14/20248 minutes, 31 seconds
Episode Artwork

Week in Review: Neuberger’s insurance warning, instant identification sunglasses, Salt Typhoon dangers

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Quincy Castro, CISO, Redis. Thanks to our show sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. All links and the video of this episode can be found on CISO Series.com
10/11/202430 minutes, 43 seconds
Episode Artwork

Coker’s Internet Security plan, hurricane scams, Firefox zero day

White House prioritizes secure internet routing, using memory safe languages Federal Trade Commission and CISA warn of hurricane-related scams Mozilla warns of Firefox zero day: patch now Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
10/11/20247 minutes, 45 seconds
Episode Artwork

Australia's cybersecurity bill, Qualcomm zero-day, Russia bans Discord

Australian Parliament introduces standalone cybersecurity law Qualcomm zero-day used to target Android devices Russia and Turkey ban Discord Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
10/10/20247 minutes, 21 seconds
Episode Artwork

GoldenJackal, LiteSpped Cache bug, Ukraine's milCERT

GoldenJackal uses new tools against governments Cross-site scripting flaw found in major WordPress plugin Ukraine’s defense ministry launched military CERT Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
10/9/20247 minutes, 23 seconds
Episode Artwork

Salt Typhoon attack, Cyberattack hits major U.S. water utility, Russia attacked on Putin's birthday

Salt Typhoon attack potentially exposes wiretap data Cyberattack hits major U.S. water utility A not- so- happy birthday present for Russia’s president Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
10/8/20248 minutes, 3 seconds
Episode Artwork

Neuberger’s Insurance suggestion, Kaspersky PlayStore removal, Detroit suffers cyberattack

Insurers should stop funding ransomware payments, says Neuberger Google removes Kaspersky antivirus software from Play Store Cyberattack hits Detroit-area government services Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com
10/7/20247 minutes, 42 seconds
Episode Artwork

Week in Review: T-Mobile breach cost, Senate’s deepfake scam, Public records flaws

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jonathan Waldrop, CISO, The Weather Company. Here’s a link to CISA’s Cybersecurity Awareness Month announcement, sent to us by Jonathan. Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business, so you can take action on exposed identity data to prevent cyber attacks like ransomware. To learn more how to level the playing field against bad actors and combat cyber attacks, visit spycloud.com/headlines. All links and the video of this episode can be found on CISO Series.com    
10/4/202421 minutes, 20 seconds
Episode Artwork

Largest DDoS blocked, Adobe Commerce compromise, neural data law

Cloudflare blocks largest recorded DDoS attack Adobe Commerce and Magento stores compromised by CosmicSting bug DOJ and Microsoft take down 107 domains used in Star Blizzard phishing attacks Huge thanks to our sponsor, SpyCloud Ransomware continues to impact organizations. A new report released by SpyCloud shares insights from your peers in security – the majority of whom were affected by ransomware in the past year. The report has some fascinating industry-specific stats you’ll want to see – plus confirms some stark truths: that the industry you’re in can affect your likelihood of being hit with ransomware. Check it out at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com
10/4/20248 minutes, 3 seconds
Episode Artwork

Russian cybercriminal arrests, Irish police fined, Rackspace blame game

Russian authorities arrest nearly 100 cybercriminals in raid Northern Ireland police fined for exposing officer identities Rackspace breach sparks vendor blame game Huge thanks to our sponsor, SpyCloud Stolen data is a hot commodity for cybercriminals. Using infostealer malware, bad actors can siphon valid session cookies from employee devices, scoring the keys to access your networks and systems. According to SpyCloud’s latest research, security teams are now seeing stolen cookies among the top three entry points for initial access for ransomware. Get the full insights, including other risk factors at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com
10/3/20247 minutes, 53 seconds
Episode Artwork

LockBit ties to Evil Corp, public records flaws, ransomware hits Texas hospital

UK ties LockBit affiliate to Evil Corp Public records systems riddled with security flaws Ransomware disrupts emergency services at Texas hospital Huge thanks to our sponsor, SpyCloud Researchers at SpyCloud recently found that one in five individuals was infected with infostealer malware in the last year. Unfortunately, research now confirms that infostealer infections open the door to ransomware. But organizations with visibility into identity data stolen by malware infections are better-suited to prevent a future attack. Learn more about the connection between infostealers and ransomware in SpyCloud’s new report at spycloud.com/headlines. Get the story behind the headlines at CISOSeries.com
10/2/20247 minutes, 47 seconds
Episode Artwork

T-mobile data breach fines, Iranian hackers charged, Deepfake scam hits U.S. senate

T-Mobile data breaches cost company $31.5 million Iranian hackers charged for targeting 2024 U.S. election Deepfake scam hits U.S. senate Huge thanks to our sponsor, SpyCloud Did you know that infostealer malware can be a precursor to ransomware? Infostealers are a trending tactic used by cybercriminals to exfiltrate valuable identity data like credentials, PII, and session cookies. According to recent SpyCloud research, 75% of organizations were affected by ransomware more than once in the past year! Visit spycloud.com/headlines to find out how to keep your organization from becoming one of the statistics. Get the story behind the headlines at CISOSeries.com
10/1/20248 minutes, 26 seconds
Episode Artwork

Recall redesigned again, Embargo attacks cloud, Dallas suburb cyberattack

Recall redesign: reinforced and removable Embargo moves ransomware attacks to cloud environments Dallas suburb deals with ransomware attack Huge thanks to our sponsor, SpyCloud It turns out infostealer infections are a major contributing factor to a company’s ransomware risk, with some industries faring better than others. Get the new research from our sponsor, SpyCloud, and see if your ransomware defense strategy stacks up against your peers. Visit spycloud.com/headlines Get the story behind the headlines at CISOSeries.com
9/30/20246 minutes, 57 seconds
Episode Artwork

Week in Review: CrowdStrike exec apologizes, NIST changes password rules, corporate hack-for-hire practices

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jason Elrod, CISO, Multicare Health System Missed the live show? Watch it on YouTube. And make sure to check out Jason’s book (coming soon) at CyberCISOmarksmanship.com, as well as his newsletter at LimitlessCyber.com. And huge thanks to our sponsor – Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.  All links and the video of this episode can be found on CISO Series.com  
9/27/202431 minutes, 44 seconds
Episode Artwork

Train station WiFi hack, Mozilla tracking complaint, NIST password changes

Public Wi-Fi hacked at some of the UK’s busiest train stations Data privacy watchdog files complaint against Mozilla for ad tracking feature NIST drops password complexity, mandatory reset rules Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews.   With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Find the stories behind the headlines at CISOseries.com.
9/27/20248 minutes, 30 seconds
Episode Artwork

DragonForce ransomware, Salt Typhoon hits ISPs, ChatGPT SpAIware

DragonForce uses ransomware’s greatest hits Salt Typhoon strikes US ISPs Finding SpAIware on the ChatGPT Mac app Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews.   With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.
9/26/20247 minutes, 47 seconds
Episode Artwork

Kansas water targeted, CrowdStrike apology, MoneyGram goes dark

Kansas water plant pivots to analog after cyber event CrowdStrike exec apologizes in Congress for global IT outage MoneyGram goes offline after cyber incident Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews.   With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, visit CISOseries.com
9/25/20248 minutes, 16 seconds
Episode Artwork

Proposed ban on autonomous vehicles, updated Telegram policy, Necro infects Android devices

U.S. proposes ban on Chinese, Russian tech in autonomous vehicles Telegram updates policies to expose ‘bad actors’ Necro Trojan infects 11 million android devices through Google Play apps Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews.   With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation.
9/24/20249 minutes, 1 second
Episode Artwork

LinkedIn halts AI training, Ukraine bans Telegram, hack-for-hire lawsuit

LinkedIn halts AI data processing in UK due to privacy concerns, Ukraine bans Telegram Use for government and military, Dismissed German cyber chief falsely accused of associating with Russian spies Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews.   With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. Find the stories behind the headlines at CISOseries.com.
9/23/20248 minutes, 24 seconds
Episode Artwork

Week in Review: LinkedIn’s AI chicanery, AT&T FCC settlement, Craigslist defense network

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Rosen, CISO, ZwillGen, advisor to NightDragon and Villager at Team8, whose favorite story of the week was Starlink’s ability to detect stealth aircraft. Check it out. Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons.  One.  Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance.Two. Enterprise-grade trust center that automates every customer security request.Three. Conveyor’s sales team is actually fun to work with. Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com   All links and the video of this episode can be found on CISO Series.com          
9/20/202423 minutes, 4 seconds
Episode Artwork

INC targets healthcare, Providence schools cyberattack, Apple iPads bricked

New INC ransomware targets U.S. healthcare sector Providence public schools deal with irregular internet activity Apple pulls iPadOS 18 update that was bricking M4 iPad Pro devices Thanks to today's episode sponsor, Conveyor It’s Friday and Conveyor hopes you don’t have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out.   As the market-leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work.   Learn why we’re the software your infosec friends love at www.conveyor.com.   Get the story behind the headlines at CISOSeries.com.
9/20/20247 minutes, 55 seconds
Episode Artwork

Derailing Raptor Train, Volunteer Civil Cyber Defense, US AI safety summit

Feds derail Raptor Train Newmark creates Volunteer Network for Civil Cyber Defense  US to host global AI safety summit Thanks to today's episode sponsor, Conveyor Does the next security questionnaire that hits your inbox make you want to throw your laptop out the window? If so, don’t do it. You should check out Conveyor first.   Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in.   Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
9/19/20247 minutes, 10 seconds
Episode Artwork

Exploding pager analysis, construction company vulnerability, cyberattack job loss

Exploding pager tragedy experts look towards supply chain sabotage Construction companies potentially vulnerable through accounting software Cyberattacks result in job losses Thanks to today's episode sponsor, Conveyor Are customer security reviews constantly interrupting your day? You should check out Conveyor.   With an enterprise-grade trust center to securely share your security posture, SOC 2, and security FAQs and security questionnaires and market-leading AI accuracy for instant security questionnaire answers, you’ll fly through any customer security request and get back to your regular job.   Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.   Get the story behind the headlines at CISOSeries.com.
9/18/20247 minutes
Episode Artwork

Intellexa faces new sanctions, London hospitals impact, Apple releases update

Spyware giant Intellexa faces new U.S. sanctions Nearly 1 million impacted by ransomware attack on London hospitals Apple releases long-awaited update Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons.  One.  Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance. Two. Enterprise-grade trust center that automates every customer security request. Three. Conveyor’s sales team is actually fun to work with. Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com  Get the story behind the headlines at CISOSeries.com.
9/17/20248 minutes, 15 seconds
Episode Artwork

Fortinet confirms breach, RansomHub extorts Kawasaki, Update: TfL password resets

Fortinet confirms customer data breach RansomHub threatens to leak stolen Kawasaki data Update: Transport for London requires in-person password resets after hack Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
9/16/20247 minutes, 55 seconds
Episode Artwork

Week in Review: Wisconsin Medicare MOVEit, cop sues data broker, WHOIS vulnerability

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Patrick Heim, co-founder and partner, SYN Ventures Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at vanta.com/headlines.  All links and the video of this episode can be found on CISO Series.com    
9/13/202428 minutes, 9 seconds
Episode Artwork

Lazarus spoofs CapitalOne, Mastercard buys RecordedFuture, WordPress imposes 2FA

Lazarus Group’s VMConnect campaign spoofs CapitalOne Mastercard buys security firm Recorded Future WordPress to require two-factor authentication for plugin developers Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines.  Get the story behind the headlines at CISOSeries.com
9/13/20248 minutes, 10 seconds
Episode Artwork

$20 WHOIS vulnerability, India's Cyber Commandos, Word hits drone makers

The $20 WHOIS vulnerability India training thousands of “cyber commandos” A Word of warnings for Taiwanese drone makers Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/12/20247 minutes, 25 seconds
Episode Artwork

Slim CD data breach, International sextortion bust, TfL mixed messages

Slim CD notifies 1.7M customers of data breach Delaware men charged in international sextortion scheme London transit agency drops claim it has ‘no evidence’ of customer data theft Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines.  Get the story behind the headlines at CISOSeries.com
9/11/20248 minutes, 13 seconds
Episode Artwork

Payment processing breach, dark web admins charged, Predator spyware resurges

1.7 million impacted in payment processing breach Dark web administrators charged in U.S. Resurgence of Predator Spyware sparks privacy concerns Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/10/20247 minutes, 41 seconds
Episode Artwork

Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach

Car rental company Avis discloses data breach Microsoft Office 2024 to disable ActiveX controls by default Wisconsin Medicare users had information leaked in MOVEit breach Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.   Get the story behind the headlines at CISOSeries.com
9/9/20247 minutes, 32 seconds
Episode Artwork

Week in Review: MFA bypass bust, Airport security SQL, GitHub help malware

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Justin Somaini, partner, YL Ventures Thanks to our show sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. All links and the video of this episode can be found on CISO Series.com
9/6/202424 minutes, 53 seconds
Episode Artwork

Planned Parenthood cyberattack, DoJ propaganda takedown, Microchip Technology theft

Planned Parenthood suffers cyberattack DoJ propaganda domains takedown Microchip Technology confirms data theft Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOseries.com.
9/6/20247 minutes, 44 seconds
Episode Artwork

Spyware research, Cicada rebrand, MacroPack malware

Spyware research report They found a way to make Cicadas more annoying MacroPack red teaming tool used for malware Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.
9/5/20247 minutes, 5 seconds
Episode Artwork

Halliburton data stolen, Columbus sues researcher, White House protects internet

Halliburton confirms data stolen in cyberattack City of Columbus sues researcher after ransomware attack White House publishes plan to protect a key component of the internet Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. For the stories behind the headlines, visit CISOseries.com.
9/4/20248 minutes, 30 seconds
Episode Artwork

London transport cyberattack, German ATC attack, Sweden’s heightened risk

Transport for London suffers cyberattack German air traffic control agency confirms cyberattack Sweden warns of heightened risk of Russian sabotage Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOseries.com
9/3/20247 minutes, 36 seconds
Episode Artwork

Seattle airport woes, aircraft cockpit SQL, North Korea’s FudModule

Seattle Airport issues travelers’ advisory for Labor Day travel SQL injection able to bypass airport TSA security checks North Korea uses FudModule Rootkit in Chrome zero-day exploit Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOseries.com.
9/2/20248 minutes, 7 seconds
Episode Artwork

DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris

DICK’S Sporting Goods suffers cyberattack Brain Cipher claims attack on Paris museums, promises data leak Play ransomware hackers claim attack on Microchip Technology Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOSeries.com
8/30/20248 minutes, 13 seconds
Episode Artwork

Iran hacking, Labour Party backlog, more Telegram warrants

Iran targeting presidential administration officials Iran working with ransomware gangs UK Labour Party chided over cyberattack backlog Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOSeries.com
8/29/20247 minutes, 40 seconds
Episode Artwork

Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped

Texas credit union user data exposed in another MOVEit breach US Marshals Service disputes ransomware gang's breach claims Park’N Fly notifies 1 million customers of data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOSeries.com  
8/28/20248 minutes, 6 seconds
Episode Artwork

SonicWall access flaw, Microsoft security summit, Telegram details

SonicWall warns of critical access control flaw Microsoft to host security summit More details on Telegram CEO’s arrest Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOSeries.com
8/27/20247 minutes, 5 seconds
Episode Artwork

Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit

Halliburton takes systems offline following cyberattack French police arrest Telegram CEO Pavel Durov DOJ joins suit against Georgia Tech over Defense Department cybersecurity failures  Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.   Find the stories behind the headlines at CISOSeries.com
8/26/20247 minutes, 20 seconds
Episode Artwork

Week in Review: NPD breach update, Hawaii hacker sentenced, Poisoned LLM coders

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas All links and the video of this episode can be found on CISO Series.com
8/23/202431 minutes, 12 seconds
Episode Artwork

Russia’s questionable DDoS, FAA’s cybersecurity proposal, Windows Recall reappears

Kremlin complains of DDoS attack, digital experts not so sure FAA proposes new cybersecurity rules for airplanes Windows Recall to reappear Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai For the stories behind the headlines, head to CISOseries.com.
8/23/20247 minutes, 50 seconds
Episode Artwork

Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting

Security initiative from Japanese auto companies Feds tapping into encrypted messaging haul Microsoft breaks Linux dual-boot systems Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries
8/22/20247 minutes, 20 seconds
Episode Artwork

Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns

Toyota confirms third-party data breach impacting customers Man who hacked Hawaii state registry sentenced U.S. Intelligence blames Iran for Trump campaign hack Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas For the stories behind the headlines, visit CISOseries.com.
8/21/20247 minutes, 42 seconds
Episode Artwork

National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue

‘Only’ 1.3 million affected by National Public Data Breach Flaws in Microsoft macOS Apps allowing secret recording Configuration issue exposes flight tracking site Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai  
8/20/20248 minutes, 25 seconds
Episode Artwork

Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability

Microsoft Entra admins must enable MFA or lose access to admin portals Cybercrime gang uses fake Windows update screen to hide data theft Google Pixel devices shipped with vulnerable Verizon app Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries For the stories behind the headlines, head to CISOseries.com.
8/19/20247 minutes, 31 seconds
Episode Artwork

Week in Review: NIST encryption standards, NPD breach analyzed, Texas sues GM

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Edwin Covert, head of cyber risk engineering, Bowhead Specialty Underwriters and edwincovert.com Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com  
8/16/202426 minutes, 21 seconds
Episode Artwork

GitHub artifact warning, RansomHub’s EDR killer, SolarWinds latest hotfix

GitHub vulnerability warning regarding ArtiPacked RansomHub affiliate launches new EDR-killing tool SolarWinds issues hotfix for web help desk vulnerability Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head to CISOseries.com.  
8/16/20248 minutes, 38 seconds
Episode Artwork

Gemini AI privacy, AI Risk Repository, Russian phishing

Google details privacy commitments with Gemini AI MIT releases AI Risk Repository Russian spies using highly targeted phishing Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
8/15/20248 minutes, 22 seconds
Episode Artwork

FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked

FBI shutters Radar ransomware gangs servers NIST finalizes post-quantum encryption standards 2.7 billion National Public Data records leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, visit CISOseries.com.
8/14/20248 minutes, 35 seconds
Episode Artwork

U.S. “laptop farm” shut down, Ukranian computers compromised, Trump campaign hacked

U.S. operation of “laptop farm” for North Korea shutdown Over 100 Ukrainian government computers compromised Trump campaign says they were hacked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
8/13/20248 minutes, 23 seconds
Episode Artwork

Iran election interference, AMD SinkClose flaw, ADT break-in

Iranian hackers ramping up U.S. election interference AMD SinkClose flaw helps install nearly undetectable malware ADT discloses breach that impacts more than 30,000 customers demands Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head to CISOseries.com
8/12/20247 minutes, 42 seconds
Episode Artwork

Week in Review: CrowdStrike releases Falcon, ransomware as terrorist threat

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, distinguished security architect, Yahoo Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines.  All links and the video of this episode can be found on CISO Series.com  
8/9/202428 minutes, 37 seconds
Episode Artwork

Chameleon malware reappears, Rhysida hospital attack, Blacksuit’s $500m tally

Chameleon reappears targeting Canadian restaurant chain Rhysida claims attack on Bayhealth Hospital in Delaware BlackSuit/Royal achieves $500m in ransomware demands Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
8/9/20248 minutes, 19 seconds
Episode Artwork

McLaren hospitals disrupted, CrowdStrike improves processes, Ronin Network hacked

McLaren hospitals disruption linked to INC ransomware attack CrowdStrike to give customers control over Falcon sensor updates Ronin Network hacked by "white hats" Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
8/8/20248 minutes, 14 seconds
Episode Artwork

Android kernel zero-day, voter portal flaw, ransomware as terrorism

Google patches Android kernel zero-day Researchers find flaws in Georgia voter portal Law would make ransomware a terrorist threat Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines.
8/7/20248 minutes, 15 seconds
Episode Artwork

CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz

CrowdStrike strikes back against Delta’s claims of negligence Ransomware attack costs Keytronic $17 million Patch required for high-severity flaw in Apache OFBiz Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
8/6/20248 minutes, 42 seconds
Episode Artwork

Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap

Hackers use ISP to send malware through software updates CrowdStrike sued by investors following update failure Historic prisoner swap includes cybercriminals returned to Russia Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
8/5/20247 minutes, 51 seconds
Episode Artwork

Week in Review: CrowdStrike problems grow, record breaking ransom, Argentina’s Minority Report

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dennis Pickett, vp, CISO, Westat Thanks to our show sponsor, Dropzone AI Dropzone AI’s Analyst investigates alerts with unmatched speed and precision, providing clear, actionable reports. Experience the power of autonomous threat detection. Meet Dropzone AI at BSides Las Vegas. Visit dropzone.ai for a 3-month free trial. All links and the video of this episode can be found on CISO Series.com      
8/2/202425 minutes, 13 seconds
Episode Artwork

Cencora patient breach, OneDrive phishing campaign, Argentina’s crime predictions

Cencora confirms patient data stolen in February cyberattack Phishing campaign targets OneDrive users Argentina will use AI to predict future crimes Huge thanks to our sponsor, Dropzone AI Picture an analyst who works tirelessly around the clock. Dropzone AI’s Analyst investigates every alert and provides comprehensive, actionable reports. Boost your SOC’s capabilities with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com
8/2/20247 minutes, 8 seconds
Episode Artwork

Elections and DDoS, dating apps leak locations, Germany blames China

DDoS attacks won’t impact US elections Dating apps leaked precise location data Germany formally blames China for 2021 cyberattack Huge thanks to our sponsor, Dropzone AI Think of Alex, your new team member who never takes a break. Dropzone AI’s Analyst investigates every alert and delivers detailed reports without playbooks or code. Experience Alex’s dedication with a 3-month free trial at dropzone.ai.
8/1/20247 minutes, 34 seconds
Episode Artwork

Delta's legal maneuver, Record-breaking ransom, Meta $1.4B settlement

Delta enlists Microsoft's legal nemesis over CrowdStrike losses Dark Angels receives record-breaking ransom payment Meta to pay $1.4 billion biometric lawsuit Huge thanks to our sponsor, Dropzone AI Dropzone AI’s Analyst investigates alerts and responds to threats with unmatched speed and precision. No playbooks, no code required. Transform your SOC’s performance with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
7/31/20247 minutes, 54 seconds
Episode Artwork

HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit

4.3 million impacted by HealthEquity data breach Microsoft admits CrowdStrike incident far greater than first reported Proofpoint exploit allows for millions of fake emails Huge thanks to our sponsor, Dropzone AI Imagine an analyst who never misses an alert. Dropzone AI autonomously investigates every alert and provides decision-ready reports, enhancing your SOC’s efficiency. Try it free for 3 months at dropzone.ai.
7/30/20248 minutes, 7 seconds
Episode Artwork

PyPi package targets MacOS, Columbus, Ohio suffers cyber incident, Windows July update problems

Hackers exploiting PyPi package targets MacOS Columbus, Ohio suffers cyber incident Windows July updates come with some BitLocker and remote connectivity challenges Huge thanks to our sponsor, Dropzone AI Meet Dropzone AI, the analyst who never rests. Investigating every alert with unparalleled speed and precision, delivering clear, actionable reports. No playbooks, no code. Experience the power of AI with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
7/29/20246 minutes, 49 seconds
Episode Artwork

Week in Review: CrowdStrike developments, LA court shutdown, MGM casino claims win

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jana Moore, CISO, Belron, also vice president, EmpoWer – Supporting women in infosec. Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at Vanta dot com/headlines. All links and the video of this episode can be found on CISO Series.com
7/26/202426 minutes, 5 seconds
Episode Artwork

Microsoft Defender exploited, assassin’s encryption frustration, NK elite hackers

Hackers exploiting Microsoft Defender SmartScreen bug IT leaders note increase in severity of cyber-attacks, ransomware and BEC stand out, Trump shooting investigation revives the end-to-end encryption issue Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.  For the stories behind the headlines, head to CISOseries.com
7/26/20247 minutes, 56 seconds
Episode Artwork

CrowdStrike details, Chrome keeps cookies, BreachForums leaked

CrowdStrike dishes details  Google scuttles third-party cookie deprecation BreachForums leaked on Telegram Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
7/25/20247 minutes, 22 seconds
Episode Artwork

Wiz deal crumbles, CrowdStrike aftermath, dYdX exchange hack

Google’s $23 billion plan to buy Wiz falls apart U.S. government looking for answers amidst CrowdStrike aftermath dYdX exchange hacked in DNS hijack attack Thanks to our episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
7/24/20248 minutes, 9 seconds
Episode Artwork

CrowdStrike update, Russian criminals sanctioned, ransomware shuts down courts

CrowdStrike says “significant number” back up and running Russian cyber criminals sanctioned for infrastructure attacks Ransomware attack shuts down largest trial court in U.S. Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
7/23/20248 minutes, 46 seconds
Episode Artwork

CrowdStrike hits Cloud PCs, criminals exploit CrowdStrike fix, CISA rebuked

Microsoft confirms CrowdStrike update also hit cloud Windows PCs Cybercriminals exploit CrowdStrike problem to distribute malware CISA adds some big names to its KEV catalog Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
7/22/20247 minutes, 47 seconds
Episode Artwork

Week in Review: Crowdstrike Microsoft outage, AT&T breach implications, CDK pays up

Link to blog post – get exact one from https://cisoseries.com This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Adam Arellano, former vp, enterprise cybersecurity, PayPal Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons.  One.  Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format – even PDFs! It will even auto-scroll and auto-complete portal-basedl questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  
7/19/202431 minutes, 10 seconds
Episode Artwork

Fin7 sells malware, Synnovis blood shortage, SAP AI flaws

FIN7 sells security evasion tool to others via darknet UK national blood stocks suffer the effects of ransomware Security flaws in SAP AI Core cloud-based platform Thanks to today's episode sponsor, Conveyor It’s Friday and Conveyor hopes you don’t have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work. Learn why we’re the software your infosec friends love at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
7/19/20247 minutes, 14 seconds
Episode Artwork

UK ransomware reporting, Project Oscar, ransoms spike

UK mandatory ransomware reporting gets watered-down Google introduces AI agent to look for software bugs Critical infrastructure ransomware costs spike Thanks to today's episode sponsor, Conveyor Does the anticipation of the next monster security questionnaire wrecking your day ever make you feel like a balloon floating above a cactus field?  If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com.   Yesteryears (DECISION) by Sascha Ende Free download: https://filmmusic.io/song/244-yesteryears-decision License (CC BY 4.0): https://filmmusic.io/standard-license
7/18/20247 minutes, 44 seconds
Episode Artwork

Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data

Rite Aid says 'limited’ cybersecurity incident affected over 2 million people AT&T ransom laundered through mixers and gambling services Hacktivists leak Disney data to protect artist rights Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons.  One.  Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format - even PDFs! It will even auto-scroll and auto-complete portal-based questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
7/17/20248 minutes, 16 seconds
Episode Artwork

Wiz acquisition, AT&T paid hacker, Squarespace domain defaults

Alphabet in talks to acquire Wiz AT&T allegedly paid hacker to delete data Details on Squarespace domain hacks Thanks to today's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like you're in a rowboat trying to make it through a tsunami?  If so, you should check out Conveyor. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete them fast, no matter the format they’re in, and never feel like you’re getting crushed by the wave of unfinished work. Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
7/16/20247 minutes, 54 seconds
Episode Artwork

Rite Aid breach, AT&T breach implications, CDK paid ransom

Rite Aid announces data breach following June cyberattack The personal security implications of the AT&T breach US offers support to prevent Paris Olympics cyber and disinformation attacks Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full-time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
7/15/20247 minutes, 35 seconds
Episode Artwork

Week in Review: AT&T breach, Security regulations attacked, 10 billion passwords stolen

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Cannata, CISO, Primo Water Thanks to our show sponsor, Entro Security What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. All links and the video of this episode can be found on CISO Series.com
7/12/202420 minutes, 29 seconds
Episode Artwork

PHP vulnerability exploit, Auto Parts breach, dark patterns report

PHP vulnerability exploited, spreading malware and DDoS attacks Advance Auto Parts reveals damage from Snowflake breach FTC report reveals dark patterns used to trick consumers Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.  
7/12/20247 minutes, 9 seconds
Episode Artwork

Australia targets foreign tech, banks sunset OTP, Veeam vulnerability exploited

Australia targets government tech under foreign control Singapore banks replace OTP with digital tokens New group targets Veeam vulnerability Thanks to today's episode sponsor, Entro What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
7/11/20247 minutes, 6 seconds
Episode Artwork

Russian bot takedown, Burdensome cyber regs, Fujitsu data exposed

US disrupts Russian AI-powered disinformation bot farm Senate takes aim at ‘overly burdensome’ cybersecurity regs Fujitsu confirms customer data exposed in cyberattack Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! With Entro, security teams can now manage and secure the lifecycle of  Non-human identities and secrets.  Like an air tag for your non-human identities, The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more. For the stories behind the headlines, visit CISOseries.com.
7/10/20247 minutes, 40 seconds
Episode Artwork

Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps

Record-breaking 10 billion stolen passwords exposed Supreme court ruling makes cybersecurity regulations even trickier Apple removes popular apps at Russia’s request Thanks to today's episode sponsor, Entro Did you know that an attack on non-human identities and secrets is one of the top 2 cyber attack vectors out there ?  With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
7/9/20248 minutes, 53 seconds
Episode Artwork

Alabama Education breach, OpenAI secrets breach, Florida Health breach

Alabama Department of Education suffers data breach New York Times claims hackers stole OpenAI secrets in a 2023 security breach RansomHub claims to have published Florida health department data Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.
7/8/20247 minutes, 16 seconds
Episode Artwork

Senator pressures CISA, Velvet Ant exploits Cisco, Europol crushes Cobalt

Senate leader demands answers from CISA re March Ivanti hack China’s Velvet Ant hackers exploiting new Cisco zero-day Europol law enforcement takes down Cobalt Strike servers Huge thanks to our sponsor, Demoed Buyers do 70% of their product research before talking to a company. That blew our minds. Why not give buyers as much information about your product as possible to help them decide? Eliminating friction has always been key to a solid sales strategy. With Demoed, buyers can research faster and more effectively. Sign up at demoed.com For the stories behind the headlines, head to CISOseries.com.
7/5/20246 minutes, 36 seconds
Episode Artwork

Evolve breach update, Patelco cyberattack, LockBit claims Croatian cyberattack

Evolve Bank data breach is evolving Patelco Credit Union cyberattack disrupts services for nearly 500,000 members LockBit claims cyberattack on Croatia’s largest hospital Huge thanks to our sponsor, Demoed Did you know that Demoed is the first platform that allows you to watch a live product demo and ask questions without receiving a barrage of follow-ups? We change buyer-vendor engagement: fewer follow-ups for buyers, more leads for vendors. Sign up now at demoed.com  For the stories behind the headlines, visit CISOseries.com.
7/3/20247 minutes, 29 seconds
Episode Artwork

14 million Linux systems threatened, Critical patch for Juniper routers, Millions impacted by Prudential breach

14 million Linux systems threatened by ‘RegreSSHion’ vulnerability Critical patch issued for Juniper routers Millions not thousands impacted by Prudential breach Huge thanks to our sponsor, Demoed “I have extra time in my day” is something no security professional has ever said. Vendors on Demoed host 15-minute pitches highlighting their value and differentiation. Demoed allows buyers to browse and get educated without sales pressure—window shopping for enterprise sales. Sign up now at demoed.com
7/2/20248 minutes, 5 seconds
Episode Artwork

TeamViewer breach update, HubSpot customer attacks, Cyber insurance problems

Update on the TeamViewer network breach HubSpot looks into customer account hacks U.S. businesses struggle to obtain cyber insurance Huge thanks to our sponsor, Demoed Demoed is a unique platform that connects buyers and sellers. Buyers want to see more products, and vendors want more leads. Demoed solves this for both by making buyers anonymous. Buyers can watch demos without follow-ups, hiding their identity until they are ready. Sign up now at demoed.com. For the stories behind the headlines, head to CISOseries.com.
7/1/20247 minutes, 28 seconds
Episode Artwork

Week in Review: CDK Blacksuit developments, Criminal nuclear failures. U.S. Kaspersky ban

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, CISO, Tampa General Hospital Thanks to our show sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com/threats to upload your own threat intelligence and see for yourself. All links and the video of this episode can be found on CISO Series.com  
6/28/202422 minutes, 45 seconds
Episode Artwork

Gas chromatograph vulnerabilities, Cloudflare rebukes Polyfill, Evolve Bank breach

Gas chromatograph vulnerabilities reveal medical IoT challenges We never authorized polyfill.io to use our name, says Cloudflare Evolve Bank confirms data breach, undermining LockBit’s Federal Reserve claim Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
6/28/20247 minutes, 29 seconds
Episode Artwork

Snowblind Android, identity services leaks data, Polyfill.io supply chain attack

Android lying Snowblind in the sun Identity verification service exposed data for over a year Polyfill.io JavaScript attack impacts thousands of sites Huge thanks to our sponsor, Prelude Security 30 minutes to peace of mind. That’s what you’ll get with Prelude’s automated threat management platform where you can upload any piece of threat intelligence and quickly generate threat-hunting queries, detection rules, and more. Visit preludesecurity.com and get all of this in 30 minutes or get a pizza on Prelude.   
6/27/20247 minutes, 28 seconds
Episode Artwork

Julian Assange plea, Latest MOVEit bug, Neiman Marcus data sale

Julian Assange to plead guilty and return to Australia Fresh MOVEit bug under attack just hours after disclosure Criminal selling Neiman Marcus customer info for $150K Huge thanks to our sponsor, Prelude Security Don’t be left wondering if you’re protected the next time a new threat hits the news. Week in review listeners can upload their threat intelligence to Prelude and receive a free bundle of relevant detection rules, hunt queries, and security tests. Any piece of threat intelligence. All in 30 minutes. Upload yours at prelude security dot com forward slash threats. 
6/26/20248 minutes, 28 seconds
Episode Artwork

Indonesia battles Lockbit, DOJ charges cybercrime group, SEC reports following CDK Global attack

Indonesia battles Lockbit 3.0 ransomware DOJ charges cybercrime group for $71 million in damages SEC reports pile in following CDK Global attack Huge thanks to our sponsor, Prelude Security What would your security teams do with more time back in their day? Prelude provides an end-to-end threat management automation platform that quickly generates hunt queries, detection rules, and security tests from your threat intelligence to help you stay ahead of threats. Upload your own threat intelligence at preludesecurity.com and get all of that in just 30 minutes or less.
6/25/20248 minutes, 39 seconds
Episode Artwork

BlackSuit behind CDK, Microsoft spoofing bug, Nuclear compliance failures

CDK Global outage caused by BlackSuit ransomware attack Bug allows Microsoft corporate email account spoofing UK’s largest nuclear site pleads guilty over cybersecurity failures Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
6/24/20248 minutes, 19 seconds
Episode Artwork

Week in Review: Breach restoration breached, Vermont privacy debate, Qilin blames victims, posts data

Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures, also at wilharm3.com. Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security Our listeners get $1,000 off at vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com    
6/21/202430 minutes, 43 seconds
Episode Artwork

CDK Global hacked again, LockBit activity, Kraken extorted for bug bounty

CDK Global gets hacked twice LockBit Activity on the rise Kraken extorted by security researcher Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.
6/21/20247 minutes, 1 second
Episode Artwork

Nvidia most valuable, Markopolo’s meeting infostealer, Medibank MFA blame

Nvidia becomes world’s most valuable company Markopolo scam delivers infostealer through fake meeting software Medibank hack blamed on MFA failure Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
6/20/20248 minutes, 21 seconds
Episode Artwork

AMD investigates breach, Qilin demands ransom, Hackers derail Amtrak

AMD investigates breach after data for sale on hacking forum Qilin demands $50 million ransom from UK hospital Hackers derail Amtrak Guest Rewards accounts  Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
6/19/20248 minutes, 49 seconds
Episode Artwork

Snowflake breach escalates, MITRE has a memo for the president, Velvet Ant persists

Snowflake breach escalates with ransom demands and death threats MITRE has a memo for the president Velvet Ant maintains three-year cyber espionage campaign  Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
6/18/20248 minutes, 44 seconds
Episode Artwork

CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware

CISA leads first tabletop exercise for AI cybersecurity Keytronic confirms data breach after ransomware gang leaks stolen files New Linux malware controlled through Discord emojis Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.   For the stories behind the headlines, head to CISOseries.com.
6/17/20247 minutes, 43 seconds
Episode Artwork

Week in Review: New York Times theft, Club Penguin hack, NHS wants blood

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Janet Heins, CISO, ChenMed and janetheins.com Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
6/14/202428 minutes, 10 seconds
Episode Artwork

Cyberinsurance claims increase, NATO’s Russia vigilance, Remcos RAT phishing

Record high for North American cyber insurance claims NATO members to increase vigilance over Russian sabotage attempts Remcos RAT discovered inside UUEncoding emails Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.   For the stories behind the headlines, head to CISOseries.com.  
6/14/20247 minutes, 20 seconds
Episode Artwork

Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows

Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.  
6/13/20248 minutes, 2 seconds
Episode Artwork

Snowflake hack update, BreachForums down again, Cylance data for sale

Pure Storage hacked via Snowflake workspace BreachForums down again and official Telegram channels deleted  BlackBerry Cylance data up for sale Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
6/12/20247 minutes, 36 seconds
Episode Artwork

Rural hospital support, 23andMe investigation, Snowflake breach notices

Cyber assistance coming to rural hospitals UK and Canada launch investigation into 23andMe breach Mandiant and Snowflake sending out breach notices Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.  
6/11/20247 minutes, 12 seconds
Episode Artwork

Microsoft resets Recall, LastPass outage update, New York Times breach

Microsoft resets Recall plans  LastPass says outage caused by bad Chrome extension update New York Times source code stolen using exposed GitHub token Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.   For the stories behind the headlines, head to CISOseries.com.
6/10/20247 minutes, 50 seconds
Episode Artwork

Week in Review: CopIlot Recall disaster, Ticketmaster hack fallout, ChangeHealthcare notification change

Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Community Veterinary Partners, also cybersecurityintheboardroom.com. Thanks to our show sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
6/7/202426 minutes, 3 seconds
Episode Artwork

FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub repositories

FCC moves forward with BGP security measures LockBit ransomware gang victims get lifeline from FBI Gitloker attacks target GitHub repositories Thanks to today's episode sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
6/7/20248 minutes, 56 seconds
Episode Artwork

Psychology vs. threat actors, AI leveling up, Qilin hit Synnovis

US researches using psychology against threat actors AI leveling up unsophisticated threat actors London Hospital attacks linked to Qilin  Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from easily sharing your security posture and SOC 2 to letting AI answer security questionnaires instantly with 90% accuracy.  Use Conveyor to fly through any customer security review in minutes. There’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com and mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
6/6/20247 minutes, 19 seconds
Episode Artwork

London hospitals hit by ransomware, Christie's stolen data sold, RansomHub claims Frontier breach

Ransomware attack forces London hospitals to cancel operations  Christie’s stolen data sold to highest bidder RansomHub claims responsibility for Frontier breach Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click auto complete of your security questionnaires with AI.  Teams like Lucid Software are finding in a free proof of concept that our AI is more accurate than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.  
6/5/20248 minutes, 58 seconds
Episode Artwork

Russian criminals unmasked, Background check firm breach, Creds added to HIBP

Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. A director of GRC told us the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales through the security review. See how best in class infosec teams measure their performance in Conveyor’s ultimate guide to the security review KPIs that matter. Go to www.conveyor.com and click the banner at the top. For the stories behind the headlines, visit CISOseries.com.
6/4/20247 minutes, 47 seconds
Episode Artwork

Ticketmaster breached, Ticketek Australia breached, HHS notification change

Ticketmaster hack affects 560 million customers, third-party denied liability Australia’s Ticketek sees customer details exposed in cyber security breach HHS changes tack, allows Change Healthcare to file breach notifications for others Thanks to today's episode sponsor, Conveyor Conveyor, the market-leading AI software for answering security questionnaires and securely sharing your security documents just released their ultimate guide to benchmarking your team’s performance on customer security reviews. Get all of the detailed metrics and learn how best in class infosec teams measure and tie their impact to revenue. Download the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, head to CISOseries.com.
6/3/20247 minutes, 41 seconds
Episode Artwork

Week in Review: Arc launch sabotaged, Cencora health breach, BlackBasta’s oil hit

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dimitri Van Zantvliet, CISO, Dutch Railways Thanks to our show sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com
5/31/202427 minutes, 8 seconds
Episode Artwork

UnitedHealth responsibility, Europol dropper takedown, malware bricks routers

Senator calls for UnitedHealth leadership to be held responsible Europol seizes 2,000 domains in dropper takedown Malware bricked over 600,000 routers Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.  
5/31/20248 minutes, 11 seconds
Episode Artwork

New NK hackers, Dutch bank breached, Wayback Machine attacked

New North Korean hacking group emerges Dutch bank ABN Amro discloses data breach Internet Archive, including Wayback Machine, impacted by DDoS Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.  
5/30/20247 minutes, 43 seconds
Episode Artwork

BreachForums returns, First American data breach, Chinese nationals sanctioned

BreachForums returns just weeks after FBI-led takedown First American data breach impacts 44,000 people Chinese nationals sanctioned for botnet that stole ‘billions’ in COVID-19 relief funds Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com.  
5/29/20248 minutes, 17 seconds
Episode Artwork

Ransomware uses BitLocker, pharmacy supplier breach, ATM malware threat

New ransomware uses Windows BitLocker to encrypt victim data Sav-Rx discloses data breach impacting 2.8 million Americans New ATM malware poses significant global threat Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.  
5/28/20248 minutes, 23 seconds
Episode Artwork

Arc browser sabotaged, Cencora pharma breach, Albany County breach

Arc browser’s Windows launch sabotaged by malvertising Cencora breach exposed patient info from 11 drug companies Albany County investigating cybersecurity breach ahead of holiday weekend Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.  
5/27/20246 minutes, 47 seconds
Episode Artwork

Week in Review: Healthcare admin breach, China and Rockwell fallout, Military cyber service

Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Mike Lockhart, CISO, EagleView. Make sure also to check out Mike's charity, the Grady Foundation for mental, physical and economic health. You can learn more and donate here. Thanks to our show sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso All links and the video of this episode can be found on CISO Series.com  
5/24/202428 minutes, 19 seconds
Episode Artwork

Chinese hack military, Search engine outage, Mattis speaks out

Chinese hackers hide on military and government networks for 6 years Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search Mattis speaks out against separate military cyber service Thanks to today's episode sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
5/24/20248 minutes, 19 seconds
Episode Artwork

NY Stock Exchange owner fined, $50 million towards hospital security, LockBit no longer reigns supreme

NY Stock Exchange owner fined $10 million by SEC US agency pledges $50 Million to automate hospital security LockBit no longer reigns supreme Thanks to today's episode sponsor, Tines Digital threats evolve rapidly, making it difficult for security teams to keep pace. Tines security automation is different from traditional SOAR -- it allows teams to move faster and make better decisions in real-time. Built by security practitioners, for security practitioners, Tines powers mission-critical security workflows at McKesson, Canva, and Mars. Start building for free at tines.com/ciso
5/23/20249 minutes, 7 seconds
Episode Artwork

UK ransomware reporting, Tech Against Scams, secure Windows 11 defaults

Brits to propose mandatory ransomware reporting Industry heavyweights launch Tech Against Scams Microsoft targets secure defaults in Windows 11 Thanks to today's episode sponsor, Tines Automate the toil with SOAR that actually works for your team. With Tines, your whole team can build complex workflows, without having to write or manage code. Security teams at McKesson, Canva, and Mars use Tines to build, run, and monitor their most important workflows, from endpoint detection and response, to vulnerability management. Start building for free at tines.com/ciso
5/22/20246 minutes, 57 seconds
Episode Artwork

Cyber service amendment, GetCaught abuses services, chatbot jailbreaks

Military cyber service proposal picks up steam Threat actors abusing legitimate services in campaign Chatbots susceptible to jailbreaks  Thanks to today's episode sponsor, Tines Security teams work best when all members are empowered to do their best work. With Tines, analysts and engineers have everything they need to automate the processes they’re closest to. The result? Hundreds or even thousands of hours that can be used on more impactful work. Built by security practitioners, for security practitioners. Get started today at tines.com/ciso
5/21/20247 minutes, 30 seconds
Episode Artwork

Grandoreiro Trojan reappears, Kimsuky’s new backdoor, More healthcare breaches

Grandoreiro banking Trojan reappears, hits banks worldwide Kimsuky deploys new backdoor in latest attack on South Korea Healthcare breaches in Australia and Texas Huge thanks to this week’s episode sponsor, Tines From endpoint detection and response to vulnerability management, Tines empowers security teams to automate even their most complex workflows. It’s fast, flexible, and secure by design. Your team can get up and running in minutes, not weeks. No code. No custom development. The world's smartest security teams trust Tines to support their mission-critical processes. Learn why at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
5/20/20248 minutes, 5 seconds
Episode Artwork

Week in Review: Okta chief speaks, Volt typhoon threat, FBI siezes BreachForums

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ryan Bachman, evp and global CISO, GM Financial Thanks to our show sponsor, vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com      
5/17/202430 minutes, 53 seconds
Episode Artwork

Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws

Nissan North America breach impacts over 53,000 employees VMware fixes workstation flaws, thanks Pwn2Own hackers Security flaws discovered in GE Ultrasound machines  Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/17/20248 minutes, 24 seconds
Episode Artwork

FBI seized BreachForums, Android threat detection, US AI investment

FBI seizes BreachForums Android getting live threat detection Senators recommend billions for AI investments Editor's note: post updated to fix audio issue Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/16/20247 minutes, 59 seconds
Episode Artwork

Singing River breach, D-Link exploit released, Google AI spots scams

Singing River patient data was swiped in ransomware attack  PoC exploit released for D-Link router zero-day Google to use GenAI to help identify phone scams Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/15/20249 minutes
Episode Artwork

FCC implements new classification, MITRE releases embedded devices framework, World renowned auction house attacked

  FCC implements new classification to combat robocall groups MITRE releases threat-modeling framework for embedded devices World renowned auction house attacked ahead of mega-auction Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/14/20249 minutes, 40 seconds
Episode Artwork

Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked

Boeing confirms $200 million ransomware extortion attempt Dell announces data breach affecting 49 million customers Ascension healthcare suffers cyberattack, goes offline  Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/13/20249 minutes, 21 seconds
Episode Artwork

Week in Review: Neuberger’s operational approach, LockBit is back, Fed’s DMARC warning

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Sasha Pereira, CISO, WASH Thanks to our show sponsor, Vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com
5/10/202427 minutes, 42 seconds
Episode Artwork

F5 Big-IP warning, UK Army breach, BetterHelp pays out

F5 Networks warns of new Big-IP vulnerabilities UK armed forces’ personal data hacked in MoD breach BetterHelp sends refund notices regarding data sharing lawsuit Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/10/20247 minutes, 29 seconds
Episode Artwork

Lockbit hit Wichita, AI export bans, Pathfinder on Intel

Lockbit takes credit for Wichita attack US looks at AI model export bans The Spectre of Pathfinder haunts Intel CPUs Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/9/20247 minutes
Episode Artwork

LockBit ringleader indicted, DocGo cyberattack, UK military data compromise

US indicts LockBit ransomware ringleader DocGo discloses cyberattack that compromised patient health data Payroll data breach exposed data of UK military personnel Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com.
5/8/20247 minutes, 55 seconds
Episode Artwork

LockBit’s website is back, Germany takes action amid alleged Russian attack, Chinese-linked ArcaneDoor targets infrastructure

LockBit’s website is back Germany takes action amid alleged Russian attack Chinese-linked ArcaneDoor targets global network infrastructure Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/7/20249 minutes, 21 seconds
Episode Artwork

Neuberger proposes improvements, Olympic cybersecurity preparations, Microsoft VPN warning

NSC’s Neuberger suggests operational approach for on mitigating cyberattacks French cybersecurity teams prepare for “unprecedented” Olympic threat Feds warn about North Korean exploitation of improperly configured DMARC Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/6/20248 minutes, 10 seconds
Episode Artwork

Week in Review: Dropbox Sign breach, Cybersecurity consultant arrested, Ukraine Microsoft hack

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Phil Beyer, former CISO, Etsy Thanks to today’s episode sponsor, Dropzone.ai Dropzone.ai’s AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai. Request a trial today! All links and the video of this episode can be found on CISO Series.com  
5/3/202426 minutes, 24 seconds
Episode Artwork

Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach

Goldoon botnet exploits D-Link routers CISA adds Gitlab flaw to its KEV catalog Dropbox discloses breach of digital signature service Thanks to our episode sponsor, Dropzone AI Dropzone.ai's AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai. Request a trial today! For the stories behind the headlines, head to CISOseries.com.  
5/3/20248 minutes, 53 seconds
Episode Artwork

Chinese disinformation, NCSC AMS, new State Secrets law

Chinese disinformation proving ineffectual NCSC release Advanced Mobile Solutions risk model China implements new State Secrets Law Thanks to our episode sponsor, Dropzone AI Cybersecurity leaders, are you being asked to leverage the power of Gen AI in your SOC? Dropzone.ai's AI Autonomous Analyst empowers your team to thoroughly investigate every alert. No playbooks, no code, just intelligent, adaptable alert investigation. Test drive on dropzone.ai to immediately see the results for yourself.
5/2/20246 minutes, 52 seconds
Episode Artwork

UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims

UnitedHealth Group CEO faces congress & cause of hack revealed Major U.S. wireless carriers face $200M FCC fine Marriott backtracks claims of encryption protection Thanks to our episode sponsor, Dropzone AI Dropzone.ai is proud to announce our selection as a Top 10 Finalist for the prestigious RSA Innovation Sandbox. Our AI Autonomous Analyst is revolutionizing the way SOC teams operate, replicating the techniques of elite analysts and autonomously investigating every alert. Meet us at RSAC and book a time at dropzone.ai.
5/1/20249 minutes, 45 seconds
Episode Artwork

USPS phishing, UK IoT law, industrial USB attacks

USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? Dropzone.ai's AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit dropzone.ai to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can.
4/30/20247 minutes, 6 seconds
Episode Artwork

Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack

Kaiser Permanente website tracking tools may have compromised customer data DHS announces AI safety board Okta warns of “unprecedented” credential stuffing attacks on customers Thanks to our episode sponsor, Dropzone AI Introducing Dropzone.ai, the industry's first AI Autonomous SOC Analyst. Their patented LLM replicates the techniques of elite analysts, autonomously investigating every alert without playbooks or code. Force multiply your SOC team by 10X without adding headcount. Visit dropzone.ai to request a trial and experience the power of AI-driven cybersecurity. For the stories behind the headlines, head to CISOseries.com.  
4/29/20247 minutes, 45 seconds
Episode Artwork

Week in Review: GitHub comments abused, networkless” attack techniques, Police bodycam AI reports

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 with Veracode. Join us as we unveil cutting-edge innovations and insights to tackle today’s most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC!  All links and the video of this episode can be found on CISO Series.com  
4/26/202423 minutes, 20 seconds
Episode Artwork

Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe

Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how Veracode is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to CISOseries.com.
4/26/20248 minutes, 27 seconds
Episode Artwork

Chinese keyboard flaws, hacked news story, TikTok on the clock

Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. Veracode knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose Veracode, your security partner in the AI-driven era of development.
4/25/20246 minutes, 41 seconds
Episode Artwork

Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant

Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode    Are you truly listening to both your security and development teams? Make informed decisions with Veracode. Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit veracode.com for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com.
4/24/20247 minutes, 56 seconds
Episode Artwork

TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators

TikTok ban passes the US House Sandworm targets critical Ukrainian orgs  North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while Veracode swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and Veracode. We’ll be your wingman anytime.
4/23/20247 minutes, 3 seconds
Episode Artwork

RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites

RedLine stealer GitHub connection MITRE’s breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of Veracode. Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with Veracode. For the stories behind the headlines, head to CISOseries.com
4/22/20247 minutes, 29 seconds
Episode Artwork

Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Walsh, CISO, Paxos Thanks to our show sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com.  Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
4/19/202426 minutes, 56 seconds
Episode Artwork

LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability

Police bust reveals sophisticated phishing-as-a-service platform Overlooked Windows Fibers offer handy route for malicious payload deployment Michigan healthcare organization suffers data breach Thanks to today's episode sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com.  Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com.
4/19/20247 minutes, 9 seconds
Episode Artwork

Water utility threats, GPT-4 hacking, SIM swap solicitation

Sandworm-linked group tied to attack on water utilities GPT-4 reads security advisories Cell carrier workers solicited for SIM swaps Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from sharing your security posture and SOC 2 in a single portal to using that same information to automate answering security questionnaires with 90% accuracy.  Use Conveyor to fly through any customer security review in minutes. It might sound like every other software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com
4/18/20247 minutes, 21 seconds
Episode Artwork

Cisco MFA breach, Bad Bots surge, LockBit 3.0 propagates

Cisco announces breach of multifactor authentication message provider Bad bots drive 10% annual surge in account takeover attacks LockBit 3.0 variant generates custom, self-propagating malware Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires with AI so you can spend almost zero time on the manual tasks that make you want to cry into your laptop. Teams like Lucid Software are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com.
4/17/20249 minutes, 38 seconds
Episode Artwork

Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul

Meta to close Threads in Turkey Palo Alto fixes backdoor zero-day Details on Microsoft’s security overhaul  Thanks to today's episode sponsor, Conveyor  What are infosec teams measuring these days? More often than not, their impact on sales. As infosec teams become hands on in the sales cycle, proving your value becomes key. A director of GRC said last week that the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales. See these trends and more in Conveyor’s ‘2024 State of the Security Review” report at www.conveyor.com. Click the banner at the top.
4/16/20247 minutes, 57 seconds
Episode Artwork

U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies

House passes reauthorization of U.S. surveillance program Roku says 576,000 accounts compromised in latest security breach Microsoft breach exposed federal agencies Thanks to today's episode sponsor, Conveyor  It’s Conveyor again, the market-leading AI software for answering security questionnaires and securely sharing your security posture and documents. Conveyor’s ‘State of the Security Review” report for 2024 was just released and it’s all about what the “new era” of infosec holds. Learn how positioning security and compliance early in the sales cycles increases win rates by 42% and what infosec teams need to prepare for as they move closer to the sales function. You can find the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, visit CISOseries.com.
4/15/20248 minutes, 3 seconds
Episode Artwork

Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Levin, deputy CISO, 3M Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated fast. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. All links and the video of this episode can be found on CISO Series.com      
4/12/202423 minutes, 36 seconds
Episode Artwork

Palo Alto patches, CISA’s Sisense warning, GitHub repos gamed

Palo Alto Networks fixes several DoS vulnerabilities in PAN-OS operating system Sisense breach exposes customers to potential supply chain attack Threat actors gaming GitHub Search Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, head to CISOseries.com.
4/12/20248 minutes, 45 seconds
Episode Artwork

CISA malware analysis, "hunt forward" missions, Spectre v2

CISA expands automated malware analysis US Cyber Command launched “hunt forward” missions Spectre v2: Linux Boogaloo  CHECK OUT Capture the CISO season 2 here. Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso.
4/11/20247 minutes, 26 seconds
Episode Artwork

Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords

Ukraine's head of cybersecurity suspended and assigned to combat zone Over 90,000 LG Smart TVs exposed to remote attack Microsoft exposed internal passwords in security lapse Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, visit CISOseries.com.
4/10/20248 minutes, 55 seconds
Episode Artwork

Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands

Cyberattack causes major disruptions for UK vet firm Data privacy bill pushes forward with bipartisan support Department of Justice hack exposes hundreds of thousands Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso.
4/9/20249 minutes, 23 seconds
Episode Artwork

Hospital hack warning, Five Eyes follow-up, NYC municipal hack

Government warns hospitals of hackers targeting IT help desks U.S. government contractor Acuity responds to alleged Five Eyes breach New York City becomes latest in municipal government hack attempts Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, head to CISOseries.com.
4/8/20248 minutes, 51 seconds
Episode Artwork

Week in Review: Five Eyes breach, Microsoft’s Chinese hack response, AT&T customer breach

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Steve Gentry, Advisor, Clari Thanks to our show sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. All links and the video of this episode can be found on CISO Series.com
4/5/202427 minutes, 37 seconds
Episode Artwork

Five Eyes breach, cancer center breach, Pixel zero-day flaw

Classified Five Eyes data theft announced Cancer center data breach affects 800,000 Android Pixel phone zero-day flaws being exploited by forensic companies Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com.
4/5/20247 minutes, 55 seconds
Episode Artwork

Microsoft security failings, NIST NVD backlog, Chrome DBSC beta

Report criticizes Microsoft’s Chinese hack response NIST needs help with vulnerability backlog Chrome tests feature to prevent session hijacking  Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more.
4/4/20247 minutes, 42 seconds
Episode Artwork

Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach

CISA releases draft rule for cyber incident reporting Google now blocks spoofed emails for better phishing protection Breach at online shopping platform PandaBuy affects 1.3 million customers Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com.
4/3/20247 minutes, 26 seconds
Episode Artwork

Incognito settlement, hallucinated software, phone protocols vulnerable

Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more.
4/2/20246 minutes, 48 seconds
Episode Artwork

AT&T data leak, Linux backdoor discovery, DHS phone data policy

Data of 73 million AT&T customers leaked on dark web Accidental Linux backdoor discovery likely prevented thousands of infections DHS expected to stop buying access to your phone info Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, businesses can automate compliance for in-demand frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to prove trust and monitor risk more efficiently and confidently than ever before. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, visit CISOseries.com.
4/1/20247 minutes, 22 seconds
Episode Artwork

Week in Review: Spyware boosts zero-days, MFA bombing targets Apple, Facebook snooped Snapchat

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Yaron Levi, CISO, Dolby, and sageinsights.io Thanks to our show sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com      
3/29/202424 minutes, 36 seconds
Episode Artwork

17 billion records exposed, Treasury FinSec warning, Hot Topic attacks

17 billion personal records exposed in data breaches in 2023 U.S. Treasury warns financial sector about AI cybersecurity threats Retail chain Hot Topic hit by new credential stuffing attacks Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/29/20248 minutes, 48 seconds
Episode Artwork

Zero-day rise, SharePoint vulnerability, Facebook sniffs app traffic

Spyware fuels rise in zero-day exploits CISA warns about Microsoft SharePoint vulnerability  Facebook snooped on encrypted Snapchat traffic Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.  
3/28/20247 minutes, 9 seconds
Episode Artwork

APT31 targets families, UK newspaper attacked, Apple MFA bombing

APT31 targeting family members to surveil targets Ransomware gang attacks UK newspaper supporting the homeless MFA bombing attacks target Apple users Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, visit CISOseries.com.
3/27/20247 minutes, 51 seconds
Episode Artwork

EU targets tech giants, China bans US tech, US cyber force

EU targets tech giants with DMA China starts US tech ban in government Think tank calls for US military cyber service Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.  
3/26/20247 minutes, 23 seconds
Episode Artwork

New Kimsuky technique, KDE Linux warning, Atlassian critical flaws

Kimsuky turns to compiled HTML Help files for cyberattacks KDE issues warning after theme wipes Linux user’s files Critical flaw in Atlassian Bamboo data center and server must be fixed immediately Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.  
3/25/20247 minutes, 42 seconds
Episode Artwork

Week in Review: McDonald’s outage explained, SIM swap fraud, spyware agreement support

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, Vanta Managing the requirements for modern security programs is increasingly challenging. Vanta’s trust management platform helps you quickly assess risk, streamline security reviews, and automate compliance for SOC 2, ISO 27001, HIPAA, and more. Plus, you can save time by completing security questionnaires with Vanta AI. Join over 7,000 global companies that use Vanta to automate evidence collection, unify risk management, and secure customer trust. To learn more, go to vanta.com/ciso All links and the video of this episode can be found on CISO Series.com  
3/22/202432 minutes, 57 seconds
Episode Artwork

Microsoft Server crashes, npm package discrepancies, Nemesis marketplace raided

Microsoft confirms Windows Server issue behind domain controller crashes Over 800 npm packages found with discrepancies Nemesis darknet marketplace raided in Germany-led operation Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.  
3/22/20247 minutes, 20 seconds
Episode Artwork

Water task force, Loop DoS attacks, GitHub vulnerability fixer

US plans Water Sector Cybersecurity Task Force Loop DoS attack exploits the infinite regress of UDP GitHub tool uses AI to fix vulnerabilities Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.  
3/21/20247 minutes, 20 seconds
Episode Artwork

Mid-stream ESports hack, System glitch costs millions, LockBit reemerges with vengeance

Mid-stream hack postpones ESports league Bank loses $40 million after “systems glitch” LockBit reemerges with vengeance Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.  
3/20/20249 minutes, 57 seconds
Episode Artwork

Change Healthcare payout, FTC probe into Reddit, Japanese tech giant breached

UnitedHealth fronts over $2 billion in recovery efforts Spyware agreement gains more international support FTC probes Reddit's AI data licensing ahead of IPO Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.  
3/19/20248 minutes, 49 seconds
Episode Artwork

McDonald’s outage update, Chrome URL protection, Birmingham Alabama outage

Global McDonald’s outage blamed on third-party vendor, not cyberattack Google adds real-Time URL protection for Chrome Network outages hit Birmingham Alabama Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/18/20247 minutes, 34 seconds
Episode Artwork

Week in Review: Russian Microsoft exfiltration, JetBrains Rapid7 feud, Change Healthcare fallout

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Alexandra Landegger, Executive Director and CISO Collins Aerospace Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
3/15/202426 minutes, 44 seconds
Episode Artwork

Change Healthcare fallout, Fortinet SQL warning, Yacht company breach

Change Healthcare - AHA asks for aid, HHS questions HIPAA compliance Fortinet warns of severe SQLi vulnerability in FortiClientEMS software Yacht company MarineMax announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/15/20247 minutes, 55 seconds
Episode Artwork

Gemini vulnerabilities, NYT-OpenAI drama, GitHub leak report

Researchers find vulnerabilities in Gemini New York Times denies it “hacked” OpenAI for lawsuit Leaked GitHub secrets up 28% Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
3/14/20247 minutes, 57 seconds
Episode Artwork

LockBit claims hack, CISA understaffed, US and Russia election concerns

LockBit takes credit for hacking South African pension fund CISA’s OT attack response team understaffed US and Russia accuse each other of potential election cyberattacks Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.   For the stories behind the headlines, visit CISOseries.com.
3/13/20249 minutes, 37 seconds
Episode Artwork

Roku forces reset, French agencies targeted, Fintech firm taken offline

Roku forces reset after 15,000 accounts compromised French government agencies targeted in “unprecedented” attacks Fintech firm taken offline by ransomware attack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/12/20249 minutes, 2 seconds
Episode Artwork

Microsoft breach update, CISA flags JetBrains, ChatGPT creds sale

Microsoft says Russian hackers breached its systems, accessed source code CISA adds JetBrains TeamCity bug to its KEV catalog Over 225,000 compromised ChatGPT credentials for sale Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/11/20248 minutes, 19 seconds
Episode Artwork

Week in Review: German Webex gaffe, Google engineer indicted, Cloudflare’s AI firewall

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David’s travel blog, DavidCrossTravels.com Thanks to our show sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All links and the video of this episode can be found on CISO Series.com
3/8/202426 minutes, 6 seconds
Episode Artwork

FlipperZero attacks Teslas, Google engineer indicted, PetSmart attack warning

Flipper Zero WiFi attack can unlock and steal Tesla cars Former Google engineer indicted for stealing AI secrets for Chinese companies PetSmart warns customers of credential stuffing attack Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
3/8/20246 minutes, 44 seconds
Episode Artwork

Online fraud hits record losses, states urge Meta to crack down on scammers, Apple issues update for zero-day flaw

Online fraud hits record losses States urge Meta to crack down on scammers Apple issues update for zero-day flaw Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI security review automation software? We’ll stop talking about it if you come talk to them.  Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com.  Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
3/7/20247 minutes, 55 seconds
Episode Artwork

US cyber strategy update, spyware sanctions, ALPHV exits

US cybersecurity strategy update on the way US Treasury issues first spyware sanctions UK denies responsibility for ALPHV takedown Thanks to today's episode sponsor, Conveyor Conveyor is the only GPT-powered customer trust portal that automates the entire customer security review process — from sharing your security posture and documents in a single portal to automating security questionnaire responses with 90% accuracy so you can fly through any customer security review in minutes. It might sound like every other compliance software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test our market-leading AI in a free proof of concept at www.conveyor.com
3/6/20246 minutes, 45 seconds
Episode Artwork

North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers

North Korea targets semiconductor industry ALPHV infrastructure goes dark China to offer computing vouchers to AI startups Thanks to today's episode sponsor, Conveyor AI is getting pretty smart so you shouldn’t settle for mediocre security questionnaire automation software that only generates the right answer 20 to 50 percent of the time or have to wait a day for the vendor’s team to check the answers. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy reducing time spent on security reviews by 80%, but now also autofills in OneTrust portal questionnaires with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan.
3/5/20246 minutes, 52 seconds
Episode Artwork

NSO code verdict, Change Healthcare fallout, law firm breach

NSO Group to ordered to give Pegasus code to WhatsApp Change Healthcare confirms BlackCat, Schumer asks for aid Law firm announces data breach affecting 325,000 people Thanks to today's episode sponsor, Conveyor We’ve got a returning sponsor this week – Conveyor. They’re the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that their AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
3/4/20248 minutes, 2 seconds
Episode Artwork

Week in Review: GenAI BEC explodes, NIST updates framework, vending machine gaffe

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Russ Ayres, SVP of Cyber & Deputy CISO, Equifax Thanks to our show sponsor, Egress People are the biggest risk to your organization’s security, and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. All links and the video of this episode can be found on CISO Series.com  
3/1/202427 minutes, 37 seconds
Episode Artwork

Cencora pharma breach, Gen-AI explodes BEC, Chinese doorbell warning

Pharma giant Cencora announces data breach GenAI drives surge in BEC attacks Popular video doorbell easy hijacked Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com.
3/1/20248 minutes, 29 seconds
Episode Artwork

EO limits PII, Australia's espionage struggle, Lazarus zero-day

Biden signs order limiting the sale of personal data Australia claims its seeing unprecedented “foreign interference” Lazarus Group targeting Windows and PyPi Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
2/29/20247 minutes, 4 seconds
Episode Artwork

NIST framework 2.0, Optum linked to BlackCat, ScreenConnect exploitations continue

NIST releases cybersecurity framework 2.0 Optum attack linked to BlackCat ransomware ScreenConnect exploitations continue Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
2/28/20247 minutes, 46 seconds
Episode Artwork

Cyber Security Headlines: SVR tactics, brand spamming, steel giant cyberattack

SolarWinds attackers changing tactics Brand domains used in spam operation Steel giant hit with cyberattack Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
2/27/20246 minutes, 55 seconds
Episode Artwork

Police taunt LockBit, PayPal’s cookie patent, vending machine controversy

British police taunt LockBit administrator PayPal files patent for new stolen cookies detector Vending machine crash reveals face recognition tech  Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score.  Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com.
2/26/20248 minutes, 2 seconds
Episode Artwork

Week in Review: LockBit gets bitten, airline bot gaffe, exploding car keys

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Thom Langford, CISO, Velonetic Thanks to our show sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, we’ve been talking about it all week. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All links and the video of this episode can be found on CISO Series.com  
2/23/202426 minutes
Episode Artwork

LockBit’s thwarted upgrade, AT&T’s massive outage, Change Healthcare cyberattack

LockBit was building next gen encryptor before takedown Thousands of wireless customers suffer outage Prescription delays due to Change Healthcare cyberattack Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of their customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded our browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/23/20249 minutes, 58 seconds
Episode Artwork

LockBit gang doesn’t keep its word, the LockBit bounty, White House tackles U.S. maritime threats

  Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI can now autofill OneTrust security questionnaires in one-click? Well, we’ll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept by booking a demo at www.conveyor.com. And mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/22/20249 minutes, 1 second
Episode Artwork

LockBit update, Signal usernames, NSA Cyber Director retires

LockBit takedown update Signal now lets users keep phone numbers private NSA Cybersecurity Director Rob Joyce to retire Thanks to today's episode sponsor, Conveyor No more portal scaries. Conveyor just launched AI autofill of OneTrust portal questionnaires. That means no more clicking question-by-question to copy-paste each answer when a customer sends you a OneTrust security questionnaire. Conveyor’s AI will read and autofill the whole page for you. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/21/20247 minutes, 28 seconds
Episode Artwork

LockBit disrupted, Cactus leaks Schneider data, ALPHV claims financial attacks

LockBit disrupted by global police operation Cactus leaks Schneider Electric data on dark web ALPHV gang takes credit for LoanDepot, Prudential attacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded their browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/20/20247 minutes, 44 seconds
Episode Artwork

Chrome protects home, Zeus mastermind guilty, airline chatbot gaffe

Google Chrome feature blocks attacks against home networks Mastermind behind Zeus and IcedID malware pleads guilty Air Canada must honor refund invented by its chatbot, says court Thanks to today's episode sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click.  Yes, you heard us right. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/19/20247 minutes, 59 seconds
Episode Artwork

Week in Review: LLMs improve cyberattacks, Rhysida gets decrypted, US Blackcat bounty

Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com    
2/16/202424 minutes, 55 seconds
Episode Artwork

Microsoft zero-day warning, Neuberger addresses Munich, trojan steals faces

Microsoft warns of new Exchange Server zero-day Neuberger: Pace of ransomware takedown operations isn’t enough Gold Pickaxe malware steals your face Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
2/16/20248 minutes, 27 seconds
Episode Artwork

Trans-Northern breach, malicious LLM usage, massive email leak

Trans-Northern Pipelines confirms cyberattack Threat actors using LLMs to improve cyberattacks Email provider published internal emails in plain text Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
2/15/20246 minutes, 58 seconds
Episode Artwork

Prudential data breached, Facebook Marketplace leak, BoA 3rd party breach

Prudential Financial data breached in cyberattack Facebook Marketplace user records leaked on hacking forum Bank of America customers at risk after third party breach Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/14/20248 minutes, 6 seconds
Episode Artwork

Repository framework, Romanian healthcare attack, Ivanti backdoored

CISA releases repository security framework Ransomware takes down Romanian healthcare management system Ivanti flaw used to deploy backdoor Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
2/13/20247 minutes, 55 seconds
Episode Artwork

Raspberry Robin warning, Hyundai ransomware attack, Cisco job cuts

Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
2/12/20248 minutes, 14 seconds
Episode Artwork

Week in Review: Volt Typhoon warning, Cloudflare’s nation-state breach, $25 million deepfake

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Doug Mayer, vp, CISO, WCG Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com  
2/9/202426 minutes, 5 seconds
Episode Artwork

Volt Typhoon warning, Cisco fixes Expressway, credit union theft

CISA, FBI issue sobering warning about Volt Typhoon Cisco fixes critical Expressway flaws 3 million records from thousands of credit unions exposed Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/9/20249 minutes, 4 seconds
Episode Artwork

CISA collaboration challenges, Iran's cyber efforts, ransomware's $1 billion

CISA collaboration initiative on thin ice Iran focusing cyber efforts Ransomware payments cross $1 billion in 2023 Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/8/20247 minutes, 28 seconds
Episode Artwork

United front against spyware, spyware to blame for most Google zero-days, insider data breach hits Verizon

Tech giants and world govs unite to tackle spyware threats Spyware vendors to blame for most Google zero-days Insider data breach hits almost half of Verizon’s employee base Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/7/20248 minutes, 51 seconds
Episode Artwork

Spoutible API Leak, Fake IDs at scale, Sudo Windows

Spoutible API vulnerability leaks user data  Illicit service cranks out fake IDs Sudo coming to Windows Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/6/20247 minutes, 25 seconds
Episode Artwork

Cloudflare announces breach, AnyDesk announces breach, Children’s hospital attacked

Cloudflare announces nation-state level breach AnyDesk says hackers breached production servers, reset passwords Chicago children’s hospital announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/5/20248 minutes, 5 seconds
Episode Artwork

Week in Review: Microsoft email explanation, Brazilian banking trojan, Mercedes GitHub error

Link to blog post Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mary Rose Martinez, vp, CISO Marathon Petroleum Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
2/2/202422 minutes, 41 seconds
Episode Artwork

FBI Director’s warning, Apple flaw warning, Pentagon supplier breach

FBI director warns of Chinese hacker threat to U.S. critical infrastructure CISA warns of exploited Apple flaw Pentagon Intelligence supplier allegedly hacked Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/2/20247 minutes, 51 seconds
Episode Artwork

Volt Typhoon takedown, refusing ransoms, Binance's big leak

FBI grounds Volt Typhoon More companies refuse to pay ransoms Binance internal info exposed on GitHub Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/1/20247 minutes, 41 seconds
Episode Artwork

Mercedes-Benz leak, Juniper Networks patch, ZLoader is back

Mercedes-Benz exposes sensitive data, source code Juniper Networks issues out-of-band fix for high severity flaws New ZLoader malware, now with 64-bit Windows compatibility Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
1/31/20248 minutes, 51 seconds
Episode Artwork

Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your data

Microsoft takes another hit Energy giant hit by ransomware The NSA is secretly buying your data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
1/30/20249 minutes, 10 seconds
Episode Artwork

Jenkins patch alert, Cisco flaw alert, Russia’s intel wiped

Urgent patch alert for Jenkins Cisco flaw exposes Unified Comms systems Pro-Ukraine hackers wipe 2 petabytes of data from Russian intelligence center Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.  For the stories behind the headlines, head to CISOseries.com.  
1/29/20248 minutes, 28 seconds
Episode Artwork

Week in Review: TeamViewer still abused, ransomware’s hidden costs, X supports passkeys

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Kelley, vp, CISO, The E.W. Scripps Company and partner, OTAWireless.com. Thanks to our show sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  
1/26/202428 minutes, 10 seconds
Episode Artwork

Hewlett Packard breach, exposed API study, Ukraine infrastructure attacks

Hewlett Packard Enterprise (HPE) attacked through Microsoft 365 email system Study reveals 18,000 exposed API secrets, including $20 million in vulnerable Stripe tokens Ukrainian energy, postal, and transportation services hit by cyberattacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
1/26/20248 minutes, 30 seconds
Episode Artwork

EquiLend offline, AI fueling ransomware, "mother of all breaches"

Cyberattack knocks EquiLend offline Brits warn of the AI impact on ransomware Data leak claims to hold over 26 billion records Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better.  How? Conveyor’s AI can now use uploaded security documents like a SOC 2 or security policy document to auto-generate precise answers to entire security questionnaires in seconds. You can test the AI in a free proof of concept at www.conveyor.com.
1/25/20246 minutes, 46 seconds
Episode Artwork

CISA boss swatted, Subway investigates LockBit, Australia sanctions hacker

CISA boss targeted in “harrowing” swatting attack Subway puts a LockBit investigation on the menu Australia sanctions REvil hacker behind Medibank data breach Thanks to today's episode sponsor, Conveyor Ever wish AI could auto-generate answers to security questionnaires for you just based on your SOC 2 or other documents? Spoiler alert - it can and you can now try it for free with Conveyor’s AI security questionnaire automation software. Set up takes a few seconds. Get a free Conveyor account and simply upload your security documents. Then, upload a new questionnaire to see AI generate answers in seconds based on your documents. Try a free proof of concept today at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
1/24/20247 minutes, 29 seconds
Episode Artwork

Thailand's data leak, CISA's Ivanti order, security funding drips

Thailand court attempts to suppress data leak CISA issues emergency directive on Ivanti zero-days Cybersecurity startup funding down 50% Huge thanks to our episode sponsor, Conveyor What’s worse than a last minute security questionnaire in your inbox? Having to maintain a thousand question and answer pairs to use to respond to a questionnaire.  Now, Conveyor’s AI security questionnaire automation software can use security documents like a SOC 2 and a pared down question and answer bank to auto-generate precise answers to entire questionnaires in seconds. Try a free proof of concept today at www.conveyor.com.  
1/23/20246 minutes, 47 seconds
Episode Artwork

Russia Microsoft breach, JPMorganChase hacking increase, TeamViewer still abused

Russian hackers breach Microsoft executive emails to learn about themselves JPMorgan Chase says hacking attempts are increasing TeamViewer still being abused to breach networks in new ransomware attacks Thanks to today's episode sponsor, Conveyor AI can now literally answer any question in seconds, yet infosec teams are still in a living nightmare manually filling out questionnaires. Conveyor AI’s can now use your uploaded security documents to auto-generate precise answers to entire questionnaires.  The software one of our customers dubbed “my favorite security tool of the year” in 2023 has gotten even better and it takes just minutes to get started.  Try a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
1/22/20249 minutes, 3 seconds
Episode Artwork

Week in Review: SEC X breach, pwned highlights leak, Kyivstar attack cost

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jerich Beason, CISO, WM Thanks to our show sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security.  Learn more at savvy.security/headlines.  All links and the video of this episode can be found on CISO Series.com
1/19/202422 minutes, 21 seconds
Episode Artwork

Atlassian Jira outage, iPhone spyware solution, Russia’s Europe espionage

Atlassian outage briefly affected multiple cloud services iShutdown helps discover spyware on iPhones Russian state hackers COLDRIVER deploy malware in European espionage campaign Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security.  Learn more at savvy.security/headlines.  For the stories behind the headlines, head to CISOseries.com.
1/19/20248 minutes, 14 seconds
Episode Artwork

Drone threats, PixieFail firmware, HIBP dataset

Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds “statistically significant” data leak Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security.  Learn more at savvy.security/headlines. 
1/18/20247 minutes, 3 seconds
Episode Artwork

Google patches zero-day, Citrix zero-day warning, Phemedrone stealer warning

Google patches first Chrome zero-day vulnerability of the year Urgent warning from Citrix to patch two zero-day vulnerabilities New malware strain persists despite patch Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security.  Learn more at savvy.security/headlines. 
1/17/20248 minutes, 59 seconds
Episode Artwork

VPN blocks, OpenAI election tools, Calvia ransomware attack

Turkey blocks some VPNs OpenAI publishes election guidance Spanish municipality faces stiff ransomware demand Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security.  Learn more at savvy.security/headlines. 
1/16/20247 minutes, 19 seconds
Episode Artwork

Water nonprofit targeted, Denmark energy update, SEC X update

Ransomware gang targets clean water nonprofit Denmark energy sector attacks likely not Sandworm after all SEC says X account breach did not lead to further breaches Thanks to our episode sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines.  For the stories behind the headlines, head to CISOseries.com.
1/15/20247 minutes, 35 seconds
Episode Artwork

Week in Review: Merck settles NotPetya, Google accounts hacked, GitHub abuse rises

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Allan Cockriel, Group CISO, Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
1/12/202424 minutes, 49 seconds
Episode Artwork

Ivanti zero-day, Akira targets backups, school data exposed

Ivanti VPN hit by zero-days Akira targeting backups Sensitive school data accidentally exposed online Remember to subscribe to the Cyber Security Headlines newsletter here. Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
1/12/20247 minutes, 28 seconds
Episode Artwork

Texas healthcare breach, enormous Brazil leak, Tortilla decryptor released

Texas healthcare provider suffer data breach Entire population of Brazil possibly exposed in data leak Decryptor for Tortilla ransomware released Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/11/20248 minutes, 16 seconds
Episode Artwork

SEC account hack spikes Bitcoin, Mandiant Twitter hijack, China cracks AirDrop

Bitcoin price spikes after SEC Twitter account hijack Twitter account hijack wave affects Mandiant China claims it cracked Apple AirDrop Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/10/20248 minutes, 43 seconds
Episode Artwork

google hacked, loanDepot attacked, Netgear compromised

Google accounts hacked: No passwords required loanDepot joins growing list of US mortgage lenders attacked Netgear and Hyundai’s X accounts latest to be compromised in crypto scam Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
1/9/20247 minutes, 24 seconds
Episode Artwork

Merck settles NotPetya, Pompompurin breaches release, Iranian crypto mistake

Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/8/20247 minutes, 6 seconds
Episode Artwork

Week in Review: Hospitals sue cloud, Google settles Incognito, ransomware payment ban

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO, Nemertes, and podcaster at Heavy Strategy. Thanks to our show sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI’s ASM platform to hone in on what’s actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM All links and the video of this episode can be found on CISO Series.com  
1/5/202425 minutes, 3 seconds
Episode Artwork

Mandiant Twitter hack, breach firm breached, Spanish mobile attacked

Mandiant Twitter account restored after crypto scam hack Law firm that handles data breaches hit by data breach Spanish mobile carrier suffers outage after account takeover Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.  For the stories behind the headlines, head to CISOseries.com.
1/5/20247 minutes, 43 seconds
Episode Artwork

Ransomware bans, voice cloning contest, slow data exports

A call for formal ban on ransomware payments FTC asks for ideas to fight voice cloning Cyberattack impacts French township Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. 
1/4/20247 minutes, 10 seconds
Episode Artwork

Google $5 billion suit settled, Orbit Chain loses $80M, FDA cyber agreement

Google settles $5 billion ‘incognito mode’ lawsuit  Over $80 million in crypto stolen from Orbit Chain Watchdog calls for updated medical device cyber agreement Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.  For the stories behind the headlines, visit CISOseries.com.
1/3/20246 minutes, 46 seconds
Episode Artwork

Sweden grocer cyberattack, Black Basta flaw, Boston hospital cyberattack

Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims’ files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.  For the stories behind the headlines, head to CISOseries.com.
1/2/20247 minutes, 3 seconds
Episode Artwork

German hospital ransomware, Ohio Lottery attacked, First American update

LockBit hits German hospital system over the holidays Ohio Lottery cyberattack claimed by DragonForce First American says funds are secure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com!  The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/29/20236 minutes, 49 seconds
Episode Artwork

Barracuda backdoors, undocumented iPhone hardware, NYT sues OpenAI

Threat actors install backdoor on Barracuda appliances iPhone triangulation exploit used undocumented features New York Times starts the publisher LLM lawsuits Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com!  The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.  
12/28/20237 minutes, 30 seconds
Episode Artwork

National Amusements breached, Rockstar game leak, LoanCare parent hacked

CBS and Paramount owner hacked a year ago Rockstar Games allegedly suffers source code leak LoanCare says 1.3 million people affected by cyberattack Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com.
12/27/20237 minutes, 41 seconds
Episode Artwork

First American cyberattack, Iran APT campaign, ransomware victims spike

First American suffers cyberattack, website down Iran-linked group targets defense contractors worldwide November saw record numbers of ransomware leak site victims Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/26/20237 minutes, 24 seconds
Episode Artwork

HCL investigates ransomware, Agent Tesla returns, JavaScript bank malware

Indian tech company HCL investigating ransomware attack Agent Tesla and an old Microsoft Office vulnerability create new problems New JavaScript malware targets banks Thanks to today's episode sponsor, Barricade Cyber Solutions Is ransomware affecting your business operations? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security prevention and recovery. Go to recoverfromransomware.com and set up a time to connect with the team today. Again, that's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/22/20237 minutes, 25 seconds
Episode Artwork

BlackCat is back, CSAM in AI data, ESO breach

BlackCat came back Child abuse images found in AI datasets ESO solutions breach impacts million Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation with the CEO at recoverfromransomware.com now.
12/21/20236 minutes, 54 seconds
Episode Artwork

FBI disrupts BlackCat, International operation nabs thousands, Sony data leak

FBI disrupts BlackCat ransomware network International operation arrests thousands of cybercriminals Sony’s video game plans leaked by ransomware group Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Head over to recoverfromransomware.com to learn more. For the stories behind the headlines, visit CISOseries.com.
12/20/20237 minutes, 49 seconds
Episode Artwork

Play ransomware warning, QakBot is back, Mr. Cooper hack

Play ransomware is no game The return of QakBot Hacking with Mr. Cooper Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today.
12/19/20236 minutes, 50 seconds
Episode Artwork

Box suffers outage, MongoDB suffers breach, States lag in tackling political deepfakes

Box storage platform suffers outage MongoDB suffers breach States lag in tackling political deepfakes Thanks to today's episode sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 businesses cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. All you need to remember is recoverfromransomware.com.  For the stories behind the headlines, head to CISOseries.com.  
12/18/20237 minutes, 11 seconds
Episode Artwork

Week in Review: Irish water hack, Joe Sullivan speaks, UK ransomware predictions

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron, Chief Business Security Officer, ADP Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing your business MAJOR disruptions? Connect with Barricade Cyber Solutions, the trusted DFIR experts specializing in helping small to medium businesses, like yours, recover from ransomware. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting with advanced recovery services to quickly restore business data and services. Recover from ransomware with Barricade Cyber Solutions at recoverfromransomware.com. All links and the video of this episode can be found on CISO Series.com
12/15/202324 minutes, 49 seconds
Episode Artwork

Hive banker arrested, train bricking accusations, GambleForce SQL campaign

French police arrest alleged Hive banker Train bricking accusations lead to lawsuit against ethical hackers New Hacker Group ‘GambleForce’ Targets APAC through SQL injection Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization faced a ransomware attack? Keep calm, breathe, and head over to recoverfromransomware.com. Barricade Cyber Solutions is the industry choice for ransomware recovery services that small and medium business leaders can rely on. With a track record of rescuing over 3,000+ businesses like yours in the last 5 years alone, you can trust Barricade Cyber Solutions' elite DFIR team for the recovery of your business' data and systems. Schedule a complimentary consult today at recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/15/20238 minutes, 5 seconds
Episode Artwork

UK ransomware report, OAuth abuse, push notification changes

UK ransomware report isn’t pretty MS warns of OAuth abuse Apple discloses pushback to push notification disclosure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com!  The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.
12/14/20236 minutes, 18 seconds
Episode Artwork

Ukraine telco down, Sullivan advocates for CISOs, GAO on AI

Cyberattack shuts down Ukrainian telco  Former Uber CISO advocates for CISO protections GAO report on government AI usage Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com. 
12/13/20237 minutes, 16 seconds
Episode Artwork

Internet fragmentation, EU AI Act, Lazarus loves Log4Shell

US tries to avoid internet fragmentation EU reaches agreement on AI Act North Korea finds continued success with Log4Shell Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com.
12/12/20237 minutes, 10 seconds
Episode Artwork

5G network vulnerability, SLAM affects CPUs, CISA Qlik warning

5G network security vulnerabilities discovered, impacting chipset vendors and smartphones SLAM Spectre-based vulnerability affects CPUs CISA adds Qlik bugs to exploited vulnerabilities catalog Thanks to today's episode sponsor, Barricade Cyber Solutions Caught in a ransomware crisis? Barricade Cyber Solutions is your lifeline for recovery. Trust the industry's experienced DFIR experts, with a track record of saving over 3,000 businesses in the last 5 years. Remember to visit recoverfromransomware.com to connect with Barricade Cyber Solutions' trusted ransomware recovery team. This elite squad moves quickly to restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com.
12/11/20237 minutes, 50 seconds
Episode Artwork

Week in Review: Credit Union outages, Roblox, Twitch targeted, Nuclear site breached

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andy Ellis, operating partner YL Ventures Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing disruptions? Remember to stay composed and immediately contact Barricade Cyber Solutions, the trusted ransomware recovery experts specializing in small to medium businesses. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting- with advanced recovery services for rapid business restoration. Recover from ransomware with Barricade Cyber Solutions. Visit recoverfromransomware.com to learn more. All links and the video of this episode can be found on CISO Series.com      
12/8/202325 minutes, 17 seconds
Episode Artwork

Aviva cyberattack warning, anti-aircraft data theft, car fleet vulnerability

Insurance firm sees cyberattacks as more likely than fire or theft North Korean hackers steal anti-aircraft system data Vulnerability discovered in fleet management software Huge thanks to our sponsor, Barricade Cyber Solutions Is ransomware affecting your business? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security. Remember recoverfromransomware.com, that’s recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/8/20238 minutes, 3 seconds
Episode Artwork

ICANN lookups, push notification spying, Google's Gemini

Krebs on ICANN Lookups Wyden warns of spying push notifications Google unveils Gemini Huge thanks to our sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation at recoverfromransomware.com now.
12/7/20236 minutes, 41 seconds
Episode Artwork

Mexican spyware trial, Breach of ColdFusion vuln, Malicious loan app downloaded 12MM

Spyware trial implicating former Mexican president kicks off Federal agency breached through Adobe ColdFusion vulnerability Malicious loan app downloaded 12 million times from Google Play Huge thanks to our sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Visit recoverfromransomware.com. That's recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com.
12/6/20238 minutes, 17 seconds
Episode Artwork

Nuclear site hacked, Iranian water breaches, ChatGPT data leaks

UK nuclear site attacked by state-linked attackers US confirms Iranian actors behind water breaches The infinite regress of ChatGPT data exfiltration Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today. That's recoverfromransomware.com.
12/5/20237 minutes, 14 seconds
Episode Artwork

Credit Unions outage, Roblox-Twitch extortion, Apple zero-days

Credit unions facing outages due to ransomware attack on cloud provider Roblox, Twitch allegedly targeted by ransomware cartel Apple fixes two new iOS zero-days in emergency updates Huge thanks to our sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 business cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com.
12/4/20237 minutes, 46 seconds
Episode Artwork

Week in Review: Okta breach expands, Former Uber CISO speaks, OpenAI’s chatbot leak secrets

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business and your customers, so you can take action on exposed authentication data to prevent ransomware, session hijacking, account takeover, and online fraud. With knowledge of the specific data criminals have in hand – like credentials, cookies, and PII compromised by breaches and malware infections – security teams have better visibility into the expanding attack surface that puts their organization at risk of cyberattacks and can respond quickly with SpyCloud’s automated solutions. Find out what cybercriminals know about your business by visiting spycloud.com/ciso to get your free exposure report. That’s spycloud.com/ciso. All links and the video of this episode can be found on CISO Series.com  
12/1/202329 minutes, 2 seconds
Episode Artwork

Manufacturing tops extortion, RETVec battles spam, new Zyxel warnings

Manufacturing industry tops cyber extortion trend Google’s RETVec the latest warrior on bad emails Zyxel warns of vulnerabilities in NAS devices Huge thanks to our sponsor, SpyCloud  New research from SpyCloud reveals a critical discovery: nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. These infostealers exfiltrate authentication data from infected systems to aid follow-on attacks – everything from passwords to 2FA codes, and even cookies that enable session hijacking without the need for credentials at all. SpyCloud specializes in recapturing and remediating data siphoned from infostealers to protect businesses and their users from cybercrime. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso. For the stories behind the headlines, head to CISOseries.com.
12/1/20238 minutes, 20 seconds
Episode Artwork

Okta breach expands, JAXA cyberattack, leaky GPTs

All Okta customers exposed in breach JAXA hit by cyberattack OpenAI’s chatbots leak secrets Huge thanks to our sponsor, SpyCloud  For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.
11/30/20236 minutes, 22 seconds
Episode Artwork

Ransomware gang busted in Ukraine, North Texas water utility cyberattack, Former Uber CISO breaks 6-year silence

Ransomware gang busted in Ukraine by international operation North Texas water utility hit with cyberattack Former Uber CISO speaks out after 6-year silence Huge thanks to our sponsor, SpyCloud  SpyCloud has discovered that infostealer malware infections are an early warning signal for ransomware. In fact, nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. Are you thinking about infostealers as a precursor to ransomware? SpyCloud believes that knowing what criminals have stolen from your managed, unmanaged and undermanaged infected machines is step one to stopping ransomware attacks. Get SpyCloud’s new research on this topic and check your company’s exposure from malware infections at spycloud.com/ciso. For the stories behind the headlines, visit CISOseries.com.
11/29/20237 minutes, 36 seconds
Episode Artwork

International AI agreement, water utility attack, Ukraine cyberattack on Russian aviation

International AI agreement PA water utility hit by cyberattack Ukraine claims cyber attack against Russian aviation Huge thanks to our sponsor, SpyCloud  Our sponsor today, SpyCloud, wants us to pay attention to a ransomware precursor that’s not being talked about enough: infostealer malware. If you think you’re covered by endpoint protection and anti-virus solutions, think again. The SpyCloud team discovered that the presence of infostealers including Racoon, Vidar, and Redline on machines accessing work applications may indicate a likely future ransomware attack. They believe the first step in thwarting ransomware lies in knowing the data criminals have stolen from malware-infected systems and remediating it quickly. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso.
11/28/20236 minutes, 55 seconds
Episode Artwork

London & Zurich, Fidelity National Financial attacks, Royal Family’s hospital, Vanderbilt University Med Center attacks, US Nuclear lab and Gulf Air breaches

London & Zurich, and Fidelity National Financial attacks Royal Family’s hospital and Vanderbilt University Med Center suffer cybersecurity incidents Gulf Air exposed to data breach Huge thanks to our sponsor, SpyCloud  For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.
11/27/20238 minutes, 6 seconds
Episode Artwork

Cyber exec hacked hospital, ‘Citrix Bleed’ vuln targeted, Binance CEO steps down in $4 billion settlement

Cyber exec admits hacking hospital as a sales tactic ‘Citrix Bleed’ vulnerability targeted by nation-state hackers Binance CEO steps down in $4 billion settlement  Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, visit CISOseries.com.
11/22/20237 minutes, 38 seconds
Episode Artwork

Healthcare hit with MOVEit, malware uses trig, OpenAI shakeup

Healthcare platform impacted by MOVEit Threat actors find a use for trigonometry   What’s happening with OpenAI Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
11/21/20236 minutes, 52 seconds
Episode Artwork

Clorox CISO departure, BlackCat’s SEC complaint, Dudley interim NCD

Clorox CISO departs months after cyberattack ALPHV/BlackCat Ransomware gang files SEC complaint Drenan Dudley acting national cyber director while Coker confirmation process continues Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, head to CISOseries.com
11/20/20237 minutes, 9 seconds
Episode Artwork

Week in Review: UK Health data shared, SSH keys vulnerable

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jay Wilson, CISO, Insurity Thanks to our show sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. Learn more at Sysdig.com All links and the video of this episode can be found on CISO Series.com
11/17/202326 minutes, 31 seconds
Episode Artwork

Fortinet Injection bug, Another Samsung breach, government Rhysida warning

Fortinet warns of critical command injection bug in FortiSIEM Another data breach for Samsung Rhysida warning from FBI and CISA Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head to CISOseries.com.
11/17/20237 minutes, 41 seconds
Episode Artwork

Microsoft Copilot, YouTube addresses AI uploads, CISA's AI roadmap

Microsoft goes all in on Copilot YouTube’s AI disclosure requirement CISA’s AI Roadmap Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
11/16/20236 minutes, 53 seconds
Episode Artwork

IPStorm botnet dismantled, Social media giants will face child safety lawsuits, Authorities warn of Royal ransom gang threat

IPStorm botnet dismantled after hacker’s guilty plea Federal court rules social media giants must face child safety lawsuits Authorities warn of Royal ransom gang’s activities and rebranding Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, visit CISOseries.com.
11/15/20238 minutes, 42 seconds
Episode Artwork

Cyber Security Headlines: Australian ports attacked, impacts of AI on terrorist content, Google sees faked Bard ads

Australian ports hit with cyberattack  AI companies join on to Christchurch Call to Action Generative AI threatens to dismantle terrorist content detection Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
11/14/20236 minutes, 48 seconds
Episode Artwork

China bank ransomed, UK health data shared, Boeing data published

Industrial and Commercial Bank of China suffers ransomware attack UK health data donated for medical research shared with insurance companies Boeing data published by LockBit Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head to CISOseries.com.
11/13/20237 minutes, 24 seconds
Episode Artwork

Week in Review: Okta explains hack, Google Calendar as C2, Selling military data

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton, CTO, GigaOm Thanks to today’s episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you’ll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization’s security. Register now at offsec.com/evolve All links and the video of this episode can be found on CISO Series.com  
11/10/202325 minutes, 45 seconds
Episode Artwork

US most breached, ChatGPT gets DDoS, Clop exploits SysAid

US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
11/10/20237 minutes, 56 seconds
Episode Artwork

Shields Ready campaign, AI imagery rules for the election, App Defense Alliance moves to Linux Foundation

US launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve
11/9/20237 minutes, 27 seconds
Episode Artwork

Marina Bay Sands customer data hacked, Atlassian bug escalated to 10.0 severity, Fake crypto app steals over $700,000

Singapore’s Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, visit CISOseries.com.
11/8/20238 minutes, 1 second
Episode Artwork

Dropper bypasses Google, CISA’s zero-day worries, Google Calendar as C2

Android Dropper-as-a-Service Bypasses Google’s Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
11/7/20238 minutes, 23 seconds
Episode Artwork

Okta’s hack explanation, Looney Tunables exploited, Lazarus likes KandyKorn

Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more.  Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
11/6/20237 minutes, 22 seconds
Episode Artwork

Week in Review: Cloudflare’s power outage, Washington breaches, Wiki-Slack attack

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Shawn Bowen, CISO, World Kinect Corporation Thanks to our show sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. All links and the video of this episode can be found on CISO Series.com
11/3/202329 minutes, 9 seconds
Episode Artwork

Cloudflare’s power outage, Apache HelloKitty attempt, Boeing incident continues

Power outage darkens Cloudflare dashboard and APIs Apache ActiveMQ flaw sees HelloKitty attempt Boeing says cyber incident affects parts and distribution Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, head to CISOseries.com.
11/3/20237 minutes, 36 seconds
Episode Artwork

UK summit pledge to tackle AI risks, ‘Kill switch’ shuts down Mozi botnet, EU regulator bans Meta's ad practices

Countries at UK summit pledge to tackle AI risks ‘Kill switch’ deliberately shuts down notorious botnet EU regulator bans Meta's targeted advertising practices Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, visit CISOseries.com.
11/2/20238 minutes, 3 seconds
Episode Artwork

Canada bans WeChat, no ransom pledge, India's opposition sees state-sponsored attacks

Canada bans WeChat on government devices 40 countries sign no ransom pledge  Apple warns Indian opposition leaders about iPhone attacks Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters to replace their SIEM eliminating the burden of redundant detection engineering and manual event correlation. Solaris Group’s SOC analysts can now focus their time and energy on higher-value tasks. Visit hunters.security to learn how to replace your SIEM today.
11/1/20236 minutes, 26 seconds
Episode Artwork

AI Executive Order, Russia' VirusTotal, Roaming leaks locations

Executive order outlines generative AI rules in the US Russia launchings its own VirusTotal Roaming data could leak geolocations Thanks to today's episode sponsor, Hunters Piecing together a SIEM not only takes forever, but it wastes your security team’s valuable resources. Hunters is a SIEM alternative purpose built to help your Security Operations mature to the next level in a fraction of the time. Spontnana, a next-generation Travel-as-a-Service platform, uses Hunters’ built-in correlation and enrichment capabilities to make better security decisions and experienced value from day one. Are you ready to evaluate Hunters as a SIEM alternative? Visit Hunters.security to learn more.
10/31/20237 minutes, 43 seconds
Episode Artwork

DC Elections breach, LockBit Boeing breach, StripedFly’s stealthy sting

 DC Board of Elections breach may include entire voter roll LockBit claims Boeing breach StripedFly malware infects 1 million Windows and Linux hosts Thanks to today's episode sponsor, Hunters Hunters is a SIEM alternative, built for your security team. Hunters empowers companies to replace their SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer “tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%.” To learn more about the benefits of replacing your legacy SIEM with Hunters visit hunters.security today. For the stories behind the headlines, head to CISOseries.com
10/30/20236 minutes, 55 seconds
Episode Artwork

Week in Review: Okta’s compromise issues, Cisco’s additional headache, CISA protests cuts

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Arvin Bansal, former CISO, Nissan Americas Thanks to our show sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand  — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. All links and the video of this episode can be found on CISO Series.com  
10/27/202327 minutes, 20 seconds
Episode Artwork

iLeakage threatens Apple, CISA’s catastrophic cuts, HTTP DDoS surge

ILeakage attack steals emails, passwords from Apple devices and browsers CISA protests potential 25% budget cut as “catastrophic” Surge in hyper-volumetric HTTP DDoS attacks Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.  For the stories behind the headlines, head to CISOseries.com.
10/27/20237 minutes, 53 seconds
Episode Artwork

SMIC advanced chips, Roundcube exploit, Philadelphia email access

SMIC making advanced chips with ASML tech Roundcube webmail exploited with zero-day Philadelphia’s week somehow gets worse Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. 
10/26/20236 minutes, 49 seconds
Episode Artwork

Cisco IOS XE infections remain high, California sidelines GM’s driverless cars, Canada accuse China of ‘Spamouflage’ campaign

Cisco IOS XE Update: Number of infected devices via zero-day remains high California sidelines GM’s driverless cars, citing safety risk Canada accuse China of ‘Spamouflage’ disinformation campaign Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.  For the stories behind the headlines, visit CISOseries.com.
10/25/20238 minutes, 31 seconds
Episode Artwork

Chrome IP Protection, Microsoft Security Copilot, Cisco patches IOS XE

Chrome testing IP Protection Microsoft tests Security Copilot  Cisco releases IOS XE patches Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. 
10/24/20237 minutes, 33 seconds
Episode Artwork

Okta system attacked, another Cisco vulnerability, RagnarLocker arrest

Okta HAR support system attacked Cisco identifies additional IOS XE vulnerability Key Ragnar Locker player arrested in Paris Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.  For the stories behind the headlines, head to CISOseries.com.
10/23/20238 minutes, 20 seconds
Episode Artwork

Week in Review: Water cyber-regs rescinded, Cisco zero-day attacks, Signal debunks zero-day

Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Community Veterinary Partners Thanks to our show sponsor, Vanta “Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. All links and the video of this episode can be found on CISO Series.com  
10/20/202322 minutes, 49 seconds
Episode Artwork

Cops sting RagnarLocker, more 23andMe leaks, Casio discloses breach

International sting operation brings down RagnarLocker More 23andMe records leaked Casio discloses data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/20/20237 minutes, 59 seconds
Episode Artwork

WinRAR exploitation, Five Eyes warns about China, ServiceNow data exposure

State-backed attackers exploit WinRAR zero-day Five Eyes warns of Chinese IP theft ServiceNow data exposure issue identified Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/19/20237 minutes, 59 seconds
Episode Artwork

Zero-day attacks affect 10,000 Cisco devices, US government warns of Confluence vuln exploitation, D-Link confirms data breach

Zero-day attacks affect over 10,000 Cisco devices US government warns of widespread exploitation of Confluence vulnerability D-Link confirms data breach caused by phishing attack Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, visit CISOseries.com.
10/18/20237 minutes, 59 seconds
Episode Artwork

Security camera warnings, Signal denies zero-day, Equifax fined in UK

Israeli government warns to secure home security cameras Signal debunks zero-day report Equifax fined for 2017 data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/17/20237 minutes, 1 second
Episode Artwork

CDW possibly attacked, AvosLocker joint advisory, EPA rescinds water regs

LockBit claims attack on CDW FBI and CISA publish joint advisory regarding AvosLocker ransomware EPA rescinds cyber regulations for water sector Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/16/20237 minutes, 35 seconds
Episode Artwork

Week in Review: Internet-wide zero-day DDoS, 23andMe data breach, curl flaw overhyped

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Martin Choluj, VP Security ClickHouse  Thanks to our show sponsor, Hyperproof Are you struggling to showcase the value of your work? It’s a classic challenge in the risk and compliance space: leadership just doesn’t understand what exactly you do and why it matters. With Hyperproof, the leading risk and compliance management platform, you get access to real-time reports that can help your leadership team understand the impact of the valuable work you do every day. Get a demo at hyperproof.io. All links and the video of this episode can be found on CISO Series.com    
10/13/202327 minutes, 20 seconds
Episode Artwork

Microsoft thwarts Akira, Sullivan appeals conviction, ToddyCat targets telcos

Microsoft thwarts large-scale ransomware attack Former Uber CISO files appeal ToddyCat group targets telcos Thanks to today's episode sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today.
10/13/20237 minutes, 24 seconds
Episode Artwork

Hijacked 404 pages, Chinese attackers target Confluence, Adobe's "icon of transparency"

404 pages hijacked Atlassian Confluence attacked by state-backed actors Adobe’s “icon of transparency” Thanks to today's episode sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
10/12/20237 minutes, 21 seconds
Episode Artwork

Zero-day fuels largest-ever DDoS attack, 23andMe resets user passwords after data leak, Exchange gets ‘better’ patch for critical bug

Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets ‘better’ patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
10/11/20238 minutes, 41 seconds
Episode Artwork

Middle East hacktivists, Curl security flaw, HelloKitty improves ransomware

Hacktivist attacks abound in the Middle East Network protocol open-source tool Curl faces worst security flaw in a long time HelloKitty ransomware source code leaked on hacking forum Thanks to today's episode sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io. For the stories behind the headlines, head to CISOseries.com. 
10/10/20238 minutes, 7 seconds
Episode Artwork

MGM ransomware costs, Blackbaud breach settlement, 23andMe breach claims

MGM Resorts quotes ransomware tab at $110 million Blackbaud in $49.5 million settlement for May 2020 ransomware attack 23andMe investigates breach claims  Thanks to today's episode sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
10/9/20237 minutes, 41 seconds
Episode Artwork

Week in Review: Progress FTPbug, CloudFlare DDoS mistake, Lazarus Meta recruiters

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Bob Schuetter, CISO, Ashland  Thanks to our show sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%.  Try a free one-week proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  
10/6/202325 minutes, 30 seconds
Episode Artwork

Apple zero-day patch, Cisco 911 patch, ICS exposure warning

Apple rolls out patch for active iOS Zero-Day Cisco patches urgent Emergency Responder flaw Researchers warn of 100,000 exposed ICS systems Thanks to our episode sponsor, Conveyor We can all agree that AI can take one job from us: answering security questionnaires. Enter Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
10/6/20237 minutes, 37 seconds
Episode Artwork

Red Cross hacktivist rules, Looney Tunables hit Linux, CISA violates First Amendment

Red Cross issues hacktivist rules Looney Tunables hits major Linux distros  CISA may have violated the First Amendment  Thanks to our episode sponsor, Conveyor Will security questionnaires ever go away? Maybe. But as long as they’re still here, you might as well get AI to complete them for you. Enter Conveyor. The AI security questionnaire automation software that auto-generates 80-90% accurate answers to entire questionnaires in seconds so all you have to do is review. There’s even a browser extension for the world’s worst portals. Not sure if it’ll work for you? Try a free one-week proof of concept at www.conveyor.com.  
10/5/20236 minutes, 29 seconds
Episode Artwork

GPU driver exploits, EU strengthens spyware protections, NSA's AI Security Center

Arm and Qualcomm warn about exploited GPU drivers EU Parliament strengthens spyware protections for journalists NSA creates AI Security Center Thanks to our episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com.
10/4/20236 minutes, 46 seconds
Episode Artwork

Progress FTP bug under active exploit, Norway urges Europe-wide Meta data collection ban, KillNet claims attack against Royal Family website

Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
10/3/20237 minutes, 28 seconds
Episode Artwork

Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Cloudflare DDoS protections bypassed using Cloudflare McLaren Health Care becomes latest ALPHV/BlackCat victim Lazarus Group poses as Meta recruiters to spearfish Spanish engineers Thanks to our episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?  Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
10/2/20237 minutes, 8 seconds
Episode Artwork

Week in Review: New MOVEIt troubles, fallout from government email breach, H&R Block faces RICO charges

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Andrew Storms, VP of security, Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni. All links and the video of this episode can be found on CISO Series.com
9/29/202328 minutes, 31 seconds
Episode Artwork

Government email damage, Johnson Controls attacked, Google’s 5th zero-day

Chinese hackers stole emails from US State Dept in Microsoft breach Johnson Controls faces $51 million ransomware demand Google fixes year’s fifth Chrome zero-day Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/29/20237 minutes, 44 seconds
Episode Artwork

GPU pixel-stealing, info-stealing on GitHub, Sony hackers hit NTT Docomo

GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
9/28/20236 minutes, 34 seconds
Episode Artwork

Multiple threat actors lay claim to Sony hack, Philippines health org struggling with ransomware recovery, Flair Airlines leaked user data for months

Multiple threat actors lay claim to Sony hack Philippines health org struggling to recover from ransomware attack Canadian Flair Airlines leaked user data for months Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
9/27/20237 minutes, 41 seconds
Episode Artwork

Mixin Network breach, Kia and Hyundai thefts explode, stress testing voting equipment

Mixin Network loses $200 million  Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
9/26/20236 minutes, 30 seconds
Episode Artwork

Clarion audio hacked, Egyptian Predator threat, Dallas cyberattack analysis

Car audio manufacturer Clarion hacked – ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/25/20237 minutes, 1 second
Episode Artwork

Week in Review: UK and US cyberlaws, Microsoft’s bad week, Cisco buys Splunk

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino  with guest Shawn Bowen, CISO, World Kinect Corporation  Thanks to our show sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com    
9/22/202326 minutes, 49 seconds
Episode Artwork

UK’s new cyberlaws, Cisco buys Splunk, Transunion denies breach

UK launches comprehensive new online safety laws Cisco buys Splunk TransUnion denies breach  Huge thanks to our sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. For the stories behind the headlines, head to CISOseries.com.
9/22/20237 minutes, 1 second
Episode Artwork

Canadian airport DDoS, Huawei ships chips, Signal goes post-quantum

Cyber attack disrupted Canadian airports Huawei ships chips for surveillance cameras Signal adds quantum-resistant encryption Huge thanks to our sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
9/21/20236 minutes, 18 seconds
Episode Artwork

DHS to simplify cyber incident reporting rules, UK passes Online Safety Bill, PIILOPUOTI marketplace takedown

DHS council seeks to simplify cyber incident reporting rules UK passes the Online Safety Bill Finland and Europol take down PIILOPUOTI marketplace Huge thanks to our sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
9/20/20237 minutes, 26 seconds
Episode Artwork

Microsoft leaks AI data, UK CMA AI principles, Germany warns of natural gas terminal attacks

Microsoft leaks terabytes of internal data UK CMA outlines principles for AI regulation Germany warns of attacks on LNG terminals  Huge thanks to our sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
9/19/20237 minutes, 16 seconds
Episode Artwork

Lazarus hit CoinX, Thailand’s CardX breach, trucking software attack

Lazarus Group suspected in CoinEx robbery Thailand financial company CardX discloses leak Ransomware hits trucking software provider Huge thanks to our sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
9/18/20237 minutes, 16 seconds
Episode Artwork

Week in Review: Las Vegas heists, mental health, Tesla’s no-hands option

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Davi Ottenheimer, VP, Trust and Ethics, Inrupt Thanks to our show sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software – powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the show, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  
9/15/202323 minutes, 13 seconds
Episode Artwork

Caesars, MGM attacks, Weather Network down, LockBit dual deployment

Caesars reportedly paid millions to stop Scattered Spider Cybersecurity incident impacts Canada’s Weather Network Blocked LockBit affiliate deploys 3AM instead Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
9/15/20237 minutes, 12 seconds
Episode Artwork

US asks to not pay ransoms, CISA's open source roadmap, Save the Children ransomware attack

NSC asks governments not to pay ransoms CISA’s open source software security roadmap Save the Children hit with ransomware Huge thanks to our sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor - the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate answers and decreasing the time spent on questionnaire answering by 91%. We’re excited about the success customers like Lucid and Carta have seen using Conveyor. Try a free proof of concept at www.conveyor.com.
9/14/20236 minutes, 36 seconds
Episode Artwork

MGM Resorts "cybersecurity incident", Hackers access Airbus vendor info, Cryptoqueen’s sidekick sentenced

MGM Resorts slot machines and ATMs disrupted by "cybersecurity incident" Hackers access sensitive data of thousands of Airbus vendors Cryptoqueen’s sidekick sentenced for $4 billion scam Huge thanks to our sponsor, Conveyor Here’s how to measure if your security questionnaire answering software is effective. We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time. Ready for 80-90% auto-generated accurate answers so you can fly through your review? Then you should try Conveyor’s AI-security questionnaire automation tool. Don’t believe us? Try a free proof of concept at www.conveyor.com For the stories behind the headlines, visit CISOseries.com.
9/13/20238 minutes, 17 seconds
Episode Artwork

Rising infrastructure attacks, Sponsor backdoor, Sri Lanka loses data in attack

UK government sees record critical IT infrastructure attacks Charming Kitten unleashes Sponsor backdoor Ransomware costs Sri Lankan government months of data Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com.
9/12/20237 minutes, 2 seconds
Episode Artwork

Fake Telegram apps, Akamai defeats mega-DDoS, Rhysida hospital attacks

Evil Telegram fake apps send spyware Akamai announces mitigation of largest DDoS on a US financial company Rhysida attacks three more hospitals Huge thanks to our sponsor, Conveyor What’s scarier than the Sunday scaries? Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor's AI security questionnaire automation tool, powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with Conveyor at www.conveyor.com For the stories behind the headlines, head to CISOseries.com.
9/11/20236 minutes, 57 seconds
Episode Artwork

Week in Review: Microsoft MSA answers, Keystroke monitoring software, G-Man Mudge

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino  with guest Dan Walsh, CISO, VillageMD Thanks to our show sponsor, Comcast DataBee DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee. All links and the video of this episode can be found on CISO Series.com
9/8/202323 minutes, 6 seconds
Episode Artwork

China's MSA key hack, cyberwar crimes, North Korea targeting Russia

How Chinese hackers stole a Microsoft signing key The ICC to prosecute cyberwar crimes North Korean cyberattacks against Russian targets Thanks to today's episode sponsor, Comcast DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee.
9/8/20236 minutes, 28 seconds
Episode Artwork

CISA reporting rules, LastPass key crack, connected cars fail on privacy

CISA close to finalizing incident reporting rules Krebs on cracked LastPass keys Connected cars not great for privacy and security Thanks to today's episode sponsor, Comcast Are you still using whiteboards and pivoting between tools to find out who owns what data sources and the relationships between data points? It’s time to improve your OODA loop and enhance your security and compliance efforts with  DataBee, from Comcast Technology Solutions. Learn how DataBee weaves together and enriches data from across the enterprise to provide deeper insights into your security, risk and compliance posture. Visit https://comca.st/DataBee.
9/7/20237 minutes, 9 seconds
Episode Artwork

CISA hires ‘Mudge’, Call for Congress to address AI-generated CSAM, Stake.com loses $41 million in crypto

CISA hires ‘Mudge’ to work on security-by-design principles All 50 states call on Congress to address AI-generated CSAM Stake.com loses $41 million to hot wallet hackers Thanks to today's episode sponsor, Comcast What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit https://comca.st/DataBee. For the stories behind the headlines, visit CISOseries.com.
9/6/20238 minutes, 5 seconds
Episode Artwork

PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks

New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks  Thanks to today's episode sponsor, Comcast Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit https://comca.st/DataBee For the stories behind the headlines, head to CISOseries.com.
9/5/20237 minutes, 16 seconds
Episode Artwork

X collects employment histories, Sandworm Chisel analysis, Callaway breach

X to collect member employment data Technical details of Sandworm malware ‘Infamous Chisel’ released Golf club maker Callaway suffers breach Thanks to today's episode sponsor, Comcast DataBee “Data is the currency of the 21st century”, yet for so many cybersecurity professionals, it’s still too difficult to access, correlate and use this ‘currency’ for better, faster security and compliance decision-making. That’s why Comcast Technology Solutions created DataBee™, a cloud-native security data fabric platform that can help you turn your security data into valuable business ‘currency’. Learn more at https://comca.st/DataBee. For the stories behind the headlines, head to CISOseries.com.
9/4/20238 minutes, 22 seconds
Episode Artwork

Gamaredon hits Ukraine, Paramount suffers breach, OpenFire gets swarmed

Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/1/20237 minutes, 7 seconds
Episode Artwork

China hacked Japan's NISC, trafficking fuels cyber scams, China approves generative AI

Chinese threat actors breached Japan’s cybersecurity agency Human trafficking into cyber scams China set to approve first generative AI services Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
8/31/20237 minutes, 2 seconds
Episode Artwork

FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty

FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
8/30/20238 minutes, 19 seconds
Episode Artwork

UK flight outage, the malware Big 3, spyware firm breached

UK network outage grounds flights The malware loader Big 3 Another spyware firm breached Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
8/29/20236 minutes, 35 seconds
Episode Artwork

Cisco fixes flaws, Windows BSOD reappears, FBI Barracuda warning

Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
8/28/20237 minutes, 54 seconds
Episode Artwork

Week in Review: Health hackers evolve, generative AI cyberattacks, NK spooks drills

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com  
8/25/202331 minutes, 49 seconds
Episode Artwork

Lazarus exploits ManageEngine, Rockwell ThinManager vulnerabilities, Mississippi hospital attack

Lazarus Group exploits ManageEngine to drop new RATS on internet and healthcare Vulnerabilities in Rockwell ThinManager threaten industrial control systems Mississippi hospital system suffers cyberattack Huge thanks to our sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit to get started today. For the stories behind the headlines, head to CISOseries.com.
8/25/20237 minutes, 30 seconds
Episode Artwork

Tornado Cash indictment, UN cybercrime treaty, Lazarus crypto cashout

Tornado Cash developers face indictment UN begins final cybercrime treaty talks FBI warns of North Korean crypto cash out Huge thanks to our sponsor, HyperProof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
8/24/20236 minutes, 37 seconds
Episode Artwork

CISOs’ cybersecurity confidence, Healthcare cyberbreach report, Duo outage

CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents Cyber Health Report: Hacker entry point shifts from email to network Duo outage causes Azure Auth authentication errors Huge thanks to our sponsor, HyperProof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, head to CISOseries.com.  
8/23/20238 minutes, 36 seconds
Episode Artwork

ChatGPT botnet, Brits tip ransomware targets, Tesla's insider breach

ChatGPT used in crypto botnet Brits tipping off ransomware targets Tesla data breach caused by insiders Huge thanks to our sponsor, HyperProof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
8/22/20237 minutes, 23 seconds
Episode Artwork

NK attacks drills, Android APK malware, space industry warning

North Korean hackers suspected of targeting S. Korea-US drills Android malware apps use APK compression to evade detection Security agencies warn space industry of increased attacks Huge thanks to our sponsor, HyperProof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
8/21/20237 minutes, 17 seconds
Episode Artwork

Week in Review: Ford WiFi vulnerability, LockBit’s publication struggle, Government ZeroTrust confidence

Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest, Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group Thanks to our show sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.  All links and the video of this episode can be found on CISO Series.com
8/18/202326 minutes
Episode Artwork

Cybercriminals finetune AI, Government ZeroTrust confidence, Citrix vulnerability warning

Influence operators fine-tuning AI to deceive targets 67% of government agencies claim confidence in adopting zero trust CISA warns of urgent Citrix vulnerability Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.
8/18/20236 minutes, 48 seconds
Episode Artwork

LockBit struggles, Google's quantum resilient key, orgs excitedly unprepared for AI

LockBit struggles to publish leaked data Google’s quantum resilient security key Organizations optimistic and unprepared for AI Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
8/17/20236 minutes, 44 seconds
Episode Artwork

LinkedIn accounts hijacked, Chinese spies hack US congressman's email, US watchdog plans to regulate data brokers

  Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, visit CISOseries.com.
8/16/20237 minutes, 20 seconds
Episode Artwork

Moovit bug, Black Hat's NOC, DDoS origins

Moovit bug allowed for free rides A look at Black Hat’s network operations center Business and gaming disputes lead to DDoS attacks Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
8/15/20236 minutes, 57 seconds
Episode Artwork

Ford WiFi vulnerability, Government reviews Azure hack, TripAdvisor ransomware

Ford says cars with WiFi vulnerability still safe to drive Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack Knight ransomware distributed in fake TripAdvisor complaint emails Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.
8/14/20238 minutes, 35 seconds
Episode Artwork

Week in Review: Microsoft slapped by Tenable, Tampa Hospital lawsuit, Zoom's AI decision

Link to blog post This week’s Cyber Security Headlines – Week in Review, August 7-11, is hosted by Rich Stroffolino  with guest, Michael Woods, CISO, GE Thanks to our show sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at Conveyor. All links and the video of this episode can be found on CISO Series.com
8/11/202324 minutes, 44 seconds
Episode Artwork

CISA’s .NET warning, Compellent exposes VMWare, DEFCON AI challenge

CISA Warns organizations of exploited vulnerability affecting .NET, Visual Studio Dell Compellent hardcoded key exposes VMware vCenter admin creds DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas Thanks to today's episode sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
8/11/20238 minutes, 12 seconds
Episode Artwork

AI Cyber Challenge, eavesdropping typing app, Android cellular security

AI Cyber Challenge announced at Black Hat Tencent typing app had real time “eavesdropper” Google adds cellular security to Android Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are HUNDREDS of questions long are no match for Conveyor’s GPT-security questionnaire tool - the most accurate questionnaire automation tool on the market. It’s so accurate that you can even let customers upload their own questions in your portal to get instant answers generated from your content. For questionnaires you still need complete, infosec and sales teams are spending 89% less time on answering questionnaires because they’re getting accurate answers to entire questionnaires that they don’t have to re-write. Try a free proof of concept with your own data. Learn more at www.conveyor.com
8/10/20237 minutes, 23 seconds
Episode Artwork

Google’s Messages app now encrypts chats, Electoral Commission apologizes to UK voters, Banks hit with fines for using chat apps

Google’s Messages app now uses RCS to encrypt chats Electoral Commission apologizes for security breach involving UK voters’ data Banks hit with over $500 million in fines for using out-of-band chat apps Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
8/9/20238 minutes, 52 seconds
Episode Artwork

K-12 cyber initiatives, Russian missile contractor breached, LLMs getting worse

White House rolls out school cyber initiatives North Koreans breach Russian missile developer Large language models getting worse at math Thanks to today's episode sponsor, Conveyor GPT for security questionnaires? Conveyor has already built that for you. Conveyor’s GPT-questionnaire response tool is so accurate, you can use it in two ways. One: Let your customers upload their own questions in your trust portal to get AI-generated answers based on the content in your portal. And Two: It’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Try a free proof of concept with your own data to see it in action. Learn more at www.conveyor.com
8/8/20236 minutes, 31 seconds
Episode Artwork

Tenable smacks Microsoft, hospital ransomware attacks, accurate acoustic spyware

Microsoft resolves vulnerability following criticism from Tenable CEO FBI investigating ransomware attack crippling hospitals across 4 states New acoustic attack steals data from keystrokes with 95% accuracy Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
8/7/20237 minutes, 40 seconds
Episode Artwork

Week in Review: IDOR vulnerability warning, Israel refinery cyberattack, spies bemoan AI training

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 31-August 4, is hosted by Rich Stroffolino with guest, Jeff Hudesman, CISO, Pinwheel Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev.
8/4/202322 minutes, 31 seconds
Episode Artwork

Fortinet tops vuln list, malicious Chrome Rilite, more Ivanti issues

Fortinet VPN bug tops CISA’s list of most exploited vulnerabilities in 2022 Chrome malware Rilide targets enterprise users via PowerPoint guides Researchers discover bypass for recently fixed Ivanti EPMM vulnerability Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.
8/4/20238 minutes, 27 seconds
Episode Artwork

Australia considers WeChat ban, US company aiding APTs, Veilid coming to DEF CON

Australian Senate recommends banning WeChat US company accused of aiding APT Hacking group to detail P2P protocol at DEF CON  Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
8/3/20236 minutes, 40 seconds
Episode Artwork

Musk sues disinformation researchers, Cloud host found facilitating state-backed cyberattacks, UK spy agencies want to relax ‘burdensome’ AI laws

Musk sues disinformation researchers for driving away advertisers Researchers claim cloud host facilitated state-backed cyberattacks UK spy agencies want to relax ‘burdensome’ laws on AI data use Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, visit CISOseries.com.
8/2/20237 minutes, 52 seconds
Episode Artwork

National plan for cyber education, DeFi code exploit, study on cyber insurance

White House releases National Cyber and Workforce Education Strategy  Latest DeFi exploit sees millions in losses No link found between cyber insurance and paying ransoms Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
8/1/20236 minutes, 23 seconds
Episode Artwork

Israel refinery cyberattack, TSA pipeline guidelines, CISA’s IDOR warning

Israel’s largest oil refinery website offline amid cyber attack claims TSA renews cybersecurity guidelines for pipelines CISA AND Australia warn of IDOR vulnerabilities after major breaches Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.
7/31/20238 minutes, 33 seconds
Episode Artwork

Week in Review: Stolen Microsoft key, government Maximus breach, Clop on clearweb

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 24-28, is hosted by Rich Stroffolino  with guest, TC Niedzialkowski‌, CISO, Nextdoor Thanks to today’s episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. All links and the video of this episode can be found on CISO Series.com  
7/28/202323 minutes, 49 seconds
Episode Artwork

Maximus breach, Ubuntu Linux vulnerabilities, Cardio company cyberattack

Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
7/28/20238 minutes, 15 seconds
Episode Artwork

Cyber exec convicted, SEC disclosure, how the government gets breached

Russian court convicts cyber security executive of treason SEC to require incident disclosure Government cyber attacks rely on valid credentials Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
7/27/20236 minutes, 49 seconds
Episode Artwork

TETRA encryption flaws, Zenbleed strikes, Norway's government hit with Ivanti flaw

Vulnerability found in TETRA encryption Ryzen CPUs vulnerable to Zenbleed exploit Norwegian government breached with Ivanti zero-day Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com.
7/26/20236 minutes, 37 seconds
Episode Artwork

Cyber Security Headlines: Clop leaks on clearweb, EU pushes back on CSA centralization, rising data breach costs

Clop moves leaked data to clearweb sites EU governments push back on centralized cyber reporting Cost of data breaches up 15% Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
7/25/20236 minutes, 50 seconds
Episode Artwork

Azure hack deepens, JumpCloud is Lazarus, DHL MOVEIt victim

Microsoft key stolen by Chinese hackers provided access far beyond Outlook JumpCloud breach traced back to North Korean state hackers DHL investigating MOVEit breach as number of victims surpasses 20 million Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
7/24/20238 minutes, 35 seconds
Episode Artwork

Week in Review: Fast acting Gamaredon, WormGPT AI weapon, Microsoft Azure mystery

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 17-21, is hosted by Rich Stroffolino with our guest, Dimitri van Zantvliet, CISO, Dutch Railways Thanks to our show sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more here.  All links and the video of this episode can be found on CISO Series.com  
7/21/202323 minutes, 35 seconds
Episode Artwork

New Redis worm, more ColdFusion confusion, Estée Lauder breached

New P2PInfect worm targeting Redis servers on Linux and Windows systems Adobe releases new patches for exploited ColdFusion vulnerabilities Estée Lauder breached by two ransomware groups And now a word from our sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com.
7/21/20237 minutes, 51 seconds
Episode Artwork

A rise in complex DDoS attacks, Mi6 warns of data traps, Microsoft expands log access

Complex DDoS attacks on the rise MI6 warns of Chinese data traps Microsoft expands cloud log access And now a word from our sponsor, OpenVPN Karim Hakim, CTO at Hakim Misr Paco, says that CloudConnexa has given him some long-sought peace of mind. “OpenVPN has helped my company to access remote nodes securely without worrying about security protocols,” he says. “My company has been looking for a similar solution for years, and we finally got what we were looking for.” Read more at the link in our show notes.
7/20/20236 minutes, 43 seconds
Episode Artwork

US launches IoT security labeling program, Renewable tech could pose electric grid risk, US blacklists two more spyware firms

US government launches IoT security labeling program Renewable technologies could pose risk to US electric grid US blacklists two spyware firms run by Israeli former general And now a word from our sponsor, OpenVPN Stephen Haecker, Chief Technology Officer at Carteras Colectivas, relies on Cloud Connexa customer support for his remote team. “I have used them about once per month to help with our growing networks,” he says, “and the service quality is great with quick turnarounds.” Haecker appreciates the consistency of the support team, and their personalized approach. Read more at the link in our show notes. For the stories behind the headlines, visit CISOseries.com.
7/19/20237 minutes, 25 seconds
Episode Artwork

JumpCloud Breach, LockBit attacks Wisconsin, Typos leak military emails

JumpCloud breached by APT Wisconsin allegedly hit by LockBit Typos leaking military emails And now a word from our sponsor, OpenVPN Zach Belhadri, the Infrastructure Manager at Knight Capital, shares why using Cloud Connexa for his team’s security has been a game changer. With the Cybershield feature, he’s able to prevent malware, phishing, and other threats by restricting access to only authorized and trusted internet destinations. He calls Cloud Connexa “an awesome product with huge potential.” Read more at the link in our show notes.
7/18/20237 minutes, 2 seconds
Episode Artwork

Fast-acting Gamaredon, WormGPT improves phishing, Microsoft email mystery

Russia-linked Gamaredon starts stealing data 30 to 50 minutes after initial compromise New AI tool – WormGPT allows for sophisticated cyber attacks Microsoft still unsure how hackers stole Azure AD signing key And now a word from our sponsor, OpenVPN We asked Anthony Hook, the CTO at Dataweavers, if he would recommend Cloud Connexa to other companies. His response? A resounding yes! With Cloud Connexa, he says  “we bypassed the clunky client-owned VPNs and networks, gaining a seamless, secure, and efficient connectivity solution.” Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com.
7/17/20238 minutes, 7 seconds
Episode Artwork

Week in Review: Threat actors access government email, USB drive attacks spiking, cloud environment breaches

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 10-14, is hosted by Sean Kelly with our guest, Yaron Levi, CISO, Dolby Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. All links and the video of this episode can be found on CISO Series.com
7/14/202327 minutes, 10 seconds
Episode Artwork

USB malware spikes, Honeywell, Rockwell vulnerabilities, ransomware remains profitable

USB drive malware attacks spiking again in first half of 2023 Users of Honeywell Experion DCS platforms urged to patch 9 vulnerabilities immediately Ransomware gangs have extorted $449 million this year Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to CISOseries.com.
7/14/20238 minutes, 45 seconds
Episode Artwork

NATO cyber pledges, tax prep data shared, a decrease in crypto crime

What we know about NATO cyber pledges  Tax prep companies “recklessly” shared data Report finds decrease in crypto crime Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
7/13/20236 minutes, 52 seconds
Episode Artwork

Silk Road advisor sentenced, HCA Health data breach, Google hit with AI tool training lawsuit

Silk Road’s senior advisor sentenced to 20 years in prison 11 million HCA patients impacted by data breach Google hit with lawsuit alleging it stole user data to train its AI tools Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, visit CISOseries.com.
7/12/20239 minutes, 43 seconds
Episode Artwork

JumpCloud resets API keys, Genesis Market for sale, an EU-US data transfer agreement

JumpCloud resets customer API keys Would you be interested in a slightly used dark web market?  US and EU agree on new data transfer agreement Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale.
7/11/20236 minutes, 57 seconds
Episode Artwork

BigHead Windows ransomware, RedEnergy targets utilities. more MOVEIt problems

New ‘Big Head’ ransomware displays fake Windows update alert RedEnergy stealer-as-a-ransomware threat targeting energy and telecom sectors Three new MOVEit bugs spur CISA warning as more victims report breaches Thanks to this week's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. For the stories behind the headlines, head to CISOseries.com.
7/10/20237 minutes, 43 seconds
Episode Artwork

Week in Review: TSMC supplier attacked, cardiac device warning, hospital ransomware increasing

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 3-7, is hosted by Rich Stroffolino with our guest, Hadas Cassorla, CISO, M1 Thanks to today’s episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. All links and the video of this episode can be found on CISO Series.com  
7/7/202323 minutes, 57 seconds
Episode Artwork

Shell MOVEit breach, Pepsi bottler breach, INTERPOL nabs OPERA1ER

Shell confirms MOVEit-related breach after ransomware group leaks data 28,000 impacted by data breach at Pepsi Bottling Ventures INTERPOL nabs hacking crew OPERA1ER’s leader behind $11 million cybercrime Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com.
7/7/20238 minutes, 1 second
Episode Artwork

Japanese port hit with ransomware, EU court orders Meta data changes, White House can't contact social companies

Japan’s major port hit with ransomware European court orders changes to Meta’s data practices Injunction restricts White House contact with social media companies Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today.
7/6/20236 minutes, 53 seconds
Episode Artwork

BlackCat pushes CobaltStrike, cardiac device warning, unpatched Fortigate firewalls

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads CISA issues warning for cardiac device system vulnerability 330,000 FortiGate firewalls still unpatched to CVE-2023-27997 RCE flaw Thanks to today's episode sponsor, SlashNext SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. For the stories behind the headlines, head to CISOseries.com.  
7/5/20238 minutes, 15 seconds
Episode Artwork

Semiconductor giant attacked, State websites hacked, Russian Telecom infiltrated

Semiconductor giant says IT supplier was attacked, LockBit makes related claims Several US states investigating ‘SiegedSec’ hacking campaign Russian telecom confirms hack after group backing Wagner boasted about an attack Thanks to today's episode sponsor, SlashNext  For the stories behind the headlines, head to CISOseries.com.
7/3/20238 minutes, 9 seconds
Episode Artwork

Week in Review: SolarWinds CISO blamed, Military smartwatch mystery, submarine cable risk

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 26-30, is hosted by Rich Stroffolino with our guest, Cassio Goldschmidt, CISO, ServiceTitan Thanks to our show sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to  suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. All links and the video of this episode can be found on CISO Series.com  
6/30/202324 minutes, 10 seconds
Episode Artwork

SolarWinds CISOs blamed, ThirdEye Windows malware, Government extends canary

SEC notice to SolarWinds CISO and CFO roils cybersecurity industry Newly uncovered ThirdEye Windows-based malware steals sensitive data Cyber Command to expand ‘canary in the coal mine’ unit working with private sector Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s identity and threat detection capabilities, you can detect and respond to  suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
6/30/20237 minutes, 35 seconds
Episode Artwork

Federal networks fail CISA rules, US AI chip bans, MOVEit victims grow

Federal network devices fail CISA requirements US considering more AI chip export bans  The scope of MOVEit vulnerability Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security.  Take action with AppOmni. Secure your organization’s most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
6/29/20237 minutes, 5 seconds
Episode Artwork

Over 6,500 arrested since EncroChat hack, Third-party vendor hack exposes American and Southwest data, Microsoft service outage woes continue

  Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s identity and threat detection capabilities, you can detect and respond to  suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
6/28/20237 minutes, 57 seconds
Episode Artwork

Monopoly darknet charges, Activision Blizzard DDoS, 5G aircraft deadline

Monopoly darknet operator charged Activision Blizzard games hit with DDoS 5G deadline could impact flights Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security.  Take action with AppOmni. Secure your organization’s most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
6/27/20236 minutes, 59 seconds
Episode Artwork

CISA adds vulnerabilities, mysterious military smartwatches, more Office problems

CISA adds 6 flaws to known exploited vulnerabilities catalog US military personnel report receiving smartwatches in the mail Microsoft 365 users new Outlook and Teams problems Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni’s identity and threat detection capabilities, you can detect and respond to  suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com
6/26/20237 minutes, 43 seconds
Episode Artwork

Week in Review: Microsoft confirms cyberattack, more MOVEit damage, reddit hit with ransomware

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 19-23, is hosted by Rich Stroffolino with our guest, Janet Heins, CISO, iHeartMedia Thanks to our show sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. All links and the video of this episode can be found on CISO Series.com
6/23/202321 minutes, 35 seconds
Episode Artwork

Canadian breaches increase, new China backdoor, kinetic warfare threat

Cybersecurity breaches more than double among Canadian businesses Experienced China-based hacking group has new backdoor tool Cyberattacks on OT, ICS lay groundwork for kinetic warfare Thanks to today's episode sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. Just go ahead and discover your SaaS usage. For the stories behind the headlines, head to CISOseries.com.
6/23/20237 minutes, 46 seconds
Episode Artwork

DoJ targets nation-state actors, Apple fixes Triangulation zero-day, Schumer unveils strategy to regulate AI

New DoJ cyber prosecution team will go after nation-state threat actors Apple fixes zero-days used to deploy Triangulation spyware Schumer unveils strategy to regulate AI Thanks to today's episode sponsor, Wing Security Shadow IT is an evolving pain and a security risk, especially in today’s decentralized work environments. Now’s the time to regain control of your SaaS usage by taking advantage of Wing’s Free SaaS Shadow IT discovery solution. Check out wing.security to self-onboard today, no strings attached. For the stories behind the headlines, visit CISOseries.com.
6/22/20237 minutes, 37 seconds
Episode Artwork

Rorschach ransomware, Australian government data leak, security market outpaces tech

Rorschach ransomware takes the speed crown Data leak impacts Australian government Cyber security market growth outpaces tech sector Thanks to today's episode sponsor, Wing Security Can you answer these three questions confidently? 1. How many SaaS applications are used in your organization? 2. Which permissions did users provide these applications? and 3. What is the data that flows in and in between these applications? Wing provides the answers. In fact, it discovers your SaaS usage completely for free, no time limit. Visit wing.security to self-onboard.
6/21/20236 minutes, 52 seconds
Episode Artwork

Reddit's ransom, UK shuffles cyber chief, Binance reaches SEC deal

Reddit hit with ransom demand UK’s cyber chief moves on to organized crime Binance reaches deal with the SEC Thanks to today's episode sponsor, Wing Security The first step to securing your organization’s SaaS usage is knowing which SaaS applications your employees are using. 3rd party included. Wing offers a completely free, SaaS Shadow IT Discovery tool. You can find it at wing.security and self onboard. No sales in the process, no credit card needed, no time-limit. It takes minutes to discover your organization's SaaS usage.
6/20/20236 minutes, 52 seconds
Episode Artwork

Microsoft’s June cyberattacks, third MOVEit vulnerability, US Clop bounty

Microsoft says early June service outages were cyberattacks Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted US govt offers $10 million bounty for info on Clop ransomware Thanks to today's episode sponsor, Wing Security The folks at Wing believe that SaaS Shadow IT discovery is the basic first step to securing your SaaS usage. They believe it so strongly that they launched a completely free SaaS Shadow IT Discovery solution. Check out wing.security to self-onboard today, no strings attached, no time limit. Wing.security. For the stories behind the headlines, head to CISOseries.com.
6/19/20237 minutes, 18 seconds
Episode Artwork

Week in Review: Microsoft banking warning, undetectable BatCloak malware, more MOVEit vulnerabilities

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 12-16, is hosted by Sean Kelly with our guest, Phil Beyer, former Head of Security, Etsy Thanks to our show sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor’s GPT-questionnaire tool – now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don’t have to re-write. Try a free proof of concept with your own data to see it in action. See what security and sales teams are raving about at www.conveyor.com All links and the video of this episode can be found on CISO Series.com    
6/16/202321 minutes, 47 seconds
Episode Artwork

US federal agencies affected by MOVEit breach, Pentagon leak suspect indicted, Suspected LockBit ransomware affiliate nabbed

US federal agencies affected by MOVEit vulnerability Pentagon leak suspect indicted by a federal grand jury Suspected LockBit ransomware affiliate nabbed Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor’s GPT-questionnaire tool - now with a browser extension for complex portals. Get GPT-generated precise answers to entire questionnaires so your review takes seconds. Now you can spend 89% less time completing questionnaires when you get accurate answers you don’t have to re-write. Try a free proof of concept with your own data to see it in action. See what security and sales teams are raving about at www.conveyor.com For the stories behind the headlines, visit CISOseries.com.  
6/16/20237 minutes, 35 seconds
Episode Artwork

China ESXi exploit, WooCommerce vulnerability, Lockbit ransom report

China-linked APT group spotted exploiting a VMware ESXi zero-day Hundreds of thousands of ecommerce sites impacted by critical plugin vulnerability 7-Nation LockBit report shows US paid over $90m in ransoms since 2020 Thanks to today's episode sponsor, Conveyor Let’s gladly pass the most thankless job in cybersecurity – completing customer security questionnaires –  to the AI bots. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools that only provide lousy “near hits” from your library. Try a free proof of concept with your own data. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
6/15/20238 minutes, 32 seconds
Episode Artwork

Amazon server outage, Fortinet zero-day exploited, US intelligence buys personal data

Amazon server outage broke fast food apps among other things Update: Fortinet warns of possible zero-day exploited in limited attacks US intelligence confirms it buys Americans’ personal data Thanks to today's episode sponsor, Conveyor What’s better than using Conveyor’s GPT-questionnaire response tool to generate precise answers to security questionnaires? Letting customers upload their own questionnaires to your portal and getting back answers in seconds - all based on the content in your knowledge base.  Think of it like a security questionnaire ATM. A prospect clicks through an NDA, uploads questions and gets all the answers they need from the bot, all without ever having to speak to you. We call that a win-win. Learn more at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
6/14/20237 minutes, 27 seconds
Episode Artwork

Fortigate firewall flaw, BatCloak’s undetectable malware, Swiss government cyberattacks

Critical RCE flaw discovered in Fortinet FortiGate firewalls BatCloak engine makes malware fully undetectable Swiss Government targeted by series of cyberattacks Thanks to today's episode sponsor, Conveyor Tried to use GPT to fill out questionnaires yet? We already built that for you. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s also a browser extension for complex portals and other scary questionnaires. Best part is, it actually works. Try a free proof of concept with your own data to see it in action. You won’t be disappointed. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com.
6/13/20237 minutes, 35 seconds
Episode Artwork

Faked journalist hack, Strava leaks locations, Reddit API protests

Faked crypto journalists steal real crypto Strava heat maps leak addresses API changes lead to Reddit protests Thanks to today's episode sponsor, Conveyor Let’s gladly pass the most thankless job in cybersecurity – completing customer security questionnaires –  to the AI bots. Conveyor’s GPT-questionnaire response tool auto-generates precise, accurate answers to entire questionnaires. With accuracy far superior to other tools, you can spend almost zero time reviewing generated answers. There’s an in platform auto-fill feature or a browser extension for tricky portals. Stop settling for mediocre tools that only provide lousy “near hits” from your library. Try a free proof of concept with your own data. Learn more at www.conveyor.com.
6/12/20237 minutes, 38 seconds
Episode Artwork

Week in Review: Hipponen’s malware warning, outwitting hackers, Clop’s MoveIt attack

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 5-9, is hosted by Rich Stroffolino with our guest, Joshua Scott, Head of Security and IT, Postman Thanks to our show sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries All links and the video of this episode can be found on CISO Series.com  
6/9/202320 minutes, 32 seconds
Episode Artwork

PowerDrop targets Defense, YKK zipper attacked, Barracuda urges replacement

New PowerDrop malware targets U.S. aerospace defense industry Zipper giant YKK confirms cyberattack targeted U.S. networks Barracuda urges customers to replace vulnerable appliances immediately Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, head to CISOseries.com.
6/9/20238 minutes, 16 seconds
Episode Artwork

Google email authentication, SEC data breaches, Clop asks victims to email

Google improves brand email authentication  SEC drops cases due to data protection failures Clop asks victims to contact it for a ransom Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries
6/8/20237 minutes, 16 seconds
Episode Artwork

Microsoft $20M COPPA settlement, Hactivists take credit for Outlook.com outages, SEC accuses Coinbase of breaking US regulations

  Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, visit CISOseries.com.
6/7/20237 minutes, 56 seconds
Episode Artwork

Satellite hacking, Atomic Wallet breach, SEC sues Binance

Satellite hacking at DEF CON Atomic Wallet investigating losses SEC sues Binance Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries
6/6/20236 minutes, 37 seconds
Episode Artwork

Switzerland Xplain attack, BlackSuit resembles Royal, Microsoft retires Cortana

Xplain hack impacts Swiss cantonal police and Fedpol BlackSuit shows similarities to Royal Microsoft is retiring Cortana on Windows Thanks to this week's episode sponsor, Trend Micro Hybrid work, cloud adoption, and shadow IT have introduced new cybersecurity risks to organizations. Security leaders are left asking, “How can I manage our expanding attack surface?” Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities in their “Risk to Resilience World Tour. Hear from experts on the latest threat landscape trends, solutions, and platform strategies to manage risk and defend your organization with speed and accuracy. Find the closest city to you and register today to take a leap towards a more resilient future. Head to trendmicro.com/cisoseries For the stories behind the headlines, head to CISOseries.com.  
6/5/20238 minutes, 44 seconds
Episode Artwork

Week in Review: Amazon Ring privacy violations, Gigabyte firmware problems, AI extinction threat

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 29-June 2, is hosted by Sean Kelly with our guest, Howard Holton, CTO, GigaOm Thanks to today’s episode sponsor, Barricade Cyber   Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com All links and the video of this episode can be found on CISO Series.com    
6/2/202325 minutes, 13 seconds
Episode Artwork

Amazon Ring privacy violations, Kaspersky triangulation APT, CyberCommand Hartman

Amazon Ring, Alexa accused of privacy violations by FTC Kaspersky reports on new mobile APT campaign targeting iOS devices              White House to choose Army general Hartman to be Cyber Command No. 2 Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com.
6/2/20237 minutes, 45 seconds
Episode Artwork

More Toyota leaks, Gigabyte firmware issues, Twitter Community Notes for images

Toyota finds more cloud leaks Gigabyte firmware update system insecure Twitter expands Community Notes to images Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com
6/1/20236 minutes, 57 seconds
Episode Artwork

Experts warn of extinction from AI, Hackers demand $3 million from Scandinavian Airlines, Theranos founder surrenders to 11-year prison term

Leading experts warn of a risk of extinction from AI Hackers demand $3 million from Scandinavian Airlines Theranos founder turns herself in for 11-year prison term Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, visit CISOseries.com.
5/31/20237 minutes, 23 seconds
Episode Artwork

GobRAT targets Linux, RPMSG messages exploited, Augusta Georgia cyberattack

New GobRAT remote access trojan targeting Linux routers in Japan Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks             Hackers hold city of Augusta hostage in a ransomware attack Thanks to today's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com.
5/30/20238 minutes, 36 seconds
Episode Artwork

Week in Review: Industrial infrastructure threat, BEC attempts on the rise, TikTok’s Texas progress

Link to Blog Post Cyber Security Headlines – Week in Review, May 22-26, is hosted by Rich Stroffolino with our guest, Rich Greenberg, ISSA Distinguished Fellow and Honor Roll Thanks to our show sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It’s a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. All links and the video of this episode can be found on CISO Series.com  
5/26/202323 minutes, 35 seconds
Episode Artwork

GDPR turns 5, GitLab patches vulnerability, Russian industrial malware

GDPR is 5 years old, and over 1 million people have asked to be forgotten GitLab security update patches critical vulnerability        Mysterious malware designed to cripple industrial systems linked to Russia   And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.
5/26/20237 minutes, 57 seconds
Episode Artwork

Google launches GUAC, Barracuda zero-day, campaign targets Kenyan debt

Google launches GUAC Barracuda gateways breached by zero-day Cyberattacks focus on Kenya’s Chinese debt And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
5/25/20237 minutes, 3 seconds
Episode Artwork

TikTok sues Montana, US sanctions orgs behind North Korea’s 'illicit' IT worker army, Fake Twitter images spook stock market

TikTok sues Montana after state bans app US sanctions orgs behind North Korea’s ‘illicit’ IT worker army Fake images on Twitter briefly spook the stock market And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, visit CISOseries.com.
5/24/20238 minutes, 8 seconds
Episode Artwork

Meta's Record EU fine, China bans Micron, Tornado Cash hacked

Meta receives record fine over EU data transfers China bans Micron over cybersecurity risks Crypto mixer hijacked And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com.
5/23/20237 minutes, 16 seconds
Episode Artwork

HP’s bricked printers, PyPi repository attack, Samsung security flaw

HP rushes to fix bricked printers after faulty firmware update PyPI repository under attack: User sign-ups and package uploads temporarily halted  New security flaw exposed in Samsung devices And now a word from our sponsor, Sonrai Security Did you know that 81% of breaches are due to compromised identities? It's a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.
5/22/20237 minutes, 37 seconds
Episode Artwork

Week in Review: Supreme Court’s 230 ruling, Tech giants hit, TLD phishing vectors

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 15-19, is hosted by Rich Stroffolino with our guest, Dave Hannigan, CISO, Nubank Thanks to our show sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity and cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. All links and the video of this episode can be found on CISO Series.com
5/19/202327 minutes, 41 seconds
Episode Artwork

Supreme Court’s 230 ruling, Montana bans TikTok, Guerilla smartphone malware

Supreme Court shields Twitter from liability and leaves Section 230 untouched Montana governor bans TikTok Millions of smartphones distributed worldwide with preinstalled ‘Guerrilla’ malware Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, head to CISOseries.com.
5/19/20238 minutes, 15 seconds
Episode Artwork

Lancefly in Asia, Meta EU fine, TLD phishing

Lancefly group hits Asia Meta facing record EU privacy fine New TLDs a vector for phishing Thanks to today's episode sponsor, Hunters There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.
5/18/20237 minutes, 14 seconds
Episode Artwork

Inside RaaS, cyber education initiatives, attacking TP-Link routers

An inside look at RaaS White House cyber strategy goes big on education Chinese attackers hit TP-Link routers Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of redundant detection engineering and manual event correlation – allowing SOC analysts to focus on higher-value tasks. Visit hunters.security to learn how your SOC can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.  
5/17/20237 minutes, 29 seconds
Episode Artwork

Philadelphia Inquirer cyber attack, DOT breach exposes federal employee data, 3 million data breach notices sent to SchoolDude users

Cyber attack hits Philadelphia Inquirer Transportation Department cyber breach exposes federal employee data 3 million data breach notices being sent to SchoolDude users  Thanks to today's episode sponsor, Hunters Relying on a SIEM in 2023 is like living in a college dorm room, post-graduation - you’re operating in an environment you’ve out-grown. The Hunters SOC Platform is purpose built to help your Security Operations mature to the level you need to be at. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. It’s time to Move Beyond SIEM. Visit Hunters.security to learn more and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, visit CISOseries.com.
5/16/20237 minutes, 21 seconds
Episode Artwork

Discord suffers data breach, Toyota data exposed, ABB confirms incident

Discord suffers data breach Car location data of 2 million Toyota customers exposed for ten years Swiss tech giant ABB confirms ‘IT security incident’ Thanks to today's episode sponsor, Hunters Hunters is a SOC platform, built for your security team. Hunters empowers companies to move beyond SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer “tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%.” It’s time to Move Beyond SIEM. Visit hunters.security to learn more and let them know you heard about Hunters on the CISO Series. For the stories behind the headlines, head to CISOseries.com.
5/15/20237 minutes, 9 seconds
Episode Artwork

Week in Review: Easterly AI warning, Windows admin alerts, Dallas ransomware fallout

Link to Blog Post Cyber Security Headlines – Week in Review, May 8-12, is hosted by Rich Stroffolino with our guest, Paul Connelly, Former CISO, HCA Healthcare Thanks to today’s episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
5/12/202322 minutes, 49 seconds
Episode Artwork

Twitter encrypts messages, Microsoft’s Outlook patch, Seoul hospital breached

Twitter launches encrypted private messages Microsoft releases fix for patched Outlook issue exploited by Russian hackers North Korea-linked APT group breaches the Seoul National University Hospital Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.  Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
5/12/20238 minutes, 14 seconds
Episode Artwork

Leaked Intel keys, trading security for fps, new phishing-as-a-service tool

 The long term impact of leaked Intel Boot Guard keys AtlasOS shrugs at Windows security features Cisco warns of new phishing-as-a-service tool Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.  Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
5/11/20237 minutes, 42 seconds
Episode Artwork

‘Snake’ malware network takedown, ‘PlugwalkJoe’ behind massive 2020 Twitter hack, Justice Department takes down 13 DDoS-for-Hire sites

Operation Medusa takes down ‘Snake’ malware network ‘PlugwalkJoe’ pleads guilty to massive 2020 Twitter hack  Justice Department takes down 13 DDoS-for-Hire sites Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.  Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, visit CISOseries.com.
5/10/20238 minutes, 54 seconds
Episode Artwork

Dallas ransomware, spoofed Facebooks ads, Merck insurance ruling

Dallas still reeling from ransomware Hacked Facebook pages buying Facebook ads Court rules on Merck cyber insurance claim Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.  Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
5/9/20236 minutes, 56 seconds
Episode Artwork

Easterly’s AI warning, Ex-Uber Sullivan sentenced, Play’s Massachusetts ransomware

Top US cyber official warns AI may be the ‘most powerful weapon of our time’ Ex-Uber CSO given three-year probation sentence, avoids prison after guilty verdict Ransomware group behind Oakland attack targets city in Massachusetts Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.  Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
5/8/20238 minutes, 25 seconds
Episode Artwork

Week in Review: Ex-Uber Sullivan’s sentence, SolarWinds detected earlier, AI godfather quits

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 1-5, is hosted by Rich Stroffolino with our guest, Allison Miller, Cybersecurity and Technology Executive Thanks to our show sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
5/5/202324 minutes, 2 seconds
Episode Artwork

Royal ransoms Dallas, new PaperCut exploit, CISA’s Mirai warning

City of Dallas hit by Royal ransomware attack impacting IT services Researchers uncover new exploit for PaperCut vulnerability that can bypass detection Mirai botnet loves exploiting unpatched TP-Link routers, CISA warns Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
5/5/20238 minutes, 23 seconds
Episode Artwork

Meta FTC troubles, CISA urges Covered List, malicious HTML attachments

FTC comes down on Meta monetizing minors CISA urges adoption of Covered List Almost half of HTML attachments found malicious Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
5/4/20237 minutes, 36 seconds
Episode Artwork

Authorities seize 9 crypto exchanges, T-Mobile discloses 2nd data breach of 2023, ‘Godfather of AI’ quits Google

Authorities seize 9 crypto exchanges used for money laundering T-Mobile discloses 2nd data breach of 2023 ‘Godfather of AI’ quits Google and warns of misinformation dangers Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, visit CISOseries.com.
5/3/20237 minutes, 37 seconds
Episode Artwork

Juice jacking, data breach lawsuits, Telegram ban lifted

The academic threat of juice jacking Data breach lawsuits on the rise Telegram ban lifted in Brazil Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
5/2/20237 minutes, 24 seconds
Episode Artwork

Veeam backup targeted, DOJ SolarWinds discovery, Americold frozen out

Hackers target vulnerable Veeam backup servers exposed online DOJ detected the SolarWinds hack 6 months earlier than first disclosed Cold storage giant Americold outage caused by network breach Thanks to today's episode sponsor, TrendMicro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.  For the stories behind the headlines, head to CISOseries.com.
5/1/20237 minutes, 31 seconds
Episode Artwork

Week in Review: Energy sector 3CX attack, PaperCut pain continues, all-in-one infostealer

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, April 24-28, is hosted by Sean Kelly with our guest, Steve Zalewski, former CISO, Levi Strauss and co-host, Defense in Depth. Thanks to today’s episode sponsor, Tines Ready to take security automation up a notch? With Tines, it’s easier than ever! The no-code automation platform is redefining and simplifying security operations – start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more! All links and the video of this episode can be found on CISO Series.com
4/28/202324 minutes, 22 seconds
Episode Artwork

New BellaCiao malware, PaperCut is Clop, Europe tech crackdown

Charming Kitten APT uses a new BellaCiao malware Microsoft blames clop affiliate for PaperCut attacks Big tech crackdown looms as EU, UK ready new rules And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines, it’s easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more! For the stories behind the headlines, head to CISOseries.com.
4/28/20238 minutes, 25 seconds
Episode Artwork

Messaging malware update, China reclassifies cyberattacks, more cyberattacks don't use malware

Messaging app update distributes malware China reclassifies cyberattacks Malware-free cyberattacks on the rise And now a word from our sponsor, Tines Ask anyone at RSA; security teams can’t operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines, users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more!
4/27/20236 minutes, 23 seconds
Episode Artwork

US policing AI use for civil rights violations, Bill proposes security testing centers for government tech, Microsoft Edge leaking browsing data to Bing

US policing use of AI for civil rights violations Bill proposes new security testing centers for critical government tech Microsoft Edge is leaking user browsing data to Bing And now a word from our sponsor, Tines To proactively protect against threats, you need a culture of cybersecurity - and solutions that facilitate this. With Tines’ no-code automation platform, you can: 1. Remediate threats faster. 2. Improve automation. 3. Control access to your data. 4. Create a culture of cybersecurity. Tines allows users to leverage real-time information across any stage of an automated workflow! Visit Tines.com to learn more. For the stories behind the headlines, visit CISOseries.com.
4/26/20237 minutes, 3 seconds
Episode Artwork

Threat group taxonomy, disabling EDR, North Dakota's AI cyber tools

 A call to standardize threat group naming Threat actors using new tool to disable EDR North Dakota turns to AI for cyber And now a word from our sponsor, Tines Ready to take security automation up a notch? With Tines, it’s easier than ever! The no-code automation platform is redefining and simplifying security operations - start building mission-critical workflows and apps that streamline processes AND ensure crucial data stays safe while extending the influence of your security team throughout your organization. Visit Tines.com to find out more.
4/25/20237 minutes, 9 seconds
Episode Artwork

3CX hits utilities, CISA PaperCut warning, Hyena devours GPT4

Energy sector orgs in US, Europe hit by same supply chain attack as 3CX CISA adds 3 actively exploited flaws to KEV catalog, including critical PaperCut bug Hyena code poised to devour GPT4 And now a word from our sponsor, Tines Ask anyone at RSA; security teams can’t operate in a silo. No SOAR solutions enable users to dynamically collect information outside their systems and use it at multiple points in an automated workflow - but Tines does! With Tines, users can exchange real-time information outside its platform and use it to drive automated workflows. Visit Tines.com/build to learn more!     For the stories behind the headlines, head to CISOseries.com.
4/24/20237 minutes, 29 seconds
Episode Artwork

Week in Review: 3CX double supply chain attack, Remcos Tax-Day RAT, Surveillance kills morale

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, April 17-21, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services Thanks to our show sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io All links and the video of this episode can be found on CISO Series.com
4/21/202323 minutes, 46 seconds
Episode Artwork

Microsoft 365 outage, Capita burglary evidence, 3CX attack update

Microsoft 365 outage blocks access to web apps and services Capita has 'evidence' customer data was stolen in digital burglary 3CX supply chain attack was the result of a previous supply chain attack Thanks to today's episode sponsor, Pentera  This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.  To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
4/21/20238 minutes, 31 seconds
Episode Artwork

"New class" of Russian attackers, GitHub helps open source security, used routers leak info

NCSC warns of “new class” of Russian adversaries GitHub adds Action to help open source security Used routers hold on to secrets Thanks to today's episode sponsor, Pentera  This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.  To learn more, visit Pentera.io
4/20/20236 minutes, 57 seconds
Episode Artwork

Elon Musk wants to develop TruthGPT, Southwest disrupted by ‘technical issue’, Officials warn of hackers targeting Cisco routers

Elon Musk wants to develop TruthGPT Southwest’s operations resume after a ‘technical issue’ US, UK warn of govt hackers targeting Cisco routers Thanks to today's episode sponsor, Pentera  This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.  To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
4/19/20237 minutes, 40 seconds
Episode Artwork

LockBit on macOS, low code security, and QuaDream shuts down

Ransomware comes for macOS The security considerations of low code Israeli offensive cyber company shutting down Thanks to today's episode sponsor, Pentera  This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.  To learn more, visit Pentera.io
4/18/20236 minutes, 43 seconds
Episode Artwork

Tax Day RAT warning, NCR POS outage, Urgent Chrome fix

Microsoft warns of Remcos RAT campaign targeting tax accountants NCR suffers POS outage after BlackCat ransomware attack Google releases urgent Chrome update to fix actively exploited zero-day vulnerability Thanks to today's episode sponsor, Pentera  This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface.  Pentera’s customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness.  To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
4/17/20237 minutes, 19 seconds
Episode Artwork

Week in Review: Pentagon papers leak, keeping breaches quiet, Cisco air-gaps Webex

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, April 10-14, is hosted by Rich Stroffolino with our guest, Dmitriy Sokolovskiy, CISO, Avid Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salesforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com  
4/14/202324 minutes
Episode Artwork

Google Cloud's weak passwords, pressure on breach disclosure, Discord cooperating on Pentagon leak

Weak passwords targeted on Google Cloud Potential IT snitches warned about employment stitches Discord cooperating with leaked document investigation And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. 
4/14/20236 minutes, 48 seconds
Episode Artwork

Windows Nokoyawa ransomware, LinkedIn pushes verification, Russia’s Ukraine cyberwar

Windows zero-day exploited in Nokoyawa ransomware attacks LinkedIn and Microsoft Entra introduce a new way to verify professional contacts Russian places Ukraine internet infrastructure clearly in its sights, both high tech and low And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment.  For the stories behind the headlines, head to CISOseries.com.
4/13/20237 minutes, 55 seconds
Episode Artwork

Microsoft warns of Azure shared key abuse, Attackers hide stealer behind AI Facebook ads, OpenAI bug bounty program

Microsoft warns of Azure shared key authorization abuse Attackers hide stealer behind AI chatbot Facebook ads OpenAI to launch bug bounty program And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment.  For the stories behind the headlines, visit CISOseries.com.
4/12/20237 minutes, 55 seconds
Episode Artwork

Netherlands adopting RPKI, WordPress backdoor, tracing the Pentagon leak

Netherlands to adopt RPKI Widespread backdoor installed on WordPress sites Tracing leaked Pentagon documents And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment. 
4/11/20236 minutes, 32 seconds
Episode Artwork

Apple zero-day updates, Flipper Zero ban, China Micron probe

Apple releases updates to address zero-day flaws Flipper Zero banned by Amazon for being a ‘card skimming device’ China to probe Micron over cybersecurity, in chip war’s latest battle And now a word from our sponsor, AppOmni  Can you name all the third party apps connected to your major SaaS platforms, like Salseforce,  Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com today to request a free risk assessment.  For the stories behind the headlines, head to CISOseries.com.
4/10/20237 minutes, 3 seconds
Episode Artwork

Week in Review: North Korea hacks 3CX, DISH ransomware lawsuits, Genesis Market seized

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, April 3-7, is hosted by Rich Stroffolino with our guest, Rich Gautier, former CISO, Department of Justice, Criminal Division Was your address caught up in the Genesis Market? Check it here: https://www.politie.nl/en/information/checkyourhack.html#check Thanks to our show sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai. All links and the video of this episode can be found on CISO Series.com
4/7/202322 minutes, 18 seconds
Episode Artwork

Criminal records incident, Samsung’s ChatGPT leak, Money Message ransomware

Criminal records office yanks web portal offline amid 'cyber security incident' Samsung reportedly leaked its own secrets through ChatGPT Money Message ransomware gang claims MSI breach, demands $4 million Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai. For the stories behind the headlines, head to CISOseries.com.
4/7/20237 minutes, 57 seconds
Episode Artwork

Spanish hacker arrested, UK offensive cyber principles, eFile malware

Prominent Spanish hacker arrested The UK’s Offensive Cyber Capabilities Principles eFile site serving malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai.
4/6/20237 minutes, 7 seconds
Episode Artwork

Genesis Market seized by police, Rorschach now the fastest ransomware encryptor, Tax software serving malware

Genesis Market platform seized by police Rorschach is now the fastest ransomware encryptor Tax return software caught serving up malware Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai. For the stories behind the headlines, visit CISOseries.com.
4/5/20237 minutes, 9 seconds
Episode Artwork

TMX data leak, remote work security, WD network breach

TMX reveals customer data leak The security costs of remote work Western Digital confirms network breach  Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai.
4/4/20236 minutes, 28 seconds
Episode Artwork

3CX’s NK connection, WordPress Elementor hack, DISH faces lawsuits

More evidence links 3CX supply-chain attack to North Korean hacking group Hackers exploiting WordPress Elementor Pro Vulnerability, leaving millions of sites at risk DISH slapped with multiple lawsuits after ransomware cyber attack Thanks to today's episode sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.Their cloud-native platform manages data security posture and compliance by automatically tracking risks to sensitive data, visually showing  teams who can  access what, and quickly block unauthorized access or vulnerable points of attack.Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. Go to normalyze.ai. For the stories behind the headlines, head to CISOseries.com.
4/3/20237 minutes, 51 seconds
Episode Artwork

Week in Review: Supply-chain attack on 3CX, AI pause request, WiFi protocol flaw

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, March 27-31, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, American Century Investments Thanks to today’s episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. All links and the video of this episode can be found on CISO Series.com    
3/31/202326 minutes, 35 seconds
Episode Artwork

3CX supply chain attack, Vulkan files leaked, Bing hijacked

Supply-chain attack on business phone provider 3CX could impact thousands of companies Vulkan files leak reveals Putin’s global and domestic cyberwarfare tactics Bing search results hijacked via misconfigured Microsoft app Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.   Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind.   Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/31/20238 minutes, 32 seconds
Episode Artwork

802.11 flaw, activists targeted in threat campaign, call for an AI "pause"

Flaw found in WiFi protocol Environmental activists targeted by threat actors Open letter calls for AI “pause” Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.   Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind.   Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
3/30/20237 minutes, 4 seconds
Episode Artwork

Microsoft unveils OpenAI-based cyber tools, Google accused of destroying antitrust evidence, A million pen tests show security is getting worse

Microsoft unveils OpenAI-based chat tools to combat cyberattacks Google accused of willfully destroying evidence in antitrust battle A million pen tests show companies' security postures are getting worse Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.   Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind.   Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, visit CISOseries.com.
3/29/20237 minutes, 3 seconds
Episode Artwork

Pinduoduo malware, CFTC sues Binance, Twitter takes down source code

Pinduoduo malware confirmed Binance sued by CFTC  Twitter source code takedown  Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.   Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind.   Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
3/28/20237 minutes, 9 seconds
Episode Artwork

UK bans TikTok, Windows Snipping patch, Puerto Rico hack

UK bans TikTok from government mobile phones Microsoft pushes OOB security updates for Windows Snipping tool flaw Vice Society claims attack on Puerto Rico Aqueduct and Sewer Authority Thanks to today's episode sponsor, Trend Micro Cybersecurity is not just about protection, it’s about foresight, agility, and resilience.  Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks.   Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind.   Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/27/20237 minutes, 42 seconds
Episode Artwork

Week in Review: post-ransomware lawsuits, cybersecurity as a hindrance, ChatGPT imposters

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, March 20-24, is hosted by David Spark with our guest, Kurt Sauer, VP, Information security, Workday Thanks to today’s episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list.  Learn more at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
3/24/202324 minutes, 55 seconds
Episode Artwork

Dole data breach, Nexus banking trojan, Pwn2Own Vancouver 2023

Dole discloses data breach after February ransomware attack New Android banking trojan targets financial apps Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?  Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list.  Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
3/24/20237 minutes, 37 seconds
Episode Artwork

More markup leaks, Clop victims go public, Big Tech lobbies on spy law

Another image editor leaks data More Clop victims come forward Big tech lobbies to limit spying law Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you feel like clearing out the ice cream section at your local grocery store? Though we fully support the ice cream thing, you might want to check out Conveyor first: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download security info and for any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com.
3/23/20236 minutes, 50 seconds
Episode Artwork

BreachForums to shut down, Zero-day used to drain Bitcoin ATMs, DC Health Link hacker motivated by Russian patriotism

BreachForums to shut down amidst law enforcement concerns Hackers use zero-day to drain $1.6 million from Bitcoin ATMs DC Health Link hacker motivated by Russian patriotism Thanks to this week's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane?  Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our  GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
3/22/20236 minutes, 38 seconds
Episode Artwork

China leads zero-days, HinataBot DDoS attacks, screenshot vulnerability

China led zero-days in 2022 HinataBot focuses on DDoS attacks Vulnerability lets you uncrop screenshots Thanks to this week's episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?  Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete. Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to knock them completely off your to-do list. Learn more at www.conveyor.com.
3/21/20237 minutes, 28 seconds
Episode Artwork

NBA data breach, Emotet in OneNote, Dutch shipping ransomware

NBA is warning fans of a data breach after a third-party newsletter service hack Emotet malware now distributed in Microsoft OneNote files to evade defenses Dutch shipping giant Royal Dirkzwager confirms Play ransomware attack Thanks to this week's episode sponsor, Conveyor Love security questionnaires? Then you’re going to hate Conveyor: the end-to-end trust platform built to eliminate questionnaires. Infosec teams have reduced questionnaires by 80% by giving their customers access to our self-serve trust portal to download docs and answers.  For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to knock them off your to-do list.  Use all 3 parts of the platform to solve the questionnaire problem or start with one. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.  
3/20/20237 minutes, 57 seconds
Episode Artwork

Week in Review: Critical Outlook bug PoC, CISA Plex warning, YouTube AI infostealers

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, March 13-17, is hosted by Rich Stroffolino  with our guest, JJ Agha, CISO, FanDuel All links and the video of this episode can be found on CISO Series.com
3/17/202325 minutes, 40 seconds
Episode Artwork

Telerik breaches Government, Critical Outlook bug, LockBit threatens SpaceX

US Government IIS server breached via Telerik software flaw Critical Microsoft Outlook bug PoC shows how easy it is to exploit LockBit threatens release of thousands of SpaceX blueprints Brought to you by the CISO Series. For the stories behind the headlines, head to CISOseries.com.
3/17/20237 minutes, 40 seconds
Episode Artwork

Suspects charged in DEA hack, Americans lose billions to scams, TikTok divestment

Two charged in DEA portal hack Americans lose billions in scams TikTok considering divestment Brought to you by the CISO Series.
3/16/20236 minutes, 39 seconds
Episode Artwork

Microsoft phishing warning, Amazon Ring hacked, CISA’s vulnerability program

Microsoft warns of large-scale use of phishing kits to send millions of emails daily Ransomware group claims hack of Amazon's Ring CISA creates new ransomware vulnerability warning program Brought to you by the CISO Series. For the stories behind the headlines, head to CISOseries.com.
3/15/20237 minutes, 42 seconds
Episode Artwork

North Korea targets security researchers, the UK's National Protective Security Authority, bank failures hit crypto

North Korea targets security researchers UK launches National Protective Security Authority Bank failures bleed into crypto Brought to you by the CISO Series.
3/14/20236 minutes, 21 seconds
Episode Artwork

Authorities bust NetWire RAT, CISA warns of Plex bug after LastPass breach, Blackbaud to pay $3 million for misleading disclosure

FBI and international authorities catch a NetWire RAT CISA warns of actively exploited Plex bug after LastPass breach Blackbaud to pay $3 million for misleading ransomware disclosure For the stories behind the headlines, visit CISOseries.com.
3/13/20237 minutes, 9 seconds
Episode Artwork

Week in Review: Royal ransomware warning, water system warning, cloud exploitation rising

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, March 6-10, is hosted by Rich Stroffolino  with our guest, Nick Espinosa, Host, The Deep Dive Radio Show (Daily Podcast & Daily Videos) Thanks to our show sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at ciso.packetlabs.net and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization’s security needs. All links and the video of this episode can be found on CISO Series.com  
3/10/202323 minutes, 54 seconds
Episode Artwork

Biden’s cybersecurity budget, AT&T breach alert, GitHub adds 2FA

Biden’s budget seeks increase in cybersecurity spending AT&T alerts 9 million customers of data breach after vendor hack GitHub makes 2FA mandatory next week for active developers Thanks to today's episode sponsor, Packetlabs Trust the ethical hackers at Packetlabs for expert penetration testing services. Our certified professionals specialize in strengthening your security posture. Download our free Penetration Testing Buyers Guide at ciso.packetlabs.net and get the top 20 questions to ask third party vendors before hiring them. Let us guide you through the process and help you find the perfect match for your organization's security needs. For the stories behind the headlines, head to CISOseries.com.
3/10/20237 minutes, 36 seconds
Episode Artwork

TSA cybersecurity regulations, Lazarus Group zero-day, a video ransom note

TSA issues cybersecurity regulations Lazarus Group deploys zero-day Ransomware gang uses video ransom note Thanks to today's episode sponsor, Packetlabs Reduce cyber insurance premiums and minimize risk. Learn how a thorough penetration test can benefit your business. Download our Penetration Testing Buyers Guide at ciso.packetlabs.ca. Packetlabs is an ethical hacking firm that will simulate real-world, covert attacks to get answers to your “what if” scenarios. Protect your business from cyber attacks and get the most out of your penetration testing investment with Packetlabs, your friendly neighborhood ethical hackers.
3/9/20236 minutes, 34 seconds
Episode Artwork

Bipartisan bill allows US TikTok ban, Twitter content moderation concerns, Emotet malware returns

Bipartisan bill allows for US ban of TikTok EU concerned with Twitter’s content moderation plans Emotet malware returns after three-month hiatus Thanks to today's episode sponsor, Packetlabs Looking for the right cybersecurity service provider can be a daunting task. How do you know if they're trustworthy and reliable? Packetlabs has made it easier for you with our free Penetration Testing buyers guide. We've compiled a list of the top 20 questions you should ask potential providers to ensure you make an informed decision. Download the guide today at ciso.packetlabs.net. For the stories behind the headlines, visit CISOseries.com.
3/8/20237 minutes, 18 seconds
Episode Artwork

DoppelPaymer disrupted, EPA warns about water security, rising cloud exploitation

Police disrupt DoppelPaymer EPA releases cybersecurity notice for water systems Cloud exploitation on the rise Thanks to today's episode sponsor, Packetlabs Struggling to justify cybersecurity investments to decision-makers? Meet ROSI, the superhero of cybersecurity investments! Calculate your Return On Security Investment to quantify the value of prevention and save money by avoiding cybersecurity breaches. ROSI builds synergies between your business, security, and finance teams, bringing everyone together. Download our free buyer's guide to learn the ROSI formula, how to reduce cyber insurance premiums, and what to look for in a provider. Visit ciso.packetlabs.net and unleash the power of ROSI in your c-suite discussions today!
3/7/20236 minutes, 57 seconds
Episode Artwork

CISA’s Royal warning, Chick-fil-A attacked, Play leaks Oakland

U.S. Government warns of Royal ransomware attacks against critical infrastructure Credential Stuffing attack on Chick-fil-A Play Ransomware gang has begun to leak data stolen from City of Oakland Thanks to today's episode sponsor, Packetlabs Concerned about your organization's data security? Privacy breaches, ransomware attacks, insider threats, and intellectual property theft are on the rise. A one-size-fits-all vulnerability assessment scan no longer suffices. Get our Penetration Testing Buyer's guide to help plan, scope, and execute your projects. Discover valuable information on frameworks, standards, methodologies, cost factors, reporting options, and what to look for in a provider. Choose the right ethical hacking firm to uncover vulnerabilities in your IT and network systems. Download your free copy at ciso.packetlabs.net and take control of your cybersecurity today. For the stories behind the headlines, head to CISOseries.com.
3/6/20238 minutes, 27 seconds
Episode Artwork

Week in Review: National Cyber Strategy, CISA scolds software industry, NewsCorp lurked

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, February 27-March 3, is hosted by Rich Stroffolino  with our guest, Nick Vigier, CISO, Talend Thanks to our show sponsor, Conveyor   Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. All links and the video of this episode can be found on CISO Series.com
3/3/202323 minutes, 5 seconds
Episode Artwork

National Cybersecurity Strategy, CISA delivers Decider, Bookstore chains hacked

White House gets tough with new National Cyber Strategy CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping British retail chain WH Smith says data stolen in cyberattack Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. For the stories behind the headlines, head to CISOseries.com. 
3/3/20237 minutes, 15 seconds
Episode Artwork

Russia bans foreign messaging apps, GitHub scans for secrets, Bootkit beats Secure Boot

Russia bans foreign private messaging apps GitHub expands secret scanning Bootkit bypasses Secure Boot Thanks to this week's episode sponsor, Conveyor “I HATE security questionnaires with the fury of a thousand suns.” said one of our customers. Makes sense, since tools used to answer them haven’t changed in years. At Conveyor, we’re on a mission to get teams out of the questionnaire stone age by implementing GPT-3 into our first-of-its-kind questionnaire eliminator. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com.
3/2/20237 minutes, 6 seconds
Episode Artwork

US Marshals hit by ransomware, DISH outages caused by ransomware, More bad news for LastPass

US Marshals hit by ransomware DISH outages caused by confirmed ransomware attack Some more bad news for LastPass  Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still in a living nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. It provides perfectly crafted answers to questionnaires all within minutes and review now takes seconds. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. For the stories behind the headlines, visit CISOseries.com.
3/1/20237 minutes, 7 seconds
Episode Artwork

CISA wants security responsibility, changes in security since Russia invaded Ukraine, Canadian government bans TikTok on its devices

CISA says to stop passing the security buck The cyber security fallout of Russia’s war in Ukraine Canada bans TikTok on government devices Thanks to this week's episode sponsor, Conveyor Just because your security questionnaire is from the stone age, doesn’t mean you have to answer it with cave-era tools. At Conveyor, we implemented GPT-3 into our first-of-its-kind questionnaire eliminator so teams of all sizes can blast through questionnaires faster than you can say “prehistoric”. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com.
2/28/20236 minutes, 59 seconds
Episode Artwork

NewsCorp reveals attack, TELUS investigating leak, Dish goes offline

News Corp reveals that attackers remained on its network for two years TELUS investigating leak of stolen source code, employee data Dish Network goes offline after likely cyberattack, employees cut off Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still living a nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need in minutes. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. For the stories behind the headlines, head to CISOseries.com.
2/27/20237 minutes, 43 seconds
Episode Artwork

Week in Review: European airport attacks, military email spill, Dole ransomware attack

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, February 20-24, is hosted by Rich Stroffolino  with our guest, Jared Mendenhall, Head of Information Security, Impossible Foods Thanks to our show sponsor, Barricade Cyber Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us for the security of your data and systems. Visit barricadecyber.com All links and the video of this episode can be found on CISO Series.com
2/24/202323 minutes, 50 seconds
Episode Artwork

Dole ransomware attack, stress devours CISOs, new Lazarus backdoor

Fruit giant Dole suffers ransomware attack impacting operations Stress pushing CISOs out the door Lazarus group likely using new backdoor to exfiltrate sensitive data Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com.
2/24/20237 minutes, 31 seconds
Episode Artwork

Havok framework, Carbon Black flaw, ransomware attack time

Threat actors cry Havoc, let slip a new post-exploitation framework VMware warns of critical Carbon Black flaw Ransomware attack time shrinking rapidly Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com
2/23/20237 minutes, 8 seconds
Episode Artwork

Apple updates advisories, US military email leak, Russian TV website crash

Apple updates advisories as security firm discloses new class of vulnerabilities Sensitive US military emails spill online Russian state TV website goes down during Putin speech Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com For the stories behind the headlines, head to CISOseries.com.
2/22/20237 minutes, 53 seconds
Episode Artwork

Samsung guards against zero-clicks, ransomware cat and mouse, Norway seizes Laxarus crypto

Samsung guards against zero-click attacks  Rethinking ransomware cat and mouse Norway seizes Lazarus Group crypto Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com
2/21/20237 minutes, 22 seconds
Episode Artwork

Hackers backdoor Microsoft IIS, Twitter limits SMS 2FA, Fortinet issues patches

Hackers backdoor Microsoft IIS servers with new Frebniis malware Twitter limits SMS-based 2-factor authentication to Blue subscribers only Fortinet issues patches for 40 flaws Thanks to this week's episode sponsor, Barricade Cyber Solutions Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com  For the stories behind the headlines, head to CISOseries.com.
2/20/20237 minutes, 26 seconds
Episode Artwork

Week in Review: Clop’s GoAnywhere claims, Bing Search injection attack, AI flies F-16

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, February 13-17, is hosted by Sean Kelly with our guest, George Al-Koura, CISO, Ruby Thanks to our show sponsor, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at [email protected]. All links and the video of this episode can be found on CISO Series.com 
2/17/202322 minutes, 31 seconds
Episode Artwork

VM Server problems, Google Translate BEC, DFIR burnout increases

February updates break some Windows Server 2022 VMs BEC groups use Google Translate to target high value victims Evolving cyberattacks and alert fatigue creating DFIR burnout Thanks to today's episode sponsor, US, yes, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, head to CISOseries.com.
2/17/20237 minutes, 49 seconds
Episode Artwork

Exposed Israeli influence group, a record DDoS attack, Cut cables knocks out airline

Israeli influence group exposed Another day, another record DDoS Cut cables lead to Lufthansa outage Thanks to today's episode sponsor, US, yes, CISO Series “Every week, one of the stories from Cyber Security Headlines comes up in our team meetings,” said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It’s a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn more about pricing and audience, email us at [email protected].
2/16/20236 minutes, 46 seconds
Episode Artwork

Hackers breached Pepsi Bottling, AI flies F-16 fighter jet, Hyundai and Kia issue security update

Hackers breached Pepsi Bottling network AI has successfully piloted an F-16 fighter jet Hyundai and Kia to update anti-theft software on millions of vehicles Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, visit CISOseries.com
2/15/20237 minutes, 41 seconds
Episode Artwork

Namecheap phishes customers, Bing hit with injection attack, regulators stop BUSD minting

Namecheap sent phishing emails to customers New Bing search hit with injection attack Regulators stop minting of BUSD stablecoin Thanks to today's episode sponsor, US, yes, CISO Series “Those cyber security headlines are fantastic. It’s the first thing I look at in the am.” That’s a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It’s grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That’s because at only 6-7 minutes every day, Cyber Security Headlines does not need a commute to consume. Listen before you start your day. To learn more about pricing and audience, email us at [email protected].
2/14/20236 minutes, 48 seconds
Episode Artwork

Reddit admits breach, Clop exploits GoAnywhere, CISA’s VMware fix

Reddit admits it was hacked and data stolen, says “don’t panic” Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day CISA has a possibly-maybe fix for VMware ESXi ransomware campaign Thanks to today's episode sponsor, US, yes, CISO Series If you’re looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines, a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That’s pretty impressive for a show that’s a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand awareness in newsletters, blog posts, and this very podcast. To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, head to CISOseries.com.
2/13/20237 minutes
Episode Artwork

Week in Review: Critical CVEs predicted, FAA needs 7 years, background check breach

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, February 6-10, is hosted by Rich Stroffolino  with our guest, Ed Covert, head of Cyber Risk Engineering, Bowhead Specialty Thanks to our show sponsor, us! CISO Series! “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? If you’re interested in sponsorship, email us at [email protected]. All links and the video of this episode can be found on CISO Series.com  
2/10/202321 minutes, 31 seconds
Episode Artwork

Microsoft Outlook outage, UK/US ransomware sanctions, Killnet IPs published

Microsoft Outlook outage prevents users from sending, receiving emails Britain and US make major move against ransomware gangs by sanctioning seven individuals Experts publish a list of proxy IPs used by the pro-Russia group Killnet Thanks to today's episode sponsor, us, yes, CISO Series “If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, head to CISOseries.com.
2/10/20237 minutes, 14 seconds
Episode Artwork

NIST IoT encryption, Chinese phones collect PII, the AI chatbot race is on

NIST standardizes crypto for IoT Chinese phones collect PII Chinese firms also working on AI chatbots Thanks to today's episode sponsor, US, yes, CISO Series “Every week, one of the stories from Cyber Security Headlines comes up in our team meetings,” said Brett Conlon, CISO for American Century Investments who admits he starts his day with this very show. And did you know that Cyber Security Headlines has longevity? It’s a daily news show but we see significant downloads for four months after episodes air. That means your ad campaign will continue to live long after the premier airing. To learn more about pricing and audience, email us at [email protected].
2/9/20236 minutes, 27 seconds
Episode Artwork

Tech firms race to integrate AI, FAA needs until 2030 to fix safety system, Biden addresses children’s online safety

ARMO, Microsoft, Google race to integrate AI into their products FAA needs until 2030 to fix its safety system Biden’s State of the Union addresses children’s online safety and privacy… again Thanks to today's episode sponsor, US, yes, CISO Series "I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, visit CISOseries.com.
2/8/20237 minutes, 29 seconds
Episode Artwork

Cyber insurance predictions, British steel supplier cyber attack, Microsoft pins Charliue Hebdo attack

Cyber insurer predicts a rise in critical CVEs British steel supplier hit by “cyber incident” Microsoft pins recent attack on Charlie Hebdo Thanks to today's episode sponsor, US, yes, CISO Series “Those cyber security headlines are fantastic. It’s the first thing I look at in the am.” That’s a quote from active listener Jared Mendenhall, head of information security at Impossible Foods. Cyber Security Headlines is our fastest growing show on the CISO Series network. It’s grown 20-fold since we launched. And it did so during the pandemic while other shows started to slide. That’s because at only 6-7 minutes every day, Cyber Security Headlines does not need a commute to consume. Listen before you start your day. To learn more about pricing and audience, email us at [email protected].
2/7/20237 minutes, 4 seconds
Episode Artwork

Fortra ZeroDay, Tallahassee hospital cyberattack, sneaky Fraudulent apps

Hackers actively exploiting zero-day in Fortra's  GoAnywhere MFT Tallahassee hospital diverting patients, canceling non-emergency surgeries after cyberattack Fraudulent “CryptoRom” apps slip through Apple and Google App Store review process Thanks to today's episode sponsor, US, yes, CISO Series If you’re looking to reach a committed audience of cybersecurity professionals every day, then consider advertising right here on Cyber Security Headlines, a show that consistently ranks in the top ten for tech news on Apple Podcasts in the U.S. That’s pretty impressive for a show that’s a niche within a niche. Cyber Security Headlines sponsorship includes continuous week-long brand awareness in newsletters, blog posts, and this very podcast. To learn more about pricing and audience, email us at [email protected]. For the stories behind the headlines, head to CISOseries.com.
2/6/20237 minutes, 56 seconds
Episode Artwork

Week in Review: Charter Communications breach, ChatGPT grows stronger, Microsoft verifies phishers

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, January 30-February 3, is hosted by Rich Stroffolino  with our guest, David Nolan, VP, Enterprise Risk & Chief Information Security Officer – Aaron’s Thanks to our show sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more. All links and the video of this episode can be found on CISO Series.com  
2/3/202322 minutes, 23 seconds
Episode Artwork

London ransomware alert, FDIC cyberdefense fail, UK fears ChatGPT

City of London on high alert after ransomware attack Watchdog warns FDIC fails to test banks’ cyberdefenses effectively Foreign states already using ChatGPT maliciously, UK IT leaders believe Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
2/3/20238 minutes, 22 seconds
Episode Artwork

FDIC cyber risk improvements, high-risk containers, record crypto hacks

Watchdog calls for improved bank cyber testing Containers hold high-risk vulnerabilities 2022 set a record for crypto hacks Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more.
2/2/20236 minutes, 55 seconds
Episode Artwork

Microsoft phishers are 'Verified' Cloud Partners, DocuSign brand impersonation attack, Google Fi data breach

Microsoft grants phishers 'Verified' Cloud Partner status DocuSign brand impersonation attack targets thousands of users Google Fi says hackers accessed customer information Thanks to this week's episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters SOC Platform to eliminate the burden of threat detection and correlation – allowing SOC analysts to focus on higher-value tasks. It's time to move beyond SIEM. Visit hunters.ai to learn more. For the stories behind the headlines, visit CISOseries.com
2/1/20237 minutes
Episode Artwork

Criminal crypto flows, TikTok CEO heads to the House, Killnet launches German DDoS

Criminal crypto goes through 5 exchanges TikTok CEO heads to the House KillNet launches German DDoS Thanks to this week's episode sponsor, Hunters The Hunters SOC Platform helps your security team identify, understand, triage, and respond to incidents at a much faster pace. ChargePoint, the world's largest network of electric vehicle charging stations, uses Hunters SOC Platform to leverage its out-of-the-box detection content to more efficiently respond to new threats and vulnerabilities. Visit Hunters.ai to learn more.
1/31/20236 minutes, 31 seconds
Episode Artwork

Charter Communications breach, Sandworm hacks Ukraine, VMware exploit release

Charter Communications says vendor breach exposed some customer data Russia’s Sandworm hackers blamed in fresh Ukraine malware attack Experts plans to release VMware vRealize log RCE exploit this week Thanks to this week's episode sponsor, Hunters Hunters is a complete SOC platform, built for your security team. By providing unlimited ingestion and normalization of security data without ruining your bottom line, a CISO at a leading online retailer was able to “triple her data ingestion while cutting costs from her SIEM provider by 75%.” It's time to move beyond SIEM, with Hunters. Visit hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
1/30/20238 minutes, 5 seconds
Episode Artwork

Week in Review: FBI seizes Hive, PayPal accounts breached, ODIN Intelligence hack

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, January 23-27, is hosted by David Spark with our guest, Kathleen Mullin, CISO, Cancer Treatment Centers of America Thanks to our show sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase – learn more at safebase.com All links and the video of this episode can be found on CISO Series.com
1/27/202324 minutes, 20 seconds
Episode Artwork

FBI seizes Hive, Layoffs at IBM, Microsoft outage over

FBI seizes Hive ransomware group infrastructure after lurking in servers for months Layoffs come to IBM - Kyndryl, Watson and Russia to blame Microsoft says services have recovered after widespread outage Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase - learn more at safebase.com For the stories behind the headlines, head to CISOseries.com.  
1/27/20237 minutes, 39 seconds
Episode Artwork

North Korean crypto tactics, Russian DDoS record, China tech exports

A look at North Korean crypto stealing tactics Russia saw record DDoS attacks China leads in facial recognition tech exports Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com
1/26/20237 minutes, 7 seconds
Episode Artwork

Pakistan investigating nationwide blackout, FBI identifies Horizon Bridge hackers, GoTo hack larger than first reported

Pakistani authorities investigating whether cyberattack caused nationwide blackout FBI identifies hackers behind Horizon Bridge crypto theft GoTo says hackers stole encrypted backups and MFA settings Thanks to this week's episode sponsor, SafeBase Jump start your journey to long-lasting customer trust with SafeBase. Our Smart Trust Center helps your organization build customer trust through improved transparency, secure document sharing, process control and insights, and proactive communication. Security and GRC leaders at companies like Jamf, Instacart, and Snyk all rely on SafeBase as a central enabler of their trust program. Learn more and check out the case studies at SafeBase.com For the stories behind the headlines, visit CISOseries.com
1/25/20236 minutes, 43 seconds
Episode Artwork

LA School leaks, GAO security ignored, PLAY ransomware in UK

LA School attack exposed Social Security numbers Government Accountability Office names and shames PLAY ransomware hits UK car dealerships Thanks to this week's episode sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you’d need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase’s Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase - learn more at safebase.com
1/24/20236 minutes, 44 seconds
Episode Artwork

PayPal accounts breached, Yum! Brands attacked, ODIN Intelligence hacked

PayPal accounts breached in large-scale credential stuffing attack Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner ODIN Intelligence hack exposes a huge trove of police raid files Thanks to this week's episode sponsor, SafeBase These days, customer trust can be an organization’s strongest competitive advantage. But how can you develop and maintain customer trust over the long term? The answer is SafeBase. After implementing SafeBase’s Smart Trust Center, many companies see shorter deal cycles, higher-value contracts, and stronger long-term customer relationships. Some even achieve a 90% reduction in security questionnaires. Learn more at safebase.com For the stories behind the headlines, head to CISOseries.com.
1/23/20238 minutes, 8 seconds
Episode Artwork

Week in Review: NortonLifeLock password breach, Ransomware revenue falls, ChatGPT goes phishing

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, January 16-20, is hosted by Rich Stroffolino  with our guest, George Finney, CISO, Southern Methodist University Thanks to our show sponsor, Cerby   Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. All links and the video of this episode can be found on CISO Series.com  
1/20/202321 minutes, 26 seconds
Episode Artwork

Ransomware revenue falls, Vice attacks university, Android Hook malware

Ransomware revenue falls by $300 million in 2022 as more victims refuse to pay Vice Society claims ransomware attack against University of Duisburg-Essen Android users beware of new Hook malware with RAT capabilities Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. For the stories behind the headlines, head to CISOseries.com.  
1/20/20237 minutes, 50 seconds
Episode Artwork

Bypassing patches, ChatGPT polymorphic malware, Bitwarden goes passwordless

Vendors bypassing security patches ChatGPT creates polymorphic malware Bitwarden acquires Passwordless.dev Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.
1/19/20237 minutes, 9 seconds
Episode Artwork

Ransomware impacts 1,000 ships, Crypto influencer victimized by malware, Microsoft patches Azure flaws

Ransomware attack impacts 1,000 ships Crypto influencer victimized by malware pushed by ads on Google Microsoft patches flaws in Azure cloud services Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. For the stories behind the headlines, visit CISOseries.com
1/18/20237 minutes, 5 seconds
Episode Artwork

Cyber attack disrupts esports, Qbot overtakes Emotet, CircleCI breached

Cyber attack disrupts esport event Qbot overtakes Emotet CircleCI breach caused by infostealer Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.
1/17/20236 minutes, 49 seconds
Episode Artwork

NortonLifeLock password breach, Canadian liquor hack, severe jsonwebtoken flaw

NortonLifeLock warns that hackers breached Password Manager accounts Hacker steals credit card info from Canada’s largest alcohol retailer Severe security flaw found in "jsonwebtoken" library Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don’t support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. For the stories behind the headlines, head to CISOseries.com.
1/16/20237 minutes, 45 seconds
Episode Artwork

Week in Review: FAA system failure delays flights, LastPass hit with lawsuit, Writing malware with ChatGPT

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, January 9-13, is hosted by Rich Stroffolino with our guest, Shaun Marion, CISO, McDonald’s Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salesforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com
1/13/202323 minutes
Episode Artwork

Chromium browser flaw, Twitter leak developments, IcedID strikes again

Experts detail Chromium browser security flaw putting confidential data at risk Twitter says 200 million-user leak not obtained from its systems, others disagree IcedID malware strikes again: Active Directory domain compromised in under 24 hours Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com.
1/13/20238 minutes, 10 seconds
Episode Artwork

FAA system failure, Royal Mail cyber incident, police app leaks ops data

FAA system failure delays flights Royal Mail hit by “cyber incident” Police app leaked operations data Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
1/12/20237 minutes, 23 seconds
Episode Artwork

Iowa schools closed by cyberattack, TikTok CEO questioned by EU, OIG cracks fed agency passwords

Iowa school district cancels classes due to cyberattack TikTok CEO questioned by EU about its data practices Government watchdog cracks federal agency’s passwords Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, visit CISOseries.com
1/11/20237 minutes, 50 seconds
Episode Artwork

Car API flaws, Experian bypass, ChatGPT malware

API vulnerabilities found across car brands Bypassing Experian Security Trying to write malware with ChatGPT Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
1/10/20237 minutes
Episode Artwork

Turla hackers return, LastPass faces lawsuit, Windows reporter hacked

Russian Turla hackers hijack decade-old malware infrastructure to deploy new backdoors LastPass hit with lawsuit over August breach Hackers abuse Windows error reporting tool to deploy malware Thanks to today's episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com.
1/9/20238 minutes, 24 seconds
Episode Artwork

Week in Review: PyTorch malicious compromise, Ransomware cloned victim, LockBit gang apologizes

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, January 2-6, is hosted by Sean Kelly with our guest, Bryan Willett, CISO, Lexmark Thanks to our show sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. All links and the video of this episode can be found on CISO Series.com
1/6/202325 minutes, 14 seconds
Episode Artwork

Slack's GitHub theft, CircleCI breach warning, NATO tests AI

Slack's private GitHub code repositories stolen over holidays CircleCI warns of security breach — rotate your secrets! NATO tests AI’s ability to protect critical infrastructure against cyberattacks Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
1/6/20237 minutes, 50 seconds
Episode Artwork

‘Mudge’ joins Rapid7, Meta fined $400 million, GDPR costs Coinbase $100 million

‘Mudge’ joins cybersecurity firm Rapid7 Meta fined $400 million by European regulator Coinbase strikes a $100 million deal with regulators Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com  
1/5/20236 minutes, 56 seconds
Episode Artwork

FTX founder pleads not guilty, LA housing authority cyberattack, Ukrainian vishing operation bust

FTX founder has pleaded not guilty to fraud charges LA housing authority operations disrupted by cyberattack Ukrainian authorities bust major vishing call center Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com  
1/4/20236 minutes, 54 seconds
Episode Artwork

Google tracking lawsuits, ransomware victim cloned, LockBit hospital apology

Google to pay $29.5 million to settle lawsuits over user location tracking Ransomware gang cloned victim’s website to leak stolen data LockBit gang apologizes, gives SickKids Hospital free decryptor Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
1/3/20238 minutes, 21 seconds
Episode Artwork

NetGear urgent patch, malicious PyTorch compromise, LockBit ransoms Lisbon

NETGEAR fixes a severe bug in its routers. Patch it ASAP! PyTorch discloses malicious dependency chain compromise over holidays LockBit ransomware claims attack on Port of Lisbon in Portugal Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
1/2/20237 minutes, 47 seconds
Episode Artwork

Google Home snooping, 3Commas API leak, Ireland investigating Twitter data sale

Snooping bug found on Google Home speakers 3Commas API database leaked Ireland investigating Twitter users data for sale Thanks to this week's episode sponsor, Tines Tines is the solution for security teams struggling with too much work, a talent shortage, and inevitable security incidents. Tines breaks the silos that exist between technologies and teams, so employees can focus on meaningful, not menial, tasks. Fewer manual errors and faster response times. Visit Tines.com to learn more.
12/30/20226 minutes, 44 seconds
Episode Artwork

Ransomware hammers hospitals, Citrix servers not applying patches, Log4Shell at 1-year old

Ransomware continues to hammer hospitals Citrix servers found vulnerable despite patches Log4Shell celebrates an anniversary Thanks to this week's episode sponsor, Tines If you're overwhelmed by your workload, Tines is the solution you've been looking for. Tines no-code automation checks boxes legacy SOAR tools can only dream of. Break the silos between tools and teams, focus on meaningful work, and eliminate manual errors while improving your response times. Visit Tines.com to stay ahead of the curve without breaking a sweat!
12/29/20226 minutes, 11 seconds
Episode Artwork

Facebook reaches Cambridge Analytica settlement, BTC.com lost $3 million in cyberattack, Hackers steal $8 million from BitKeep users

Facebook reaches settlement related to Cambridge Analytica scandal BTC.com lost $3 million in cyberattack Hackers use trojan to steal $8 million from BitKeep users Thanks to this week's episode sponsor, Tines Ever feel like you're stuck in a never-ending cycle of alerts? It's exhausting and frustrating. But here's the good news: Tines! Tines helps you focus on meaningful, not menial, tasks.  Fewer mistakes, faster response times. And best of all, Tines’ no-code automation platform can handle massive complexity and easily connect to your unique tech stack. Visit Tines.com now! For the stories behind the headlines, visit CISOseries.com
12/28/20227 minutes, 3 seconds
Episode Artwork

Severe LastPass breach, Inglis resigns post, Xfinity accounts hacked

LastPass admits to severe data breach, encrypted password vaults stolen Chris Inglis to resign as national cyber director Comcast Xfinity accounts hacked in widespread 2FA bypass attacks Thanks to our episode sponsor, Tines Wondering how the world’s leading security teams are figuring out how to do more with less? The answer is Tines! Tines is a hyper-flexible automation platform loved by customers like Okta, Canva, Kayak, and Coinbase. Tines enables security teams to focus on what matters most by taking care of the grunt work! Learn more at Tines.com. For the stories behind the headlines, head to CISOseries.com.  
12/27/20227 minutes, 47 seconds
Episode Artwork

Malware in search ads, Guardian hit with ransomware, Okta source code accessed

FBI warns of malware in search ads Guardian hit with suspected ransomware Attackers grab Okta source code Thanks to this week's episode sponsor, Tines  Tis the season for more alerts and fewer resources available to manage them. But you can still be jolly--with Tines! Tines eliminates the need for security teams to waste time on repetitive, manual tasks. Powered by a no-code approach, security teams create—and maintain—powerful automations that deliver immediate results. Visit Tines.com to learn more! 
12/22/20226 minutes, 29 seconds
Episode Artwork

McGraw Hill data leak, UK ICO names breached firms, Twitter aided Pentagon propaganda

McGraw Hill exposed student grades and personal info UK privacy regulator names and shames breached firms Twitter aided the Pentagon in covert online propaganda campaign Thanks to this week's episode sponsor, Tines   If you're like most security teams, you currently face more phishing attacks and alert fatigue. The holiday season is the most wonderful time of the year for shoppers... but it's also a busy time for cybercriminals. Tines’ no-code automation platform can help you transform your SecOps and stay one step ahead. Visit Tines.com to sign up for free today!  For the stories behind the headlines, visit CISOseries.com
12/21/20227 minutes, 1 second
Episode Artwork

Cyber Security Headlines: Glupteba botnet returns, the future of ransomware, and Epic Games' privacy fine

Botnet shrugs off Google The future of ransomware Epic Games receives record privacy fines Thanks to this week's episode sponsor, Tines  If you’re like most security teams, you’re juggling multiple mission-critical priorities. But what if there was a way to break the silos in your environment? A way to focus on meaningful tasks? A way to reduce errors and achieve faster response times? Check out Tines.com to start experiencing the true benefits of proactive security operations powered by no-code automation. 
12/20/20226 minutes, 56 seconds
Episode Artwork

Russia infiltrates satellites, Gmail’s end-to-end encryption, NSA’s Russia warning

CISA says Russia's Fancy Bear infiltrated US satellite network Google introduces end-to-end encryption for Gmail on the web NSA cyber director warns of Russian digital assaults on global energy sector Thanks to this week's episode sponsor, Tines  Before Tines, co-founders Eoin and Thomas spent 15 years as senior security operators. Frustrated by the inability to solve for the challenges their teams were facing, they built their own solution. Tines allows security teams to robustly automate mundane, repetitive tasks – without code – so they can focus on their most important work. Visit Tines.com to learn more! For the stories behind the headlines, head to CISOseries.com.
12/19/20227 minutes, 47 seconds
Episode Artwork

Week in Review: Antivirus data wipers, TSA expands facial recognition, Uber breach

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, December 12-16, is hosted by Rich Stroffolino with our guest, Jeremy Embalabala, CISO, HUB International Thanks to our show sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That’s why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra’s integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com All links and the video of this episode can be found on CISO Series.com
12/16/202220 minutes, 33 seconds
Episode Artwork

Japanese MirrorStealer malware, HTML smuggling SVGs, DDoS-for-hire arrests

Hackers target Japanese politicians with new MirrorStealer malware Crooks use HTML smuggling to spread QBot malware via SVG files FBI charges 6, seizes domains linked to DDoS-for-hire service platforms Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind the headlines, head to CISOseries.com.
12/16/20228 minutes, 22 seconds
Episode Artwork

EU drafts new US-data sharing agreement, Microsoft signed malicious drivers, InfraGard data leak

EU gets closer to US-data sharing agreement Microsoft signed malicious drivers InfraGard data for sale on dark web Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com.
12/15/20227 minutes, 40 seconds
Episode Artwork

Twitter data leak, Uber hit with another breach, Chinese police arrest crypto laundering gang

Twitter addresses claims of recent data leak Uber hit with another breach after attack on third-party vendor Police in China arrest gang who laundered $1.7 billion via crypto Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind the headlines, visit CISOseries.com
12/14/20227 minutes, 33 seconds
Episode Artwork

India leaks expat passport info, Cloudflare expands free security tools, Greece outlaws spyware

India’s foreign ministry leaks passport details Cloudflare Zero Trust suite available to at-risk groups Greece outlaws spyware Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com.
12/13/20225 minutes, 59 seconds
Episode Artwork

Pwn2Own Toronto winners, EDR data wipers, MuddyWater’s new campaign

Pwn2Own Toronto 2022 nets almost $1M for 63 zero days Antivirus and EDR solutions tricked into acting as data wipers Iran-linked MuddyWater APT launches new campaign Thanks to this week's episode sponsor, Fortra The cybersecurity landscape is full of single-solution providers, making it easy for unexpected cyberthreats to sneak through the cracks. That's why Fortra is creating a stronger, simpler strategy for protection. One that increases your security maturity while decreasing the operational burden that comes with it. Fortra's integrated, scalable solutions help customers face their toughest challenges with confidence. Learn more at Fortra.com. For the stories behind the headlines, head to CISOseries.com.
12/12/20227 minutes, 44 seconds
Episode Artwork

Week in Review: DHS reviews Lapsus$, AI generated malware, unsupported applications warning

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, December 5-9, is hosted by Rich Stroffolino with our guest, Ken Athanasiou, CISO, VF Corporation Thanks to our show sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. All links and the video of this episode can be found on CISO Series.com  
12/9/202223 minutes, 34 seconds
Episode Artwork

APT37 exploits zero-day, Firewalls bypassed generically, Zombinder's Android malware

North Korea-linked APT37 exploits Internet Explorer zero-day flaw Firewalls of several major vendors bypassed with generic attack method New 'Zombinder' platform binds Android malware with legitimate apps Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. For the stories behind the headlines, head to CISOseries.com.
12/9/20228 minutes, 2 seconds
Episode Artwork

Pentagon cloud deal, Apple now encrypts iCloud backups, CloudSEK hacked by cybersecurity firm?

Pentagon awards cloud deal to four major providers Apple finally adds encryption to iCloud backups CloudSEK claims it was hacked by another cybersecurity firm Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. For the stories behind the headlines, visit CISOseries.com
12/8/20227 minutes, 47 seconds
Episode Artwork

AI generated malware, Rackspace confirms ransomware, Meta Oversight Board rules on cross-check

Are we in the age of AI generated malware Rackspace confirms ransomware attack Meta Oversight Board rules on cross-check system Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform.
12/7/20227 minutes, 10 seconds
Episode Artwork

Baseboard software vulnerabilities, threat group stole COVID funds, AI generated code

Vulnerabilities found in popular baseboard software Chinese threat group stole COVID-19 relief funds The question of AI generated code Thanks to today's episode sponsor, PlexTrac The Plextrac platform is your offensive security team’s secret weapon. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
12/6/20227 minutes, 17 seconds
Episode Artwork

Fosshost goes dark, DHS reviews Lapsus$, Rackspace security incident

Open source software host Fosshost shutting down, CEO unreachable DHS Cyber Safety Review Board to review Lapsus$ attacks Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services Thanks to today's episode sponsor, PlexTrac The best pentesting teams trust PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and collaboration platform. For the stories behind the headlines, head to CISOseries.com.
12/5/20228 minutes, 5 seconds
Episode Artwork

Week in Review: Encouraging cyber volunteers, TikTok invisible malware, SiriusXM car issues

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, November 28-December 2, is hosted by Rich Stroffolino with our guest, Terrance Cooley, CISO, Air Force JADC2 R&D Center. Thanks to our show sponsor, Automox Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox, you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you’ll save time and sleep better at night knowing your IT environment is secure. Visit Automox.com to learn more and start a free trial today. All links and the video of this episode can be found on CISO Series.com  
12/2/202222 minutes, 50 seconds
Episode Artwork

LastPass data accessed, Sirius smartcar flaw, Medibank data dump

Intruders gain access to user data in LastPass incident Sirius XM flaw unlocks smart cars thanks to code flaw Medibank hackers announce ‘case closed’ and dump huge data file on dark web Thanks to this week's episode sponsor, Automox And now a word from our sponsor, Automox. Are you ready to ditch manual patching and all the complexity and hassle that comes with it? With Automox, you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching should be easy. And now it is. With automated cross-OS patching, you’ll save time and sleep better at night knowing your IT environment is secure. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CISOseries.com.
12/2/20228 minutes, 11 seconds
Episode Artwork

White House targeted, Google links spyware, Android apps fake accounts

Elon Musk’s Starlink and the White House targeted by Killnet hackers Google links Windows exploit framework used to send spyware Malicious Android app creates fake accounts on multiple platforms Thanks to this week's episode sponsor, Automox Threat exposure is a growing business risk. Today, vulnerabilities are piling up faster than traditional remediation processes and tools can fix them. But fixing vulnerabilities doesn’t have to be a fire drill. Now you can eliminate threats and manage exposed endpoints with Automox Automated Vulnerability Remediation, the only cloud-native solution that harmonizes your SecOps and ITOps workflow and lets you fix vulnerabilities dramatically faster – in minutes, not months. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CisoSeries.com    
12/1/20228 minutes, 56 seconds
Episode Artwork

TikTok Challenge malware, Cyber Monday record, Sandworm’s Ukraine attack

Hackers use trending TikTok 'Invisible Challenge' to spread malware Cyber Monday online sales hit record Sandworm gang launches Monster ransomware attacks on Ukraine Thanks to this week's episode sponsor, Automox Are you tired of using multiple tools to patch your third-party applications? With Automox you’ll gain complete visibility of all your software and the ability to patch it, automatically, from a single platform. Fix missing third-party patches with the click of a button to dramatically reduce the time, effort, and complexity it takes to maintain a strong security posture. Visit Automox.com to learn more and start a free trial today. For the stories behind the headlines, head to CISOseries.com.
11/30/20228 minutes, 7 seconds
Episode Artwork

Google warns of "patch gap," Chinese spam hits Twitter

Project Zero warns of “patch gap” Twitter hit with spam campaign Canadian food company refuses ransom demands Thanks to this week's episode sponsor, Automox Are you ready to say goodbye to manual patching? With Automox you can automatically patch your Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Modern patching can and should be easy. Save time and sleep better at night knowing your IT environment is secure with automated cross-OS patching. Visit Automox.com to learn more and start a free trial today.
11/29/20226 minutes, 58 seconds
Episode Artwork

FCC China ban, Windows servers freeze, WhatsApp data leak

FCC announces ban on Chinese telecom and surveillance equipment New Windows Server updates cause domain controller freezes, restarts WhatsApp data leak: 500 million user records for sale Thanks to this week's episode sponsor, Automox Automox allows you to automate the configuration, patching, and compliance of your Windows, macOS, and Linux systems all from the cloud. Visit Automox.com to start a free trial and have all your endpoints safe and secure in just 15 minutes. Automox is also offering special pricing from now until December 31st so you can start 2023 off right and get automated patching without breaking your budget. For the stories behind the headlines, head to CISOseries.com.
11/28/20228 minutes, 28 seconds
Episode Artwork

Twitter enlists George Hotz, $575 million crypto scheme, DrafKings $300K theft

Twitter enlists hacker George Hotz for 12 week “internship” Estonian duo arrested for masterminding $575 million Ponzi scheme Hackers steal $300K from DraftKings customers Thanks to today’s episode sponsor, Compyl Preparing a Thanksgiving meal can be stressful, but managing your security and compliance program doesn't have to be. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete visibility and comprehensive reporting along the way. Learn about Compyl today at www.compyl.com. For the stories behind the headlines, visit CISOseries.com
11/23/20227 minutes, 33 seconds
Episode Artwork

Emotet returns, Google helps with Cobalt Strike, Ticketmaster blames bots for Swift snafu

Emotet returns with a malspam vengeance Google publishes YARA rules for Cobalt Strike Ticketmaster blames “bot attacks” for ticketing fiasco Thanks to today’s episode sponsor, Compyl This thanksgiving, sit around the table and be thankful for Compyl. Compyl is an all-in-one platform that supercharges your security program and takes control of your compliance and audits. Automate workflows, audit collection, compliance management, and all the boring security stuff. Learn about Compyl today at www.compyl.com.
11/22/20227 minutes, 15 seconds
Episode Artwork

Ransomware infects Discord, Twitter welcomes Trump, Black Friday scams

New ransomware encrypts files, then steals your Discord account Donald Trump returns to Twitter after Elon Musk's poll More than half of Black Friday spam emails are scams Thanks to today’s episode sponsor, Compyl We all know that CISOs are overworked and stressed. CISOs made Compyl to reduce the noise, accelerate security maturity and let you and your team quickly make decisions that directly affect what's important to your business. Learn about Compyl at www.compyl.com. For the stories behind the headlines, head to CISOseries.com.
11/21/20227 minutes, 46 seconds
Episode Artwork

Week in Review: The fall of FTX, Australia Medibank fallout, supply chain failures

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, November 14-18, is hosted by Rich Stroffolino with our guest, John Scrimsher, CISO, Kontoor Brands Thanks to today’s episode sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like SalesForce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com    
11/18/202220 minutes, 50 seconds
Episode Artwork

Musk’s ultimatum, Iran breaches government using Log4Shell, Amazon RDS data leak

Musk’s ultimatum to employees leaves Twitter at risk Iranian APT breaches government agency using Log4Shell Hundreds of Amazon RDS snapshots discovered leaking user data And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
11/18/20227 minutes, 6 seconds
Episode Artwork

Disneyland phishing, Ukraine's IT army in action, NSA goes low-key with private researchers

Disneyland phishes with Punycode The effectiveness of Ukraine’s IT army NSA seeks to lower barriers to work with private sector And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
11/17/20227 minutes, 30 seconds
Episode Artwork

Amazon cuts 10,000, FIFA apps warning, Breach impact 98%

Amazon to cut 10,000 employees in tech and corporate roles Privacy experts cautious about FIFA World Cup Apps 98% of organizations have been severely impacted by cyber supply chain breach And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com.
11/16/20225 minutes, 10 seconds
Episode Artwork

Australia ransom ban, scourge of brand impersonation sites, GitHub gets private reporting

Australia considers ban on ransomware payments Thousands of sites used for brand impersonation GitHub gets private reporting And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.
11/15/20226 minutes, 29 seconds
Episode Artwork

Android lockscreen bypass, Lockbit hits Thales, FTX funds disappear

Android phone owner accidentally finds a way to bypass lock screen Thales hit by Lockbit 3.0 again At least $1 billion of client funds missing at FTX And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salseforce and Microsoft? What about the data these apps can access? After all, one compromised third party app could put your entire SaaS ecosystem at risk.  With AppOmni, you get visibility to all third party apps, including which end users have enabled them, and the level of data access they’ve been granted. Visit AppOmni.com to request a free risk assessment.  For the stories behind the headlines, head to CISOseries.com.
11/14/20228 minutes, 28 seconds
Episode Artwork

Lockbit operator extradited, Twitter CISO quits, NotPetya insurance shakeup

Alleged LockBit operator to be extradited from Canada to U.S. Musk’s ends remote work and promised to fight spam. CISO Kissner quits. Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
11/11/20228 minutes, 18 seconds
Episode Artwork

Crypto Winter comes for FTX, oil and gas flow control vulnerability, images hide malware in PyPI

Crypto Winter comes for FTX Vulnerability found in oil and gas utilities Vulnerability found in oil and gas utilities And now a word from our sponsor, AppOmni   Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
11/10/20227 minutes, 29 seconds
Episode Artwork

Powerball drawing delayed, Australian health record leak, Hushpuppi gets 11 year sentence

$2 billion Powerball drawing delayed by security issues Hackers leak Australian health records on dark web Hushpuppi gets 11 years in prison for cyber fraud And now a word from our sponsor, AppOmni   Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
11/9/20228 minutes, 35 seconds
Episode Artwork

China stocking up vulnerabilities, DOJ seizes 50,000 bitcoin, DOJ takes down Z-Library

China stockpiling vulnerabilities US seizes Silk Road bitcoins DOJ takes down Z-Library And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
11/8/20226 minutes, 37 seconds
Episode Artwork

Treasury thwarts Killnet, UK scanning devices, Denmark train cyberattack

US Treasury thwarts DDoS attack from Russian Killnet group British government scanning all Internet devices hosted in UK Denmark trains halted by cyberattack And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.  
11/7/20228 minutes, 24 seconds
Episode Artwork

Week in Review: Thomson Reuters leak, LockBit dominates ransomware, Stripe cuts jobs

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, October 31-November 4, is hosted by Rich Stroffolino with our guest, Marcos Marrero, CISO, H.I.G. Capital Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization.  UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs All links and the video of this episode can be found on CISO Series.com
11/4/202221 minutes, 10 seconds
Episode Artwork

Boeing subsidiary incident, Stripe job cuts, news website malware

Cyber incident at Boeing subsidiary causes flight planning disruptions Stripe to lay off 14% of workforce Over 250 US news websites deliver malware via supply chain attack Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/ufos For the stories behind the headlines, head to CISOseries.com.  
11/4/20228 minutes, 37 seconds
Episode Artwork

W4SP stings PyPI, password hubris, Dropbox breached

W4SP malware stings PyPI LastPass warns of security hubris Dropbox breached Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
11/3/20227 minutes, 16 seconds
Episode Artwork

LockBit dominates ransomware, CISA on voting integrity, ransomware reporting

LockBit dominates ransomware CISA on voting integrity A call for more ransomware reporting Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
11/2/20226 minutes, 54 seconds
Episode Artwork

Antivirus used to spread malware, White House ransomware summit, Ed tech company hit with FTC complaint

Threat group rides antivirus software to install malware White House organizes ransomware summit Ed tech company exposed user data Thanks to today’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails.That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/
11/1/20227 minutes, 24 seconds
Episode Artwork

Thomson Reuters leak, Polish Parliament cyberattack, trolls bombard Twitter

Thomson Reuters leaks 3TB of sensitive data Massive cyberattack hits Slovak and Polish Parliaments Twitter trolls bombard platform after Elon Musk takeover Thanks to today’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/ufos. For the stories behind the headlines, head to CISOseries.com.
10/31/20227 minutes, 3 seconds
Episode Artwork

Week in Review: Musk buys Twitter, Russia’s satellite warning, Industrial ransomware attacks rise

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, October 24-28, is hosted by Rich Stroffolino with our guest, Will Gregorian, former Senior Director, Technology Operations and Security, Rhino Thanks to this week’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization.  UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs. All links and the video of this episode can be found on CISO Series.com  
10/28/202223 minutes, 28 seconds
Episode Artwork

Russia’s satellite warning, New York Post hacked, Fast Company breach

Russia warns West: We can target your commercial satellites New York Post says its site was hacked after posting offensive tweets White House announces 100-day cyber sprint for chemical sector Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs   For the stories behind the headlines, head to CISOseries.com.  
10/28/20228 minutes, 11 seconds
Episode Artwork

Sigstore opens free service, Medibank hacked, 20-year old SQLite bug

Sigstore opens free software signing service Australian health insurer hacked Researcher details 20-year old SQLite bug Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs
10/27/20227 minutes, 19 seconds
Episode Artwork

See Tickets card breach, US charges Chinese agents, Tata Power’s data leaked

See Tickets discloses 2.5 year-long credit card breach US charges Chinese agents in Huawei obstruction case Hive begins leaking Tata Power’s data Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs For the stories behind the headlines, visit CISOseries.com
10/26/20227 minutes, 31 seconds
Episode Artwork

Daixin Team, PoCs host malware, Iranian nuclear agency hacked

CISA warns of Daixin Team Exploit POCs used to host malware Iranian nuclear agency hacked Thanks to this week’s episode sponsor, Votiro UFOs are everywhere.They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs
10/25/20227 minutes, 24 seconds
Episode Artwork

Windows JavaScript zero-day, Iran-based hack-and-leak, METRO retailer attack

Exploited Windows zero-day lets JavaScript files bypass Mark of the Web security warnings FBI warns of ‘hack-and-leak’ operations from group based in Iran Wholesale giant METRO confirmed to have suffered a cyberattack Thanks to this week’s episode sponsor, Votiro UFOs are everywhere. They’re in your applications, cloud storage, endpoints, and emails. That’s right – UFOs – Unidentified File Objects – are hiding in files across your organization. UFOs can contain malware that exfiltrates data or deploys ransomware. And 70% of UFOs can’t be detected by traditional scanning solutions like Anti-Virus and Sandboxing. That’s where Votiro comes in. Votiro prevents UFOs before they hitch a ride in on files – without detection, and without slowing down business. Do you believe? Learn more at Votiro.com/UFOs For the stories behind the headlines, head to CISOseries.com.  
10/24/20227 minutes, 40 seconds
Episode Artwork

Week in Review: Dutch Police Trick DeadBolt, GenZ meh on Cybersecurity, Submarine cable severed

 Link to Blog Post This week’s Cyber Security Headlines – Week in Review, October 17-21, is hosted by Rich Stroffolino with our guest, Lee Parrish, CISO, Newell Brands Thanks to this week’s episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That’s where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It’s the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com All links and the video of this episode can be found on CISO Series.com
10/21/202221 minutes, 26 seconds
Episode Artwork

Submarine cables severed, Microsoft’s BlueBleed problem, Health system breach

Internet connectivity worldwide impacted by severed EU subsea cables Microsoft BlueBleed customer data leak claimed to be 'one of the largest' in years Health system data breach due to Meta Pixel hits 3 million patients Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com For the stories behind the headlines, head to CISOseries.com.
10/21/20228 minutes, 13 seconds
Episode Artwork

Ransom Cartel linked to REvil, Gen Z security awareness, Open Compute Project's Caliptra

Ransom Cartel linked to REvil Do we need cybersecurity training for Gen Z? Open Compute Project announces Caliptra Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase. SafeBase’s Smart Trust Center is a centralized source of truth for your organization’s security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you’d save. Visit safebase.com to find out more.
10/20/20227 minutes, 6 seconds
Episode Artwork

Verizon customer accounts breached, German cyber chief removed, Fortinet vuln actively exploited

Verizon notifies customers their accounts were breached German cyber chief removed over alleged Russian ties Fortinet vulnerability being actively exploited Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com For the stories behind the headlines, head to CISOseries.com
10/19/20226 minutes, 46 seconds
Episode Artwork

Ransomware hits German newspaper, Meta battles on content moderation report, and KakaoTalk goes down in Korea

Ransomware halts German newspaper circulation Meta disputes Indian content moderation report KakaoTalk called a “national communication network” in Korea Thanks to this week's episode sponsor, SafeBase Security questionnaires are a pain, and sharing sensitive documents takes too much back and forth. As a result, security can be wrongly viewed as a roadblock rather than a sales enabler. That's where SafeBase comes in. Our Smart Trust Center makes it easy to showcase your security program, share sensitive documents, and streamline security reviews. It's the missing piece of your security and sales workflow, and the only security tool that gives you time back. Find out more at safebase.com
10/18/20227 minutes, 2 seconds
Episode Artwork

Ukraine novel ransomware, Drones drop pineapple, Tata Power attacked

Microsoft says Ukraine, Poland targeted with novel ransomware attack Wi-Fi spy drones snoop on financial firm Indian power generation giant Tata Power hit by a cyber attack Thanks to this week's episode sponsor, SafeBase Security questionnaires. If those two words sent a shiver down your spine, you need to check out SafeBase. SafeBase’s Smart Trust Center is a centralized source of truth for your organization’s security and compliance information. After implementing SafeBase, many companies see a 90% reduction in custom questionnaires. Imagine how much time you’d save. Visit safebase.com to find out more. For the stories behind the headlines, head to CISOseries.com.
10/17/20227 minutes, 7 seconds
Episode Artwork

Week in Review: CISOs’ Uber scapegoating, US Airport DDoS, Digital license plates

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, October 10-14, is hosted by Rich Stroffolino with our guest, Matt Honea, Head Of Security, SmartNews Thanks to today’s episode sponsor, NoName Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection All links and the video of this episode can be found on CISO Series.com
10/14/202223 minutes, 54 seconds
Episode Artwork

Polonium targets Israel, CISO-Board relationships, UK Supply chain

Polonium APT targets Israel with a new custom backdoor dubbed PapaCreep RSA Conference reveals CISO-Board relationships UK government urges action to enhance supply chain security Thanks to today’s episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection For the stories behind the headlines, head to CISOseries.com.
10/14/20228 minutes, 7 seconds
Episode Artwork

Npm timing attack, legit software spreading malware, Mango Markets hacked for $100 million

Npm timing attack could impact supply chain Legit software used to spread malicious WhatsApp mod Mango Markets hit by $100 million hack Thanks to today’s episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management
10/13/20226 minutes, 41 seconds
Episode Artwork

UK warns of Chinese security threat, Toyota data leak, CISOs at risk of being overworked

UK warns of Chinese global security threat Toyota data leak impacts 300,000 customers CISOs at risk of being overworked Thanks to today’s episode sponsor, Noname Security Stop API vulnerabilities before production with Noname Security. Automatically run over 100 dynamic tests that simulate malicious traffic, including the OWASP API Top Ten. Integrate with your existing CI/CD pipelines and tools, such as Jenkins and Postman, as well as all your ticketing and workflow tools such as ServiceNow, Slack, and Jira. Learn more at nonamesecurity.com/active-testing For the stories behind the headlines, head to CISOseries.com
10/12/20227 minutes, 18 seconds
Episode Artwork

Cyber Security Headlines: Heat leaks passwords, KillNet hits airports, Intel UEFI leak

Finger heat can leak your password US airport sites targeted by KillNet Intel confirms UEFI leak Thanks to today’s episode sponsor, Noname Security Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection
10/11/20226 minutes, 56 seconds
Episode Artwork

Urgent Fortinet vulnerability, Windows update flaw, CISO scapegoating danger

Fortinet warns admins to patch critical auth bypass bug immediately Windows 11 22H2 errors break provisioning Security chiefs fear ‘CISO scapegoating’ following Uber-Sullivan verdict Thanks to today’s episode sponsor, Noname Security Are you sure your APIs are secure? Noname Security discovers all the APIs running on your network and analyzes them to spot design flaws, misconfigurations, and vulnerabilities. You can even catalog sensitive data and quickly see how many APIs are able to access credit card data, phone numbers, SSNs, and other sensitive PII data. Learn more at nonamesecurity.com/posture-management For the stories behind the headlines, head to CISOseries.com.
10/10/20227 minutes, 32 seconds
Episode Artwork

Week in Review: Lazarus hits Dell, Uber chief guilty, Musk’s Twitter Takeover

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, October 3-7, is hosted by Sean Kelly, with our guest, Patrick Benoit, VP, Global Cyber, GRC/BISO, CBRE Thanks to this week’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited data ingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. All links and the video of this episode can be found on CISO Series.com
10/7/202226 minutes, 3 seconds
Episode Artwork

Uber coverup ruling, Optus data spilled, Easylife’s trigger fine

Former Uber security chief found guilty of data breach coverup Optus confirms 2.1 million ID numbers exposed in data breach Retailer Easylife fined £1.5m for data protection breaches Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
10/7/20227 minutes, 26 seconds
Episode Artwork

CommonSpirit Health "IT security issue," MySQL backdoor, P2P payment fraud rises

CommonSpirit Health hit with “IT security issue” MySQL servers backdoored Fraud hitting P2P payment apps Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more.
10/6/20226 minutes, 38 seconds
Episode Artwork

Musk Twitter deal update, TikTok security deal politics, Netwalker affiliate sentenced

Musk offers to proceed with Twitter deal TikTok security deal becomes a political pawn Netwalker ransomware affiliate sentenced to 20 years in prison Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for your Security Operation team. Cimpress, theparent company of VistaPrint, implemented Hunters SOC Platform to replace its SIEM. Thanks to Hunters, Cimpress no longer needs to babysit alerts and detection logic – they’ve improved their SOC’s efficiency, and optimized costs. Visit Hunters.ai to learn more. For the stories behind the headlines, visit CISOseries.com
10/5/20226 minutes, 50 seconds
Episode Artwork

LA School Data Leaked, Exchange mitigations bypassed, Supreme Court looks at Section 230

LA school data published on leak site Exchange zero-day mitigations bypassed Supreme Court will look legal protections for apps and sites Thanks to today’s episode sponsor, Hunters Hunters helps your security team overcome data volume and complexity – while significantlyreducing false positives. Upwork uses Hunters SOC Platform to “remain threat focused”. Because of Hunters, Upwork has been able to stop going through the daily repetitive task of looking at alerts, and doing repetitive, manual investigations. Learn more at: Hunters.ai
10/4/20226 minutes, 44 seconds
Episode Artwork

Microsoft Zero days, Lazarus attacks Dell, NSA employee caught

Microsoft confirms two Exchange Server zero days are being used in cyberattacks Lazarus hackers abuse Dell driver bug using new FudModule rootkit Ex-NSA employee charged with violating Espionage Act, selling U.S. cyber secrets Thanks to today’s episode sponsor, Hunters Hunters is a SaaS platform, purpose built for Security Operation teams. Providing unlimited dataingestion and normalization at a predictable cost, Hunters helps SOC teams mitigate real threats faster and more reliably than SIEM. Visit Hunters.ai to learn more. For the stories behind the headlines, head to CISOseries.com.
10/3/20227 minutes, 43 seconds
Episode Artwork

Week in Review: Uber hacker arrested, cyberattacks deluge organizations, Lazarus hacks Macs

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, September 26-30, is hosted by Rich Stroffolino with our guest, Sara Lazarus, VP and head of trust and security, Stavvy Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. All links and the video of this episode can be found on CISO Series.com
9/30/202224 minutes, 56 seconds
Episode Artwork

Russia’s cyber winter, military contractor attack, IRS smishing warning

Finnish intelligence warns Russia ‘highly likely’ to turn to cyber in winter Researchers uncover covert attack campaign targeting military contractors IRS warns of "industrial scale" smishing surge Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.  
9/30/20227 minutes, 51 seconds
Episode Artwork

Leaked ransomware used in attack, Cloudflare Turnstile, Fast Company hit with cyber attack

Leaked ransomware builder used in attacks Cloudflare hopes Turnstile can replace CAPTCHAs Fast Company goes dark after cyber attack Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
9/29/20226 minutes, 45 seconds
Episode Artwork

Lazarus targets macOS, Geopolitical DDoS, Meta takes down influence networks

Lazarus Group targets macOS users Geopolitics behind recent DDoS surge Meta takes on influence networks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
9/28/20227 minutes, 3 seconds
Episode Artwork

Jamf buys ZecOps, porn phishing DDoS, Cloudflare Zero Trust SIM

Jamf buys ZecOps Porn phishing scam turns into a DDoS Cloudflare announced secure eSIM offering Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
9/27/20226 minutes, 45 seconds
Episode Artwork

Uber hacker arrested, Microsoft SQL hacked, CircleCI GitHub hack

London Police arrest 17-year-old hacker suspected of Uber and GTA 6 breaches Microsoft SQL servers hacked in TargetCompany ransomware attacks Attackers impersonate CircleCI platform to compromise GitHub accounts Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.
9/26/20228 minutes, 31 seconds
Episode Artwork

Week in Review: Uber and Twitter hacks, MFA exploits, Ransomware in decline?

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, September 19-23, is hosted by Rich Stroffolino with our guest, Joseph Lewis, Director, Cyber Assessment Strategy, US Department of Energy Thanks to this week’s sponsor, 6clicks 6clicks is your AI-powered GRC platform, featuring a fully integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit 6clicks.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
9/23/202222 minutes, 1 second
Episode Artwork

MFA fatigue hacking, Senate blasts counterintelligence, Australian telco breach

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Senate reports details inefficiencies, confusion at key U.S. counterintelligence center Australian telco Optus suffers massive data breach Thanks to today’s episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle – all while informing your holistic GRC posture with built-in data linkages. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.  
9/23/20228 minutes, 4 seconds
Episode Artwork

15-year old Python bug, LinkedIn Smart Link phishing, US military using Augury

15-year old Python bug causing problem LinkedIn Smart Links used for phishing US military buys Augury network monitoring tool Thanks to today’s episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs.. For more information visit 6clicks.com/cisoseries.
9/22/20226 minutes, 35 seconds
Episode Artwork

American Airlines hack, $160M swiped from Wintermute, 2K and Rockstar cyberattacks

American Airlines announce breach of customer and staff info Crypto market maker hacked for $160 million 2K and Rockstar fall victim to cyber attacks Thanks to today’s episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com
9/21/20226 minutes, 38 seconds
Episode Artwork

Chromeloader evolves, ransomware falls, US reviews social media campaigns

The shifting ways of Chromeloader Ransomware attacks fall in first half Pentagon orders review of social media influence campaigns Thanks to today’s episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks. For more information visit 6clicks.com/cisoseries.
9/20/20227 minutes, 22 seconds
Episode Artwork

Uber downplays breach, LastPass downplays hack, Netgear router vulnerability

Uber says there is no evidence that users’ private information was compromised LastPass says hackers accessed its systems for just 4 days Netgear Routers impacted by FunJSQ module flaw Thanks to today’s episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.  
9/19/20228 minutes, 6 seconds
Episode Artwork

Week in Review: Uber hacked, intermittent encryption ransomware, Twitter overheats

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Quincy Castro, CISO, Redis Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance. Edgescan.com All links and the video of this episode can be found on CISO Series.com    
9/16/202224 minutes, 3 seconds
Episode Artwork

Gamers targeted on YouTube, Biden supply chain order, Queen Elizabeth II phishing scam

Gamers targeted by self-spreading stealer on YouTube Biden order further scrutinizes foreign tech supply chains Phishing attacks being launched in the name of Queen Elizabeth II Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com
9/16/20227 minutes, 31 seconds
Episode Artwork

Teams leaks tokens, cyberscammer human trafficking, Treasury Tornado Cash guidance

Teams stores tokens in cleartext Cyberscammers caught up in human trafficking US Treasury issues guidance on Tornado Cash Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
9/15/20226 minutes, 31 seconds
Episode Artwork

Apple’s second zero-day, heat beats tweets, herd mentality phishing

Apple Releases iOS and macOS updates to patch actively exploited zero-day flaw Extreme California heat knocks key Twitter data center offline New phishing scheme uses 'herd mentality' approach to dupe victims Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com.
9/14/20227 minutes, 40 seconds
Episode Artwork

Google buys Mandiant, Redbleed mitigations hurt, Meta hands over PyTorch

Google closes on Mandiant Paying the iron price for Retbleed mitigation Meta hands over the keys to PyTorch Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
9/13/20225 minutes, 51 seconds
Episode Artwork

Intermittent encryption warning, HP firmware bugs, SEC crypto office

Ransomware gangs switching to new intermittent encryption tactic Firmware bugs in many HP computer models left unfixed for over a year U.S. SEC to set up new office for crypto filings Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
9/12/20228 minutes, 2 seconds
Episode Artwork

Week in Review: TikTok breach, China accuses US, CISA feedback

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Jason Elrod, CISO, Multicare Health System Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments… all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity All links and the video of this episode can be found on CISO Series.com  
9/9/202226 minutes, 22 seconds
Episode Artwork

China accuses US, London buses hacked, New APT42 group

China accuses US of cyberattacks and cyberespionage London's biggest bus operator hit by cyber "incident" Researchers reveal new Iranian threat group APT42 Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com.
9/9/20227 minutes, 34 seconds
Episode Artwork

CISA incident reporting, Linux-focused IoT malware, Albania cuts ties over cyberattack

CISA asks for feedback on reporting rules New Linux-focused malware targets IoT Albania cuts diplomatic ties over cyberattack Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
9/8/20226 minutes, 50 seconds
Episode Artwork

Ex-Uber exec heads to trial, Twitter fires back at Mudge, FBI K-12 warning

Uber's ex-cyber exec heads to trial Twitter fires back at Mudge for “parroting” Elon Musk FBI warns of ransomware attacks on school districts Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com
9/7/20227 minutes, 44 seconds
Episode Artwork

Sextortion ring busted, TikTok denies breach, Cloudflare cuts off Kiwi Farms

Transnational sextortion ring dismantled TikTok denies breachtok Cloudflare cuts off Kiwi Farms Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
9/6/20226 minutes, 23 seconds
Episode Artwork

Fed agency supply chain tips, Apple lawsuit settlement, Neopets 18 month hack

Federal agencies share supply chain security tips Apple settles lawsuit with developer over App Store rejections and scams Hackers were inside Neopets systems for 18 months Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com
9/2/20227 minutes, 37 seconds
Episode Artwork

Google's open-source bug bounty, Ragnar Locker hits airline, Cloudflare won't cut off services

Google launches open-source bug bounty Ragnar Locker claims attack on airline Cloudflare won’t terminate services for controversial customers Thanks to today’s episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
9/1/20227 minutes, 6 seconds
Episode Artwork

Google Translate malware, White House aviation briefing, book distributor ransomed

Google Translate app is actually Windows crypto-mining malware White House to give aviation executives classified cyberthreat briefing Book distributor Baker & Taylor hit by ransomware Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.  
8/31/20227 minutes, 23 seconds
Episode Artwork

Log4Shell Hits Israel, Russian cyberattacks on Montenegro, AlphaBay Turns 1

Microsoft warns Iranians using Log4Shell Montenegro hit with Russian cyberattacks AlphaBay Turns 1 Thanks to this week's episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
8/30/20226 minutes, 7 seconds
Episode Artwork

Hackers breach LastPass, new Agenda ransomware, Facebook Cambridge settlement

Hackers breach LastPass developer system to steal source code New Agenda ransomware appears in the threat landscape Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement Thanks to this week’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.  
8/29/20227 minutes, 48 seconds
Episode Artwork

Week in Review: Satellite hacks, Insurers balk, Twitter's cybersecurity

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, John McClure, CISO, Sinclair Broadcast Group Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. All links and the video of this episode can be found on CISO Series.com  
8/26/202222 minutes, 1 second
Episode Artwork

North Korea at BlackHat, Ransomware attacks jump, Pentagon software requirements

North Korean malware present at Black Hat Ransomware attacks jump as new malware strains proliferate Pentagon may require flaw-free software Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com.   
8/26/20228 minutes, 1 second
Episode Artwork

Nobelium’s MagicWeb, pro-Western influence campaigns, $100 million in NFTs stolen

Microsoft reveals Nobelium’s MagicWeb Details emerge on large-scale pro-Western influence campaigns Stolen NFTs prove big business Thanks to today’s episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
8/25/20226 minutes, 22 seconds
Episode Artwork

Twitter ex-security chief whistleblower, Ukraine and Poland join forces, Binance deepfake scam

Ex-security chief accuses Twitter of cybersecurity negligence Ukraine and Poland join forces to counter Russian cyberattacks Hackers use Binance exec deepfake in crypto exchange scam Thanks to today’s episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head over to CISOseries.com
8/24/20227 minutes, 45 seconds
Episode Artwork

State-backed attacks not insured, LockBit hit with DDoS, Cozy Bear gets around MFA

State-backed attacks excluded from cyber insurance LockBit hit with DDoS Cozy Bear using Microsoft accounts to bypass MFA Thanks to today’s episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
8/23/20226 minutes, 7 seconds
Episode Artwork

Urgent iPhone update, ZIP password fault, Hacking decommissioned satellites

iPhone users urged to update to patch 2 zero-days Encrypted ZIP files can have two correct passwords White hat hackers broadcast through decommissioned satellite Thanks to today’s episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com.  
8/22/20227 minutes, 28 seconds
Episode Artwork

Week in Review: Ukraine at Black Hat, Starlink hacked, cybersecurity workforce inequity

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Stephen Harrison, VP Cyber Defense, MGM Resorts Thanks to today’s episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries.  All links and the video of this episode can be found on CISO Series.com  
8/19/202227 minutes, 24 seconds
Episode Artwork

Google blocks DDoS, Moore leaves Cyber Command, BlackByte’s ransomware options

Google blocks largest HTTPS DDoS attack 'reported to date' Cyber Command loses Moore A new version of BlackByte offers extortion options Thanks to today’s episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
8/19/20228 minutes, 14 seconds
Episode Artwork

PyPi backdoors, Project Sugarush, Redalpha phishing

PyPi packages turn installed apps to backdoors Project Sugarush targets Israeli shipping RedAlpha ramps up phishing efforts Thanks to today’s episode sponsor, 6clicks Manage the full assessment lifecycle and get your business audit-ready more easily than ever using 6clicks. Identify overlap from completed audits and assessments with other standards and frameworks using Hailey-AI to streamline compliance with multiple audit requirements. With built-in content, organizations can get started on their audit and assessments faster than ever before. For more information visit 6clicks.com/cisoseries.
8/18/20227 minutes, 2 seconds
Episode Artwork

Oracle audits Tik Tok, Digital Ocean dumps Mailchimp, Twilio targets Signal

Oracle begins auditing TikTok's algorithms Digital Ocean dumps Mailchimp after attack leaked customer data Signal users exposed in targeted Twilio attack Thanks to today’s episode sponsor, 6clicks 6clicks is where vulnerability management and GRC unite. With 6licks, organizations can ingest their vulnerabilities from all scanners, link assets to vulnerabilities, raise risks and issues to remediate, and close vulnerabilities as they are remediated – all while informing their risk and compliance posture in a single platform for cohesive reporting. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
8/17/20227 minutes, 18 seconds
Episode Artwork

Chat app backdoor, PyPi cryptominer, corporate access prices drop

Chat app used as a backdoor PyPi package drops crytominer Access to corporate networks sees a value dip Thanks to today’s episode sponsor, 6clicks Protect your supply chain from third-party risk with the power of 6clicks. Organizations can better manage their vendor risk by automating the vendor assessment lifecycle and detecting vendor assessment findings. Users can identify and raise risks linked to vendors post-assessment and group them into risk registers. Then, manage, remediate and report on risks directly from 6clicks. For more information visit 6clicks.com/cisoseries.
8/16/20226 minutes, 57 seconds
Episode Artwork

Ukraine cyber chief at Black Hat, Lockheed Martin breach?, $25 Starklink hack

Ukraine's cyber chief makes surprise visit to Black Hat Killnet claims to have hacked Lockheed Martin Starlink successfully hacked using $25 modchip Thanks to today’s episode sponsor, 6clicks Identify, track, respond, and remediate issues and incidents from your various GRC workflows with 6clicks. With an issue submission form, 6clicks makes it easy and efficient for employees to submit incidents directly to an incident management team for triaging and response. Use the built-in incident response playbooks, or your own, to standardize incident response across the organization. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com
8/15/20228 minutes, 2 seconds
Episode Artwork

Week in Review: Emergency Alert flaws, Twilio confirms hack, Rebuild CISA - Krebs

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Jack Kufahl, CISO, Michigan Medicine Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com
8/12/202224 minutes, 40 seconds
Episode Artwork

Cisco’s Lapsus$ breach, Rebuild CISA – Krebs, ransomware BEC epidemic

Cisco admits corporate network compromised by gang with links to Lapsus$ CISA should split from DHS says Chris Krebs Ransomware data theft epidemic fueling BEC attacks Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
8/12/20227 minutes, 8 seconds
Episode Artwork

Open Cybersecurity Schema Framework launches, Intel SGX flaw, CISA adds DogWalk to patch list

Introducing the Open Cybersecurity Schema Framework New flaw found in Intel SGX CISA adds to its Known Exploited Vulnerabilities database Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
8/11/20227 minutes, 8 seconds
Episode Artwork

Chinese kids defrauded, Twitter Saudi spy, Facebook data divulged

Chinese fraudsters target kids playing online games Former Twitter employee convicted in Saudi spy case Facebook divulges data leading to abortion prosecution Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
8/10/20227 minutes, 46 seconds
Episode Artwork

Treasury sanctions Tornado Cash, Twilio confirms hack, Chinese hacking group targets backdoors

Treasury sanctions Tornado Cash Twilio confirms hack Chinese hacking group targets backdoors Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
8/9/20226 minutes, 30 seconds
Episode Artwork

Emergency Alert flaws, Kaspersky VPN bug, Pick Fick quick

Critical flaws found in US Emergency Alert System Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador High-severity bug in Kaspersky VPN client opens door to PC takeover Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
8/8/20226 minutes, 56 seconds
Episode Artwork

Week in Review: Cyberattacks hit Taiwan, Missile manufacturer hit, Class action donuts

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Yael Nagler, CISO, Walker & Dunlop Thanks to this week’s sponsor, HYAS “Did you know a cybersecurity breach doesn’t have to mean that your business is shut down or your data is stolen? Malware, ransomware, data exfiltration: They all report to a command and control infrastructure to receive instructions.  HYAS’s unrivaled understanding of adversary infrastructure empowers you to cut off threats from their command and control, along with any related infrastructure.  Like that old roach motel, hackers can get in, but they can’t communicate out, rendering their attack worthless. When HYAS has your back, you can proactively prevent attacks from being executed — letting your business keep moving full forward. Visit HYAS.com“ All links and the video of this episode can be found on CISO Series.com    
8/5/202221 minutes, 8 seconds
Episode Artwork

Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper

Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit4 Cisco addresses critical flaws in Small Business VPN routers DOJ now relies on paper for its most sensitive court documents, official says Thanks to today’s episode sponsor, HYAS We know IT and security teams are already overloaded — facing constant pressure to improve security without additional resources. That’s why it’s so important to find solutions that bolster your security, not your workload. HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn’t require day-to-day hand-holding — letting you focus on keeping your business moving full forward. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com.
8/5/20228 minutes, 46 seconds
Episode Artwork

Ukraine takes down bot farm, Solana wallets drained, Semikron cyberattack

Ukraine takes down massive bot farm Thousands of Solana wallets drained Semikron hit by cyberattack Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com  
8/4/20226 minutes, 38 seconds
Episode Artwork

$190M crypto theft, T-Mobile store owner busted, EU missile maker extorsion

US crypto firm hit by $190 million theft T-Mobile store owner busted running phone unlocking scheme EU missile maker denies breach but confirms extortion attempt Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com
8/3/20227 minutes, 52 seconds
Episode Artwork

Akamai distrubs massive DDoS, Australian faces spyware charges, Meta struggles with Kenya hate speech

Akamai disrupts record DDoS in Europe Australian man faces spyware charges Meta accused of failing to tackle hate speech in Kenya Thanks to today’s episode sponsor, HYAS Cybercriminals try their hardest to cover their tracks, but no matter what, they always leave a trail. HYAS Insight gives you access to all of the data you need to trace an attack back to its source. This helps you map out the complete attack campaign infrastructure, letting you proactively defend against future attacks and even potentially provide key data to law enforcement. Take your cybersecurity investigations further than you ever thought possible with HYAS Insight. Visit HYAS.com
8/2/20227 minutes, 2 seconds
Episode Artwork

Fake investment network, DawDropper Android malware, North Korea’s SharpTongue

Huge network of 11,000 fake investment sites targets Europe DawDropper Android apps serve up banking malware North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Thanks to today's episode sponsor, Hyas. Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don’t just react, take your security back with HYAS. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com.  
8/1/20227 minutes, 32 seconds
Episode Artwork

Week in Review: Chinese, Huawei misdeeds, Poor cybersecurity training, Data breach costs

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Deneen DeFiore, VP, CISO, United Airlines Thanks to our show sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure… all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity. All links and the video of this episode can be found on CISO Series.com
7/29/202225 minutes, 34 seconds
Episode Artwork

Hackers dodge macros, 365 down again, 22M health record breach

Hackers opting for new attack methods after Microsoft blocked macros by default Microsoft 365 outage knocks down admin center in North America 22 million US health records breached thus far in 2022 Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity. For the stories behind the headlines, head to CISOseries.com.
7/29/20228 minutes, 6 seconds
Episode Artwork

Subzero malware, JusTalk logs leak, average data breach cost

Microsoft warns of Subzero malware JusTalk logs leak The cost of an average data breach Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.
7/28/20227 minutes, 23 seconds
Episode Artwork

$6 million music platform hack, Rogers coding error, increased North-Korean bounty

Hacker swipes $6 million from blockchain music platform Coding error to blame for Rogers outage US doubles reward for tips on North Korean-backed hackers Thanks to today’s episode sponsor, Snyk   Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity. For the stories behind the headlines, head to CISOseries.com
7/27/20227 minutes, 45 seconds
Episode Artwork

LockBit hits Italy, Quantum bill heads to Senate, Windows adds brute force defense

LockBit hits Italy  Quantum cybersecurity bill heads to the Senate Windows adds brute force defense Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.
7/26/20226 minutes, 38 seconds
Episode Artwork

FBI nabs Huawei, Android leaks Twitterers, Microsoft’s printer warning

FBI uncovers Chinese and Huawei misdeeds 5.4 million Twitter accounts available for sale Microsoft warns that new Windows updates may break printing Thanks to today’s episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity.  For the stories behind the headlines, head to CISOseries.com.
7/25/20228 minutes, 6 seconds
Episode Artwork

Week in Review: Hiring slows, new infrastructure woes, Tik Tok grows

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Renee Guttmann, Former CISO, Campbell Soup, Coca Cola, Time Warner Thanks to this week’s sponsor, 6clicks 6clicks is your AI-powered GRC platform, featuring a fully-integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit 6clicks.com/cisoseries. All links and the video of this episode can be found on CISO Series.com  
7/22/202220 minutes, 23 seconds
Episode Artwork

Microsoft Teams outage, heatwave melts Oracle, hiring cyber mercenaries

Microsoft Teams outage also takes down Microsoft 365 services Heatwave forced Google and Oracle to shut down in London Hackers for hire: adversaries employ “cyber mercenaries” Thanks to today’s episode sponsor, 6clicks Experience the magic of Hailey, the 6clicks artificial intelligence engine for risk and compliance. With Hailey, organizations can automatically show cross-compliance between regulations or identify gaps to external compliance requirements in their policies. Eliminate manual and costly risk and compliance processes by joining the hundreds of businesses that trust 6clicks. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
7/22/20228 minutes, 14 seconds
Episode Artwork

Microsoft security job cuts, Neopet data leak, Russia malware trickery

Microsoft cuts security jobs amidst weakening economy Is your cute little Neopet leaking your personal data? Russia disguises malware as Ukrainian app for hacking Russia Thanks to today’s episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/content. For the stories behind the headlines, head over to CISOseries.com
7/21/20226 minutes, 55 seconds
Episode Artwork

Leaky GPS Trackers, Russian Malware Spoof Pro-Ukraine App, MacOS Backdoor to the Cloud

Car GPS tracker exposes location data Russian malware groups spoof pro-Ukraine apps MacOS backdoor speaks to the cloud Thanks to today’s episode sponsor, 6clicks Your GRC solution is only as valuable as the reports it can generate. Provide an exceptional analytics experience for all your GRC stakeholders with the 6clicks reporting suite. Unlock powerful insights and prove compliance using dashboards and charts, pixel perfect reporting, presentations, and data storytelling via LiveDocs. For more information visit 6clicks.com/analytics/overview.
7/20/20226 minutes, 32 seconds
Episode Artwork

Cyberattack hits Albania, Speculative execution not patched, DARPA studies open-source

Albania hit with cyberattack Vendors not patching for speculative execution DARPA looks into open-source Thanks to today’s episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/lp-enterprise-hub-spoke.
7/19/20226 minutes, 43 seconds
Episode Artwork

Towns paying for remote workers, CISA orders agency patch, PLC software delivers Sality

Dozens of cities and towns are paying tech workers to abandon Silicon Valley CISA orders agencies to patch new Windows zero-day used in attacks Password recovery tool infects industrial systems with Sality malware Thanks to today’s episode sponsor, 6clicks The 6clicks AI-powered GRC platform with an integrated content library is the most intelligent way to get ISO 27001 certified. It allows you to automate audits, manage risks, track assets, and report in real-time. Join hundreds of businesses that trust 6clicks and start your ISO 27001 journey today. For more information visit 6clicks.com/lp-iso-27001. For the stories behind the headlines, head to CISOseries.com.
7/18/20228 minutes, 32 seconds
Episode Artwork

Week in Review: Microsoft phishing warning, Callback phishing scams, Log4J forever

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Carla Sweeney, VP Information Security Red Ventures Thanks to our episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com  
7/15/202221 minutes, 48 seconds
Episode Artwork

C.I.A. Vault 7 engineer convicted, Hackers targeted Jan6 journalists, Twitter’s brief outage

Ex-C.I.A. engineer convicted in biggest theft ever of Agency secrets Chinese hackers targeted U.S. political reporters just ahead of January 6 attack, researchers say Twitter outage briefly hits thousands Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
7/15/20227 minutes, 25 seconds
Episode Artwork

Massive phishing operation, Android malware gets millions of millions, Spectre-like x86 attack

Microsoft warns of massive phishing operation Android malware downloaded over 3 million times More speculative-execution attacks found for x86 Thanks to today’s episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance.
7/14/20226 minutes, 28 seconds
Episode Artwork

FTC anonymization crackdown, TikTok privacy change, gov't contractor pays $9 million

FTC is cracking down on false claims of anonymizing data TikTok halts privacy policy change in Europe Government contractor pays $9 million over whistleblower allegations Thanks to today’s episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com
7/13/20227 minutes, 15 seconds
Episode Artwork

Ransomware hits French telco, NSO Group acquisition called off, Krebs on Experian security

Ransomware hits French telco NSO Group acquisition called off Krebs on Experian security Thanks to today’s episode sponsor, Edgescan Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage.
7/12/20226 minutes, 38 seconds
Episode Artwork

China censors 1B hack, Pentagon's bug bounty, Tech hiring cools

China tries to censor what could be biggest data hack in history Pentagon: We'll pay you if you can find a way to hack us Tech’s red-hot hiring spree shows signs of cooling Thanks to today’s episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.
7/11/20228 minutes, 1 second
Episode Artwork

Week in Review – July 4-8, 202

Link to Blog Post Cyber Security Headlines – Week in Review – July 4-8, 2022   This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, David Cross, SVP/CISO Oracle SaaS Cloud Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. All links and the video of this episode can be found on CISO Series.com  
7/8/202219 minutes, 54 seconds
Episode Artwork

July 8, 2022

Cisco and Fortinet release security patches for multiple products Canada’s RCMP have been using powerful malware to snoop on people’s communications Online programming IDEs can be used to launch remote cyberattacks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.
7/8/20228 minutes, 20 seconds
Episode Artwork

July 7, 2022

Attackers moving off Cobalt Strike Cyberattacks against law enforcement on the rise Apple announces lockdown mode Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
7/7/20226 minutes, 54 seconds
Episode Artwork

July 6, 2022

Hacker may have stolen personal data of 1 billion Chinese citizens Ukrainian police take down phishing gang behind payments scam NIST unveils ‘quantum-proof’ cryptography algorithms Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com
7/6/20226 minutes, 47 seconds
Episode Artwork

July 5, 2022

Jenkins discloses dozens of zero-day bugs in multiple plugins Rogue HackerOne employee steals bug reports to sell on the side Patchable and preventable security issues lead causes of Q1 attacks Thanks to today’s episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com. 
7/5/20228 minutes, 16 seconds
Episode Artwork

July 1, 2022

A new sophisticated malware is attacking SOHO routers New study shows over half of employees use prohibited apps Google battles bots, puts Workspace admins on alert Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr. For the stories behind the headlines, head to CISOseries.com.
7/1/20228 minutes, 10 seconds
Episode Artwork

June 30, 2022

NATO to create rapid response cyber force FBI warns of deep fakes for remote work Ship controls identified as another major attack surface Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr.
6/30/20226 minutes, 56 seconds
Episode Artwork

June 29, 2022

Stolen PII and deepfakes used to apply for tech jobs Russia fines foreign firms for data violations Premier League crypto sponsorships expose fans to big losses Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr.  For the stories behind the headlines, head to CISOseries.com  
6/29/20226 minutes, 50 seconds
Episode Artwork

June 28, 2022

Ransomware gang launches bug bounty KillNet claims DDoS on Lithuania ICS security bill passes House Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr.
6/28/20227 minutes, 6 seconds
Episode Artwork

June 27, 2022

New phishing method bypasses MFA using Microsoft WebView2 apps Russian threat actors may be behind the explosion at Texas liquefied natural gas plant Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan Thanks to today’s episode sponsor, Optiv The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters. If you’d like to learn more about Optiv ADR, please visit Optiv.com/adr For the stories behind the headlines, head to CISOseries.com.
6/27/20228 minutes, 8 seconds
Episode Artwork

Week in Review – June 20-24, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Marnie Wilking, CISO, Wayfair Thanks to today’s episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft. All links and the video of this episode can be found on CISO Series.com
6/24/202224 minutes, 42 seconds
Episode Artwork

June 24, 2022

Cloud email threats soar 101% in a year NHS warns of scam COVID-19 text messages Fancy Bear uses nuke threat lure to exploit 1-click bug Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com.
6/24/20228 minutes, 6 seconds
Episode Artwork

June 23, 2022

Daycare apps found insecure Encryption flaws found in Mega Microsoft retires cloud facial recognition Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft.
6/23/20226 minutes, 57 seconds
Episode Artwork

June 22, 2022

Cloudflare outage impacts crypto exchanges Biden signs a pair of cybersecurity bills 7-zip now supports Windows ‘Mark-of-the-Web’ security feature Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com
6/22/20227 minutes, 22 seconds
Episode Artwork

June 21, 2022

Windows downloads blocked in Russia The importance of receipts Chrome extensions can be used for fingerprinting Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft.
6/21/20227 minutes, 18 seconds
Episode Artwork

June 20, 2022

US DoJ announces shut down of Russian RSOCKS Botnet Experts warn of a new eCh0raix ransomware campaign targeting QNAP NAS Mixed results for Russia's aggressive Ukraine information war, experts say Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: • Increasing security • Decreasing risk • Lowering cost Learn more at www.optiv.com/IAM-Microsoft. For the stories behind the headlines, head to CISOseries.com.
6/20/20227 minutes, 41 seconds
Episode Artwork

Week in Review – June 13-17, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Ariel Weintraub, CISO, MassMutual Thanks to today’s episode sponsor, Datadog Check out Datadog‘s on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
6/17/202223 minutes, 47 seconds
Episode Artwork

June 17, 2022

House Armed Services chair calls national security software, systems 'too vulnerable' Microsoft Office 365 AutoSave can assist cloud ransomware attacks OMIGOD! There’s more to OMIGOD Thanks to today’s episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.
6/17/20227 minutes, 39 seconds
Episode Artwork

June 16, 2022

Cloudflare repels another record DDoS Africa’s largest supermarket chain hit with ransomware Resurgence in travel not ignored by threat actors Thanks to today’s episode sponsor, Datadog Check out Datadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
6/16/20226 minutes, 28 seconds
Episode Artwork

June 15, 2022

US defense contractor discusses takeover of NSO spyware DoJ will no longer prosecute ethical hackers Attack on Kaiser Permanente exposes data of thousands of customers Thanks to today’s episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com
6/15/20226 minutes, 25 seconds
Episode Artwork

June 14, 2022

Leaky continuous integration logs Exchange servers used to deploy Black Cat Bluetooth can be used to track phones Thanks to today’s episode sponsor, Datadog Check out Datadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/
6/14/20226 minutes, 50 seconds
Episode Artwork

June 13, 2022

Amazon’s chat app has a child sex abuse problem Ransomware decryptors now for sale on gaming platform China’s biggest online influencers go dark Thanks to today’s episode sponsor, Datadog Watch Datadog's on-demand webinar for a 30-minute discussion on driving DevSecOps best practices in the enterprise with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Cormac shares stories and leadership lessons that are applicable to any enterprise technical leader looking to help their firm build and operate services in an increasingly competitive and treacherous digital economy. Watch now at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com
6/13/20227 minutes, 35 seconds
Episode Artwork

Week in Review – June 6-10, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Upendra Mardikar, CSO, Snap Finance Thanks to our sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. All links and the video of this episode can be found on CISO Series.com  
6/10/202226 minutes, 25 seconds
Episode Artwork

June 10, 2022

MFA could be long haul for some federal agencies says CISA official New Emotet variant stealing users' credit card information from Google Chrome Symantec: More malware operators moving in to exploit Follina Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results. For the stories behind the headlines, head to CISOseries.com.
6/10/20228 minutes, 7 seconds
Episode Artwork

June 9, 2022

Lack of reporting hurting the ransomware fight CISA warns of China-linked network snooping Personal information marketplace taken down Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
6/9/20227 minutes, 8 seconds
Episode Artwork

June 8, 2022

Passwords are finally dead Hackers steal credit cards from online gun shops Shields data breach affects 2 million patients Thanks to today’s episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and management platform.  For the stories behind the headlines, head to CISOseries.com
6/8/20228 minutes, 7 seconds
Episode Artwork

June 7, 2022

The once and future AlphaBay Karakurt adopts bill collector tactics China concludes its cybersecurity review of Didi Thanks to today’s episode sponsor, PlexTrac PlexTrac is the platform that empowers your offensive security team to spend more time hacking and less time reporting. Build better reports in half the time, centralize your data, maximize your reusable content, and become more efficient and effective. PlexTrac clients report a “5X ROI in 1 year,” a “30% increase in efficiency,” have “cut their reporting cycle by 65%,” and experienced a “18 to 22% time savings per engagement.”  Check out PlexTrac.com/CISOSeries to learn how PlexTrac can help your team deliver results.
6/7/20226 minutes, 38 seconds
Episode Artwork

June 6, 2022

Evasive phishing mixes reverse tunnels and URL shortening services Exploit released for Atlassian Confluence RCE bug, patch now Lawmakers are racing to pass tech antitrust reforms before midterms Thanks to today’s episode sponsor, PlexTrac The best penetration tests begin and end with PlexTrac. PlexTrac can improve efficiency and effectiveness at every phase of your proactive assessments. By centralizing the data from all your automation tools, cataloging important reusable content for easy access, and promoting communication and visibility at every phase of an assessment, PlexTrac cuts reporting time in half and adds value between reports.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the premier pentest reporting and management platform.  For the stories behind the headlines, head to CISOseries.com.
6/6/20227 minutes, 55 seconds
Episode Artwork

Week in Review – May 30-June 3, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 30-June 3, is hosted by Rich Stroffolino with our guest, Steve Zalewski, Co-host, Defense in Depth Thanks to today’s episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com
6/3/202223 minutes, 2 seconds
Episode Artwork

June 3, 2022

Leaked Conti chats confirm gang’s ability to conduct firmware-based attacks Critical UNISOC chip vulnerability affects millions of Android smartphones ExpressVPN removes servers in India after refusing to comply with government order Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.
6/3/20228 minutes, 23 seconds
Episode Artwork

June 2, 2022

Europol shuts down FluBot Hive ransomware kicks Costa Rica when its down CISA issues advisory on voting machine vulnerabilities Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
6/2/20226 minutes, 44 seconds
Episode Artwork

June 1, 2022

Follina vulnerability under active exploitation Tension inside Google over conduct of fired researcher IBM to pay $1.6 billion for poaching customer account Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com
6/1/20227 minutes, 14 seconds
Episode Artwork

May 31, 2022

China censoring open-source code Follina zero-day hits Office EnemyBot botnet acts fast Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
5/31/20226 minutes, 58 seconds
Episode Artwork

May 30, 2022

Pro-Russian hacker group KillNet plans to attack Italy today Microsoft warns that hackers are using more advanced techniques to steal credit card data China makes offer to ten nations help to run their cyber-defenses Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.
5/30/20228 minutes, 4 seconds
Episode Artwork

May 27, 2022

Up to 83% of known compromised passwords would satisfy regulatory requirements Broadcom confirms deal to acquire VMware Experts warn of rise in ChromeLoader malware Thanks to today’s episode sponsor, Optiv Up for a Zero Trust Crash Course? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv’s Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by going to www.optiv.com/zerotrust. For the stories behind the headlines, head to CISOseries.com.
5/27/20227 minutes, 41 seconds
Episode Artwork

May 26, 2022

Popular open source libraries leaked keys for “research” DuckDuckGo gives Microsoft a pass on trackers Microsoft weathers the vulnerability storm Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust.
5/26/20226 minutes, 55 seconds
Episode Artwork

May 25, 2022

Interpol warns nation-state malware could become a commodity on dark web soon General Motors Hit by cyber-attack exposing car owners' personal info Canada to ban China's Huawei and ZTE from its 5G networks Thanks to today’s episode sponsor, Optiv Up for a Zero Trust Crash Course? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv’s Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by going to www.optiv.com/zerotrust. For the stories behind the headlines, head to CISOseries.com.
5/25/20227 minutes, 43 seconds
Episode Artwork

May 24, 2022

Cyberattack divorces Zola users from registries A look at the RansomHouse data-extortion operation Now we have to worry about pre-hijacking attacks Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com
5/24/20226 minutes, 57 seconds
Episode Artwork

May 23, 2022

Ransomware victim trolls hackers with obscene pics CISOs list top cyber threats to enterprises in 2022 YouTube removes more than 9,000 Ukraine war-related channels Thanks to today’s episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com
5/23/20227 minutes, 33 seconds
Episode Artwork

Week in Review – May 16-20, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 16-20, is hosted by Rich Stroffolino with our guest, Jerich Beason, CISO, Commercial Bank, CapitalOne Thanks to today's episode sponsor, Torq All links and the video of this episode can be found on CISO Series.com      
5/20/202224 minutes, 23 seconds
Episode Artwork

May 20, 2022

Greenland health services limited from cyberattacks Phishing attacks surge in Q1 Google details 2021 zero-days And now let’s thank today’s sponsor, Torq Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io.
5/20/20227 minutes, 22 seconds
Episode Artwork

May 19, 2022

VMware bugs abused to deliver Mirai malware Microsoft to debut of zero trust GDAP tool Bank of Zambia refuses to pay ransom to cyberattack group Hive And now let’s thank today’s sponsor, Torq Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.  
5/19/20228 minutes, 9 seconds
Episode Artwork

May 18, 2022

Buffalo massacre suspect signaled plans on Discord for months Google faces litigation for unauthorised use of medical records Venezuelan doctor accused of developing and distributing ransomware And now let’s thank today’s sponsor, Torq Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com
5/18/20228 minutes, 22 seconds
Episode Artwork

May 17, 2022

Costa Rican ransomware rhetoric somehow gets uglier DOJ files its first criminal cryptocurrency sanctions case Trying to fix open source supply chain security And now let’s thank today’s sponsor, Torq Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.
5/17/20227 minutes, 5 seconds
Episode Artwork

May 16, 2022

Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Microsoft fixes new PetitPotam Windows NTLM relay attack vector Hackers are exploiting critical bug in Zyxel firewalls and VPNs And now let’s thank today’s sponsor, Torq Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
5/16/20228 minutes, 1 second
Episode Artwork

Week in Review – May 9-13, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 9-13, is hosted by Rich Stroffolino with our guest, Rich Lindberg, CISO, JAMS Thanks to our sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
5/13/202223 minutes, 43 seconds
Episode Artwork

May 13, 2022

Google will use mobile devices to thwart phishing attacks CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability Kick China off social media, says tech governance expert Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.
5/13/20228 minutes, 33 seconds
Episode Artwork

May 12, 2022

Old botnets are new again Meta withdraws Oversight Board guidance request EU proposes new CSAM rules Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
5/12/20226 minutes, 49 seconds
Episode Artwork

May 11, 2022

Russian TV hacked on Victory Day US pledges to help Ukraine keep internet and lights running Pentagon’s concerns China may prompt vetting startups Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
5/11/20226 minutes, 59 seconds
Episode Artwork

May 10, 2022

Ransomware state of emergency in Costa Rica Microsoft launches service to fill the cyber skills gap College closes permanently due to ransomware Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog’s engineers on how teams can speed up investigations by assessing security and observability data using Datadog’s unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/
5/10/20226 minutes, 55 seconds
Episode Artwork

May 9, 2022

Google Play now blocks paid app downloads, updates in Russia NIST releases updated guidance for defending against supply-chain attacks US State Department offering $10 million reward for information about Conti members Thanks to our episode sponsor, Datadog In this on-demand webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.
5/9/20228 minutes, 11 seconds
Episode Artwork

Week in Review – May 2-6, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 2-6, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Censys Why Censys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It’s the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io. All links and the video of this episode can be found on CISO Series.com    
5/6/202224 minutes, 16 seconds
Episode Artwork

May 6, 2022

Decade-old bugs discovered in Avast, AVG antivirus software Thailand and Hong Kong Banks used most in BEC Every ISP in the US must block these 3 pirate streaming services Thanks to today's episode sponsor, Censys Why Censys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It’s the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io. For the stories behind the headlines, head to CISOseries.com.
5/6/20228 minutes, 21 seconds
Episode Artwork

May 5, 2022

CuckooBees campaign stings targets for years Health and Human Services hammered over security Docker images used to DDoS Russian sites Thanks to today's episode sponsor, Censys Censys’ Attack Surface Management tool discovers and inventories all Internet-facing assets including traditional assets like hosts, IPs, and cloud services like storage buckets across all accounts and networks. ASM gives you a continuous picture of your attack surface. Start with Censys at censys.io.
5/5/20226 minutes, 47 seconds
Episode Artwork

May 4, 2022

Google claims to have blocked billions of malicious app downloads NortonLifeLock willfully infringed malware patents Former eBay exec pleads guilty to cyber stalking Thanks to today's episode sponsor, Censys Tom the CTO can’t go into the boardroom unprepared. It’s his job to know all the risks to his company – especially the one that could land him on the front page of the newspaper. His best bet for survival is staying ahead of the most critical threats. Tom, you can be that source of truth; start with Censys at censys.io right now. For the stories behind the headlines, head to CISOseries.com
5/4/20227 minutes, 27 seconds
Episode Artwork

May 3, 2022

Solana network goes dark after bot swarm The spyware in Spain falls mostly on the politicians Security isn’t top of mind for mental health apps Thanks to today's episode sponsor, Censys All Pat the Security Practitioner wants is to do a good job and be the frontline in keeping his company safe. He’s got great tools, but nothing that can show him if there are company assets that have somehow made their way onto the internet. If only Pat knew about Censys’ Attack Surface Management tool. Now you do – start with Censys at censys.io.
5/3/20226 minutes, 25 seconds
Episode Artwork

May 2, 2022

Top 15 exploited security vulnerabilities in 2021 India gives orgs 6 hours to report cyber incidents The White House wants more powers to crack down on rogue drones Thanks to today's episode sponsor, Censys What Chris the CISO wants is to protect against revenue loss and damage to his company’s brand from data breaches and compliance failures. But he’s got a blind spot around his internet exposure. What assets are out there on the internet that his team doesn’t know about? Well, Chris, it’s simple – start with Censys at censys.io. For the stories behind the headlines, visit CISOseries.com.
5/2/20227 minutes, 32 seconds
Episode Artwork

Week in Review – Apr 25-29, 2022

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, Apr 25-29, is hosted by Rich Stroffolino with our guest, Hadas Cassorla, CISO, M1 Financial  Thanks to our episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com  
4/29/202223 minutes, 21 seconds
Episode Artwork

April 29, 2022

Global security spending set to hit $198bn by 2025 New malware loader Bumblebee adopted by known ransomware access brokers Cloudflare thwarts record DDoS attack Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.
4/29/20227 minutes, 57 seconds
Episode Artwork

April 28, 2022

Russia experiences hacks at scale State Department puts a price on NetPetya’s head Two-thirds of organizations hit with ransomware Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
4/28/20227 minutes, 16 seconds
Episode Artwork

April 27, 2022

Elon Musk’s Twitter takeover could be bad for security and privacy Stormous Ransomware targets Coca Cola US offers $10 million reward for help locating Russian hackers Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.
4/27/20226 minutes, 49 seconds
Episode Artwork

April 26, 2022

Mandiant finds record zero-days in 2021 Bored Ape Yacht Club hacked Oracle patches critical Java vulnerability Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
4/26/20226 minutes, 53 seconds
Episode Artwork

April 25, 2022

Hackers find 122 vulnerabilities, 27 deemed critical, during first round of DHS bug bounty program Anonymous has leaked 5.8 TB of Russian data since declaring cyber war AWS's Log4j patches blew holes in its own security Thanks to today’s episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.
4/25/20228 minutes, 37 seconds
Episode Artwork

April 22, 2022

Critical chipset bugs open millions of Android devices to remote spying New Five Eyes alert warns of Russian threats targeting critical infrastructure Machine-learning models vulnerable to undetectable backdoors And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.
4/22/20228 minutes, 36 seconds
Episode Artwork

April 21, 2022

Okta reports on Lapsus$ breach Popular VPNs use risky certificates Project Zero disclosed a new vulnerability record And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
4/21/20226 minutes, 53 seconds
Episode Artwork

April 20, 2022

LinkedIn is now the most popular phish bait Lenovo patches firmware vulnerabilities impacting millions of users Ukraine war stokes internet connectivity concerns in Taiwan And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com
4/20/20227 minutes, 5 seconds
Episode Artwork

April 19, 2022

Catalan leaders targeted by NSO spyware Researchers share a deep dive into PYSA ransomware operations Most security teams feeling the talent shortage And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
4/19/20226 minutes, 7 seconds
Episode Artwork

April 18, 2022

Microsoft: Office 2013 will reach end of support in April 2023 Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Mute button in conferencing apps may not actually mute your mic And here’s a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.
4/18/20227 minutes, 41 seconds
Episode Artwork

April 15, 2022

Data breach disclosures surge 14% in Q1 2022 Windows 11 tool to add Google Play secretly installed malware DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk.    Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
4/15/20228 minutes, 22 seconds
Episode Artwork

April 14, 2022

Industrial cybersecurity companies form coalition Microsoft disrupts ZLoader T-Mobile hired someone to get their data back Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network.   Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.
4/14/20226 minutes, 42 seconds
Episode Artwork

April 13, 2022

RaidForums hacker marketplace shut down in cross-border law enforcement operation Sandworm hackers fail to take down Ukrainian energy provider CISA warns of Russian state hackers exploiting WatchGuard bug Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more. For the stories behind the headlines, head to CISOseries.com.
4/13/20228 minutes, 35 seconds
Episode Artwork

April 12, 2022

NSO Group spyware reportedly used against European Commission The malware is coming from inside the phone OpenSSH gets ready for quantum computing Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.   In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.
4/12/20226 minutes, 49 seconds
Episode Artwork

April 11, 2022

New Meta information stealer distributed in malspam campaign NB65 group targets Russia with a modified version of Conti’s ransomware Elon Musk unveils vision for Twitter after joining board Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk.    Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
4/11/20227 minutes, 56 seconds
Episode Artwork

Week in Review – Apr 4-8, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Apr 4-8, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, American Century Investments Thanks to our sponsor, Code42 It’s not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network.   Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.  
4/8/202223 minutes, 52 seconds
Episode Artwork

April 8, 2022

Newly discovered flaw could allow hacking of Samsung Android devices Adobe Creative Cloud Experience makes malware easier to hide Parrot redirect service infects 16,500 sites to push malware Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network.   Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
4/8/20228 minutes, 44 seconds
Episode Artwork

April 7, 2022

US disrupted Russian botnet Twitter shadowbans Russian government accounts DOJ charges Russian national with operating Hydra Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who’s resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you’ll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations’ most valuable assets. Visit Code42.com/showme to learn more.
4/7/20226 minutes, 58 seconds
Episode Artwork

April 6, 2022

Germany takes down world's largest darknet market Anonymous leaks personal details of Russian soldiers CISA adds Spring4Shell to list of exploited vulnerabilities Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft.   In fact, the Code42 Annual Data Exposure Report revealed there’s a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, visit CISOseries.com
4/6/20227 minutes, 13 seconds
Episode Artwork

April 5, 2022

Russian secret police exposed in data leak MailChimp hit with breach The Bureau of Cyberspace and Digital Policy goes live Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don’t need to be Big Brother to effectively address Insider Risk.    Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
4/5/20226 minutes, 29 seconds
Episode Artwork

April 4, 2022

New Borat remote access malware is no laughing matter Apple rushes out patches for 0-days in MacOS, iOS National Security Agency employee indicted for 'leaking top secret info' Thanks to our episode sponsor, Code42 It’s not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network.   Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.
4/4/20228 minutes, 46 seconds
Episode Artwork

Week in Review – Mar 28-Apr 1, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Mar 28-Apr 1, is hosted by Rich Stroffolino with our guest, Fredrick Lee, CISO, Gusto Thanks to our episode sponsor, Varonis All links and the video of this episode can be found on CISO Series.com  
4/1/202224 minutes, 17 seconds
Episode Artwork

April 1, 2022

Palo Alto Networks error exposed customer support cases, attachments New AcidRain data wiper malware targets modems and routers Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, head to CISOseries.com.
4/1/20228 minutes, 17 seconds
Episode Artwork

March 31, 2022

Hackers abusing the power of subpoena Lapsus$ claims hack of Globant Brian Krebs sued by Ubiquiti for defamation Thanks to our episode sponsors, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.
3/31/20226 minutes, 52 seconds
Episode Artwork

March 30, 2022

Ukraine destroys panic-spreading bot farms Yandex is sending iOS user data to Russia Ronin Network victimized in record-breaking crypto heist Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com.
3/30/20227 minutes, 42 seconds
Episode Artwork

March 29, 2022

Ukraine ISP taken down by cyber attack Windows can now block drivers Deepfakes take a turn for the banal Thanks to our episode sponsors, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries.
3/29/20226 minutes, 59 seconds
Episode Artwork

March 28, 2022

Critical Sophos Firewall vulnerability allows remote code execution Okta: "We made a mistake" delaying the Lapsus$ hack disclosure CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog Thanks to our episode sponsors, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.  For the stories behind the headlines, head to CISOseries.com.
3/28/20228 minutes
Episode Artwork

Week in Review – Mar 21-25, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Mar 21-25, is hosted by Rich Stroffolino with our guest, John Prokap, CISO, Success Academy Charter Schools Thanks to our episode sponsor, Varonis Customer: "The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically." Hear more at www.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
3/25/202224 minutes, 9 seconds
Episode Artwork

March 25, 2022

UK police arrest 7 people in connection with Lapsus$ North Korean hackers exploit Chrome zero-day weeks before patch Anonymous claims to have hacked the Central Bank of Russia Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/25/20228 minutes, 11 seconds
Episode Artwork

March 24, 2022

Microsoft expands program to fill cyber skills gap Cyber Crime Losses Up 64% in 2021 Microsoft confirms Lapsus$ breach Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit www.varonis.com/cisoseries.
3/24/20226 minutes, 25 seconds
Episode Artwork

March 23, 2022

Ransomware attack on Okta leads to data breach Lapsus$ leaks 37GB of Microsoft source code Anonymous hacks Nestlè for operating in Russia Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform.  For the stories behind the headlines, visit CISOseries.com
3/23/20226 minutes, 57 seconds
Episode Artwork

March 22, 2022

Ransomware puts the breaks on Bridgestone Phishing with browser-in-a-browser attacks Conti Leaks leaks Conti code Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries.
3/22/20226 minutes, 19 seconds
Episode Artwork

March 21, 2022

CISA, FBI tell satellite communications network owners to watch out for hacks after Ukraine attack Hackers claim to breach TransUnion South Africa with 'Password' password Developer sabotages own npm module prompting open-source supply chain security questions Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/21/20227 minutes, 57 seconds
Episode Artwork

Week in Review – Mar 14-18, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Mar 14-18, is hosted by David Spark with our guest, Eric Hussey, CISO, Aptiv Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com  
3/18/202223 minutes, 45 seconds
Episode Artwork

March 18, 2022

  Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.
3/18/20227 minutes, 49 seconds
Episode Artwork

March 17, 2022

Phony Instagram ‘support staff’ emails hit insurance company Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018 Microsoft Defender tags Office updates as ransomware activity Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/17/20227 minutes, 45 seconds
Episode Artwork

March 16, 2022

More destructive wiper malware strikes Ukraine German security agency recommends replacing Kaspersky antivirus HackerOne apologizes to Ukrainian hackers for blocking payouts Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com
3/16/20227 minutes, 23 seconds
Episode Artwork

March 15, 2022

Ukraine’s IT army hit with malware Mobile endpoints see a lot of malicious apps AMD vulnerable to Spectre v2 Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at www.varonis.com/cisoseries.
3/15/20225 minutes, 50 seconds
Episode Artwork

March 14, 2022

Ubisoft changes employee passwords after “cyber security incident” Cyber Command chief tells Congress chip shortage has national security implications LockBit claims hack on Bridgestone tires Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/14/20228 minutes, 22 seconds
Episode Artwork

Week in Review – Mar 7-11, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Mar 7 – 11, is hosted by Rich Stroffolino with our guest, Anshu Gupta, Investor, Silicon Valley CISO Investments Thanks to our sponsor, Torq Security Automation Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. All links and the video of this episode can be found on CISO Series.com  
3/11/202222 minutes, 54 seconds
Episode Artwork

March 11, 2022

Russia creates its own TLS certificate authority to bypass sanctions Online sleuths are using face recognition to ID Russian soldiers Basic text-color trick can fool phishing filters There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
3/11/20228 minutes, 14 seconds
Episode Artwork

March 10, 2022

Chipmakers warn of new speculative execution bugs US worked to shore up Ukraine’s cyber defense in 2021 Twitter Tor service launches There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io.
3/10/20226 minutes, 34 seconds
Episode Artwork

March 9, 2022

Google to purchase cybersecurity firm Mandiant for $5.4 billion Security vendors help infrastructure orgs protect against Russian cyberattacks Russian VPN demand soars amidst social media crackdown There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head over to CISOseries.com
3/9/20228 minutes, 3 seconds
Episode Artwork

March 8, 2022

Leaked Nvidia data used in malware Russia says it's okay to download a car Sharkbot takes a bite out of the Play Store There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.
3/8/20226 minutes, 35 seconds
Episode Artwork

March 7, 2022

Charities and NGOs that provide support to Ukraine hit by malware 'Most advanced' China-linked backdoor ever raises alarms for cyber-espionage investigators Hackers allegedly leak Samsung data, source code There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
3/7/20228 minutes, 7 seconds
Episode Artwork

Week in Review – Feb 28-Mar 4, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Feb 28-Mar 4, is hosted by Rich Stroffolino with our guest, Ody Lupescu, CISO, Ethos Life Thanks to our episode sponsor, Torq There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. All links and the video of this episode can be found on CISO Series.com
3/4/202222 minutes, 26 seconds
Episode Artwork

March 4, 2022

Cyberattack attempts on Ukraine surge tenfold Ukraine's “IT army” targets Belarus railway network, Russian GPS Eight-character passwords can be cracked in less than 60 minutes There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can’t be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
3/4/20227 minutes, 21 seconds
Episode Artwork

March 3, 2022

Conti and Trickbot code leaks API attacks surge in 2021 Log4Shell still being used in the wild There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io.
3/3/20226 minutes, 44 seconds
Episode Artwork

March 2, 2022

Russia-Ukraine War update Nvidia confirms company data was stolen in hack Half of employees use unauthorized file services at work There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, go to cisoseries.com
3/2/20228 minutes, 14 seconds
Episode Artwork

March 1, 2022

Toyota suspends Japanese production due to cyberattack Microsoft providing threat intelligence to Ukraine Twitter to label tweets from state-owned media There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it’s hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.
3/1/20226 minutes, 14 seconds
Episode Artwork

February 28, 2022

Ukraine recruits volunteer IT army to hack list of Russian entities Russia demands Google restore access to its media YouTube channels in Ukraine Chipmaker giant Nvidia hit by ransomware attack There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they’re threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.
2/28/20228 minutes, 5 seconds
Episode Artwork

Week in Review – Feb 21-25, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Feb 21-25, is hosted by Rich Stroffolino with our guest, Mark Eggleston, CISO, CSC Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It’s free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. All links and the video of this episode can be found on CISO Series.com
2/25/202222 minutes, 16 seconds
Episode Artwork

February 25, 2022

Cyberattacks accompany Russian military assault on Ukraine Putin's government warns Russian critical infrastructure of potential cyberattacks Manufacturing was the top industry targeted by ransomware last year Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.  
2/25/20227 minutes, 56 seconds
Episode Artwork

February 24, 2022

Samsung shipped devices with flawed encryption New York state gets cybersecurity center Microsoft Defender adds support for GCP Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
2/24/20226 minutes, 40 seconds
Episode Artwork

February 23, 2022

IRS is allowing taxpayers to opt out of facial recognition UK Defence Secretary warns Russia of cyber-retaliation Slack confirms outage for some users Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to cisoseries.com
2/23/20226 minutes, 48 seconds
Episode Artwork

February 22, 2022

Researches find decryption for Hive ransomware In the Google Play Store, no one can hear you scream Linux leads in patching speeds Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.
2/22/20227 minutes, 6 seconds
Episode Artwork

February 21, 2022

White House attributes Ukraine DDoS incidents to Russia's GRU Master key for Hive ransomware retrieved using a flaw in its encryption algorithm New phishing campaign targets Monzo online-banking customers Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.
2/21/20227 minutes, 10 seconds
Episode Artwork

Week in Review – Feb 14-18, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Feb 14-18, is hosted by Rich Stroffolino with our guest, Mike Hanley, CSO, GitHub Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program’s capabilities by making the most of every team member and tool.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! All links and the video of this episode can be found on CISO Series.com  
2/18/202223 minutes, 33 seconds
Episode Artwork

February 18, 2022

DOJ beefs up efforts to combat criminal use of cryptocurrencies Canada's major banks go offline in mysterious hours-long outage Hackers slip into Microsoft Teams chats to distribute malware Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program’s capabilities by making the most of every team member and tool.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
2/18/20228 minutes, 24 seconds
Episode Artwork

February 17, 2022

State-sponsored hackers hits defense contractors Unskilled hacker targeted aviation industry for years Privacy Sandbox heading to Android Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac. Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team’s day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
2/17/20227 minutes, 3 seconds
Episode Artwork

February 16, 2022

Cyberattacks take down Ukrainian military and bank websites Super Bowl ad shines a light on QR code risks CISA directs agencies to patch actively exploited Chrome and Magento bugs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management.  Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, visit cisoseries.com
2/16/20227 minutes, 52 seconds
Episode Artwork

February 15, 2022

FTC warns VoIP providers about robocalls SEC outlines new cybersecurity rules for investment firms Rampant plagiarism hits NFT marketplace Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
2/15/20226 minutes, 56 seconds
Episode Artwork

February 14, 2022

San Francisco 49ers hit by Blackbyte ransomware attack Linux malware attacks are on the rise, and businesses aren't ready for it Fake Windows 11 upgrade installers deliver RedLine malware Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
2/14/20227 minutes, 28 seconds
Episode Artwork

Week in Review – Feb 7-11, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Feb 7-11, is hosted by Rich Stroffolino with our guest, Dave Stirling, CISO, Zions Bancorporation Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com
2/11/202222 minutes, 14 seconds
Episode Artwork

February 11, 2022

Donation site for Ottawa truckers’ “Freedom Convoy” protest exposed donors’ data FritzFrog botnet returns to attack healthcare, education, government sectors If you use Zoom on a Mac, you might want to check your microphone settings Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.  
2/11/20228 minutes, 37 seconds
Episode Artwork

February 10, 2022

Ukraine takes down social media bot farm Federal use of cell siphoning tech on the rise Microsoft expands security business Thanks to our episode sponsor, Datadog Datadog’s Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog’s observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
2/10/20226 minutes, 32 seconds
Episode Artwork

February 9, 2022

DOJ arrests New York couple, seizing $3.6 billion in bitcoin Google sees 50% drop in compromises after 2SV enrollment Puma employee data stolen as a result of Kronos attack Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to cisoseries.com
2/9/20227 minutes, 18 seconds
Episode Artwork

February 8, 2022

Stolen crypto used to fund North Korean missile program Microsoft disables protocol used by malware Meta may pull out of the EU Thanks to our episode sponsor, Datadog Datadog’s Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog’s observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/
2/8/20226 minutes, 52 seconds
Episode Artwork

February 7, 2022

US House passes bill to boost chip manufacturing and R&D One in seven ransomware extortion attempts leak key operational tech records New Argo CD bug could let hackers steal secret info from Kubernetes apps Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization’s production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you’ll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.  
2/7/20228 minutes, 52 seconds
Episode Artwork

Week in Review – Jan 31-Feb 4, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Jan 24-Feb 4, is hosted by Rich Stroffolino with our guest, Brian Lozada, CISO, HBOMax Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io All links and the video of this episode can be found on CISO Series.com  
2/4/202222 minutes, 5 seconds
Episode Artwork

February 4, 2022

iPhone flaw exploited by second Israeli spy firm Target shares its own web skimming detection tool with the world MFA adoption pushes phishing actors to reverse-proxy solutions Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com.
2/4/20228 minutes, 38 seconds
Episode Artwork

February 3, 2022

Iran-linked APT activity on the rise Hacker claims responsibility for North Korean internet disruptions TikTok: the once and future national security threat Thanks to our episode sponsor, Pentera To continuously know the exploitable attack surface, automate your validation. Security validation must be as dynamic as the attack surface it’s securing. Periodical and manual tests aren’t enough to challenge the changes an organization undergoes. Security teams need to have an on-demand view of their assets and exposures, and the only way to get there is by automating your testing. Find out more at pentera.io
2/3/20227 minutes, 9 seconds
Episode Artwork

February 2, 2022

Cyber attack disrupts German oil firm operations Tesla recalls Full Self Driving feature that lets cars roll through stop signs FBI recommends using burner phones at the Olympics Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, security teams need to cover the full scope of potential attacks. Adversaries take the path of least resistance to the critical assets. This means using a variety of techniques to progress an attack, leveraging any vulnerability and its relevant correlations along the way. For this reason, the validation methods used must match - they need to go beyond the static vulnerability scan or control attack simulation to include a full penetration test scope. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com
2/2/20227 minutes, 28 seconds
Episode Artwork

February 1, 2022

Your GPU knows your secrets UPnP behind Eternal Silence router campaign DeFi platform hacked for $80 million Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, take the adversarial perspective. The way to know which vulnerabilities are exploitable is to…well, exploit them. This way, security teams get a concise attack vector pointing to the organization’s weakest link. From here remediation requests handed to IT are focused, manageable, and based on true business impact. Find out more at pentera.io
2/1/20226 minutes, 29 seconds
Episode Artwork

January 31, 2022

Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their ‘Tip of the Day’. Or visit pentera.io to find out more. For the stories behind the headlines, head to CISOseries.com.
1/31/20228 minutes, 22 seconds
Episode Artwork

Week in Review – Jan 24-28, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Jan 24-28, is hosted by Rich Stroffolino with our guest, Gary Hayslip, CISO, Softbank Investment Advisers Thanks to our episode sponsor, deepwatch All links and the video of this episode can be found on CISO Series.com
1/28/202221 minutes, 3 seconds
Episode Artwork

January 28, 2022

US says national water supply 'absolutely' vulnerable to hackers Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users BotenaGo Mirai botnet code leaked to GitHub Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.
1/28/20228 minutes, 21 seconds
Episode Artwork

January 27, 2022

White House releases new cybersecurity strategy Trickbot gets trickier VPNLab shuttered in global takedown Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
1/27/20226 minutes, 52 seconds
Episode Artwork

January 26, 2022

Canada's foreign ministry hacked Hactivists target Belarus rail system to stop Russian military buildup Segway victimized by Magecart attack Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
1/26/20227 minutes, 25 seconds
Episode Artwork

January 25, 2022

SBA launches cybersecurity program Ransomware gangs step up insider recruitment American Olympians warned to take cybersecurity precautions Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
1/25/20226 minutes, 56 seconds
Episode Artwork

January 24, 2022

Ukraine attack update: experts find strategic similarities with NotPetya Molerats use Google Drive and Dropbox as attack infrastructure Senators introduce bill to protect satellites from getting hacked Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.  
1/24/20228 minutes, 17 seconds
Episode Artwork

Week in Review – Jan 17-21, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Jan 17-21, is hosted by Rich Stroffolino with our guest, Julie Tsai, Cybersecurity Leader Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. All links and the video of this episode can be found on CISO Series.com
1/21/202222 minutes, 29 seconds
Episode Artwork

January 21, 2022

NATO and Ukraine sign deal to boost cybersecurity Microsoft Sees Log4j attacks exploiting SolarWinds Serv-U bug Large-scale cyberattack hits the Red Cross Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com.
1/21/20228 minutes, 3 seconds
Episode Artwork

January 20, 2022

CISA warns of data-wiping attacks EU working on its own DNS service Biden expands the NSA’s cybersecurity purview Thanks to our episode sponsor, Datadog In Datadog's upcoming webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
1/20/20226 minutes, 46 seconds
Episode Artwork

January 19, 2022

Beijing 2022 Winter Olympics app loaded with privacy risks Europol shuts down cybercriminals' VPN service of choice Newspaper accuses Israeli police of spying on its own citizens Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com
1/19/20227 minutes, 49 seconds
Episode Artwork

January 18, 2022

Ukraine points fingers in recent cyber attacks Another dark web marketplace calls it quits Renewable energy targeted for cyber espionage Thanks to our episode sponsor, Datadog In Datadog's upcoming webinar, you’ll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt.
1/18/20226 minutes, 27 seconds
Episode Artwork

January 17, 2022

Microsoft discloses malware attack on Ukraine government networks New unpatched Apple Safari browser bug allows cross-site user tracking Now you can get your vulnerability alerts by phone Thanks to our episode sponsor, Datadog Join Datadog in their upcoming webinar to learn how to dissect the anatomy of an attack vector in the cloud with the use of their unified Cloud Security Platform. Visit datadoghq.com/ciso to register for the webinar in the time zone most convenient for you and attendees will also get a chance to win a Datadog t-shirt. For the stories behind the headlines, head to CISOseries.com.
1/17/20228 minutes
Episode Artwork

Week in Review – Jan 10-14, 2022

 Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Jan 10-14, is hosted by Rich Stroffolino with our guest, Tyler Young, Director, Information Security, Relativity Thanks to our episode sponsor, BlackBerry All links and the video of this episode can be found on CISO Series.com  
1/14/202220 minutes, 1 second
Episode Artwork

January 14, 2022

New undetected backdoor runs across three OS platforms Microsoft RDP bug enables data theft, smart-card hijacking Ukrainian police arrests ransomware gang that hit over 50 firms Thanks to our episode sponsor, BlackBerry CISO’s…Listen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We’re here to help. BlackBerry® Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com For the stories behind the headlines, head to CISOseries.com.
1/14/20228 minutes, 7 seconds
Episode Artwork

January 13, 2022

EU planning supply chain attack simulations TellYouThePass ransomware returns A look at Senate confirmations for cyber positions Thanks to our episode sponsor, BlackBerry With ransomware attacks like REvil, DarkSide, Conti, and recently Log4Shell, how confident are you in your cyber solution to prevent threats today and into the future? With BlackBerry’s Prevention-First endpoint security, we prevent breaches vs responding to and mitigating future attacks. With our Cylance Artificial Intelligence(AI), threats are detected and prevented pre-execution. Traditional AV vendors can’t do this. Get Prevention-First protection to keep your data and organization safe. Learn more at BlackBerry.com.
1/13/20226 minutes, 31 seconds
Episode Artwork

January 12, 2022

Apple to allow third-party app payment options in South Korea Hotel chain switches to Chrome OS to recover from ransomware attack Hackers leveraging Log4j to install NightSky ransomware Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online.   With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware. For the stories behind the headlines, head to CISOseries.com
1/12/20227 minutes, 48 seconds
Episode Artwork

January 11, 2022

Open source developer poisons his own well Hacker group self-pwns Microsoft finds TCC bypass vulnerability in macOS Thanks to our episode sponsor, BlackBerry CISO’s…Listen Up. Is your team challenged with distinguishing threat signal from noise, reducing cyber costs and finding security talent? We’re here to help. BlackBerry® Guard is a Managed Extended Detection & Response(XDR) service that merges the Cylance artificial intelligence cybersecurity platform with 24x7 support from award winning responders and prevention experts. Spend time on key security initiatives, instead of the fallout from breaches. Learn more at BlackBerry.com
1/11/20226 minutes, 33 seconds
Episode Artwork

January 10, 2022

Hackers have been sending malware-filled USB sticks to U.S. companies disguised as gifts Swiss army asks its personnel to use the Threema instant-messaging app Norton 360 faces blowback for crypto feature Thanks to our episode sponsor, BlackBerry Cybersecurity Professionals… Listen up. Ransomware is on the rise and you can’t afford to rely on ineffective endpoint technology to PREVENT attacks. With BlackBerry’s 7th generation Artificial Intelligence(AI) and Machine Learning(ML) technology powered by Cylance, malicious attacks are detected and prevented on average of 25 months BEFORE appearing online.   With our prevention-first approach, Cylance technology neutralizes malware before the exploitation stage of the kill-chain. Can your cyber solution do that? Get Prevention-First security. Visit BlackBerry.com to see the Cylance AI/ML demo prevent malware. For the stories behind the headlines, head to CISOseries.com.
1/10/20228 minutes, 35 seconds
Episode Artwork

Week in Review – Jan 3-7, 2022

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Jan 3-7, is hosted by Rich Stroffolino with our guest, Adam Glick, CISO, SimpliSafe Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. All links and the video of this episode can be found on CISO Series.com
1/7/202218 minutes, 17 seconds
Episode Artwork

January 7, 2022

Honda, Acura cars hit by Y2K22 bug that rolls back clocks New trick could let malware fake iPhone shutdown to spy on users secretly Attackers exploit flaw in Google Docs’ comments feature Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.
1/7/20227 minutes, 36 seconds
Episode Artwork

January 6, 2022

Microsoft’s digital signature verification exploited New York AG warns of credential stuffing attacks Google acquires Siemplify  Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
1/6/20226 minutes, 19 seconds
Episode Artwork

January 5, 2022

FTC warns of potential penalties for failing to fix Log4j flaws UScellular discloses data breach after billing system hack SlimPay fined for exposing data of 12 million customers for 5 years Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
1/5/20227 minutes, 37 seconds
Episode Artwork

January 4, 2022

Broward Health discloses major data breach Beware of the command line copy-paste backdoor HomeKit bug can crash iOS devices Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
1/4/20226 minutes, 37 seconds
Episode Artwork

January 3, 2022

Microsoft Exchange year 2022 bug breaks email delivery Uber email breach allows anyone to email as Uber Crypto security breaches cause $4.25 billion in losses in 2021 Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.
1/3/20227 minutes, 19 seconds
Episode Artwork

December 30, 2021

Defense bill includes cybersecurity provisions for private-sector Server firmware rootkit discovered Microsoft Defender showing Log4j false positives Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.
12/30/20216 minutes, 3 seconds
Episode Artwork

December 29, 2021

LastPass confirms credential stuffing attack against its users Alexa issues deadly challenge to 10-year-old girl Apple aims to retain talent with up to $180,000 bonuses Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc. For the stories behind the headlines, head to CISOseries.com
12/29/20216 minutes, 53 seconds
Episode Artwork

December 28, 2021

Study looks at ransomware market share Researchers find abundant toolkits to get around 2FA Shutterfly hit with ransomware Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc.
12/28/20216 minutes
Episode Artwork

December 27, 2021

Rook ransomware is yet another spawn of the leaked Babuk code Russia fines Google $100m over "illegal" content Fake Christmas Eve termination notices used as phishing lures Thanks to our episode sponsor, Lookout Complexity is the enemy of security. With an integrated Zero Trust platform, Lookout makes things simple. Whether data is on employees’ smartphones or in the cloud, Lookout enables organizations to protect sensitive information no matter where it goes. Discover why IDC named the Lookout CASB a major player in its latest MarketScape at lookout.com/idc. For the stories behind the headlines, head to CISOseries.com.
12/27/20217 minutes, 18 seconds
Episode Artwork

December 24, 2021

CISA releases free scanner to spot Log4j exposure Researchers disclose unpatched vulnerabilities in Microsoft Teams software Microsoft Office patch bypassed for malware distribution in apparent 'dry run' Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to CISOseries.com.  
12/24/20218 minutes, 29 seconds
Episode Artwork

December 23, 2021

Five Eyes issues Log4Shell advisory NSO Group deal with Uganda spurred backlash Microsoft PhotoDNA inverted to reveal images Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions.
12/23/20215 minutes, 57 seconds
Episode Artwork

December 22, 2021

Hack DHS program expanded to include Log4j Tech companies agree to protect data on undersea cable US returns $154 million stolen by Sony employee Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to CISOseries.com
12/22/20217 minutes, 27 seconds
Episode Artwork

December 21, 2021

Mobile network vulnerability goes back to 2G UK agency shares password trove with Have I Been Pwned Who watches the DarkWatchman? Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions.
12/21/20215 minutes, 53 seconds
Episode Artwork

December 20, 2021

Log4J – New patch and a field day for ransomware Western Digital warns customers to update their My Cloud devices Sainsbury's payroll hit by Kronos attack Thanks to our episode sponsor, Lookout Is 2022 the beginning of the end for on-prem security? Two years after remote work became the norm, we're at an inflection point for both threats and security solutions. Just as you wouldn’t bring a sword to a gunfight, organizations need to take advantage of integrated cloud solutions to tackle emerging challenges. Check out Lookout’s 2022 predictions at lookout.com/predictions. For the stories behind the headlines, head to CISOseries.com.
12/20/20217 minutes, 10 seconds
Episode Artwork

Week in Review – Dec 13-17, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, Dec 13-17, is hosted by Rich Stroffolino with our guest, Patti Titus, Chief Privacy and Information Security Officer, Markel Thanks to our episode sponsor, Tines All links and the video of this episode can be found on CISO Series.com  
12/17/202121 minutes, 45 seconds
Episode Artwork

December 17, 2021

Hackers begin exploiting second Log4j vulnerability as a third flaw emerges Researchers uncover new coexistence attacks on Wi-Fi and Bluetooth chips North American propane distributor 'Superior Plus' discloses ransomware attack Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause. For the stories behind the headlines, head to CISOseries.com.
12/17/20218 minutes, 37 seconds
Episode Artwork

December 16, 2021

Log4J vulnerability used by APTs Attacks on web apps surge Meta expands bug bounty program to include scraping Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.
12/16/20215 minutes, 55 seconds
Episode Artwork

December 15, 2021

Kronos ransomware outage drives widespread payroll chaos Log4j vulnerability update Microsoft Patch Tuesday addresses zero-day exploited to spread Emotet malware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines – everything from phishing response to employee onboarding. To learn more, visit tines.com. For the stories behind the headlines, head to CISOseries.com
12/15/20218 minutes, 32 seconds
Episode Artwork

December 14, 2021

New details on the Log4Shell attacks Apple releases Android AirTag detector UKG hit with ransomware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines –  everything from phishing response to employee onboarding. To learn more, visit tines.com.
12/14/20216 minutes, 30 seconds
Episode Artwork

December 13, 2021

German cybersecurity watchdog issues red alert on Log4j Cyber incident reporting mandates suffer another congressional setback Russia blocks Tor web over privacy concerns Thanks to our episode sponsor, Tines You already know how crucial automation is. But why do security analysts still spend so much time on manual tasks? Let's face it – legacy tools just haven't delivered on the automation hype. Here's the secret: automation only works when it’s built by those who know the process or workflow best – your security analysts. So, meet Tines: it's no-code automation, built for the whole team to use. Find out more at tines.com. For the stories behind the headlines, head to CISOseries.com.
12/13/20218 minutes, 22 seconds
Episode Artwork

Week in Review – Dec 6-10, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Dec 6-10, is hosted by David Spark with our guest, Paul Truitt, Principal, Mazars Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world’s best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause. All links and the video of this episode can be found on CISO Series.com
12/10/202120 minutes, 47 seconds
Episode Artwork

December 10, 2021

Volume of attacks on IoT/OT devices increasing Cloudflare and others form incident response cyber insurance IT execs half as likely to face the axe after breaches, shortages to blame? Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity to book your 10 minute demo and send $100 to your favorite cause. For the stories behind the headlines, head to CISOseries.com.
12/10/20218 minutes, 22 seconds
Episode Artwork

December 9, 2021

Ransomware hits GitLab and Confluence QNAP is having another bad day A look at health data leaks in 2021 Thanks to our episode sponsor, Tines Tines is no-code automation for security teams, trusted by the world's best companies like Canva, Auth0, and Coinbase. This holiday season, book a 10 minute demo of Tines and we’ll donate $100 to your favorite charity – we’re that certain you’ll love what you see. Head over to tines.com/charity, to book your 10 minute demo and send $100 to your favorite cause.
12/9/20216 minutes, 11 seconds
Episode Artwork

December 8, 2021

AWS outage impacts Ring, Netflix, and Amazon deliveries Google announces lawsuit against Glupteba blockchain botnet Microsoft seized domains used by cyberespionage group Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines – everything from phishing response to employee onboarding. To learn more, visit tines.com. For the stories behind the headlines, head to CISOseries.com
12/8/20217 minutes, 38 seconds
Episode Artwork

December 7, 2021

Biden admin looks to accelerate cybersecurity hiring spree Text message service helped governments track phones US goes on the offensive against ransomware Thanks to our episode sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn't find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines –  everything from phishing response to employee onboarding. To learn more, visit tines.com.
12/7/20216 minutes, 40 seconds
Episode Artwork

December 6, 2021

Omicron phishing scam already spotted in UK Pegasus spyware reportedly hacked iPhones of U.S. State Department and diplomats Realistic looking fake Office 365 spam quarantine alerts on the rise Thanks to our episode sponsor, Tines You already know how crucial automation is. But why do security analysts still spend so much time on manual tasks? Let's face it – legacy tools just haven't delivered on the automation hype. Here's the secret: automation only works when it’s built by those who know the process or workflow best – your security analysts. So, meet Tines: it's no-code automation, built for the whole team to use. Find out more at tines.com. For the stories behind the headlines, head to CISOseries.com.
12/6/20217 minutes, 30 seconds
Episode Artwork

Week in Review – Nov 29-Dec 3, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Nov 29-Dec 3, is hosted by Rich Stroffolino with our guest, Pat Benoit, vp, Global Cyber GRC/BISO, CBRE Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. All links and the video of this episode can be found on CISO Series.com  
12/3/202121 minutes, 19 seconds
Episode Artwork

December 3, 2021

Emotet now spreads via fake Adobe Windows App Installer packages Data from 400,000 Planned Parenthood patients compromised Double extortion ransomware victims soar 935% Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. For the stories behind the headlines, head to CISOseries.com.
12/3/20217 minutes, 53 seconds
Episode Artwork

December 2, 2021

AT&T customers hit with malware CISA announces advisory panel Palo Alto Networks looks at speed of compromise in the cloud Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.
12/2/20216 minutes, 51 seconds
Episode Artwork

December 1, 2021

Twitter bans sharing private images and videos without consent DNA testing firm discloses data breach affecting over 2 million people Critical ‘Printing Shellz’ bugs impact 150 HP printer models Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. For the stories behind the headlines, head to CISOseries.com
12/1/20218 minutes, 20 seconds
Episode Artwork

November 30, 2021

Dark web market shuts down after DDoS Clearview facing fines in the UK New Chinese surveillance system will target journalists and students Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.
11/30/20216 minutes, 39 seconds
Episode Artwork

November 29, 2021

RATDispenser spreads multiple remote access trojans into the wild North Korea-linked Zinc group posed as Samsung recruiters to target security firms Interpol arrests over 1,000 suspects linked to cyber crime Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro zero trust file sanitization API, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. For the stories behind the headlines, head to CISOseries.com.
11/29/20218 minutes, 4 seconds
Episode Artwork

November 24, 2021

Over nine million Android devices infected Researcher discloses zero-day exploit due to low bounty payouts Threat actors compromise exposed services in 24 hours Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com
11/24/20217 minutes, 46 seconds
Episode Artwork

November 23, 2021

GoDaddy data breach impacts millions Microsoft looks at brute-force attacks Printers used to bypass fingerprint authentication Thanks to our episode sponsor, deepwatch What is the value of good security? Can you quantify what mature detection and response means for your organization? A recent Forrester study found that a deepwatch MDR customer achieved 432% ROI and over 10 million dollars in benefits and savings from their solution over a 3 year period. Visit deepwatch.com/tei-report for the full report and to learn how your team could see the same success.    
11/23/20217 minutes, 16 seconds
Episode Artwork

November 22, 2021

US banks will be required to report cyberattacks within 36 hours Microsoft Exchange malware campaign uses stolen internal reply-chain emails Conti ransomware group suffers a data breach Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.
11/22/20217 minutes, 7 seconds
Episode Artwork

Week in Review – Nov 15-19, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Nov 15-19, is hosted by Sean Kelly with our guest, Richard Rushing, CISO, Motorola Mobility Thanks to our episode sponsor, Vulcan Cyber All links and the video of this episode can be found on CISO Series.com
11/19/202126 minutes, 45 seconds
Episode Artwork

November 19, 2021

PerSwaysion phishing campaign still ongoing, and pervasive FBI: FatPipe VPN zero-day exploited by APT for 6 months RedCurl corporate espionage hackers resume attacks with updated tools Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.  
11/19/20217 minutes, 42 seconds
Episode Artwork

November 18, 2021

CISA releases cyber response playbooks Exec pleads guilty on internet address fraud Iranian ransomware targeting US organizations Thanks to our episode sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn’t need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the top of the screen to register for the event.
11/18/20216 minutes, 57 seconds
Episode Artwork

November 17, 2021

Emotet botnet makes comeback with help from TrickBot Leaked Robinhood customer data now up for sale WordPress sites defaced in fake ransomware attacks Thanks to our episode sponsor, Vulcan Cyber Matt Hurewitz is the associate director of application security at Best Buy. Matt has a theory that a risk-based approach to application security is more effective than a faith-based approach. We agree. Attend the Vulcan Cyber virtual summit on December 9th to hear how Matt and the Best Buy team approach application security. Learn from the best. Registration is free for your entire team. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com
11/17/20218 minutes, 39 seconds
Episode Artwork

November 16, 2021

DHS launches program to close cyber talent gap China expands cybersecurity review requirements Microsoft blocks Edge redirects Thanks to our episode sponsor, Vulcan Cyber Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn’t. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan’s take on the difference between negligent and effective cyber security. It’s a fine line. Go to vulcan.io and click the button at the top of the screen to register for the event.
11/16/20216 minutes, 58 seconds
Episode Artwork

November 15, 2021

FBI email system reportedly hacked to send fake DHS cyberattack messages FBI email hacker blames poor coding US Education Department urged to boost K-12 schools' ransomware defenses Thanks to our episode sponsor, Vulcan Cyber Cyber risk isn’t easy to quantify, much less mitigate. Use the same approach endorsed by leading security teams at Honeywell, Zoom, and Wells Fargo to tackle cyber risk. Attend the Vulcan Cyber virtual summit on December 9th and learn how the new Vulcan Security Posture Rating will give you the insights you need to reduce risk and secure your business. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.  
11/15/20217 minutes, 23 seconds
Episode Artwork

Week in Review – Nov 8-12, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, Nov 8-12, is hosted by Rich Stroffolino with our guest, John Overbaugh, CISO, Alpine Software Group Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. All links and the video of this episode can be found on CISO Series.com      
11/12/202121 minutes, 52 seconds
Episode Artwork

November 12, 2021

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms Gmail accounts are used in 91% of all baiting email attacks Microsoft warns of uptick in HTML smuggling Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.
11/12/20219 minutes, 2 seconds
Episode Artwork

November 11, 2021

Trend Micro details long running hacker-for-hire group WP Reset PRO plugin works a little too well Zero-day found in Palo Alto Networks security appliances Thanks to our episode sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn’t need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the top of the screen to register for the event.
11/11/20216 minutes, 49 seconds
Episode Artwork

November 10, 2021

Robinhood breach impacts millions of customers Meta shares bullying and harassment numbers for the first time Meta to remove sensitive ad-targeting categories as new bill takes aim at online platform algorithms Thanks to our episode sponsor, Vulcan Cyber Matt Hurewitz is the associate director of application security at Best Buy. Matt has a theory that a risk-based approach to application security is more effective than a faith-based approach. We agree. Attend the Vulcan Cyber virtual summit on December 9th to hear how Matt and the Best Buy team approach application security. Learn from the best. Registration is free for your entire team. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com
11/11/20218 minutes, 2 seconds
Episode Artwork

November 9, 2021

US infrastructure bill includes cybersecurity provisions Chipmakers respond to US call for supply chain info REvil hackers arrested Thanks to our episode sponsor, Vulcan Cyber Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn’t. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan’s take on the difference between negligent and effective cyber security. It’s a fine line. Go to vulcan.io and click the button at the top of the screen to register for the event.
11/9/20216 minutes, 27 seconds
Episode Artwork

November 8, 2021

Feds likely to fall short of deadline for strengthening encryption, multifactor authentication Experts spot phishing campaign impersonating security firm Proofpoint Facebook outage a prime example of insider threat by machine Thanks to our episode sponsor, Vulcan Cyber Cyber risk isn’t easy to quantify, much less mitigate. Use the same approach endorsed by leading security teams at Honeywell, Zoom, and Wells Fargo to tackle cyber risk. Attend the Vulcan Cyber virtual summit on December 9th and learn how the new Vulcan Security Posture Rating will give you the insights you need to reduce risk and secure your business. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.
11/8/20217 minutes, 45 seconds
Episode Artwork

Week in Review – Nov 1-5, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Nov 1-5, is hosted by Rich Stroffolino with our guest, Davi Ottenheimer, vp, trust and digital ethics, Inrupt Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com All links and the video of this episode can be found on CISO Series.com  
11/5/202121 minutes, 32 seconds
Episode Artwork

November 5, 2021

Expired certificate breaks Windows 11 snipping tool, emoji panel, and more Iranian hacking group leaks patient and LGBTQ info Popular 'coa' npm library hijacked to steal user passwords Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com For the stories behind the headlines, head to CISOseries.com.
11/5/20217 minutes, 57 seconds
Episode Artwork

November 4, 2021

CISA creates exploited bug catalog Bots used to scam 2FA codes US sanctions companies selling hacking tools Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com
11/4/20216 minutes, 47 seconds
Episode Artwork

November 3, 2021

Facebook deletes 1 billion faceprints in Face Recognition shutdown Tesla recalls nearly 12,000 vehicles due to software error Android patches actively exploited zero-day kernel bug Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com For the stories behind the headlines, head to CISOseries.com
11/3/20219 minutes, 16 seconds
Episode Artwork

November 2, 2021

Cyberattack disrupts healthcare in Canadian provinces Researchers discover Pink botnet Facebook takes down government-run troll farm in Nicaragua Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com
11/2/20216 minutes, 57 seconds
Episode Artwork

November 1, 2021

Iranian Black Shadow hacking group breaches Israeli Internet hosting firm All Windows versions impacted by new LPE zero-day vulnerability International jeweler Graff hit by Conti gang, with data of its rich clients at risk Thanks to our episode sponsor, Trend Micro Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com For the stories behind the headlines, head to CISOseries.com.  
11/1/20217 minutes, 38 seconds
Episode Artwork

Week in Review – Oct 25-29, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Oct 25-29, is hosted by Rich Stroffolino with our guest, Jason Fruge, CISO, Rent-a-Center Thanks to our episode sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information. All links and the video of this episode can be found on CISO Series.com    
10/29/202121 minutes, 29 seconds
Episode Artwork

October 29, 2021

Android spyware spreading as antivirus software in Japan Half of home workers buy potentially insecure technology EU investigating leak of private key used to forge Covid passes And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information. For the stories behind the headlines, head to CISOseries.com.
10/29/20218 minutes, 30 seconds
Episode Artwork

October 28, 2021

Chinese surveillance tech pulled from US retailers Microsoft warns of rise in password spraying attacks The FTC is looking into the Facebook Files And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information.
10/28/20216 minutes, 43 seconds
Episode Artwork

October 27, 2021

Iranian gas stations out of service after cyberattack Nevada and North Dakota top cybercrime lists Researcher cracked 70% of sampled WiFi networks And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information. For the stories behind the headlines, head to CISOseries.com
10/27/20218 minutes, 19 seconds
Episode Artwork

October 26, 2021

Microsoft report on Nobelium Healthcare organizations struggle with breaches ProtonMail wins appeal on surveillance data And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information.
10/26/20216 minutes, 37 seconds
Episode Artwork

October 25, 2021

Crypto-miner and malware found hidden inside npm libraries Facebook sues Ukrainian who scraped the data of 178 million users BlackMatter ransomware victims quietly helped using secret decryptor And now a word from our sponsor, Banyan Security Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit banyansecurity.io for more information. For the stories behind the headlines, head to CISOseries.com.
10/25/20218 minutes, 36 seconds
Episode Artwork

Week in Review – Oct 18-22, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Oct 18-22, is hosted by Rich Stroffolino with our guest, Matthew Southworth, CISO, Priceline Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? At Tessian’s Human Layer Summit you’ll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we discovered by registering now at tessian.com/summit All links and the video of this episode can be found on CISO Series.com  
10/22/202120 minutes, 23 seconds
Episode Artwork

October 22, 2021

Cybercrime matures as hackers are forced to work smarter FIN7 tries to trick pentesters into launching ransomware attacks China VPN exposes data for 1M users Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? At Tessian’s Human Layer Summit you’ll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we discovered by registering now at tessian.com/summit For the stories behind the headlines, head to CISOseries.com.
10/22/20218 minutes, 4 seconds
Episode Artwork

October 21, 2021

Russian firms see DDoS spike Sinclair hack linked to Russian organization Microsoft expires old Windows updates Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to get the latest security insights from Cisco, Forrester, Intercontinental Exchange and Knowbe4? At Tessian’s Human Layer Security Summit you’ll get fresh insights and actionable advice to help you build an effective, future proof security strategy. Hear from top CISOs and InfoSec Leaders who will speak on the HOTTEST topics in cyber today. Join thousands of your peers by registering now at tessian.com/summit  
10/21/20216 minutes, 24 seconds
Episode Artwork

October 20, 2021

Ransomware reports signal lack of preparedness and willingness to pay Acer hacked twice in a week by the same threat actor FCC takes aim at spam texts Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Worried if your security stack is enough for today’s attack landscape? A recent Forrester Consulting study says, Human Layer Security could be the missing link. At Tessian’s Human Layer Security Summit, hear why a commissioned study conducted by Forrester Consulting on behalf of Tessian has identified Human Layer Security as the missing link in enterprise security stacks. The study shows that Security and Risk Management leaders invest more in process and technology than people to improve the security of their human-layer. Hear key findings from the research from Tessian’s guest speaker, Forrester senior analyst Jess Burn. Join in on the conversation at tessian.com/summit For the stories behind the headlines, head to CISOseries.com
10/20/20218 minutes, 3 seconds
Episode Artwork

October 19, 2021

Sinclair TV disrupted by ransomware Water system proves easy target for ransomware REvil shuts down… again Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Want to know what we learned from analyzing 2 million malicious emails? At Tessian’s Human Layer Summit you’ll hear about new threat intelligence into the state of spear phishing. Guest speakers from TrustedSec and KnowBe4 will discuss what kind of attacks are getting through typical enterprise defences, what that means for user protection and what security leaders need to do about it. Join in on the conversation to learn about what we discovered by registering now at tessian.com/summit  
10/19/20216 minutes, 37 seconds
Episode Artwork

October 18, 2021

Missouri Governor vows to prosecute St. Louis Post-Dispatch for reporting security vulnerability NFTs now come with wallet-emptying malware Experts hack a fully patched iOS 15 running on iPhone 13 at China’s Tianfu Cup hacking contest Thanks to our episode sponsor, Tessian and the Human Layer Security Summit Calling all security trailblazers! Want to get the latest security insights from Cisco, Forrester, Intercontinental Exchange and Knowbe4? At Tessian’s Human Layer Security Summit you’ll get fresh insights and actionable advice to help you build an effective, future proof security strategy. Hear from top CISOs and InfoSec Leaders who will speak on the HOTTEST topics in cyber today. Join thousands of your peers by registering now at tessian.com/summit For the stories behind the headlines, head to CISOseries.com.
10/18/20218 minutes, 3 seconds
Episode Artwork

Week in Review – Oct 11-15, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Oct-11-15, is hosted by David Spark with our guest, Christopher Zell, CISO, Wendy’s Thanks to our episode sponsor, Bitsight All links and the video of this episode can be found on CISO Series.com
10/15/202123 minutes, 39 seconds
Episode Artwork

October 15, 2021

New "Yanluowang" ransomware variant discovered Financial regulator addresses hybrid working security risks DocuSign phishing campaign targets low-ranking employees Thanks to our episode sponsor, Bitsight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the stories behind the headlines, head to CISOseries.com.
10/15/20217 minutes, 54 seconds
Episode Artwork

October 14, 2021

Windows 11 Patch Tuesday causes AMD performance issues Student used zero-day for school prank US leaves China and Russia off the anti-ransomware invite list Thanks to our episode sponsor, Bitsight Did you know that organizations with poor patching practices are 8 times more likely to experience a ransomware incident? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com
10/14/20216 minutes, 50 seconds
Episode Artwork

October 13, 2021

Olympus suffers second cyberattack in 2021 Microsoft’s Patch Tuesday squashes four zero-day vulns White House directs federal agencies to step up EDR Thanks to our episode sponsor, Bitsight In spite of all the recent attacks, did you know that only 17% of organizations continuously monitor their third party vendors? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the stories behind the headlines, head to CISOseries.com
10/13/20218 minutes, 42 seconds
Episode Artwork

October 12, 2021

Microsoft report details the changing cybercrime landscape LibreOffice issues fix for signed document spoofing You got nuclear secrets in my peanut butter! Thanks to our episode sponsor, Bitsight Did you know that 1-in-10 organizations are now creating cybersecurity-specific committees at the board level? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com
10/12/20216 minutes, 57 seconds
Episode Artwork

October 11, 2021

Google issues warning for 2 billion Chrome users Bank of America insider charged with money laundering for BEC scams Medtronic recalls insulin pump controllers over cyberattack risks Thanks to our episode sponsor, Bitsight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com For the stories behind the headlines, head to CISOseries.com.  
10/11/20217 minutes, 28 seconds
Episode Artwork

Week in Review – Oct 4-8, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Oct 4-8, is hosted by Rich Stroffolino with our guest, Adrian Ludwig, Chief Trust Officer, Atlassian Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. All links and the video of this episode can be found on CISO Series.com  
10/8/202122 minutes, 5 seconds
Episode Artwork

October 8, 2021

Twitch blames server error for massive data leak Intel's €80bn European chip plant investment plan not bound for UK because Brexit FIN12 hits healthcare with quick and focused ransomware attacks Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.  For the stories behind the headlines, head to CISOseries.com.
10/8/20218 minutes, 14 seconds
Episode Artwork

October 7, 2021

Introducing the Ransom Disclosure Act Facebook details why it suffered a massive outage Twitch’s source code leaked Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.
10/7/20216 minutes, 54 seconds
Episode Artwork

October 6, 2021

Telegram adds 70 million users on the day of Facebook and WhatsApp outage Android October patch fixes three critical bugs Apache fixes actively exploited zero-day vulnerability Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. For the stories behind the headlines, head to CISOseries.com
10/6/20217 minutes, 59 seconds
Episode Artwork

October 5, 2021

Major telco exchange company hacked Facebook whistleblower comes out of the shadows Amazon creates amazing phishing tool just in time for Christmas Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.
10/5/20217 minutes, 11 seconds
Episode Artwork

October 4, 2021

Transnational fraud ring stole millions from Army members, veterans Canadian vaccine passport app exposes data Business leaders admit willingness to pay five-figure ransoms Thanks to our episode sponsor, Votiro Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. For the stories behind the headlines, head to CISOseries.com.
10/4/20217 minutes, 31 seconds
Episode Artwork

Week in Review - Sep 27-Oct 1, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 27-Oct-1, is hosted by Rich Stroffolino with our guest, Steve Zalewski, co-host, Defense in Depth Thanks to our episode sponsor, VMware ACCELERATE YOUR OWN ZERO TRUST JOURNEY. The strongest defense against modern threats comes from a Zero Trust posture. The trick is getting there — quickly and easily — from where you already are. At VMworld 2021 we’ll show you how we help you operationalize Zero Trust whatever your starting point. Learn how to get the strongest security for your workloads and workspaces across your Multi-Cloud and Edge with solutions that protect inside and cross-cloud — from the API level and up — all the way to the workspace. Strength flows from the convergence of security and the network, distributed everywhere your data and endpoints are. The Networking, Security and Edge Tracks have a variety of value-packed breakout sessions. Join thousands of your peers by registering now at vmware.com/vmworld. All links and the video of this episode can be found on CISO Series.com
10/1/202123 minutes, 50 seconds
Episode Artwork

October 1, 2021

New leak of Epik data exposes company’s entire server New Azure AD bug lets hackers brute-force passwords without getting caught Contactless payment card hack affects Apple Pay, Visa Thanks to our episode sponsor, VMware DO YOU KNOW ANYONE ON THE DEVELOPMENT TEAM WHO’D SAY, ‘SECURITY SHOULD BE EVERYONE’S RESPONSIBILITY? Probably not. That’s why Forrester and VMware have done some new research that dives into how the Development team perceives Security and what Security teams can do to make the right thing easy. We are hosting a VMworld 2021 session on this report titled “Security is Important, Said No Developer Ever.” Join in on our conversation to learn about what we discovered by registering to VMworld at vmware.com/vmworld. For the stories behind the headlines, head to CISOseries.com.
10/1/20218 minutes, 14 seconds
Episode Artwork

September 30, 2021

Ransomware gangs cause headaches for hacker forums too Don’t look a Grifthorse in the mouth Ransomware’s impact on patient care Thanks to our episode sponsor, VMware INCIDENT RESPONSE FIRMS ENGAGE POST-BREACH – IT’S A FASCINATING VANTAGE POINT WITH LESSONS TO LEARN. Join me and thousands of our peers at VMworld 2021 to hear Dr. Amelia Estwick, Director of Threat Research here at VMware, share her perspective on the ground truth for organizations that have experienced breaches. Not to be missed! Register today at vmware.com/vmworld
9/30/20217 minutes, 1 second
Episode Artwork

September 29, 2021

Microsoft 365 MFA outage locks users out of their accounts Exploit released for VMware vulnerability after CISA warning Crypto developer pleads guilty to North Korean plot Thanks to our episode sponsor, VMware PREPARE FOR THE POST-PANDEMIC THREAT LANDSCAPE. At VMworld 2021, you’ll gain fresh insight and actionable knowledge to help keep your focus on building resilient, cyber-vigilant teams that can proactively detect, prevent, mitigate, and remediate these attacks. The Security Track has 150+ breakout sessions with hands-on labs, demos, and interactive experiences. Join thousands of your peers by registering now at vmware.com/vmworld For the stories behind the headlines, head to CISOseries.com
9/29/20218 minutes, 32 seconds
Episode Artwork

September 28, 2021

Russia muscling Big Tech Data on billions of Clubhouse and Facebook users up for sale Malware targets gamer accounts Thanks to our episode sponsor, VMware BEFORE YOU BUILD AND EVOLVE WHAT COMES NEXT – YOU HAVE TO IMAGINE IT. Join me and thousands of our peers at VMworld 2021, the virtual conference where we share how innovation across the VMware portfolio helps make your vision a reality. Register now and join us at vmware.com/vmworld
9/28/20216 minutes, 39 seconds
Episode Artwork

September 27, 2021

Researcher drops three iOS zero-days that Apple refused to fix Microsoft releases rollback fix for updates New Cooperative ransomware negotiations get hijacked Thanks to our episode sponsor, VMware DO YOU KNOW ANYONE ON THE DEVELOPMENT TEAM WHO’D SAY, ‘SECURITY SHOULD BE EVERYONE’S RESPONSIBILITY? Probably not. That’s why Forrester and VMware have done some new research that dives into how the Development team perceives Security and what Security teams can do to make the right thing easy. We are hosting a VMworld 2021 session on this report titled “Security is Important, Said No Developer Ever.” Join in on our conversation to learn about what we discovered by registering to VMworld at vmware.com/vmworld. For the stories behind the headlines, head to CISOseries.com.
9/27/20217 minutes, 43 seconds
Episode Artwork

Week in Review - Sep 20-24, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 20-24, 2021, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, Edelman Financial Engines Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions’ Lunch-n-Learn by registering at kanusolutions.com/events. All links and the video of this episode can be found on CISO Series.com  
9/24/202122 minutes, 20 seconds
Episode Artwork

September 24, 2021

Second farming cooperative shut down by ransomware this week Canadian VoIP provider battles massive DDoS attack REvil double-crosses ransomware affiliates using sneaky backdoor tactics Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events. For the stories behind the headlines, head to CISOseries.com
9/24/20218 minutes, 30 seconds
Episode Artwork

September 23, 2021

Let’s Encrypt root certificate may cause problems for older devices Now we have to worry about PhaaS Time to patch all the VMware things Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events.
9/23/20216 minutes, 43 seconds
Episode Artwork

September 22, 2021

Capoae malware brute-forces WordPress sites for cryptomining Malicious email surge predicted for Q4 Farming group warns of supply chain chaos after ransomware attack Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events. For the stories behind the headlines, head to CISOseries.com.
9/22/20217 minutes, 22 seconds
Episode Artwork

September 21, 2021

Google expands app permissions reset Epik confirms it got hacked Telegram suspends Russian election bots Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events.  
9/21/20216 minutes, 57 seconds
Episode Artwork

September 20, 2021

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill A new banking Trojan abuses YouTube for remote configuration Admin of DDoS service behind 200,000 attacks faces serious prison time Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events. For the stories behind the headlines, head to CISOseries.com.
9/20/20218 minutes, 26 seconds
Episode Artwork

Week in Review - Sep 13-17, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 13-17, 2021, is hosted by Rich Stroffolino with our guest, Geoff Belknap, CISO, LinkedIn Thanks to our episode sponsor, Sonrai Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com All links and the video of this episode can be found on CISO Series.com
9/17/202122 minutes, 36 seconds
Episode Artwork

September 17, 2021

New Windows security updates break network printing Bitdefender releases decryptor as REvil shows signs of return Biden announces joint deal with U.K. and Australia to counter China Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more. For the stories behind the headlines, head to CISOseries.com
9/17/20218 minutes, 7 seconds
Episode Artwork

September 16, 2021

Travis CI security vulnerability is bad news for open source Ransomware accounts for a quarter of cyber insurance claims Microsoft goes passwordless Thanks to our episode sponsor, Sonrai Sonrai is changing Public Cloud Security by focusing on protecting data from over-privileged human and non-human identities. Sonrai provides a single pane of glass built on an analytic platform that protects organizations by leveraging CSPM, CIEM, and cloud DLP at the confidence level required by your environment. Learn more about Sonrai Cloud Security at www.sonrai.com
9/16/20216 minutes, 47 seconds
Episode Artwork

September 15, 2021

Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Update Google Chrome to patch 2 new zero-day flaws under attack New Zloader attacks disable Windows Defender to evade detection Thanks to our episode sponsor, Sonrai Sonrai is gaelic for data - and that’s what Sonrai Security is all about. Finding, classifying, and locking down sensitive data in AWS, Azure, or Google Cloud. Sonrai can see every identity’s path to every piece of data - continuously. Learn more at sonraisecurity.com. For the stories behind the headlines, head to CISOseries.com.  
9/15/20217 minutes, 51 seconds
Episode Artwork

September 14, 2021

SSID Stripping is a new take on spoofing Industrial control systems hammered by cyber attacks Olympus has fallen...to ransomware Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more.
9/14/20216 minutes, 43 seconds
Episode Artwork

September 13, 2021

Windows MSHTML zero-day exploits shared on hacking forums REvil ransomware operators targeting new victims Yandex pummeled by Meris DDoS botnet Thanks to our episode sponsor, Sonrai Are you a security expert who’s afraid to admit you don’t know what the heck is going on in your cloud? Relax. Public cloud security is overwhelming. Figuring out where to start, and what to do to track and improve your security posture, is the first step. Sonrai tracks everything in your cloud - sensitive data, identities, and platform configuration - and tells you what issues are most important, plus it measures improvement over time. Talk to Sonrai Security to learn more. For the stories behind the headlines, head to CISOseries.com.
9/13/20218 minutes, 19 seconds
Episode Artwork

Week in Review - Sep 6-10, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Sep 6-10, 2021, is hosted by Rich Stroffolino with our guest, Matt Crouse, CISO, Taco Bell Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. All links and the video of this episode can be found on CISO Series.com    
9/10/202125 minutes, 3 seconds
Episode Artwork

September 10, 2021

US considers limiting CISA director’s term ‘Azurescape’ Kubernetes attack allows cross-container cloud compromise Hackers leak VPN account passwords from 87,000 FortiGate devices Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com
9/10/20218 minutes, 26 seconds
Episode Artwork

September 9, 2021

Brad Smith relives early days of the SolarWinds attack Internet Explorer zero-days are still something to worry about German police bought NSO Pegasus spyware Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
9/9/20216 minutes, 52 seconds
Episode Artwork

September 8, 2021

Ransomware gang threatens to leak data if victim contacts FBI, police Personal details of French visa applicants exposed by cyber-attack Brazil President Bolsonaro restricts powers of social media companies to remove accounts and content Thanks to our episode sponsor, Semperis It’s no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven’t checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from Semperis that checks for 70-plus indicators of exposure and compromise. Go to Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.  
9/8/20217 minutes, 38 seconds
Episode Artwork

September 7, 2021

ProtonMail shares user IP address with law enforcement IoT attacks double in six months Study looks at criteria for ransomware targeting Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%—a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.
9/7/20216 minutes, 58 seconds
Episode Artwork

September 6, 2021

Cyber Command urges patching of massively exploited Confluence bug DDoS hits New Zealand – back up again in 30 minutes Salesforce email service used for phishing campaign Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.
9/6/20217 minutes, 46 seconds
Episode Artwork

Week in Review - Aug 30-Sep 3, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, Aug 30-Sep 3, 2021, is hosted by Steve Prentice with our guest, Marnie Wilking, Global Head of Security & Technology Risk Management, Wayfair Thanks to our episode sponsor, Semperis All links and the video of this episode can be found on CISO Series.com  
9/3/202123 minutes, 31 seconds
Episode Artwork

September 3, 2021

WhatsApp faces $267M fine for breaching Europe’s GDPR UK VoIP telcos disrupted by cyberattacks White House doubles down on holiday cyberattack warnings Thanks to our episode sponsor, Semperis One thing we’ve learned from attacks like SolarWinds: Cybercriminals can lurk in your Active Directory environment for weeks or months before dropping malware. How do you root them out? First, you need to uncover security gaps in Active Directory that can lead to a breach. Download Purple Knight, a free security assessment tool from Semperis that scans your environment for pre-attack and post-attack indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com
9/3/20218 minutes, 9 seconds
Episode Artwork

September 2, 2021

BrakTooth bites major SoC vendors The cost of ransomware to schools Posts surrounding January 6th disappear from Facebook data Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
9/2/20217 minutes, 2 seconds
Episode Artwork

September 1, 2021

QNAP announces OpenSSL bugs fallout Cyberattackers are now quietly selling off their victim's internet bandwidth Indonesian government’s Covid-19 app accidentally exposes over 1 million people Thanks to our episode sponsor, Semperis It’s no secret that Active Directory is a prime target for cybercriminals: AD is more than 20 years old, and security settings can get sloppy over time. If you haven’t checked your Active Directory environment for risky settings, you might be in for a surprise. To find and fix security gaps, download Purple Knight, a free security assessment tool from Semperis that checks for 70-plus indicators of exposure and compromise. Go to Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.
9/1/20218 minutes, 17 seconds
Episode Artwork

August 31, 2021

Manual Windows 11 installs might not get updates LockBit to publish Bangkok Air customer data Intermittent encryption hopes to make ransomware worse Thanks to our episode sponsor, Semperis How would your organization score in an Active Directory security assessment? The average grade for first-time users of Purple Knight, a free security assessment tool from Semperis, is about 68%—a barely passing grade. Security and identity managers are shocked at the security gaps this tool has uncovered. But with knowledge comes power. Download Purple Knight so you can find and fix Active Directory security problems. Check it out at Purple-Knight.com.
8/31/20216 minutes, 34 seconds
Episode Artwork

August 30, 2021

“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure Work from home increased worldwide phishing attacks T-Mobile hacker brute-forced his way through the network Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.  
8/30/20217 minutes, 38 seconds
Episode Artwork

Week in Review - August 23-27, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, August 23-27, 2021, is hosted by Steve Prentice with our guest, Edward Contreras, (@CISOEdwardC)CISO, Frost Bank Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you’re shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you’re never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! All links and the video of this episode can be found on CISO Series.com  
8/27/202121 minutes, 55 seconds
Episode Artwork

August 27, 2021

21-year-old claims responsibility for massive T-Mobile hack Microsoft and Google to invest billions to bolster US cybersecurity Ragnarok ransomware releases master decryptor after shutdown Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com
8/27/20219 minutes, 7 seconds
Episode Artwork

August 26, 2021

Most government agencies use facial recognition Botnet scans for vulnerabilities in Realtek chipsets Does cyber insurance make ransomware worse? Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make!
8/26/20216 minutes, 47 seconds
Episode Artwork

August 25, 2021

Modded WhatsApp delivers Triada trojan Bahraini activists targeted with new iOS zero-click exploit New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com.  
8/25/20217 minutes, 48 seconds
Episode Artwork

August 24, 2021

Apple started scanning for CSAM in 2019 Power Apps had leaky APIs Razer mice squeak past user privileges Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make!
8/24/20216 minutes, 58 seconds
Episode Artwork

August 23, 2021

Microsoft Exchange under attack with ProxyShell flaws Australians hit by ‘Flubot’ malware that arrives by text message Cyberattack hits State Department Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com.  
8/23/20218 minutes, 8 seconds
Episode Artwork

Week in Review - August 16-20, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, August 16-20, 2021, is hosted by Rich Stroffolino with our guest, Will Gregorian, Head of Security and Technical Operations, Rhino Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches — or you shore up your security and release software at a snail’s pace. But with Copado DevOps, you get the best of both worlds. Leverage Copado’s low-code DevOps platform to drive 94% fewer production bugs, 95% faster releases and an average ROI of 307%. To get a free demo, visit Copado.com. All links and the video of this episode can be found on CISO Series.com
8/20/202122 minutes, 38 seconds
Episode Artwork

August 20, 2021

Liquid cryptocurrency exchange loses $94 million following hack New unofficial Windows patch fixes more PetitPotam attack vectors New York man sentenced to prison for stealing students' nude photos after hacking their accounts Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches — or you shore up your security and release software at a snail’s pace. But with Copado DevOps, you get the best of both worlds. Leverage Copado’s low-code DevOps platform to drive 94% fewer production bugs, 95% faster releases and an average ROI of 307%. To get a free demo, visit Copado.com. For the stories behind the headlines, head to CISOseries.com
8/20/20218 minutes, 50 seconds
Episode Artwork

August 19, 2021

T-Mobile says hackers stole records belonging to 48.6 million individuals OIG issues report on US Census Bureau breach Operator of the Helix bitcoin mixer pleads guilty to money laundering Thanks to our episode sponsor, Copado DevOps is the biggest revolution since the cloud. And Copado happens to be the #1 native DevOps solution for Salesforce and SaaS. So say goodbye to tedious deployments, disconnected teams and security risks. Copado provides visibility over your entire lifecycle and empowers your developers to release software 5 times faster. Want to experience the Copado effect? Get a demo at Copado.com For the stories behind the headlines, head to CISOseries.com
8/19/20217 minutes, 55 seconds
Episode Artwork

August 18, 2021

Chase bank accidentally leaked customer info to other customers Kalay cloud platform flaw exposes millions of IoT devices Data sovereignty laws place new burdens on CISOs Thanks to our episode sponsor, Copado It’s no secret — software risk has never been higher. In fact, 4 in 5 technology leaders lack confidence in their organizatons’ ability to combat cybercrime. Ultimately, your business is only as secure as the software that drives it. That’s why Copado’s DevOps solution includes built-in security and compliance guardrails to help you derisk your cloud and ramp up software releases. To get a free demo, visit Copado.com. For the stories behind the headlines, head to CISOseries.com.
8/18/20217 minutes, 56 seconds
Episode Artwork

August 17, 2021

Terrorist watchlist exposed online DHS considering using private companies to scan social media Reportedly leaked T-Mobile data for sale online Thanks to our episode sponsor, Copado Implementing Salesforce is like buying a private jet. While you could drive it around your neighborhood, wouldn’t you rather learn how to fly it into the clouds? Enter Copado — the #1 Native DevOps Solution for Salesforce. Copado unites pro-code and low-code developers on the same platform to unlock visibility, traceability and security from end to end. Want to take Copado for a test drive? Get your demo at Copado.com
8/17/20216 minutes, 34 seconds
Episode Artwork

August 16, 2021

Ford bug exposed customer and employee records from internal systems Huawei accused in suit of installing data ‘back door’ in Pakistan project Threat actors turning to RDDoS attacks as a new ransom vector Thanks to our episode sponsor, Copado The traditional development lifecycle is a game of tradeoffs. You either deploy at blazing speed and put yourself at risk of bugs and breaches — or you shore up your security and release software at a snail’s pace. But with Copado DevOps, you get the best of both worlds. Leverage Copado’s low-code DevOps platform to drive 94% fewer production bugs, 95% faster releases and an average ROI of 307%. To get a free demo, visit Copado.com. For the stories behind the headlines, head to CISOseries.com.
8/16/20218 minutes, 6 seconds
Episode Artwork

Week in Review - August 9-13, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, August 9-13, 2021, is hosted by Rich Stroffolino with our guest, Ben Sapiro, CISO, Canada Life Thanks to our episode sponsor, Sotero All links and the video of this episode can be found on CISO Series.com
8/13/202122 minutes, 19 seconds
Episode Artwork

August 13, 2021

Another unpatched PrintNightmare zero-day PrintNightmare vulnerability weaponized by ransomware gang Notorious darknet market comes back to life Thanks to our episode sponsor, Sotero It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com
8/13/20217 minutes, 43 seconds
Episode Artwork

August 12, 2021

China signals tech crackdown will deepen Poly Network hacker has a change of heart PrintNightmare finally patched for good Thanks to our episode sponsor, Sotero It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.
8/12/20216 minutes, 12 seconds
Episode Artwork

August 11, 2021

eCh0raix ransomware now targets both QNAP and Synology NAS devices At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks US Senate sends infrastructure bill to House Thanks to our episode sponsor, Sotero It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com.
8/11/20217 minutes, 27 seconds
Episode Artwork

August 10, 2021

Ransomware demands surge in 2021 Flaw found in IOT random number generators Apple says nation states cannot add to CSAM scanning lists Thanks to our episode sponsor, Sotero It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.
8/10/20216 minutes, 26 seconds
Episode Artwork

August 9, 2021

Actively exploited bug bypasses authentication on millions of routers A zero-day RCE in Cisco ADSM has yet to be fixed Password of three random words better than complex variation, experts say Thanks to our episode sponsor, Sotero It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com.
8/9/20218 minutes, 49 seconds
Episode Artwork

Week in Review - August 2-6, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, August 2-6, 2021, is hosted by Rich Stroffolino with our guest, Sandy Dunn, Blue Cross of Idaho Thanks to our episode sponsor, PlexTrac All links and the video of this episode can be found on CISO Series.com
8/6/202122 minutes, 54 seconds
Episode Artwork

August 6, 2021

US partners with Amazon, Google, and Microsoft to help fight cyber threats Conti ransomware gang falls victim to insider data leak Microsoft announces new ‘Super Duper’ browser security feature Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, adversary emulation, and pentest automation to improve communication and collaboration. PlexTrac provides the platform to measure real progress and demonstrate real results. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com
8/6/20218 minutes, 21 seconds
Episode Artwork

August 5, 2021

Google and Amazon patch DNS-as-a-Service bugs Asian telcos hit by separate Chinese cyber attacks US government struggles against the cyber security skills shortage Thanks to our episode sponsor, PlexTrac Level up your team’s capabilities with PlexTrac. Regardless of size, resources, or maturity, every team can take steps to improve defenses against imminent threats like ransomware. PlexTrac is the perfect platform to make the most proactive engagements by tracking tactics, visualizing metrics, supporting communication, and measuring remediation. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
8/5/20216 minutes, 53 seconds
Episode Artwork

August 4, 2021

Federal agencies are failing to protect sensitive data, Senate report finds Spear phishing attackers increasingly targeting non-C-suite employees All apps on Google Play Store will need privacy policy by next April Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.    
8/4/20217 minutes, 57 seconds
Episode Artwork

August 3, 2021

APT targeting Microsoft IIS servers Pegasus spyware confirmed on journalist phones Someone is spoofing military ship locations Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Robust filtering allows for effortless options in viewing and communicating your data. Track your signal through the noise with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
8/3/20216 minutes, 51 seconds
Episode Artwork

August 2, 2021

BlackMatter ransomware gang rises from the ashes of DarkSide, REvil Remote print server gives anyone Windows admin privileges on a PC Justice Department says Russians hacked federal prosecutors Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
8/2/20217 minutes, 47 seconds
Episode Artwork

July 30, 2021

Biden warns that severe cyberattacks could escalate to an actual war New ransomware gangs emerge on cybercrime forums New Android malware uses VNC to spy and steal victim passwords Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone’s mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com
7/30/20217 minutes, 51 seconds
Episode Artwork

Week in Review - July 26-30, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 26-30, 2021, is hosted by Rich Stroffolino with our guest, Robb Reck (@robbreck), founder and host, Colorado = Cybersecurity  Thanks to our sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit varonis.com/risk  All links and the video of this episode can be found on CISO Series.com  
7/29/202121 minutes, 7 seconds
Episode Artwork

July 29, 2021

Federal agencies directed to develop cyber security standards for infrastructure Controversial vulnerability search engine re-released at Defcon The most exploited vulnerabilities of the year Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform.
7/29/20216 minutes, 17 seconds
Episode Artwork

July 28, 2021

Microsoft rushes fix for PetitPotam attack PoC Apple releases urgent zero day bug patch for Mac, iPhone and iPad devices Google launches new Bug Hunters vulnerability rewards platform Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
7/28/20218 minutes, 17 seconds
Episode Artwork

July 27, 2021

No More Ransom project five-years in Google Cloud Commits to APIs WhatsApp CEO details 2019 Pegasus spyware attack Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at varonis.com/risk
7/27/20216 minutes, 16 seconds
Episode Artwork

July 26, 2021

French president pushes for Israeli inquiry into NSO spyware concerns Microsoft shares mitigations for new PetitPotam NTLM relay attack Fake Windows 11 installers already distributing malware Thanks to our episode sponsor, Varonis Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
7/26/20216 minutes, 54 seconds
Episode Artwork

July 23, 2021

NSO Group says to blame its customers Saudi Aramco confirms data leak Sophos to acquire Braintrace Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone’s mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information.
7/23/20215 minutes, 55 seconds
Episode Artwork

Week in Review - July 19-23, 202

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 19-23, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don’t need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit varonis.com/risk All links and the video of this episode can be found on CISO Series.com
7/22/202123 minutes, 54 seconds
Episode Artwork

July 22, 2021

Israel creates task force to look into NSO spyware Bill could increase the FTC’s role in fighting ransomware NPM package stealing saved browser passwords Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform.
7/22/20216 minutes, 33 seconds
Episode Artwork

July 21, 2021

China fires back at US after Exchange hack accusations Unpatched iPhone bug allows remote device takeover 16-year-old bug in printer software gives hackers admin rights Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com
7/21/20217 minutes, 40 seconds
Episode Artwork

July 20, 2021

Leaked NSO group data hints at widespread Pegasus spyware infections UK and White House blame China for Microsoft Exchange Server hack Saudi Aramco data breach sees 1TB of stolen data for sale Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
7/20/20217 minutes, 55 seconds
Episode Artwork

July 19, 2021

Israeli firm uses Windows zero-days to deploy spyware Cyberattacks increased 17% in Q1 of 2021, with 77% being targeted attacks Another unpatched bug in Windows print spooler Thanks to our episode sponsor, Varonis Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
7/19/20217 minutes, 41 seconds
Episode Artwork

July 16, 2021

Facebook says it disrupted Iranian Tortoiseshell hacking campaign US offers $10 million reward to combat state-sponsored cyberattacks  Report identifies top threats to Tokyo Olympic Games Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone’s mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com
7/16/20218 minutes, 1 second
Episode Artwork

Week in Review - July 12-16, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 12-16, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Norman Hunt, deputy CISO, GEICO Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform. ll links and the video of this episode can be found on CISO Series.com
7/15/202123 minutes, 10 seconds
Episode Artwork

July 15, 2021

China issues new zero-day rules Google discloses four zero-days tied to Russian APT Microsoft announces Windows 365 at Inspire 2021 Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform.
7/15/20216 minutes, 28 seconds
Episode Artwork

July 14, 2021

REvil web sites mysteriously shut down New BIOPASS malware livestreams victim's computer screen New CISA director confirmed, White House gains cyber-director Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.
7/14/20217 minutes, 24 seconds
Episode Artwork

July 13, 2021

Ransomwhere site hopes to provide transparency Microsoft to buy RiskIQ The scope of China’s Great Firewall internet censorship Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Learn more at varonis.com/risk
7/13/20216 minutes, 29 seconds
Episode Artwork

July 12, 2021

Cyber-attack hits Iran’s transport ministry and railways Hackers use a new technique to disable macro security warnings in weaponized docs MacOS targeted in WildPressure APT malware campaign Thanks to our episode sponsor, Varonis Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.
7/12/20217 minutes, 21 seconds
Episode Artwork

July 9, 2021

Phishing campaign spells double-trouble for Kaseya customers Google sued by 36 states over Play Store fees Morgan Stanley falls victim to third-party data breach Thanks to our episode sponsor, Viakoo Want to use 802.1x or TLS certificates on IoT devices, but believe it’s hard to manage? It isn’t if you use Viakoo. Let Viakoo show you how to manage certificates enterprise-wide from a single console and quickly improve your cyber hygiene. We’re available at Viakoo.com. For the stories behind the headlines, head to CISOseries.com
7/9/20217 minutes, 30 seconds
Episode Artwork

Week in Review - July 5-9, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 5-9, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don’t work for IoT. Viakoo’s award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com. All links and the video of this episode can be found on CISO Series.com
7/8/202124 minutes, 44 seconds
Episode Artwork

July 8, 2021

Russian APT targets Republican National Committee White House urges mayors to review cyber security posture Incomplete PrintNightmare emergency patch released Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don’t work for IoT. Viakoo’s award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com.
7/8/20216 minutes, 26 seconds
Episode Artwork

July 7, 2021

Kaseya patches imminent after zero-day exploits REvil lowers ransom for universal decryptor Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over Thanks to our episode sponsor, Viakoo Did you know IP cameras are responsible for 1/3rd of all IoT cyber breaches? And that 7 out of 10 cameras are running out of date firmware? Viakoo has proven solutions to automate cyber hygiene on cameras and other IoT devices. Sign up for a personalized demo at Viakoo.com. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.
7/7/20218 minutes
Episode Artwork

July 6, 2021

REvil confirms Kaseya attack White House will attribute Hafnium Exchange hacks Cyber reinsurance rates see a spike Thanks to our episode sponsor, Viakoo Using a discovery solution like Armis, Forescout, Ordr, and others? Great news – when you discover vulnerable IoT devices you can automate firmware, certificate, and password management to make those devices secure. Learn more at Viakoo.com.  
7/6/20215 minutes, 57 seconds
Episode Artwork

July 5, 2021

Kaseya was fixing zero-day just as REvil sprang their attack DHS announces most successful cybersecurity hiring initiative in its history Robinhood ordered to pay $70 million over ‘harm’ caused to millions of traders Thanks to our episode sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com.
7/5/20217 minutes, 45 seconds
Episode Artwork

July 2, 2021

Russian military cyber-unit behind large-scale brute-force attacks Authorities seize DoubleVPN service used by cybercriminals Microsoft research team reveals critical vulns in Netgear routers Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.
7/2/20218 minutes, 51 seconds
Episode Artwork

Week in Review - June 28-July 2, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 28-July 2, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Gerhard Rickert, VP, Information Security, Central Pacific Bank Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial’s information. Despite a multi-million-dollar ransom payment, the pipeline’s stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts. All links and the video of this episode can be found on CISO Series.com  
7/1/202120 minutes, 13 seconds
Episode Artwork

July 1, 2021

Secrecy orders abound in Microsoft’s government data requests When proof of concepts go wrong Maine passes strong facial recognition ban Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial’s information. Despite a multi-million-dollar ransom payment, the pipeline’s stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts.
7/1/20216 minutes, 29 seconds
Episode Artwork

June 30, 2021

Data for 700 million LinkedIn users posted for sale House lawmakers introduce American Cybersecurity Literacy Act to mitigate cyber risks UK foreign secretary’s private mobile number has been online for at least 11 years Thanks to our episode sponsor, Keyavi Ransomware is big business. This nightmare usually gives cyber criminals multiple opportunities to hold your data hostage. After stealing it, attackers can also threaten to reveal the contents of your data publicly and damage reputations in the process. If your data self-protects, it becomes totally useless to criminals. Visit www.keyavi.com/sessions to learn how to protect your data from extortion. For the stories behind the headlines, head to CISOseries.com.
6/30/20217 minutes, 1 second
Episode Artwork

June 29, 2021

Windows 11 CPU confusion continues EA ignored domain vulnerabilities for months Ransomware increasingly hiding in VMs Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions slash-sessions -- to learn how self-protecting data equals peace of mind.
6/29/20217 minutes, 3 seconds
Episode Artwork

June 28, 2021

Microsoft admits to signing rootkit malware in supply-chain fiasco Senate fails to confirm new CISA director before two-week break, drawing criticism Hackers release free games laced with cryptomining malware Thanks to our episode sponsor, Keyavi Google Security VP Royal Hansen said recently that the biggest security challenge over the next 10 years will be “shifting the focus of security from the technical hygiene of code and configuration to self-defending data.” Guess what? Self-protecting data isn’t 10 years away – it’s here now! Visit www.keyavi.com/sessions to see how the previously impossible is now possible. For the stories behind the headlines, head to CISOseries.com.
6/28/20217 minutes, 50 seconds
Episode Artwork

June 25, 2021

Dell bug puts 30 million PCs at risk Irish health services still feel the impact of ransomware Google delays third-party cookie ban Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Read our ‘CISOs Guide to Salesforce’ at RevCult.com.
6/25/20216 minutes, 37 seconds
Episode Artwork

Week in Review - June 21-25, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, June 21-25, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Ira Winkler, CISO, Skyline Technology Solutions Thanks to our sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. All links and the video of this episode can be found on CISO Series.com  
6/24/202122 minutes, 59 seconds
Episode Artwork

June 24, 2021

Antivirus pioneer John McAfee found dead in Spanish prison MITRE releases D3FEND framework Tulsa issues fraud warning after police citation leak Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com
6/24/20218 minutes, 43 seconds
Episode Artwork

June 23, 2021

DirtyMoe is a rapidly growing Windows botnet Majority of web apps in 11 industries are vulnerable all the time Lexmark printers open to arbitrary code-execution Zero-Day Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Read our ‘CISOs Guide to Salesforce’ at RevCult.com. For the stories behind the headlines, head to CISOseries.com
6/23/20217 minutes, 40 seconds
Episode Artwork

June 22, 2021

Data leak marketplace dials up the pressure Bay Area water treatment plant targeted in cyber attack CISA lacks info on federal agency security Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses.
6/22/20216 minutes, 26 seconds
Episode Artwork

June 21, 2021

New iPhone bug can permanently break WiFi simply by connecting to a rogue hotspot New York City Law Department hacked SASE: 64% of businesses are adopting or plan to adopt in the next year Thanks to our episode sponsor, Viakoo If you discover vulnerable IoT devices on your network, stop port-blocking them. Instead, use Viakoo to remediate vulnerabilities and keep devices delivering their value as full network citizens. Visit Viakoo.com to learn more. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.
6/21/20217 minutes, 35 seconds
Episode Artwork

June 18, 2021

Ukrainian and South Korean police raids collar Clop ransomware gang suspects Over one billion CVS Health records exposed online Scammers using fake Ledger devices to swipe cryptocurrency Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more. For the stories behind the headlines, head to CISOseries.com
6/18/20219 minutes, 13 seconds
Episode Artwork

Week in Review - June 14-18, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, June 14-18, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Peter Liebert (@LiebertPeter), CISO, Cerner Government Services. With all the cybersecurity tools you have, why is your data still vulnerable? You’re assuming data cannot protect itself. BUT NOW IT CAN! Need to revoke access after data leaves your possession? Authorize remote locations real-time? Or change permissions on the fly? Seeing is believing. Sign-up at www.keyavi.com/sessions -- that’s K-E-Y-A-V-I-dot-com-slash-sessions -- and take control of your data today. All links and the video of this episode can be found on CISO Series.com
6/17/202123 minutes, 58 seconds
Episode Artwork

June 17, 2021

Biden gives Putin a no-hacking list Facebook’s Oversight Board accepts policy opinion Researchers reverse engineer deepfakes Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial’s information. Despite a multi-million-dollar ransom payment, the pipeline’s stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts.
6/17/20217 minutes, 14 seconds
Episode Artwork

June 16, 2021

Windows 11 leaked “Face of Anonymous” suspect deported from Mexico to face US hacking charges Apple reveals two iOS zero-day vulnerabilities that allow attackers to access fully patched devices Thanks to our episode sponsor, Keyavi Ransomware is big business. This nightmare usually gives cyber criminals multiple opportunities to hold your data hostage. After stealing it, attackers can also threaten to reveal the contents of your data publicly and damage reputations in the process. If your data self-protects, it becomes totally useless to criminals. Visit www.keyavi.com/sessions to learn how to protect your data from extortion.  For the stories behind the headlines, head to CISOseries.com.
6/16/20217 minutes, 50 seconds
Episode Artwork

June 15, 2021

Interpol shuts down thousands of fake pharmacies Chip shortage could lead to counterfeit chip crisis Windows 10 support ends in 2025 Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions to learn how self-protecting data equals peace of mind.
6/15/20216 minutes, 48 seconds
Episode Artwork

June 14, 2021

U.S. suffers over 7 ransomware attacks an hour Chief Operating Officer of network security company charged with cyberattack on medical center REvil hits US nuclear weapons contractor Thanks to our episode sponsor, Keyavi Google Security VP Royal Hansen said recently that the biggest security challenge over the next 10 years will be “shifting the focus of security from the technical hygiene of code and configuration to self-defending data.” Guess what? Self-protecting data isn’t 10 years away – it’s here now! Visit www.keyavi.com/sessions to see how the previously impossible is now possible. For the stories behind the headlines, head to CISOseries.com.
6/14/20217 minutes, 32 seconds
Episode Artwork

June 11, 2021

JBS paid $11 million ransom to cybercriminals Electronic Arts’ gaming source code stolen in hack Largest stolen creds market seized by law enforcement Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.  For the stories behind the headlines, head to CISOseries.com
6/11/20217 minutes, 56 seconds
Episode Artwork

Week in Review - June 7-11, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 7-11, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Robert Wood, CISO, Centers for Medicare & Medicaid Services Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. All links and the video of this episode can be found on CISO Series.com
6/10/202123 minutes, 11 seconds
Episode Artwork

June 10, 2021

Cyber-attack disrupts NYC Law Department Amazon successfully presses to omit consumer protections from Senate China bill Intel fixes high severity vulnerabilities with June 2021 platform update Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.  For the stories behind the headlines, head to CISOseries.com
6/10/20217 minutes, 53 seconds
Episode Artwork

June 9, 2021

StackOverflow, Twitch, Reddit, others down in Fastly CDN outage Hundreds arrested in massive global crime sting using messaging app Capitol Hill tech vendor is the latest ransomware victim Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.  For the stories behind the headlines, head to CISOseries.com.
6/9/20217 minutes, 14 seconds
Episode Artwork

June 8, 2021

US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers Energy chief cites risk of cyberattacks crippling power grid Researchers discover first known malware targeting Windows containers Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.  For the stories behind the headlines, head to CISOseries.com.
6/8/20217 minutes, 14 seconds
Episode Artwork

June 7, 2021

VMware vulnerability with 9.8 severity rating is under attack GitHub updates policy to remove exploit code when used in active attacks Colonial Pipeline breached via single compromised password Thanks to our sponsor: Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.  For the stories behind the headlines, head to CISOseries.com.  
6/7/20218 minutes, 14 seconds
Episode Artwork

June 4, 2021

NYC transportation authority hacked using Pulse Secure zero-day Cybercriminals hold contest to find new cryptocurrency exploits FBI confirms REvil as JBS ransomware attacker Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com
6/4/20218 minutes, 21 seconds
Episode Artwork

Week in Review - May 31-Jun 4, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 31- Jun 4, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Bryan Zimmer, Head of Security, Humu Thanks to our sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. All links and the video of this episode can be found on CISO Series.com
6/3/202122 minutes, 46 seconds
Episode Artwork

June 3, 2021

Florida teen faces charges for DDoS attack on school district UC Browser calls home Ransomware disrupts Massachusetts ferry service Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com
6/3/20216 minutes, 7 seconds
Episode Artwork

June 2, 2021

Critical WordPress plugin zero-day under active exploitation Cyberattack forces meat producer to shut down operations in U.S., Australia – Russia suspected LinkedIn data shows Austin is biggest winner in tech migration Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com
6/2/20218 minutes, 2 seconds
Episode Artwork

June 1, 2021

Amazon to opt-in users to Amazon Sidewalk Rowhammer attacks show the downside of density Hacking shuts down Swedish infectious disease database Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com
6/1/20215 minutes, 59 seconds
Episode Artwork

May 31, 2021

Two new attacks allow alteration of certified PDF documents US says agencies fended off latest Russian hack involving four new malware families New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com
5/31/20217 minutes, 28 seconds
Episode Artwork

May 28, 2021

Twitter urges Indian government to respect free speech French authorities take down their third dark web marketplace Japanese government's data breached after Fujitsu compromise Thanks to our episode sponsor, Sumo Logic Empower your SOC teams with a single platform that addresses security, compliance and configuration. Register for Sumo Logic’s Modern SOC Summit June 8-9. Whether you are just getting started or want a technical deep dive, this event has something for you. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the headlines, head to CISOseries.com
5/28/20218 minutes, 48 seconds
Episode Artwork

Week in Review - May 24-28, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 24-28, 2021, is hosted by Steve Prentice, with our guest, Jimmy Sanders, CISO, Netflix DVD Thanks to our episode sponsor, Sumo Logic It’s time to rethink your security for digital transformation success. Register for Sumo Logic’s Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. All links and the video of this episode can be found on CISO Series.com  
5/27/202121 minutes, 38 seconds
Episode Artwork

May 27, 2021

Belgium disrupts cyber-espionage campaign Facebook says Russia is still the largest producer of misinformation WhatsApp sues over Indian IT laws Thanks to our episode sponsor, Sumo Logic It’s time to rethink your security for digital transformation success. Register for Sumo Logic’s Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.
5/27/20216 minutes, 38 seconds
Episode Artwork

May 26, 2021

DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack Audio technology maker Bose discloses data breach after ransomware attack Malware exploited macOS zero-day flaw to secretly take screenshots Thanks to our episode sponsor, Sumo Logic Join security leaders and practitioners at Sumo Logic's Modern SOC Summit June 8-9. Explore, learn and think about the future of your security strategy and direction with a half day program designed for all skill and interest levels. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the headlines, head to CISOseries.com.
5/26/20216 minutes, 48 seconds
Episode Artwork

May 25, 2021

8.3 million plaintext passwords leaked Dozens of US towns buy surveillance gear from firms tied to human rights abuses Russia threatens to slow Google Thanks to our episode sponsor, Sumo Logic Empower your SOC teams with a single platform that addresses security, compliance and configuration. Register for Sumo Logic’s Modern SOC Summit June 8-9. Whether you are just getting started or want a technical deep dive, this event has something for you. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen.
5/25/20216 minutes, 30 seconds
Episode Artwork

May 24, 2021

Air India hack covers ten years and three other airlines Wormable Windows IIS vulnerability also affects WinRM on Windows 10 and server systems Insurance giant CNA pays $40m to ransomware crooks Thanks to our episode sponsor, Sumo Logic It’s time to rethink your security for digital transformation success. Register for Sumo Logic’s Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at sumologic.com and click on the link at the top of the screen. For the stories behind the headlines, head to CISOseries.com.
5/24/20217 minutes, 51 seconds
Episode Artwork

May 21, 2021

Millions of Android users’ data exposed due to cloud authentication failures UK regulator fines AmEx for spamming violations Russian hacker sentenced to 5 years for $1.5 million tax fraud Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com
5/21/20218 minutes, 52 seconds
Episode Artwork

May 20, 2021

Colonial Pipeline confirms it paid the ransom Qlocker ransomware operators shut down SolarWinds CEO speaks about supply chain attack Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.
5/20/20217 minutes, 1 second
Episode Artwork

Week in Review - May 17-21, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 17-21, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Ty Sbano, CISO, Sisense Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. All links and the video of this episode can be found on CISO Series.com
5/19/202123 minutes, 1 second
Episode Artwork

May 19, 2021

DDoS attacks are back, stronger than ever Proof of concept exploit released for wormable Windows vulnerability Tech audit of Colonial Pipeline found ‘glaring’ problems in 2018 Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.
5/19/20217 minutes, 47 seconds
Episode Artwork

May 18, 2021

Double encryption ransomware attacks on the rise The UK seeks advice on defending against supply-chain attacks Eufy leaks customer camera feeds to strangers Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register.
5/18/20216 minutes, 20 seconds
Episode Artwork

May 17, 2021

Insurer AXA hit by ransomware after dropping support for ransom payments Darkside says it lost control of servers and money a day after Biden threat CEOs could face jail time for IoT attacks by 2024 Thanks to our episode sponsor, Trend Micro Want to discover new ways to simplify and strengthen your security? Join Trend Micro Perspectives on June 16, where industry experts and practitioners will share deep insights and real-world examples on how security can play a pivotal role in accelerating your digital transformation. Featuring speakers from Gartner, Forrester, ESG, AWS, and Microsoft. Visit TrendMicro.com/Perspectives today to register. For the stories behind the headlines, head to CISOseries.com.  
5/17/20217 minutes, 15 seconds
Episode Artwork

May 14, 2021

Colonial Pipeline makes ransom payment of nearly $5 million Biden signs executive order to bolster federal cyber defenses Apple failed to disclose security incident affecting millions of users Thanks to our episode sponsor, Altitude Networks Wouldn’t it be great if you could INSTANTLY KNOW if a file containing sensitive information was shared in the wrong way, anywhere in your company AND security had a real time slack notification with a magic “undo button”?! Altitude Networks solves these challenges and protects you from all data leak risks on Google Workspace and Office 365! Altitude Networks is addressing the data security gap so check them out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people! For the stories behind the headlines, head to CISOseries.com
5/14/20217 minutes, 36 seconds
Episode Artwork

May 13, 2021

FBI warns of phishing sites using search ads Researcher finds WiFi vulnerable to “frag attacks” Data transfer demonstrated on Apple’s Find My network Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Altitude Networks is addressing the data security gap in Google Workspace and Office 365. Check them out at AltitudeNetworks.com and be sure your sensitive data stays when your employees leave!
5/13/20217 minutes, 2 seconds
Episode Artwork

Week in Review - May 10-14, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 10-14, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Al Ghous, CISO, Envision Digital Thanks to our episode sponsor, Altitude Networks All links and the video of this episode can be found on CISO Series.com
5/12/202122 minutes, 40 seconds
Episode Artwork

May 12, 2021

U.S. declares emergency in 17 states over fuel pipeline cyber attack Japanese manufacturer Yamabiko targeted by Babuk ransomware Microsoft May 2021 Patch Tuesday fixes 55 flaws, 3 zero-days Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Altitude Networks is addressing the data security gap in Google Workspace and Office 365. Check them out at AltitudeNetworks.com and be sure your sensitive data stays when your employees leave! For the stories behind the headlines, head to CISOseries.com.
5/12/20218 minutes, 21 seconds
Episode Artwork

May 11, 2021

Darkside behind the Colonial Pipeline attack Insurance provider ends ransomware reimbursement Tor exit nodes plagued by malware Thanks to our episode sponsor, Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It’s a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Altitude Networks is addressing the data security gap in Google Workspace and Office 365. Check them out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people!
5/11/20216 minutes, 13 seconds
Episode Artwork

May 10, 2021

Colonial hackers stole data ahead of pipeline shutdown Microsoft pulls Windows 10 AMD driver causing PCs not to boot New TsuNAME flaw could let attackers take down authoritative DNS servers Thanks to our episode sponsor, Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It’s a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Altitude Networks is addressing the data security gap in Google Workspace and Office 365. Check them out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people! For the stories behind the headlines, head to CISOseries.com.  
5/10/20217 minutes, 33 seconds
Episode Artwork

May 7, 2021

DOD announces expansion of bug bounty program Data leak uncovers Amazon product review scam DHS to embark on historic hiring initiative Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com. For the stories behind the headlines, head to CISOseries.com.
5/7/20216 minutes, 58 seconds
Episode Artwork

Week in Review - May 3-7, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, May 3-7, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Mitch Parker (@mitchparkerciso), CISO, Indiana University Health. Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com. All links and the video of this episode can be found on CISO Series.com
5/6/202124 minutes, 51 seconds
Episode Artwork

May 6, 2021

Facebook’s Oversight Board upholds Trump suspension Phishing for workplace credentials Report looks at third-party SDKs in school apps Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption “Made in Germany” for OneDrive, Dropbox, Google Drive, and Co. as well as for Microsoft Teams. For more information visit Boxcryptor.com.
5/6/20216 minutes, 18 seconds
Episode Artwork

May 5, 2021

A new set of vulnerabilities may affect 60 percent of the world’s public email servers worldwide Hundreds of millions of Dell computers potentially vulnerable to attack Apple products hit by fourfecta of zero-day exploits Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com.  For the stories behind the headlines, head to CISOseries.com.
5/5/20217 minutes, 47 seconds
Episode Artwork

May 4, 2021

A look at the Project Signal ransomware campaign Moscow facial recognition system used against protestors Facebook Oversight Board to release Trump decision Wednesday Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption “Made in Germany” for OneDrive, Dropbox, Google Drive, and Co. as well as for Microsoft Teams. For more information visit Boxcryptor.com.
5/4/20216 minutes, 53 seconds
Episode Artwork

May 3, 2021

New Spectre exploits beat AMD and Intel mitigations Microsoft finds critical code execution bugs in IoT, OT devices New ransomware group uses SonicWall zero-day to breach networks Thanks to our episode sponsor, Boxcryptor We think CISOs also have a right to sleep peacefully at night. Therefore, we recommend encrypting your sensitive business data for an extra layer of protection. Now in its 10th year, Boxcryptor offers strong end-to-end encryption for more than 30 cloud providers, NAS, file servers, and local data to organizations of all sizes. Start your free trial now at Boxcryptor.com. For the stories behind the headlines, head to CISOseries.com.
5/3/20217 minutes, 49 seconds
Episode Artwork

April 30, 2021

Babuk ransomware operators announce shutdown Now we need to worry about deepfake satellite images QNAP hit with AgeLocker ransomware Thanks to our episode sponsor, Aptible Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That’s why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus on compliance and help the sales team close deals with Rooms. Go to aptible.com/ciso to create your free Room now.
4/30/20216 minutes, 52 seconds
Episode Artwork

Week in Review - April 26-30, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, April 26-30, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Jerich Beason (@blanketSec), CISO, Epiq. Thanks to our episode sponsor, Aptible What do the compliance leaders at Datadog, Pagerduty, Fullstory, Sift, PartnerStack, and many other marque companies have in common? They all understand that the ultimate goal of their work is to build trust with customers. And that’s why they all use Aptible Comply to automate compliance management, and then they use the Rooms functionality to share their security documentation, making building customer trust easy. If you want to build trust like the best you can go to aptible.com/ciso to create your free Room now. All links and the video of this episode can be found on CISO Series.com
4/29/202123 minutes, 24 seconds
Episode Artwork

April 29, 2021

Linux malware used to backdoor systems for years Intel and Microsoft partner to detect cryptojacking Android contact tracing logs exposed to preinstalled apps Thanks to our episode sponsor, Aptible Remember this? It’s the end of the quarter which means urgent sales requests for security documentation. Well, thanks to Aptible Comply those days are over. Comply Rooms is a completely free, sales enablement tool built specifically for compliance teams to provide immediate, self-serve, and secure access to trust packets. With Rooms you just upload your security docs and NDA, then input your customer's emails to invite them where they download automatically watermarked documents. The process that used to take days is now done in minutes. Go to aptible.com/ciso to create your free Room now.
4/29/20217 minutes, 18 seconds
Episode Artwork

April 28, 2021

Ransomware gang threatens to expose police informants if ransom is not paid Vulnerabilities in Eaton product can allow hackers to disrupt power supply FBI shares four million email addresses used by Emotet with Have I Been Pwned Thanks to our episode sponsor, Aptible What do the compliance leaders at Datadog, Pagerduty, Fullstory, Sift, PartnerStack, and many other marque companies have in common? They all understand that the ultimate goal of their work is to build trust with customers. And that’s why they all use Aptible Comply to automate compliance management, and then they use the Rooms functionality to share their security documentation, making building customer trust easy. If you want to build trust like the best you can go to aptible.com/ciso to create your free Room now. For the stories behind the headlines, head to CISOseries.com.
4/28/20217 minutes, 50 seconds
Episode Artwork

April 27, 2021

Software bug opened macOS to malware An analysis of the COMB21 password leak Authorities warn of FluBot Android malware Thanks to our episode sponsor, Aptible Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That’s why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus on compliance and help the sales team close deals with Rooms. Go to aptible.com/ciso to create your free Room now.
4/27/20216 minutes, 57 seconds
Episode Artwork

April 26, 2021

Emotet malware officially removed from all infected devices globally Computer security world in mourning over death of Dan Kaminsky Password manager Passwordstate hacked to deploy malware on customer systems Thanks to our episode sponsor, Aptible Remember this? It’s the end of the quarter which means urgent sales requests for security documentation. Well, thanks to Aptible Comply those days are over. Comply Rooms is a completely free, sales enablement tool built specifically for compliance teams to provide immediate, self-serve, and secure access to trust packets. With Rooms you just upload your security docs and NDA, then input your customer's emails to invite them where they download automatically watermarked documents. The process that used to take days is now done in minutes. Go to aptible.com/ciso to create your free Room now. For the stories behind the headlines, head to CISOseries.com.
4/26/20217 minutes, 19 seconds
Episode Artwork

April 23, 2021

Prometei botnet exploits Exchange server bugs Facebook wants to 'normalize' the mass scraping of personal data Microsoft 365 outage affects email delivery Thanks to our episode sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud at paltoaltonetworks.com/Prisma For the stories behind the headlines, head to CISOseries.com.
4/23/20218 minutes, 16 seconds
Episode Artwork

Week in Review - April 19-23, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, April 19-23, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, George Finney, CISO, Southern Methodist University Thanks to our episode sponsor, Palo Alto Networks All links and the video of this episode can be found on CISO Series.com  
4/22/202123 minutes, 6 seconds
Episode Artwork

April 22, 2021

EU weighs regulations on “high-risk” AI DOJ forms ransomware task force Facebook disrupts two state-sponsored hacking groups Thanks to our episode sponsor, Palo Alto Networks Ralph Waldo Emerson famously wrote that "It's not the destination, it's the journey." For your cloud security journey, you need a reliable partner. On April 27th, Prisma Cloud by Palo Alto Networks will be hosting Spectrum, a virtual event with sessions to help you create a comprehensive cloud security strategy. Learn more at go.paloaltonetworks.com/spectrum
4/22/20215 minutes, 57 seconds
Episode Artwork

April 21, 2021

Hundreds of networks reportedly hacked in Codecov supply-chain attack Remote code execution vulnerabilities uncovered in smart air fryer Biden administration unveils plan to defend electric sector from cyberattacks Thanks to our episode sponsor, Palo Alto Networks In Latin, the word "spectrum" means "image". Spectrum also happens to be a cloud security event that's all about container images…and CI/CD pipeline security, cloud transformation strategies, and much more. Join Prisma Cloud by Palo Alto Networks on April 27 for a virtual event covering all things cloud security. Learn more at go.paloaltonetworks.com/spectrum  For the stories behind the headlines, head to CISOseries.com.  
4/21/20217 minutes, 44 seconds
Episode Artwork

April 20, 2021

Security conferences set for in-person return Apple approves Parler’s return to the App Store Geico exposed driver’s license numbers for months Thanks to our episode sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud at paltoaltonetworks.com/Prisma
4/20/20216 minutes, 8 seconds
Episode Artwork

April 19, 2021

Codecov discloses 2.5-month-long supply chain attack BazarLoader malware aims at Slack and BaseCamp users Windows 10 update causing DNS and shared folder issues Thanks to our episode sponsor, Palo Alto Networks Ralph Waldo Emerson famously wrote that "It's not the destination, it's the journey." For your cloud security journey, you need a reliable partner. On April 27th, Prisma Cloud by Palo Alto Networks will be hosting Spectrum, a virtual event with sessions to help you create a comprehensive cloud security strategy. Learn more at go.paloaltonetworks.com/spectrum For the stories behind the headlines, head to CISOseries.com.
4/19/20217 minutes, 54 seconds
Episode Artwork

April 16, 2021

US pins SolarWinds attack on Cozy Bear, boots 10 Russian diplomats Second Google Chromium zero-day released on Twitter this week Google rolls out Chrome 90 with HTTPS by default Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code.
4/16/20218 minutes, 47 seconds
Episode Artwork

Week in Review - April 12-16, 2021

Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-april-12-16-2021 This week’s Cyber Security Headlines - Week in Review, April 12-16, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. All links and the video of this episode can be found on CISO Series.com  
4/15/202123 minutes, 57 seconds
Episode Artwork

April 15, 2021

FBI patches Exchange server backdoors IcedID looks to fill the Emotet malware void Draft plan to improve US power grid security Thanks to our episode sponsor, Sonatype Ask any software developer, and they’ll tell you the truth about two things: 1. Conventional code analysis and appsec tools are noisy and not well integrated into the dev workflow. 2: Tools that don’t actually make life easier for them just add friction and are ignored. Rather than slowing devs down with process-heavy security gates or circuitous quality alerts, Sonatype believes developers are better served by gentle, timely, and effective nudges that actually help them improve the quality, and security of the applications they are building.
4/15/20217 minutes, 4 seconds
Episode Artwork

April 14, 2021

Chrome Zero-Day exploit posted on Twitter April Patch Tuesday patches 114 bugs including NSA’s two at 9.8 severity Cyberattacks are the number-one threat to the global financial system, Fed chair says Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. For the stories behind the headlines, head to CISOseries.com.
4/14/20217 minutes, 53 seconds
Episode Artwork

April 13, 2021

Nvidia announces AI-powered tools for cybersecurity Biden announces nominations for cybersecurity positions Apple updates chip security mid-production Thanks to our episode sponsor, Sonatype Ask any software developer, and they’ll tell you the truth about two things: 1. Conventional code analysis and appsec tools are noisy and not well integrated into the dev workflow. 2: Tools that don’t actually make life easier for them just add friction and are ignored. Rather than slowing devs down with process-heavy security gates or circuitous quality alerts, Sonatype believes developers are better served by gentle, timely, and effective nudges that actually help them improve the quality, and security of the applications they are building.
4/13/20216 minutes, 10 seconds
Episode Artwork

April 12, 2021

Israel carries out cyberattack on Iran nuclear facility Joker malware infects over 500,000 Huawei Android devices Critical cloud bug in VMWare Carbon Black allows takeover Thanks to our episode sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. For the stories behind the headlines, head to CISOseries.com.
4/12/20218 minutes, 14 seconds
Episode Artwork

April 9, 2021

Office 365 phishing hides behind HTML that stacks up like Legos Tech support scammers sending fake antivirus subscription bills PHP user database leaked in recent Git server attack Thanks to our episode sponsor, Sotero Okay, here’s a story that’ll warm your heart. A pharmaceutical company was having a really hard time making sensitive data available to downstream systems. Due to their security requirements, they were forced to transfer the data manually, which delayed the data’s availability by an entire month. Guess what they did? They turned to our sponsor – Sotero – to keep the data encrypted as the data is sent to downstream systems. And here’s the best part . . . With the data secure while in motion, they shortened the data transfer time from a month to a few hours. Amazing! I encourage you to check out Sotero at them Soterosoft.com.
4/9/20218 minutes, 29 seconds
Episode Artwork

Week in Review - April 5-9, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, April 5-9, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Justin Berman, former CISO, Dropbox Thanks to our episode sponsor, Sotero All this week we have been excited to welcome our new sponsor – Sotero. We have told you about their encryption solutions that keep data encrypted while the data is in use and in motion. This is the breakthrough that many of us have been waiting for. Well, Sotero has just uploaded to our site a technical whitepaper that takes a deep dive into this new encryption technology. You can find it on our homepage, about halfway down. You can also learn more about this new encryption technology at Soterosoft dot com. All links and the video of this episode can be found on CISO Series.com
4/8/202123 minutes, 46 seconds
Episode Artwork

April 8, 2021

Slack and Discord file sharing used to spread malware Facebook comments on recent user data leak Cring ransomware hits unpatched VPNs Thanks to our episode sponsor, Sotero What could your business do if it could keep data encrypted while the data is in motion or in use? Well, a lot of companies have the answer because they’re using a new encryption technology from Sotero. Sotero’s data encryption solutions keep data encrypted while the data is in use and in motion. These companies are using Sotero to attract new customers and drive new revenue streams. You really want to check this company out at Sotero.com.
4/8/20216 minutes, 22 seconds
Episode Artwork

April 7, 2021

European Union institutions targeted in a cyber-attack LinkedIn spearphishing campaign uses custom decoy job offers Ransomware attacks increased by 485% in 2020 over 2019 Thanks to our episode sponsor, Sotero I’m wondering if any of you have had a chance to check out the new data encryption technology from Sotero. Their solutions let you keep data encrypted while the data is in use and in motion. A lot of companies are using Sotero to speed up data analysis, store data in the cloud without giving up the encryption key, and to build in use and in motion encryption into their own platforms. I encourage you to check them out at Sotero.com. For the stories behind the headlines, head to CISOseries.com.
4/7/20218 minutes, 21 seconds
Episode Artwork

April 6, 2021

Supreme Court rules in Google’s favor on Java API case Firmware malware on the rise APTs exploiting vulnerabilities in FortiOS Thanks to our episode sponsor, Sotero In yesterday’s Cybersecurity Headlines episode, we told you about an exciting encryption technology from a company called Sotero. They offer data security solutions that encrypt data while the data is in use and in motion. For those of you whose businesses have been held back by the risks of sharing data or storing data in the cloud, you’ll want to check them out at Soterosoft.com.
4/6/20216 minutes, 57 seconds
Episode Artwork

April 5, 2021

533 million Facebook users have personal data leaked online Sierra Wireless resumes production after ransomware attack Malware attack is preventing car inspections in eight US states Thanks to our episode sponsor, Sotero This is a hot data security company with solutions that encrypt data while the data is in motion and in use. This is the breakthrough that everyone’s been waiting for. By keeping data encrypted in use and in motion, companies are deploying data in the cloud and to 3rd-party partners and systems with complete confidence. Check them out at Soterosoft.com. For the stories behind the headlines, head to CISOseries.com.
4/5/20217 minutes, 36 seconds
Episode Artwork

April 2, 2021

$3 will get you private webcam feeds sold as home video tapes Ubiquiti attacker tried to extort us, company confirms Crooks offer $500 for work logins, $25/month if they stay valid Thanks to our episode sponsor, Remediant Former Incident Response practitioners Tim Keeler and Paul Lanzi founded Remediant, a leader in Privileged Access Management. They did it to solve the one problem they saw repeatedly - standing administrator privileges. Repeatedly, they saw these rights weaponized by adversaries to deploy ransomware and move laterally across a network. Remediant uniquely addresses the challenge of standing privilege and be a force multiplier to Security programs worldwide. To learn more about Tim & Paul’s story, watch the video at remediant.com.
4/2/20218 minutes, 4 seconds
Episode Artwork

Week in Review - March 29-April 2, 2021

Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-29-april-2-2021/ Thanks to our episode sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management, one that a Fortune 100 company calls "the world's best protection against major incidents." Remediant uniquely: Deploys and inventories thousands of privileged accounts in hours Locks down lateral movement & ransomware spread by removing standing privilege with a single action Administer privileges just-in-time with MFA To learn more, visit remediant.com All links and the video of this episode can be found on CISO Series.com
4/1/202125 minutes, 18 seconds
Episode Artwork

April 1, 2021

North Korean hackers targeting security researchers Report details data sent from mobile operating systems Does CISA have the resources to succeed? Thanks to our episode sponsor, Remediant Did you know the average large enterprise workstation has 480 admins with 24x7 access to it? This access is called standing privilege and is an adversary’s favorite tool and a security team’s biggest undiscovered risk. Precision PAM leader Remediant addresses this risk by providing just enough access just in time, eliminating standing privilege with continuous scanning and agentless, vaultless simplicity. To learn more, visit remediant.com
4/1/20217 minutes, 11 seconds
Episode Artwork

March 31, 2021

Intel sued under wiretapping laws for tracking user activity on its website Whistleblower: Ubiquiti breach “catastrophic” Gibberish tweet from US nuclear-agency was from unattended child Thanks to our episode sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and a Fortune 100 company calls "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA. To learn more, visit remediant.com For the stories behind the headlines, head to CISOseries.com
3/31/20217 minutes, 29 seconds
Episode Artwork

March 30, 2021

Emails from DHS officials obtained in SolarWinds hack Docker Hub images contain cryptominers Commits with backdoor pushed to PHP Thanks to our episode sponsor, Remediant Former Incident Response practitioners Tim Keeler and Paul Lanzi founded Remediant, a leader in Privileged Access Management. They did it to solve the one problem they saw repeatedly - standing administrator privileges. Repeatedly, they saw these rights weaponized by adversaries to deploy ransomware and move laterally across a network. Remediant uniquely addresses the challenge of standing privilege and be a force multiplier to Security programs worldwide. To learn more about Tim & Paul’s story, watch the video at remediant.com.
3/30/20216 minutes, 21 seconds
Episode Artwork

March 29, 2021

Apple releases emergency update for iPhones, iPads, and Apple Watch Android system update may contain spyware Senators offer to let NSA hunt cyber actors inside the US Thanks to our episode sponsor, Remediant Did you know the average large enterprise workstation has 480 admins with 24x7 access to it? This access is called standing privilege and is an adversary’s favorite tool and a security team’s biggest undiscovered risk. Precision PAM leader Remediant addresses this risk by providing just enough access just in time, eliminating standing privilege with continuous scanning and agentless, vaultless simplicity. To learn more, visit remediant.com For the stories behind the headlines, head to CISOseries.com.
3/29/20217 minutes, 16 seconds
Episode Artwork

March 26, 2021

Fake COVID credentials flourish on the dark web Mamba ransomware gang abusing open source tools An analysis of COVID-19 vaccine websites Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
3/26/20215 minutes, 51 seconds
Episode Artwork

Week in Review - March 22-26, 2021

Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-22-26-2021/ This week’s Cyber Security Headlines - Week in Review, March 22-26, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Will Lin (@williamlin), managing director & co-founder, ForgePoint Capital Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. All links and the video of this episode can be found on CISO Series.com
3/25/202123 minutes, 36 seconds
Episode Artwork

March 25, 2021

Voting information on millions of Israeli’s leaked ahead of election Facebook disrupts Chinese group targeting Uyghur community Privacy and security issues with Slack’s Connect DM rollout Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
3/25/20216 minutes, 17 seconds
Episode Artwork

March 24, 2021

US government calls for better information sharing in wake of SolarWinds, Exchange attacks Hospitals hide pricing data from search results New Android zero-day vulnerability Is under active attack Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. For the stories behind the headlines, head to CISOseries.com.
3/24/20217 minutes, 8 seconds
Episode Artwork

March 23, 2021

SCOTUS: Facebook’s still on the hook for nonconsensual user tracking Democrats prepare swarm of antitrust bills targeting Big Tech Microsoft Exchange servers flooded with ransomware Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
3/23/20218 minutes, 6 seconds
Episode Artwork

March 22, 2021

REvil Ransomware gang demands $50 million from Acer Feds indict hacktivist behind Verkada surveillance camera breach SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests Thanks to our episode sponsor, Trend Micro Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. For the stories behind the headlines, head to CISOseries.com.
3/22/20217 minutes, 31 seconds
Episode Artwork

March 19, 2021

Over $4.2 billion in cybercrime losses reported to FBI in 2020 Fake iPhone charger blows up in researcher’s face Taxpayers attacked with Trojan-inflicting phishing campaign Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
3/19/20218 minutes, 36 seconds
Episode Artwork

Week in Review - March 15-19, 2021

Link to Blog Post Cyber Security Headlines – Week in Review, March 15-19, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Jesse Whaley , CISO, Amtrak Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO All links and the video of this episode can be found on CISO Series.com
3/18/202123 minutes, 55 seconds
Episode Artwork

March 18, 2021

Telcos targeted by Chinese attackers Mimecast source code stolen by SolarWinds attackers Hiding data in Twitter images Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
3/18/20216 minutes, 31 seconds
Episode Artwork

March 17, 2021

Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers Microsoft Teams, Exchange and more went down for four hours on Monday Signal is down in China after 100 million reported downloads Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO For the stories behind the headlines, head to CISOseries.com.
3/17/20216 minutes, 57 seconds
Episode Artwork

March 16, 2021

Cyber criminals impacted by OVH data center fire Journalist hit with $16 SMS attack Hackers steal NFTs Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
3/16/20215 minutes, 59 seconds
Episode Artwork

March 15, 2021

DearCry ransomware using ProxyLogon exploits Google faces suit over snooping on “Incognito” browsing Detecting deepfakes by analyzing light reflections in the eyes Thanks to our episode sponsor, Trend Micro The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO For the stories behind the headlines, head to CISOseries.com
3/15/20217 minutes, 29 seconds
Episode Artwork

March 12, 2021

Raided phone network Sky ECC says no, police didn’t break our encryption ‘Even 20-year-old interns’ could watch unsecured webcam feeds Russia blocks itself by mistake Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
3/12/20218 minutes, 22 seconds
Episode Artwork

Week in Review - March 8-12, 2021

Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-8-12 This week’s Cyber Security Headlines - Week in Review, March 8-12, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Dan Walsh, CISO, VillageMD Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One(tm) is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One.  Visit us at Trendmicro.com for more info. All links and the video of this episode can be found on CISO Series.com
3/11/202124 minutes, 18 seconds
Episode Artwork

March 11, 2021

Cloud hosting data centers burn down New initiative hopes to secure the open source supply chain Dependency confusion attacks flourishing Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
3/11/20216 minutes, 26 seconds
Episode Artwork

March 10, 2021

Microsoft March Patch Tuesday fixes 82 flaws, 2 zero-days Hackers access surveillance cameras at Tesla, Cloudflare, banks, more CISA urges people get serious about Exchange Server exploitation Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info. For the stories behind the headlines, head to CISOseries.com
3/10/20218 minutes, 4 seconds
Episode Artwork

March 9, 2021

SUPERNOVA malware linked to threat actor Spiral Intel working on FHE silicon Gender disparity remains an issue in cyber security Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info.
3/9/20216 minutes, 5 seconds
Episode Artwork

March 8, 2021

REvil ransomware gang uses extended voice calls to pressure victims New Microsoft tool checks Exchange Servers for ProxyLogon hacks Ongoing phishing attacks target US brokers with fake FINRA audits Thanks to our episode sponsor, Trend Micro With organizations rapidly migrating to the cloud, CISOs have new challenges to address. Trend Micro Cloud One™ is a connected SaaS platform comprised of six solutions that address all your cybersecurity needs from workloads, to file storage, containers and more. Empower your IT teams to do more with less with Trend Micro Cloud One. Visit us at Trendmicro.com for more info. For the stories behind the headlines, head to CISOseries.com.  
3/8/20217 minutes, 39 seconds
Episode Artwork

March 5, 2021

Fake (right-wing) news does better than real news on Facebook Security firm Qualys says it was victimized in Accelion zero-day CISA issues emergency ‘fix Exchange zero-days NOW!’ directive Thanks to our episode sponsor, TrustMAPP The last audit firm that assessed your security compliance did the interviews, wrote a report, and then left. That’s just half the job. Now you have to identify maturity gaps, cost out and prioritize remediations, and track improvement over time. That’s where TrustMAPP comes in.
3/5/20217 minutes, 30 seconds
Episode Artwork

Week in Review | March 1-5, 2021

Link to Blog Post https://cisoseries.com/cyber-security-headlines-week-in-review-march-1-5-2021  This week’s Cyber Security Headlines - Week in Review, March 1-5, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix Thanks to our episode sponsor, TrustMAPP Maturity Assessment, Profile, and Plan Learn the MAPP methodology for managing security as a business. While the information security industry has undergone convulsive change, it is coalescing around maturity-based management of key business processes. The MAPP approach provides practical implementation of the maturity model. This paper describes a three-step maturity-centric approach—Maturity Assessment, a Profile, and a Plan (MAPP). An information security MAPP empowers the CISO to evaluate, track, report, and strategize the organization’s security priorities. All links and the video of this episode can be found on CISO Series.com
3/4/202123 minutes, 30 seconds
Episode Artwork

March 4, 2021

Virginia’s Consumer Data Protection Act signed into law Exchange Server zero-days exploited in the wild Facebook to lift political ad ban Thanks to our episode sponsor, TrustMAPP Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.
3/4/20216 minutes, 21 seconds
Episode Artwork

March 3, 2021

Microsoft announces end-to-end encryption support for Teams, plus passwordless logins U.S. unprepared for AI competition with China, commission finds Tom Cruise deepfake videos rattle security experts Thanks to our episode sponsor, TrustMAPP Are you a vCISO? Building your practice and client base is hard enough – don’t waste time building the tools you need to operate. TrustMAPP’s turnkey SaaS platform gets you up and running quickly, so you can focus on your business. For the stories behind the headlines, head to CISOseries.com.
3/3/20217 minutes, 39 seconds
Episode Artwork

March 2, 2021

Gab user data leaked Biden administration to keep tech export ban rules Hackers give websites great SEO before installing malware Thanks to our episode sponsor, TrustMAPP First it was GDRP in the EU, then California’s CCPA. Now Virginia is set to pass its own Consumer Data Protection Act. Are you ready? Get ready with TrustMAPP.
3/2/20216 minutes, 11 seconds
Episode Artwork

March 1, 2021

Ryuk ransomware now self-spreads to other Windows LAN devices Go malware sees 2000% increase, adopted by APTs and e-crime groups Former SolarWinds CEO blames intern for 'solarwinds123' password leak Thanks to our episode sponsor, TrustMAPP Attention defense contractors! Are you ready for CMMC? TrustMAPP addresses your CMMC and NIST 800-171 maturity and compliance assessments needs today, and automatically builds a roadmap to achieve your desired level of maturity posture. For more information, visit TrustMAPP.com For the stories behind the headlines, head to CISOseries.com.  
3/1/20217 minutes, 18 seconds
Episode Artwork

February 26, 2021

Biden orders review of supply chain security China uses malicious Firefox Extension to spy on Tibetans Attackers scan for unpatched VMware servers after PoC exploit release Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program’s capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
2/26/20218 minutes, 16 seconds
Episode Artwork

Week in Review | February 22 through 26, 2021

Link to Blog Post This week’s Cyber Security Headlines – Week in Review, February 22-26, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Naomi Buckwalter (@ineedmorecyber), director of information security and IT, Beam Technologies Please join us live every Thursday at 4pm PT/7pm ET by registering for the open discussion. Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! All links and the video of this episode can be found on CISO Series.com  
2/25/202121 minutes, 53 seconds
Episode Artwork

February 25, 2021

Microsoft and FireEye push for breach reporting rules US Federal Reserve hit with massive IT outage Path cleared for California’s net neutrality law Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac. Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team’s day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
2/25/20216 minutes, 30 seconds
Episode Artwork

February 24, 2021

Most firms now fear nation state attack Firefox 86 gets privacy boost with Total Cookie Protection Shadow attacks let attackers replace content in digitally signed PDFs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.  
2/24/20217 minutes, 6 seconds
Episode Artwork

February 23, 2021

SHAREit fixes security holes Organizations feel the impact of the Accellion exploit China spyware cribs the NSA Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!
2/23/20216 minutes, 15 seconds
Episode Artwork

February 22, 2021

Silver Sparrow malware found on 30,000 Macs has security pros stumped SolarWinds hackers stole source code for Microsoft Azure, Exchange, Intune New hack lets attackers bypass MasterCard PIN by using it as Visa card Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.
2/22/20217 minutes, 43 seconds
Episode Artwork

February 19, 2021

Dating-app video calls could have been spied on Microsoft pulls buggy Windows update that blocked security updates Windows, Linux servers targeted by new WatchDog botnet Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now’s the time. Through Kenna Security’s on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management … well, more manageable. And you can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.
2/19/20217 minutes, 42 seconds
Episode Artwork

Week in Review | February 15 through 19, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, February 15-19, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Mike Johnson, co-Host CISO Vendor Relationship Podcast. Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC)², participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst. All links and the video of this episode can be found on CISO Series.com  
2/18/202126 minutes, 18 seconds
Episode Artwork

February 18, 2021

SolarWinds attack launched from within the US Facebook restricts Australian news sharing Security researcher finds native Apple Silicon malware Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now’s the time. Through Kenna Security’s on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management … well, more manageable. And you can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.
2/18/20215 minutes, 45 seconds
Episode Artwork

February 17, 2021

Security bugs left unpatched in Android app with one billion downloads LastPass will restrict free users to only one type of device starting next month North Korea accused of hacking Pfizer for Covid-19 vaccine data Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC)², participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst. For the stories behind the headlines, head to CISOseries.com
2/17/20217 minutes, 20 seconds
Episode Artwork

February 16, 2021

France links Russian Sandworm hackers to hosting provider attacks Privacy problems with Azure and Canonical Microsoft estimates thousands of developers touched SolarWinds malware Thanks to our episode sponsor, Kenna Security Kenna Katalyst is Kenna Security’s newest on-demand educational series designed to help you shift gears to risk-based vulnerability management. Get the six key steps you need to go risk-based along with actionable tips to help your team focus on the risks that matter most. Participants can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.
2/16/20216 minutes, 36 seconds
Episode Artwork

February 15, 2021

SuperMicro supply chain hack used for counterintelligence for a decade Egregor ransomware operators arrested in Ukraine Scammers target US tax pros in ongoing IRS phishing attacks Thanks to our episode sponsor, Kenna Security Ready to shift gears to risk-based vulnerability management? Now’s the time. Through Kenna Security’s on-demand educational series Kenna Katalyst, you can learn the six steps needed to start your own risk-based vulnerability management program and make vulnerability management … well, more manageable. And you can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.  For the stories behind the headlines, head to CISOseries.com
2/15/20217 minutes, 47 seconds
Episode Artwork

February 12, 2021

Pitiful password enabled recent water treatment facility hack Border patrol scans millions of faces, catches 0 imposters at airports India using a glitchy app to inoculate 300 million people by August Thanks to our episode sponsor Altitude Networks Wouldn’t it be great if you could INSTANTLY KNOW if a file containing sensitive information was shared in the wrong way, anywhere in your company AND security had a real time slack notification with a magic “undo button”?! Altitude Networks solves these challenges and protects you from all data leak risks on G Suite and Office 365! Check it out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people!
2/12/20218 minutes, 1 second
Episode Artwork

Week in Review | February 8 through 12, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, February 8-12, 2021 is hosted by Steve Prentice (@stevenprentice) with our guest, Johna Till Johnson (@JohnaTillJohnso), CEO, Nemertes Research. Thanks to our episode sponsor, Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Check it out at AltitudeNetworks.com and be sure your sensitive data stays when your employee leaves! All links and the video of this episode can be found on CISO Series.com
2/11/202122 minutes, 43 seconds
Episode Artwork

February 11, 2021

SIM swapping gang targeting celebrities arrested Researcher demonstrates the vulnerability of open source to supply chain attacks Google study looks at high-risk victims of email attacks Thanks to our episode sponsor Altitude Networks “Uh oh! Charles just accidentally shared the board deck by link on the company slack channel… and the link is open to all employees! I hope we can take it down before the M&A information leaks!” Does this scenario sound familiar? Make sure it doesn’t happen at your company!! Altitude Networks provides always-on data security for GSuite and Office365. Check it out at AltitudeNetworks.com and be sure your data isn’t shared to the wrong people.
2/11/20216 minutes, 28 seconds
Episode Artwork

February 10, 2021

Office 365 will help admins find impersonation attack targets U.S. agencies publish ransomware factsheet Europol busts international cybercriminal group Thanks to our episode sponsor Altitude Networks Imagine an employee just left and went to a competitor: did they take proprietary documents or critical roadmaps with them? Did they add a backdoor access via personal accounts to documents? You’re a cloud-forward company on G Suite, how would you know your data is at risk? Altitude Networks can automatically tell you who is trying to steal your critical cloud data from G Suite and Office 365. Check it out at AltitudeNetworks.com and be sure your sensitive data stays when your employee leaves!  For the stories behind the headlines, head to CISOseries.com
2/10/20217 minutes, 34 seconds
Episode Artwork

February 9, 2021

A look at Iranian spyware operations Florida water treatment plant hacked to distribute harmful chemicals Microsoft to add 'nation-state activity alerts' to Defender Thanks to our episode sponsor Altitude Networks Remember that time when someone at work accidentally shared a Google document to your personal email? Well, that happens a lot and it leaves a backdoor to cloud data for former employees or contracts. Altitude Networks is the only solution that will protect you from this and many other data leak risks on G Suite and Office 365! Check it out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people!
2/9/20216 minutes, 31 seconds
Episode Artwork

February 8, 2021

New phishing attack uses Morse code to hide malicious URLs Hacked by SolarWinds, Mimecast lays off staff despite record profits Activists complain of weakened voting security standard Thanks to our episode sponsor Altitude Networks Uh oh, Johnny left the company 6 months ago, but still has access to numerous files in Google Drive via his personal account! Do you know how many other former employees and contractors still have access to our documents? It’s a lot more than you might think. Altitude Networks automatically discovers sharing to personal accounts and can eliminate it with one click. Check it out at AltitudeNetworks.com and be sure your sensitive data isn’t shared with the wrong people! For the stories behind the headlines, head to CISOseries.com.
2/8/20217 minutes, 33 seconds
Episode Artwork

February 5, 2021

Canada calls Clearview AI’s facial recognition ‘mass surveillance’ Amazon pulls Big-Brother move, puts AI cameras in delivery vans Myanmar blocks Facebook following military coup Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa  
2/5/20217 minutes, 45 seconds
Episode Artwork

Week in Review: February 1 through 5, 2021

Link to Blog Post This week’s Cyber Security Headlines - Week in Review, February 1-5, 2021 is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn Bowen, CISO, Restaurant Brands International (RBI) Thanks to our episode sponsor HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa  All links and the video of this episode can be found on CISO Series.com
2/4/202125 minutes, 56 seconds
Episode Artwork

February 4, 2021

Microsoft sees a rise in business email compromise attacks on schools Facebook takes a proactive content stance after Myanmar coup SolarWinds CEO says its email systems were compromised for months Thanks to our episode sponsor HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa
2/4/20216 minutes, 1 second
Episode Artwork

February 3, 2021

Another SolarWinds vulnerability used to hack National Finance Center SonicWall confirms actively exploited zero-day Microsoft Defender now detects macOS vulnerabilities Thanks to today's sponsors, HID Global: Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at www.hidglobal.com/mfa
2/3/20216 minutes, 33 seconds
Episode Artwork

February 2, 2021

Deloitte’s CDC vaccine system comes up short Myanmar internet and telecom disruptions continue due to coup Sprite Spider emerges as one of the most destructive ransomware threat actors this year Thanks to our sponsor, HID Global Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa  For the stories behind the headlines, head to CISOseries.com.
2/2/20217 minutes, 31 seconds
Episode Artwork

February 1, 2021

Suspected Russian hack extends far beyond SolarWinds software Russian hack brings changes and uncertainty to US court system Section 230 emerges as Robinhood’s shield from lawsuits Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa.  For the stories behind the headlines, head to CISOseries.com.
2/1/20217 minutes, 35 seconds
Episode Artwork

January 29, 2021

Unhappy #DataPrivacyDay to us all WhatsApp adds biometric authentication to web, desktop versions Sources: Facebook preps suit against Apple over App Store rules And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”: Antipattern #4: “Homegrown Vulnerability Management Tools”: Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, replacing the need for custom tools completely, at nucleussec.com/demo
1/29/20217 minutes, 5 seconds
Episode Artwork

Week in Review: January 25 through 29, 2021

Link to Blog Post This week’s Cyber Security Headlines Week in Review, January 25-29, 2021, is hosted by Steve Prentice @stevenprentice with our guest, Steve Zalewski, Deputy CISO, Levi Strauss. Thanks to our sponsor, Nucleus Security All this week on our daily news podcast, Nucleus Security has been sharing some antipatterns in vulnerability management, such as relying on spreadsheets to track risks, relying on homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds, and the challenge of hiring enough vulnerability analysts to do triage. Learn how Nucleus can rescue you from these types of challenges and provide the data insights you need with a demo-on-demand at nucleussec.com/demo. All links and the video of this episode can be found on CISO Series.com  
1/28/202124 minutes, 45 seconds
Episode Artwork

January 28, 2021

10-year old sudo bug patched Mass Emotet uninstall planned for March 25th Microsoft’s security business exceeds $10 billion in revenue And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”: Antipattern #4: “Homegrown Vulnerability Management Tools”: Large enterprises are full of homegrown vulnerability management tools that were abandoned due to complexity or cumbersome builds. See how Nucleus automates your vulnerability management workflows, replacing the need for custom tools completely, at nucleussec.com/demo
1/28/20216 minutes, 5 seconds
Episode Artwork

January 27, 2021

Google’s Threat Analysis Group warns of social engineering hack aimed at security researchers Verizon outage started in Brooklyn TikTok fixes flaws allowing theft of private user information And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”: Antipattern #3: “The Army of Analysts”: Manual vulnerability analysis doesn’t scale. In large enterprises, it's impossible to hire enough vulnerability analysts to manually analyze and triage vulnerability scan results fast enough.  Learn how Nucleus automates vulnerability analysis and triage with a demo-on-demand at nucleussec.com/demo. For the stories behind the headlines, head to CISOseries.com.
1/27/20217 minutes, 28 seconds
Episode Artwork

January 26, 2021

Google’s cookie replacement performs well in tests Twitter Birdwatch pilot launches WhatsApp wormable malware found on Android And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”: Antipattern #2: “CVSS prioritization”: CVSS scores are useful, but you need much more than scores to determine what to fix and when to fix it; Business context and vulnerability intelligence are key to prioritizing vulnerabilities in large enterprises. Learn how Nucleus can help with intelligent vulnerability prioritization at nucleussec.com/demo
1/26/20216 minutes, 50 seconds
Episode Artwork

January 25, 2021

President Biden takes on cybersecurity on day one SonicWall firewall maker hacked using zero-day in its VPN device Intel probes reports of quarterly earnings hack And now our sponsor Nucleus Security brings you “The Top 5 Antipatterns in Vulnerability Management”: Antipattern No. 1: “Spreadsheet Hell”: Relying on Microsoft Excel to track risks and answer questions about your vulnerability data is inefficient and insecure. Learn how Nucleus can rescue you from spreadsheet hell and provide the data insights you need with a demo-on-demand at nucleussec.com/demo.
1/25/20217 minutes, 32 seconds
Episode Artwork

January 22, 2021

Technologists comb through Parler videos with facial recognition EU privacy watchdogs go after employers who spy on workers Google investigates top AI ethicist’s exfiltration of thousands of files Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets —or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility over exciting solutions.
1/22/20217 minutes, 55 seconds
Episode Artwork

Week in Review: January 18 through 22, 2021

Link to Blog Post This week’s Cyber Security Headlines Week in Review, January 18-22, 2021 is hosted by Steve Prentice  @stevenprentice with our guest Joshua Scott, Head of Information Security at Postman. Thanks to our episode sponsor Armis Armis has research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets —or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility over exciting solutions. All links and the video of this episode can be found on CISO Series.com
1/21/202122 minutes
Episode Artwork

January 21, 2021

Malwarebytes breached by the group that attacked Solarwinds Google researcher finds security flaws impacting popular chat apps Executive Order addresses malicious use of public clouds Thanks to our episode sponsor Armis Armis research shows that on average, companies are blind to 40% of the devices in their environment. This blind spot includes traditional desktops, laptops, cloud and virtual instances, BYOD, and IoT and more. Without a real-time, comprehensive view of all these assets —or the risks associated with them, businesses are vulnerable. Armis Asset Management can help by providing 5x more visibility over exciting solutions. For more on any of these stories, head to cisoseries.com
1/21/20216 minutes, 54 seconds
Episode Artwork

January 20, 2021

FireEye releases report and network auditing tool for SolarWinds-type hacks SolarWinds malware arsenal widens with Raindrop DNSpooq bugs let attackers hijack DNS on millions of devices Thanks to our episode sponsor Armis One of the biggest challenges security teams face is they do not have a clear picture of all assets in their environment. The resulting 'blind spot' means they have no way to efficiently, credibly, and automatically manage security. Armis Asset Management eliminates this blind spot providing 5X more visibility than other solutions. Head over to armis.com to learn more. For more on any of these stories, head to cisoseries.com
1/20/20217 minutes, 3 seconds
Episode Artwork

January 19, 2021

Parler resurfaces online Darknet forum Joker's Stash shutting down Microsoft Defender to enable auto-remediation by default Thanks to our episode sponsor Armis All cybersecurity programs start with gaining full visibility into all the assets in the environment. Yet security teams continue to struggle to see every thing they have. This asset blind spot means security teams don't have an accurate picture of what needs to be managed and secured. Head over to armis.com to see how Armis Asset Management helps you overcome this Cybersecurity Asset Management challenge. For more on any of these stories, head to cisoseries.com
1/19/20216 minutes, 35 seconds
Episode Artwork

January 18, 2021

Xiaomi added to Pentagon blacklist Dating apps are using images from the siege to ban rioters’ accounts NSA suggests enterprises use designated DNS-over-HTTPS resolvers Thanks to our episode sponsor Armis Lack of complete visibility to all assets in any environment is a huge cybersecurity challenge for every organization. And fragmentation across tools and systems along with broken remediation makes Cybersecurity Asset Management near impossible. Armis Asset Management addresses this issue providing 5X the visibility of other solutions in the market today. Download our white paper today. For more on any of these stories, head to cisoseries.com
1/18/20217 minutes, 1 second
Episode Artwork

January 15, 2021

Hackers waltzed past MFA used by CISA on cloud accounts Social media convulses after Capitol attack Google fixes bug that delayed COVID contact-tracing apps Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor’s homework?  Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor.  This practice reduces exposures that can occur from poorly monitored data disposition events. You can learn more tips like this from IT Asset Management Group’s free data disposition program guide. Download the program guide today at itamg.com/CISO
1/15/20218 minutes, 1 second
Episode Artwork

Week in Review: January 11 through 15, 2021

Link to blog post This week’s Cyber Security Headlines Week in Review, January 11-15, 2021 is hosted by Steve Prentice @stevenprentice with our guest Allan Alford, @AllanAlfordinTX. Thanks to our episode sponsor,  IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices.  These policies should be readily available and regularly reviewed by leadership.  IT Asset Management Group offers a free policy template to help establish or improve your written policies for IT asset disposal practices. Download the policy template today at itamg.com/CISO All links and the video of this episode can be found on CISO Series.com
1/14/202123 minutes, 12 seconds
Episode Artwork

January 14, 2021

Europol confirms dark web marketplace takedown Google to reportedly block all political ads... again DoD halts deployment of cybersecurity system Thanks to our episode sponsor, IT Asset Management Group Are you checking your IT asset disposal vendor’s homework?  Organizations should record unique IDs of each asset disposed of and reconcile their records against the data that is provided by their disposal vendor.  This practice reduces exposures that can occur from poorly monitored data disposition events. You can learn more tips like this from IT Asset Management Group’s free data disposition program guide. Download the program guide today at itamg.com/CISO For more on any of these stories, head to cisoseries.com
1/14/20217 minutes, 1 second
Episode Artwork

January 13, 2021

Hackers leak stolen Pfizer COVID-19 vaccine data online Social media’s big terrible week Parler archived due to “mind-numbing” mistake Thanks to our episode sponsor, IT Asset Management Group Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.  Is it clear who is responsible for the performance of your data disposition practice?   IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today at itamg.com/CISO For more on any of these stories, head to cisoseries.com
1/13/20217 minutes, 50 seconds
Episode Artwork

January 12, 2021

SolarWinds breach now linked to Turla UK ruling limits the reach of "general warrants" UN data breach exposes staff records Thanks to our episode sponsor, IT Asset Management Group How does your organization measure a successful IT asset disposal program?  Are decisions driven by dollars saved, ease of use, or security and compliance risk reduction? You should not have to choose one over the other. Utilizing IT Asset Management Group’s best practices guide will ensure your data disposition program performs for all stakeholders in your organization. Download the program guide today at itamg.com/CISO For more on any of these stories, head to cisoseries.com
1/12/20216 minutes, 41 seconds
Episode Artwork

January 11, 2021

Parler removed from Apple, Google, and Amazon Facial-recognition app Clearview sees a spike in use after Capitol attack Emotet tops malware charts in December after reboot Thanks to our episode sponsor, IT Asset Management Group Organizations must have adequate written policies and procedures to meet the regulatory requirements for the disposal of their retired data containing devices.  These policies should be readily available and regularly reviewed by leadership.  IT Asset Management Group offers a free policy template to help establish or improve your written policies for IT asset disposal practices. Download the policy template today at itamg.com/CISO For more on any of these stories, head to cisoseries.com
1/11/20217 minutes, 7 seconds
Episode Artwork

January 8, 2021

Our sponsor, Omada’s identity governance tip of the day Deploy identity capabilities in phases. If you try to do a massive lift and shift problems will occur and it will probably take longer than you expect. See where you can add value early on. First, launch the solution’s basic functionality. What can be done without writing custom code? Where you can deliver value at each iteration? You want to show continuous success rather than the fastest total completion time. Learn more at omada.net. For links to the full stories, head over to CISOseries.com.
1/8/20217 minutes, 34 seconds
Episode Artwork

Week in Review: January 4 through 8, 2021

Link to Blog Post This week’s Cyber Security Headlines Week in Review - January 4-8, 2021 is hosted by Steve Prentice, with our guest, Ross Young, CISO, Caterpillar Financial (LinkedIn). Thanks to our episode sponsor, Omada Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers, and intellectual property controllers. The goal is increased awareness for all which will reduce resistance for everyone. Discover how Omada can help at omada.net. All links and the video of this episode can be found on CISO Series.com
1/8/202120 minutes, 16 seconds
Episode Artwork

January 7, 2021

Rioters storm US Capitol, Trump’s Twitter suspended SolarWinds attackers accessed DOJ’s email server WhatsApp to share user data with Facebook Our sponsor, Omada’s identity governance tip of the day According to Gartner, if you use a SaaS solution for identity governance and administration you’ll save an average of 30 percent in initial integration costs. Here are some items to look for when choosing an IGA SaaS solution: Does it have high availability? Is it configurable to your specific business needs and can that be transferred to a tiered deployment environment? Learn more tricks to managing identity in the cloud at omada.net. For links to the full stories, head over to CISOseries.com.
1/7/20216 minutes, 42 seconds
Episode Artwork

January 6, 2021

Google, Alphabet employees unionize NYSE no longer plans to de-list Chinese firms Amazon banned from using AWS trademark in China Our sponsor, Omada’s identity governance tip of the day Upon launching a project map your business priorities to best-practice identity processes. Then, perform a fit-gap analysis between functional areas in the process to the ideal goal. Where are key data and systems going? Where are there gaps? Are there deviations from best practices? You now have a blueprint of business processes and gaps. Knowing is half the battle. Let Omada help by visiting them at omada.net. For links to the full stories, head over to CISOseries.com.
1/6/20217 minutes, 7 seconds
Episode Artwork

January 5, 2021

Microsoft source code accessed by SolarWinds attackers Slack suffers massive outage UK judge denies Assange extradition to US Our sponsor, Omada’s identity governance tip of the day Well-tested process frameworks are great starting points. No need to reinvent. Just tweak processes that have already proven effective such as automating identity management, access requests, cross-application segregation of duties, and least privilege access. Head over to omada.net to see how Omada can help you get two steps ahead with your identity management. For links to the full stories, head over to CISOseries.com.
1/5/20216 minutes, 14 seconds
Episode Artwork

January 4, 2021

Russian SolarWinds hack damage escalates Backdoor account discovered in more than 100,000 Zyxel firewalls and VPN gateways Wall Street to kick out Chinese telecom giants Our sponsor, Omada’s identity governance tip of the day Get stakeholders on board early. Sounds simple, but the hard part is making sure everyone has the right level of information they need at the right time to do their job. So start thinking early about the needs of your CISO, the security staff, auditors, compliance officers, and intellectual property controllers. The goal is increased awareness for all which will reduce resistance for everyone. Discover how Omada can help at omada.net. For links to the full stories, head over to CISOseries.com.
1/4/20217 minutes, 59 seconds
Episode Artwork

December 31, 2020

T-Mobile discloses data breach CISA updates SolarWinds guidance Emotet strikes Lithuanian health infrastructure Thanks to our sponsor ReversingLabs Newly created digital data that supports productivity is growing greater than forty percent annually. With more employees working remote and businesses reliant on this digital content, what steps are you taking to ensure this data is secure? Learn more about how ReversingLabs can help establish secure digital business processes today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/31/20206 minutes, 9 seconds
Episode Artwork

December 30, 2020

Google Docs bug exposes users private documents Kawasaki discloses security breach, potential data leak Brexit deal warns of security dangers of Netscape Communicator Thanks to our sponsor ReversingLabs We’ve seen a 430% growth in next generation cyber attacks actively targeting open-source software projects. Worse yet, contemporary malware implements evasive techniques to avoid detection by AV and Sandbox technologies. What can you do to stay on top of these new threats? Learn more about how ReversingLabs can help your software development teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/30/20207 minutes, 5 seconds
Episode Artwork

December 29, 2020

Defending the COVID-19 vaccine supply chain Cellular aggregation tool detailed in police records CISA releases malware detection tool for Azure and Microsoft 365 Thanks to our sponsor ReversingLabs The SolarWinds attack has highlighted the need to scan “gold” software images prior to their release or consumption, and look for software tampering, invalid digital signing, and build quality issues. Do you have the right controls in place to assess these risks? Learn more about how ReversingLabs can help your security and release teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/29/20206 minutes, 33 seconds
Episode Artwork

December 28, 2020

Microsoft resellers seen as Russian cyberattack mules GoDaddy employees fail holiday bonus phishing test SolarWinds releases updated advisory for new SUPERNOVA malware Thanks to our sponsor ReversingLabs Less than thirty percent of organizations have a formal threat hunting program, yet threat hunting has shown to improve overall security postures by over ten percent. What actions are you taking to upskill your security staff and bring threat hunting practices into your daily security practices? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/28/20207 minutes, 6 seconds
Episode Artwork

December 23, 2020

Treasury Department’s senior leaders were targeted by SolarWinds hack Draft lawsuit alleges Google and Facebook agreed to team up against antitrust action Three VPN providers with criminal ties taken down Thanks to our sponsor ReversingLabs Ransomware is responsible for causing the most destructive amount of downtime - more than seventeen hours. Are you equipped to fight ransomware? Do you have the latest intelligence and indicators of compromise to block these attacks? Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to CISOseries.com.
12/23/20206 minutes, 55 seconds
Episode Artwork

December 22, 2020

Attackers staged a dry-run against SolarWinds in October 2019 NSO Group spyware reportedly used against journalists CIA agents exposed with stolen data Thanks to our sponsor ReversingLabs Open source packages from repos such as PyPI, npm, RubyGems and NuGet can be complex, and contain tens of thousands of files. Are you confident these files are safe before you include them in your builds? What steps are you taking to reduce third-party risk? Learn more about how ReversingLabs can help your software and security teams today, and watch an on-demand demo at reversinglabs.com/demo For the stories behind the headlines, head to CISOseries.com.
12/22/20207 minutes, 19 seconds
Episode Artwork

December 21, 2020

SolarWinds supply chain attack updates Trump officials plan to split up Cyber Command and NSA Google explains the cause of its recent outage Thanks to our sponsor ReversingLabs Seventy seven percent of organizations are increasing investments in automation to simplify and speed response times. How are you leveraging Machine Learning and AI to solve cyber skills shortages and mitigate risks to your business? Learn more about how ReversingLabs can automate threat analysis and accelerate security response today. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/21/20207 minutes, 11 seconds
Episode Artwork

December 18, 2020

Ex-Homeland Security adviser: 'We're being hacked' Ignore Facebook 'Christmas bonus' come-on Twitter to start removing COVID-19 vaccine misinformation Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/18/20207 minutes, 7 seconds
Episode Artwork

December 17, 2020

Trump considers clemency for Silk Road founder Researcher warned of SolarWinds security issues last year What can the US do to prevent cyberattacks? Thanks to our sponsor ReversingLabs A ransomware attack occurs every 10 seconds. What are you doing to detect hidden malware and expose key Indicators of compromise before they exploit your business. Learn more about how ReversingLabs can help your security teams today and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/17/20206 minutes, 31 seconds
Episode Artwork

December 16, 2020

Microsoft seizes SolarWinds domain – quarantine starts today Twitter will use Amazon Web Services to power user feeds Data breach at Canadian financial services firm highlights perils of insider threats Thanks to our sponsor ReversingLabs 96% of commercial applications include open source components. Is open source software putting your supply chain at risk? Learn more about how ReversingLabs can inspect your new software packages and open source components today, and watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/16/20207 minutes, 11 seconds
Episode Artwork

December 15, 2020

SolarWinds Orion carrying malware Multiple US agencies impacted by SolarWinds supply-chain attack New EU data use legislation could lead to big tech fines Thanks to our sponsor ReversingLabs Cybersecurity staffing shortages exceed 3 million security professions globally, and the skills gap continues to widen. Learn how ReversingLabs automates the time-consuming task of analyzing malware, and how its explainable threat intelligence scales your security team to address complex cyberthreats. Watch an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/15/20206 minutes, 27 seconds
Episode Artwork

December 14, 2020

Adrozek malware can infect over 30K Windows PCs a day Subway UK finds TrickBot on its menu Ransomware in schools grew in 2020, more on the way in 2021 Thanks to our sponsor ReversingLabsToday the most advanced threats lay hidden…deep within files and objects. In only milliseconds, ReversingLabs is able to analyze the world’s most complex files, providing security executives with the risk insights they need to ensure business resiliency, while enabling a security staff of just a few to act as if they’re a staff of hundreds, armed with an intelligence that eliminates your biggest risks. Learn more about how ReversingLabs can help your security teams make better risk based decisions by watching an on-demand demo at reversinglabs.com/demo. For the stories behind the headlines, head to CISOseries.com.
12/14/20208 minutes, 1 second
Episode Artwork

December 11, 2020

Breaking up Facebook won't be easy Intel source 'Spider' outed in election lawsuit's redaction gaff AI is coming for your job … slowly Thanks to our sponsor, Code42. Code42’s annual Data Exposure Report on Insider Risk reveals that 42% of data breaches in the past year were caused by a malicious or criminal insider. Read the report for tips on how to stop your insider risk from becoming an insider threat. For the stories behind the headlines, go to CISOseries.com.
12/11/20206 minutes, 29 seconds
Episode Artwork

December 10, 2020

The Cybersecurity community responds to FireEye hack Christopher Krebs sues over threats of violence Google makes changes to how Chrome extensions handle data Thanks to our sponsor, Code42. Code42, insider risk detection and response leader, is excited to announce the release of its annual Data Exposure Report on Insider Risk. The report reveals that employees are nine times more likely to leak sensitive data than they were pre-COVID. The report will launch today at 1pm ET at this link. For the stories behind the headlines, go to CISOseries.com.
12/10/20206 minutes, 6 seconds
Episode Artwork

December 9, 2020

Microsoft’s December 2020 Patch Tuesday fixes 58 vulnerabilities Unpatched bugs open GE radiological devices to remote code execution Cloudflare and Apple design a new privacy-friendly internet protocol Thanks to our sponsor, Code42. Tomorrow Code42 will release its annual Data Exposure Report on Insider Risk. Last year’s report revealed that 63% of new hires who admit to taking data with them to a new job are repeat offenders. Tune in tomorrow for highlights from this year’s report. For the stories behind the headlines, go to CISOseries.com.
12/9/20207 minutes, 40 seconds
Episode Artwork

December 8, 2020

Google publishes cross-site leaks wiki NSA warns of state-sponsored attacks on remote-work systems Greater Baltimore Medical Center hit with ransomware attack Thanks to our sponsor, Code42. Organizations are moving faster than ever before and security tools like DLP, UEBA and CASB can’t keep up. Code42 Incydr takes a Zero Trust approach to managing and mitigating data risk from insider threats. Learn more about Code42 Incydr, the insider risk platform that offers insider risk detection and response. For the stories behind the headlines, go to CISOseries.com.
12/8/20206 minutes, 15 seconds
Episode Artwork

December 7, 2020

Drug dealers offer Pfizer vaccine on the Dark Web Data theft from Italian defense manufacturer was an inside job Philadelphia food bank loses $1 million in BEC scam Thanks to our sponsor, Code42. Code42 is a cybersecurity company that offers a completely new approach to the old problem of insider threats. Code42’s insider risk platform, Incydr, helps organizations foster a culture of speed and collaboration while still preventing data loss – without blocking. Learn more at Code42.com. For the stories behind the headlines, go to CISOseries.com.
12/7/20206 minutes, 56 seconds
Episode Artwork

December 4, 2020

Spotify celebrity pages defaced to plug Trump, Taylor Swift Clop ransomware gang rips off 2M credit cards from retailer E-Land 8% of all Google Play apps vulnerable to old security bug Thanks to our episode sponsor, AuthSafe. Are online frauds a concern for your organization? Is it a hurdle for progress?  Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization's systems from being hampered. Learn more at Authsafe.ai For the stories behind the headlines, go to CISOseries.com.
12/4/20206 minutes, 21 seconds
Episode Artwork

December 3, 2020

Malicious hackers target the Covid-19 vaccine ‘cold chain’ Hackers target US think tanks Massachusetts passes ban on police facial recognition Thanks to our episode sponsor, SecureLayer7. Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:  SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
12/3/20206 minutes, 24 seconds
Episode Artwork

December 2, 2020

US Supreme Court eyes narrowing of CFAA FBI warns of BEC scammers using email auto-forwarding in attacks Trump lawyer calls for Christopher Krebs’ execution Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
12/2/20207 minutes
Episode Artwork

December 1, 2020

Baltimore schools struggling with ransomware UK tightens restrictions on Huawei 5G equipment ZeroLogon now detected by Windows Defender Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
12/1/20206 minutes, 20 seconds
Episode Artwork

November 30, 2020

Biden transition team forced to build its own cybersecurity protections China owns the lion’s share of internet cross-border data flow U.S. Supreme Court to rule on hacking laws Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
11/30/20206 minutes, 52 seconds
Episode Artwork

November 25, 2020

Brazil continues to recover from its worst cyberattack Apple's security chief indicted on bribery charges Baidu apps are leaking data Thanks to our sponsor, Dtex Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today’s organizations need and employees will embrace. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/25/20206 minutes, 26 seconds
Episode Artwork

November 24, 2020

New Jersey passes anti-doxxing law TikTok patches account takeover flaw Watch out of DDoS on Black Friday Thanks to our sponsor, Dtex Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/24/20206 minutes, 48 seconds
Episode Artwork

November 23, 2020

GoDaddy employees duped in cryptocurrency hack Global financial industry facing fresh round of cyberthreats Egregor ransomware prints its own ransom notes Thanks to our sponsor, Dtex Reliance on ‘person of interest’ identification and potential analyst bias have put first-generation insider threat solutions on the shelf. DTEX InTERCEPT offers IT and SecOps teams a new approach. Only DTEX InTERCEPT collects and analyzes user behavior, history, trends, and context – answering the Who, What, When and How leading up to, and following, any potential Insider Threat event. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/23/20206 minutes, 39 seconds
Episode Artwork

November 20, 2020

Worldwide campaign targets ZeroLogon exploit Brandon Wales takes over at CISA Maybe ransomware operators aren’t trustworthy after all? Thanks to our sponsor, Dtex Remote Workforce Security is a thing. Network detection and web proxy solutions have been rendered nearly useless as employees are working remotely and away from the corporate network. DTEX’s Workforce Cyber Intelligence Platform not only allows employers with visibility to monitor user behavior for cybersecurity best practices, but also to protect the employee from external attack. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/20/20206 minutes, 59 seconds
Episode Artwork

November 19, 2020

Trump’s tweets to lose protected status post-presidency macOS Big Sur lets apps slip past security safety nets Deepfake bot used to abuse women runs wild on Telegram Thanks to our sponsor, Dtex Endpoint DLP tools that rely on intrusive, resource intensive content inspection rules do nothing but slow down endpoint performance and upset your SecOps team. DTEX takes a behavioral approach to DLP. Only DTEX allows you to see the full lifecycle of user behavior activity and understand the who, what, when and how of a possible data loss incident. No false positives. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/19/20209 minutes, 55 seconds
Episode Artwork

November 18, 2020

Trump fires CISA director Chris Krebs Facebook and Twitter grilled over US election actions Darktrace pays out nearly $2 million in overtime pay class action suit Thanks to our sponsor, Dtex Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today’s organizations need and employees will embrace. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/18/20207 minutes, 32 seconds
Episode Artwork

November 17, 2020

Apple responds to macOS privacy concerns The ransomware landscape is increasingly crowded Microsoft pauses Windows 10 updates in December Thanks to our sponsor, Dtex Reliance on ‘person of interest’ identification and potential analyst bias have put first-generation insider threat solutions on the shelf. DTEX InTERCEPT offers IT and SecOps teams a new approach. Only DTEX InTERCEPT collects and analyzes user behavior, history, trends, and context – answering the Who, What, When and How leading up to, and following, any potential Insider Threat event. Learn more at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/17/20206 minutes, 18 seconds
Episode Artwork

November 16, 2020

Qualcomm receives U.S. permission to sell 4G chips to Huawei Microsoft says three APTs have targeted seven COVID-19 vaccine makers Cobalt Strike 4.0 toolkit shared online Thanks to our sponsor, Dtex Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on any of the stories, head to cisoseries.com.
11/16/20207 minutes
Episode Artwork

November 13, 2020

Finland pushes through change to ID code law Researchers find Trickbot is still kicking New study looks at the source of Android malware And here's a special offer from our sponsor, Blumira. Staffing a 24/7 full-time security operations center with trained security analysts isn’t a reality for many organizations. Blumira’s end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours with a free 14-day trial at Blumira.com. For more on any of today's stories, head to CISOseries.com.
11/13/20206 minutes, 31 seconds
Episode Artwork

November 12, 2020

Facebook extends ban on political ads EU tightens cybersurveillance export laws Palo Alto Networks acquires Expanse And here's a special offer from our sponsor, Blumira. CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira’s cloud SIEM that you can deploy in hours, not weeks or months. That’s Blumira.com. For more on any of today's stories, head to CISOseries.com.
11/12/20206 minutes
Episode Artwork

November 11, 2020

Biden aide Bill Russo attacks Facebook’s post-election role Twitter could face its first GDPR penalty within days New Ghimob malware can spy on 153 Android mobile applications And here's a special offer from our sponsor, Blumira. Staffing a 24/7 full-time security operations center with trained security analysts isn’t a reality for many organizations. Blumira’s end-to-end detection and response platform is designed to centralize log data, alert you to priority threats, then walk you through remediation with step-by-step security playbooks. Organizations and teams of any size, without security expertise, can leverage Blumira for automated detection and response. Deploy Blumira in hours with a free 14-day trial at Blumira.com. For more on any of today's stories, head to CISOseries.com.
11/11/20207 minutes, 3 seconds
Episode Artwork

November 10, 2020

Inrupt launches enterprise privacy platform India’s Bigbasket confirms cyberattack What’s in a name? Turns out malware And here's a special offer from our sponsor, Blumira. The shift to cloud-based productivity and collaboration tools is a necessity and reality for many CISOs these days - but visibility into cloud threats can be challenging with limited staff and resources. Automating your security operations workflow is easier with Blumira's detection and response platform. Integrate Office 365 with Blumira to start realizing security value in a matter of hours with a free 14-day trial at Blumira.com. For more on any of today's stories, head to CISOseries.com.
11/10/20206 minutes, 52 seconds
Episode Artwork

November 9, 2020

Net neutrality and broadband expansion possible under Biden presidency Trump lawsuit site to report rejected votes leaked voter data Facebook releases disinformation probation policy And here's a special offer from our sponsor, Blumira. CISOs are all trying to do more with less these days; balancing compliance, security and business objectives. Consolidate your security with one end-to-end detection and response platform. Blumira works as a force multiplier, enabling your small teams to detect threats and respond to them quickly. Get a free 14-day trial of Blumira’s cloud SIEM that you can deploy in hours, not weeks or months. That’s Blumira.com. For more on any of today's stories, head to CISOseries.com.
11/9/20207 minutes, 28 seconds
Episode Artwork

November 6, 2020

Facebook updates its premature victory policy Michigan approves Proposal 2 Vermont National Guard called in to help with cyberattack Thanks to our sponsor, Trusona.   Modern enterprise security starts at the desktop.  By removing passwords from your desktop sign-in, you can instantly mitigate eight of the most common attack vectors, including SIM swapping, keylogging and credential stuffing. And with a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into their SSO for simple, secure access to all corporate applications, including Office 365. Bring your security up to date and learn more at trusona.com/desktopSSO.   For more on any of the stories, head to CISOseries.com.
11/6/20205 minutes, 32 seconds
Episode Artwork

November 5, 2020

Facebook and Instagram add pop-up banners about election results Election night was seemingly free of cybersecurity drama California passes Prop 24 Thanks to our sponsor, Trusona. Secure your workforce with desktop MFA (passwords not included). Security leaders have been tasked with securing a remote workforce across a vulnerable variety of locations — and Trusona is here to help. With a single passwordless desktop MFA sign-in, employees are automatically authenticated into their SSO for simple, secure access to all corporate applications, including Office 365. To learn more, visit trusona.com/desktopSSO. For more on any of our stories, head to CISOseries.com.
11/5/20205 minutes, 40 seconds
Episode Artwork

November 4, 2020

Instagram banner falsely advertises Wednesday as Election Day for some subscribers Robocalls urging voters to skip Election Day are subject of FBI investigation Ant Group falls afoul of Chinese regulators, causing Alibaba to drop 8 percent Thanks to our sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For the stories behind the headlines, head to CISOSeries.com
11/4/20207 minutes
Episode Artwork

November 3, 2020

Twitter clarifies its election results policy Google discloses Windows zero-day Maze ransomware operators call it quits Thanks to our sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more on all the stories, head to CISOseries.com.
11/3/20206 minutes, 7 seconds
Episode Artwork

November 2, 2020

Cybersecurity specialists list their election week fears Fact checking now extends back in time Hacker selling 34 million user records through broker Thanks to our sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more on all the stories, head to CISOseries.com.
11/2/20206 minutes, 31 seconds
Episode Artwork

October 30, 2020

Hackers steal funds from the Wisconsin Republican Party Ransomware attackers leak Georgia county voter information The FBI is investigating ransomware attacks on hospitals Thanks to our sponsor, F5. According to the 2020 State of Application Services report, 98% of organizations depend on applications to run or support their business. Innovative apps are essential for organizations that want to be first to market and first to profit. Learn more about securing your apps at the F5 Security Summit on November 10th. Register now. For more on this week's stories, head to CISOseries.com.
10/30/20206 minutes, 6 seconds
Episode Artwork

October 29, 2020

NSA refuses to say if it still uses encryption backdoors Ryuk ransomware smashes hospital networks across the U.S. Section 230 hearing devolves into political rants Thanks to our sponsor, F5. Learn about the cause of digital security breaches in your organization at the F5 Security Summit on November 10. At this premier industry event, you’ll gain insights into breach root causes, and it may not be because of attacker innovation. Find out more—register today to attend this free premier virtual security event. For more on this week's stories, head to CISOseries.com.
10/29/20205 minutes, 36 seconds
Episode Artwork

October 28, 2020

TikTok partners with Shopify on social commerce YouTube will add Election Day warning label: “Results may not be final” FBI: Hackers stole government source code via SonarQube instances Thanks to our sponsor, F5. A recent Forrester analysis of app security leader F5’s SSL/TLS Visibility solution, which dynamically orchestrates traffic to your security stack, found the average customer will see an ROI of 373%. Register now for the F5 Security Summit, a leader in the app security space, to find out more about how to maximize your investments in security inspection technologies. Attendance is complimentary, Register today. For more on this week's stories, head to CISOseries.com.
10/28/20206 minutes, 32 seconds
Episode Artwork

October 27, 2020

Twitter to “pre-bunk” voter misinformation Microsoft to force load some webpages in Edge Google removed three apps for violating data collection policies Thanks to our sponsor, F5. Join experts across F5, a leader in the app security space, on November 10th, to gain valuable, innovative insights into enabling advanced application security, sophisticated cyber-attacks, trends in online fraud and how to manage risks in the cloud. Sign up now to join this must-attend virtual security event For more on this week's stories, head to CISOseries.com.
10/27/20206 minutes, 19 seconds
Episode Artwork

October 26, 2020

New Emotet attacks urges recipients to upgrade Microsoft Word Windows 10 now hides the SYSTEM control panel Samsung Group titan Lee Kun-hee dies aged 78 Thanks to our sponsor, F5. 58% of organizations say maintaining security and compliance when managing apps in a multi-cloud environment is their biggest challenge. Be sure to attend the premier virtual security summit on November 10th where F5, an expert in app security, will cover how to protect your applications from today’s advanced attacks and tomorrow’s emerging threats. Register now. For more on this week's stories, head to CISOseries.com.
10/26/20206 minutes, 23 seconds
Episode Artwork

October 23, 2020

Firefox testing 'Site Isolation' feature Cisco patches DoS bugs in network security products Proposed German legislation authorizes access to encrypted messages Thanks to our episode sponsor, AuthSafe. Are online frauds a concern for your organization? Is it a hurdle for progress?  Timely predictions and detections with cognitive engines, should do the trick. SecureLayer7 presents Authsafe. A technology to prevent and detect Fraud attacks old and new. With the help of credential stuffing, manual strive as well as specialized automated tools, Authsafe prevents your organization's systems from being hampered. Learn more at Authsafe.ai For the stories behind the headlines, go to CISOseries.com.
10/23/20205 minutes, 50 seconds
Episode Artwork

October 22, 2020

DOJ official accuses China of protecting cybercriminals   Once again, Oracle releases enormous security update   NSA warns of top vulnerabilities exploited by China Thanks to our episode sponsor, SecureLayer7. Managing the vulnerabilities and workflows within an organization can be a handful of a task. What your organization needs is a product that is capable of overseeing the workflows and security status for you. SecureLayer7 presents BugDazz. A pentest as a service cloud delivery platform, which makes it easier to keep tabs on the security of the systems. Read more:  SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
10/22/20205 minutes, 32 seconds
Episode Artwork

October 21, 2020

Justice Department charges Google in antitrust lawsuit Microsoft partners with SpaceX to launch Azure Space initiative Twitter is temporarily changing how you retweet Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, go to CISOseries.com.
10/21/20206 minutes, 56 seconds
Episode Artwork

October 20, 2020

US files charges against high profile attackers A new browser wants to look at social media algorithms Microsoft Exchange and OWA are increasingly malware targets Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
10/20/20206 minutes, 43 seconds
Episode Artwork

October 19, 2020

Google offers details on Chinese hacking group that targeted Biden campaign Hackers use BaseCamp to host and distribute malware China quietly opens up to the real internet - temporarily Thanks to our episode sponsor, SecureLayer7. Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. SecureLayer7, the cybersecurity solution for your organization. Discover SecureLayer7.net For the stories behind the headlines, head to CISOseries.com.
10/19/20207 minutes, 6 seconds
Episode Artwork

October 16, 2020

US DOJ unseals charges against malware money laundering ring Microsoft launches the Zero Trust Deployment Center Hack disrupts Barnes & Noble brick and mortar Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, head to CISOSeries.com
10/16/20206 minutes, 17 seconds
Episode Artwork

October 15, 2020

Twitter hack sparks a call for monitoring social media platforms Zoom prepares to roll out end-to-end encryption Businesses are decreasing average malware dwell time Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, head to CISOSeries.com
10/15/20206 minutes, 20 seconds
Episode Artwork

October 14, 2020

Security experts warn of Amazon Prime Day scams Office 365 remains a favorite for cyberattack persistence Homomorphic encryption finally finds the spotlight Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, head to CISOSeries.com
10/14/20206 minutes, 56 seconds
Episode Artwork

October 13, 2020

Five Eyes alliance call for encryption backdoors (again) Trickbot isn't quite done yet Chinese facial recognition data leaks are rampant Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. More available at CISOseries.com.
10/13/20207 minutes, 2 seconds
Episode Artwork

October 12, 2020

Google is giving data to police based on search keywords, court docs show Tyler Technologies pays ransomware gang for decryption key U.K. businesses suffered a cyberattack every 45 sec. during Spring lockdown Thanks to this week's sponsor, Trusona. Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. More available at CISOseries.com.
10/12/20206 minutes, 27 seconds
Episode Artwork

October 9, 2020

UK issues a report on Huawei 5G rollback Facebook will stop running political ads after the US election US seizes domains tied to Iranian misinformation campaign Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today!   For more, head to CISOseries.com.
10/9/20206 minutes, 19 seconds
Episode Artwork

October 8, 2020

Singapore introduces cybersecurity rating for ‘smart’ devices Watch out for Emotet, warns DHS Big takedowns don’t stop Dark Web markets, says Europol Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today!   For more, head to CISOseries.com.
10/8/20205 minutes, 38 seconds
Episode Artwork

October 7, 2020

Paying ransomware ransom is now illegal, according to the Treasury Department Cisco ordered to pay $1.9 billion for security patent infringement Covid tracking in Microsoft Excel loses 16,000 test results in England Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! More available at CISOseries.com.
10/7/20206 minutes, 21 seconds
Episode Artwork

October 6, 2020

Ransomware disrupts COVID-19 vaccine trials SEC sues John McAfee over cryptocurrency promotion Firmware bootkit spotted in the wild Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today!   For more, head to CISOseries.com.
10/6/20206 minutes, 40 seconds
Episode Artwork

October 5, 2020

Covid tracking apps from a Google-Apple partnership gaining traction in the U.S. FBI works more closely with spy agencies to hunt foreign hackers Phishing-with-worms campaign is declared a game-changer in password theft, account takeovers Thanks to our sponsor, Detectify. Detectify is where security engineers and developers come to collaborate and build safer web apps using ethical hacker knowledge. Using payload-based testing, Detectify checks for 2000+ known vulnerabilities and helps you stay on top of emerging threats. Start a free 2-week trial today! More available at CISOseries.com.
10/5/20206 minutes, 26 seconds
Episode Artwork

October 2, 2020

Huawei failed to address network security flaws US Treasury Department warns about fines for ransomware payments H&M fined for GDPR violations Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com
10/2/20207 minutes, 24 seconds
Episode Artwork

October 1, 2020

Facebook faces down QAnon, bogus election ads, and privacy on the Gram Who took down 911 in 14 states on Monday? Controversial data company Palantir’s stock is up following Wall Street debut Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com
10/1/20206 minutes, 23 seconds
Episode Artwork

September 30, 2020

French shipping giant hit with ransomware attack Ransomware operators release personal information on Las Vegas students Android 12 will play nice with third-party apps stores Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com
9/30/20206 minutes, 23 seconds
Episode Artwork

September 29, 2020

TikTok’s latest court win means videos still available - for now Universal Health Services hospitals hit country-wide by Ryuk ransomware Windows XP and Windows Server 2003 source code leaked online Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com
9/29/20205 minutes, 58 seconds
Episode Artwork

September 28, 2020

China’s biggest chip maker hit by US sanctions Elon Musk unhappy over Microsoft’s exclusive licensing of OpenAI Google removes 17 Android apps doing WAP billing fraud from the Play Store Thanks to our sponsor ReversingLabs ReversingLabs is the leading provider of explainable threat intelligence.  In only milliseconds, ReversingLabs elastic threat infrastructure automatically analyzes the world's most complex files and detects the most advanced threats. ReversingLabs gives modern security and threat hunting teams the transparent insights and trusted input required to take fast and confident defensive action--all with zero interruption to business critical systems.     Learn more by watching an on-demand demo at reversinglabs.com/demo For more, head to CISOSeries.com
9/28/20206 minutes, 14 seconds
Episode Artwork

September 25, 2020

DHS acknowledges leak of facial recognition images Judge rules the TikTok ban be delayed or defended Local government email systems are vulnerable to cyberattacks HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, go to CISOseries.com.
9/25/20206 minutes, 20 seconds
Episode Artwork

September 24, 2020

Public-sector mega-vendor Tyler admits it was hacked ByteDance asks courts to block Trump order against TikTok Shopify says insiders to blame for stealing customer data  HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, go to CISOseries.com.
9/24/20206 minutes, 23 seconds
Episode Artwork

September 23, 2020

Maze ransomware adopts Ragnar Locker virtual machine approach Email addresses and passwords allegedly from NIH, WHO, and Gates Foundation dumped online Russian hackers use fake NATO training documents to breach government networks HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, go to CISOseries.com.
9/23/20205 minutes, 59 seconds
Episode Artwork

September 22, 2020

CISA issues emergency directive to roll out a Windows Server patch 93% of organizations suffer data breaches through outbound email Facebook threatens withdrawal from EU HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, go to CISOseries.com.
9/22/20206 minutes, 34 seconds
Episode Artwork

September 21, 2020

Trump approves Oracle’s TikTok deal and delays app store ban ByteDance says it’s not aware of $5 billion education fund in TikTok deal California judge halts Trump’s WeChat ban HUGE thanks to our sponsor, Trusona Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more, go to CISOseries.com.
9/21/20206 minutes, 13 seconds
Episode Artwork

September 18, 2020

Oracle’s bid calls for access to TikTok's source code Patient dies in the wake of a ransomware attack Backdoors and bugs discovered in HiSilicon video encoders Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
9/18/20206 minutes, 11 seconds
Episode Artwork

September 17, 2020

DOJ charges five Chinese citizens with global hacking campaign Two Russians phished $17 million in cryptocurrency, DOJ says Bluetooth flaw BLESA leaves billions of devices open to hackers Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
9/17/20206 minutes, 12 seconds
Episode Artwork

September 16, 2020

Senator calls for US to reject Oracle’s TikTok deal MFA bypass bugs opened Microsoft 365 to attack Ex-Facebook employee reveals extent of bot manipulation intended for political gain Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
9/16/20206 minutes, 43 seconds
Episode Artwork

September 15, 2020

ByteDance chooses Oracle's bid to become TikTok's trusted technology partner Thousands of Magento stores compromised in a skimming campaign CISA warns Chinese state hackers are targeting enterprise infrastructure Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
9/15/20206 minutes, 31 seconds
Episode Artwork

September 14, 2020

SoftBank close to a deal to sell Arm to Nvidia, creating a powerhouse Zoom now offers two-factor authentication China may kill TikTok’s US operations rather than see them sold Thanks to our sponsor, Dtex Systems Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free trial 30-day at dtexsystems.com. For more on CISO Series, go to cisoseries.com.
9/14/20206 minutes, 17 seconds
Episode Artwork

September 11, 2020

Portland passes bans on facial recognition technology. Bluetooth SIG publishes details on Blurtooth vulnerability. Microsoft detects attempted cyberattacks against US presidential campaigns. Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.
9/11/20206 minutes, 41 seconds
Episode Artwork

September 10, 2020

NSA, CIA have proof of Russians hacking Florida voting systems, says Woodward's ‘Rage’ DHS whistleblower alleges he was ordered to halt Russia analysis because Trump looked ‘bad’ U.S. Supreme Court will decide legality of bug bounties Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.
9/10/20206 minutes, 3 seconds
Episode Artwork

September 9, 2020

China launches initiative to set global data-security rules Google releases new development platform that includes no-code tools and serverless computing Intel’s supercomputer faces further delay Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA. For more, head to CISOSeries.com
9/9/20206 minutes, 36 seconds
Episode Artwork

September 8, 2020

Visa discovers new skimming malware. The US issues a space policy directive on cybersecurity. Netwalker ransomware hits Argentina's immigration systems. Thanks to our sponsor, Remediant Remediant is a fast growing Gartner Cool vendor focused on the concept of precision Privileged Access Management and one Fortune 100 company calls them "the world's best protection against major incidents." Remediant uniquely deploys & inventories thousands of privileged accounts in hours, locks down lateral movement & ransomware spread by removing standing privilege with a single action, and administers privileges just-in-time with MFA.
9/8/20206 minutes, 31 seconds
Episode Artwork

September 4, 2020

Facebook formally codifies policy on third-party vulnerabilities. Apple delays changes to device ID collection. Geofence warrants strike out in federal court. Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
9/4/20206 minutes, 3 seconds
Episode Artwork

September 3, 2020

U.S. spying exposed by Snowden was illegal, court rules DHS starts countdown clock on vulnerability disclosure policies Canadian police more reliant than ever on predictive computing Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
9/3/20205 minutes, 24 seconds
Episode Artwork

September 2, 2020

Facebook threatens to block sharing of news stories in Australia Maximum lifespan of SSL/TLS certificates is now 398 days Elections offices across the U.S. using faulty electronic technology Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
9/2/20206 minutes, 30 seconds
Episode Artwork

September 1, 2020

Apple accidentally notarized malware on macOS Security researchers detail a Netwalker play-by-play Mozilla find out "Why We Still Can't Browse in Peace" Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
9/1/20205 minutes, 40 seconds
Episode Artwork

August 31, 2020

China’s new salvo in TikTok war means restrictions on AI technology exports Slack fixes 'critical' vulnerability that left desktop app users open to attack Cisco engineer resigns then destroys WebEx accounts and virtual machines Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com
8/31/20207 minutes, 5 seconds
Episode Artwork

August 28, 2020

You can teach a Qbot new tricks Researchers expose unsecure printers The FBI releases details about ransomware scheme at Tesla Thanks to our sponsor Trend Micro For more, head to CISOSeries.com  
8/28/20206 minutes, 30 seconds
Episode Artwork

August 27, 2020

Facebook warns Apple privacy changes will decimate ads Feds’ stern warning for banks: Watch out for BeagleBoyz Feds put the kibosh on Russian’s million-dollar malware scheme Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
8/27/20205 minutes, 41 seconds
Episode Artwork

August 26, 2020

Epic judge will protect Unreal Engine — but not Fortnite US military researchers may have found a more productive vulnerability discovery process Beijing’s electronic dragnet closes on Hong Kong Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
8/26/20206 minutes, 34 seconds
Episode Artwork

August 25, 2020

Application Guard for Office is now in public preview The WeChat executive order also faces a lawsuit It’s like GitHub, but for China Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
8/25/20207 minutes, 11 seconds
Episode Artwork

August 24th, 2020

TikTok plans to sue Trump administration over U.S. ban Former Uber security chief faces criminal charges for hiding 2016 breach Major wave of vishing attacks targets teleworkers Thanks to our sponsor Trend Micro For more, head to CISOSeries.com
8/24/20207 minutes, 2 seconds
Episode Artwork

August 21, 2020

Former Uber security chief charged with paying hush money to conceal breach Google fixes severe Gmail bug only after researcher goes public Pandemic work-from-home empowers voice phishers
8/21/20204 minutes, 36 seconds
Episode Artwork

August 20, 2020

Guardicore Labs discovers a previously unknown botnet CISA releases details on a new North Korean trojan Facebook enforces a ban on groups that discuss “potential violence”
8/20/20205 minutes, 43 seconds
Episode Artwork

August 19, 2020

Oracle enters race to buy TikTok’s US operations Jack Daniel’s hit with ransomware 200,000 Healthcare records exposed through GitHub credentials leak For more, head to CISOSeries.com
8/19/20206 minutes, 21 seconds
Episode Artwork

August 18, 2020

Trend Micro Finds Mac Malware in Xcode Projects Chrome To Warn Of Insecure Forms Security Breach Numbers Decrease, But Severity Increases in 2020 For more, head to CISOseries.com
8/18/20205 minutes, 8 seconds
Episode Artwork

August 17, 2020

President Trump creates 90-day deadline for ByteDance to divest from U.S. TikTok business Will the US be safer with a reduction in the reliance of Chinese manufacturing? A database designed to prevent harmful speech from going viral For more, head to CISOseries.com
8/17/20204 minutes, 55 seconds
Episode Artwork

Welcome to Cyber Security Headlines

This is just a welcome message to introduce subscribers to the Cyber Security Headlines podcast. A daily dose of information security news.
8/4/202055 seconds