Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Intellexa faces new sanctions, London hospitals impact, Apple releases update
Spyware giant Intellexa faces new U.S. sanctions Nearly 1 million impacted by ransomware attack on London hospitals Apple releases long-awaited update Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition for customer security reviews? A few reasons. One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance. Two. Enterprise-grade trust center that automates every customer security request. Three. Conveyor’s sales team is actually fun to work with. Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com Get the story behind the headlines at CISOSeries.com.
Fortinet confirms customer data breach RansomHub threatens to leak stolen Kawasaki data Update: Transport for London requires in-person password resets after hack Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like excels, word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.
9/16/2024 • 7 minutes, 55 seconds
Week in Review: Wisconsin Medicare MOVEit, cop sues data broker, WHOIS vulnerability
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Patrick Heim, co-founder and partner, SYN Ventures Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Lazarus Group’s VMConnect campaign spoofs CapitalOne Mastercard buys security firm Recorded Future WordPress to require two-factor authentication for plugin developers Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/13/2024 • 8 minutes, 10 seconds
$20 WHOIS vulnerability, India's Cyber Commandos, Word hits drone makers
The $20 WHOIS vulnerability India training thousands of “cyber commandos” A Word of warnings for Taiwanese drone makers Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/12/2024 • 7 minutes, 25 seconds
Slim CD data breach, International sextortion bust, TfL mixed messages
Slim CD notifies 1.7M customers of data breach Delaware men charged in international sextortion scheme London transit agency drops claim it has ‘no evidence’ of customer data theft Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/11/2024 • 8 minutes, 13 seconds
Payment processing breach, dark web admins charged, Predator spyware resurges
1.7 million impacted in payment processing breach Dark web administrators charged in U.S. Resurgence of Predator Spyware sparks privacy concerns Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/10/2024 • 7 minutes, 41 seconds
Avis rentals breach, Microsoft disables ActiveX, Wisconsin Medicare breach
Car rental company Avis discloses data breach Microsoft Office 2024 to disable ActiveX controls by default Wisconsin Medicare users had information leaked in MOVEit breach Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. Get the story behind the headlines at CISOSeries.com
9/9/2024 • 7 minutes, 32 seconds
Week in Review: MFA bypass bust, Airport security SQL, GitHub help malware
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Justin Somaini, partner, YL Ventures Thanks to our show sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. All links and the video of this episode can be found on CISO Series.com
Planned Parenthood suffers cyberattack DoJ propaganda domains takedown Microchip Technology confirms data theft Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOseries.com.
Spyware research report They found a way to make Cicadas more annoying MacroPack red teaming tool used for malware Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.
9/5/2024 • 7 minutes, 5 seconds
Halliburton data stolen, Columbus sues researcher, White House protects internet
Halliburton confirms data stolen in cyberattack City of Columbus sues researcher after ransomware attack White House publishes plan to protect a key component of the internet Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. For the stories behind the headlines, visit CISOseries.com.
9/4/2024 • 8 minutes, 30 seconds
London transport cyberattack, German ATC attack, Sweden’s heightened risk
Transport for London suffers cyberattack German air traffic control agency confirms cyberattack Sweden warns of heightened risk of Russian sabotage Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOseries.com
9/3/2024 • 7 minutes, 36 seconds
Seattle airport woes, aircraft cockpit SQL, North Korea’s FudModule
Seattle Airport issues travelers’ advisory for Labor Day travel SQL injection able to bypass airport TSA security checks North Korea uses FudModule Rootkit in Chrome zero-day exploit Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOseries.com.
9/2/2024 • 8 minutes, 7 seconds
DICK’S Sporting Goods cyberattack, Brain Cipher hacked Paris
DICK’S Sporting Goods suffers cyberattack Brain Cipher claims attack on Paris museums, promises data leak Play ransomware hackers claim attack on Microchip Technology Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOSeries.com
8/30/2024 • 8 minutes, 13 seconds
Iran hacking, Labour Party backlog, more Telegram warrants
Iran targeting presidential administration officials Iran working with ransomware gangs UK Labour Party chided over cyberattack backlog Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOSeries.com
8/29/2024 • 7 minutes, 40 seconds
Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped
Texas credit union user data exposed in another MOVEit breach US Marshals Service disputes ransomware gang's breach claims Park’N Fly notifies 1 million customers of data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOSeries.com
8/28/2024 • 8 minutes, 6 seconds
SonicWall access flaw, Microsoft security summit, Telegram details
SonicWall warns of critical access control flaw Microsoft to host security summit More details on Telegram CEO’s arrest Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOSeries.com
8/27/2024 • 7 minutes, 5 seconds
Halliburton suffers cyberattack, Telegram CEO arrested, Georgia Tech lawsuit
Halliburton takes systems offline following cyberattack French police arrest Telegram CEO Pavel Durov DOJ joins suit against Georgia Tech over Defense Department cybersecurity failures Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. Find the stories behind the headlines at CISOSeries.com
8/26/2024 • 7 minutes, 20 seconds
Week in Review: NPD breach update, Hawaii hacker sentenced, Poisoned LLM coders
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas All links and the video of this episode can be found on CISO Series.com
8/23/2024 • 31 minutes, 12 seconds
Russia’s questionable DDoS, FAA’s cybersecurity proposal, Windows Recall reappears
Kremlin complains of DDoS attack, digital experts not so sure FAA proposes new cybersecurity rules for airplanes Windows Recall to reappear Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai For the stories behind the headlines, head to CISOseries.com.
8/23/2024 • 7 minutes, 50 seconds
Japanese auto security, Feds tap encrypted messages, Microsoft breaks Linux dual-booting
Security initiative from Japanese auto companies Feds tapping into encrypted messaging haul Microsoft breaks Linux dual-boot systems Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries
8/22/2024 • 7 minutes, 20 seconds
Toyota third-party breach, Hawaii registry hack, Iran disrupting campaigns
Toyota confirms third-party data breach impacting customers Man who hacked Hawaii state registry sentenced U.S. Intelligence blames Iran for Trump campaign hack Thanks to today’s episode sponsor, Nudge Security When your CEO asks “Hey, are we using that SaaS app that was just breached?”, how quickly and confidently can you answer? Stop guessing with Nudge Security. Discover all SaaS accounts ever introduced by anyone in your org, in minutes and get alerted when any SaaS app used in your org is breached. Start a 14-day trial now at nudgesecurity.com/saas For the stories behind the headlines, visit CISOseries.com.
8/21/2024 • 7 minutes, 42 seconds
National Public Data breach update, Flaws in macOS apps, FlightTracker configuration issue
‘Only’ 1.3 million affected by National Public Data Breach Flaws in Microsoft macOS Apps allowing secret recording Configuration issue exposes flight tracking site Thanks to today’s episode sponsor, Nudge Security Do you know who’s using genAI tools in your org? Find out today with Nudge Security. Their patented approach to SaaS discovery gives you a full inventory of all apps ever introduced by anyone in your org, in minutes, including genAI apps. And, automated workflows help you scale security and governance without breaking a sweat. Start a free trial today at nudgesecurity.com/genai
8/20/2024 • 8 minutes, 25 seconds
Entra forces MFA, another AnyDesk heist, Google Pixel vulnerability
Microsoft Entra admins must enable MFA or lose access to admin portals Cybercrime gang uses fake Windows update screen to hide data theft Google Pixel devices shipped with vulnerable Verizon app Thanks to today’s episode sponsor, Nudge Security How big is your SaaS attack surface? Find out today with Nudge Security. Nudge Security discovers all SaaS accounts ever created by anyone in your org, in minutes, and gives you automated workflows to scale SaaS security and governance. Take control of your SaaS security posture. Start a free trial today at nudgesecurity.com/cisoseries For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Edwin Covert, head of cyber risk engineering, Bowhead Specialty Underwriters and edwincovert.com Thanks to our show sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. All links and the video of this episode can be found on CISO Series.com
GitHub vulnerability warning regarding ArtiPacked RansomHub affiliate launches new EDR-killing tool SolarWinds issues hotfix for web help desk vulnerability Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head to CISOseries.com.
8/16/2024 • 8 minutes, 38 seconds
Gemini AI privacy, AI Risk Repository, Russian phishing
Google details privacy commitments with Gemini AI MIT releases AI Risk Repository Russian spies using highly targeted phishing Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
8/15/2024 • 8 minutes, 22 seconds
FBI shutters Radar, NIST post-quantum standards, 2.7B record leaked
FBI shutters Radar ransomware gangs servers NIST finalizes post-quantum encryption standards 2.7 billion National Public Data records leaked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, visit CISOseries.com.
U.S. operation of “laptop farm” for North Korea shutdown Over 100 Ukrainian government computers compromised Trump campaign says they were hacked Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Iranian hackers ramping up U.S. election interference AMD SinkClose flaw helps install nearly undetectable malware ADT discloses breach that impacts more than 30,000 customers demands Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head to CISOseries.com
8/12/2024 • 7 minutes, 42 seconds
Week in Review: CrowdStrike releases Falcon, ransomware as terrorist threat
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, distinguished security architect, Yahoo Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
Chameleon reappears targeting Canadian restaurant chain Rhysida claims attack on Bayhealth Hospital in Delaware BlackSuit/Royal achieves $500m in ransomware demands Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
McLaren hospitals disruption linked to INC ransomware attack CrowdStrike to give customers control over Falcon sensor updates Ronin Network hacked by "white hats" Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
8/8/2024 • 8 minutes, 14 seconds
Android kernel zero-day, voter portal flaw, ransomware as terrorism
Google patches Android kernel zero-day Researchers find flaws in Georgia voter portal Law would make ransomware a terrorist threat Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines.
8/7/2024 • 8 minutes, 15 seconds
CrowdStrike strikes back against Delta, Keytronic loses millions to ransomware, Flaw in Apache OFBiz
CrowdStrike strikes back against Delta’s claims of negligence Ransomware attack costs Keytronic $17 million Patch required for high-severity flaw in Apache OFBiz Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. That’s vanta.com/headlines
8/6/2024 • 8 minutes, 42 seconds
Software update malware, investors sue CrowdStrike, cybercriminals in prisoner swap
Hackers use ISP to send malware through software updates CrowdStrike sued by investors following update failure Historic prisoner swap includes cybercriminals returned to Russia Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. That’s vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
8/5/2024 • 7 minutes, 51 seconds
Week in Review: CrowdStrike problems grow, record breaking ransom, Argentina’s Minority Report
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dennis Pickett, vp, CISO, Westat Thanks to our show sponsor, Dropzone AI Dropzone AI’s Analyst investigates alerts with unmatched speed and precision, providing clear, actionable reports. Experience the power of autonomous threat detection. Meet Dropzone AI at BSides Las Vegas. Visit dropzone.ai for a 3-month free trial. All links and the video of this episode can be found on CISO Series.com
Cencora confirms patient data stolen in February cyberattack Phishing campaign targets OneDrive users Argentina will use AI to predict future crimes Huge thanks to our sponsor, Dropzone AI Picture an analyst who works tirelessly around the clock. Dropzone AI’s Analyst investigates every alert and provides comprehensive, actionable reports. Boost your SOC’s capabilities with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com
8/2/2024 • 7 minutes, 8 seconds
Elections and DDoS, dating apps leak locations, Germany blames China
DDoS attacks won’t impact US elections Dating apps leaked precise location data Germany formally blames China for 2021 cyberattack Huge thanks to our sponsor, Dropzone AI Think of Alex, your new team member who never takes a break. Dropzone AI’s Analyst investigates every alert and delivers detailed reports without playbooks or code. Experience Alex’s dedication with a 3-month free trial at dropzone.ai.
8/1/2024 • 7 minutes, 34 seconds
Delta's legal maneuver, Record-breaking ransom, Meta $1.4B settlement
Delta enlists Microsoft's legal nemesis over CrowdStrike losses Dark Angels receives record-breaking ransom payment Meta to pay $1.4 billion biometric lawsuit Huge thanks to our sponsor, Dropzone AI Dropzone AI’s Analyst investigates alerts and responds to threats with unmatched speed and precision. No playbooks, no code required. Transform your SOC’s performance with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
7/31/2024 • 7 minutes, 54 seconds
HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit
4.3 million impacted by HealthEquity data breach Microsoft admits CrowdStrike incident far greater than first reported Proofpoint exploit allows for millions of fake emails Huge thanks to our sponsor, Dropzone AI Imagine an analyst who never misses an alert. Dropzone AI autonomously investigates every alert and provides decision-ready reports, enhancing your SOC’s efficiency. Try it free for 3 months at dropzone.ai.
7/30/2024 • 8 minutes, 7 seconds
PyPi package targets MacOS, Columbus, Ohio suffers cyber incident, Windows July update problems
Hackers exploiting PyPi package targets MacOS Columbus, Ohio suffers cyber incident Windows July updates come with some BitLocker and remote connectivity challenges Huge thanks to our sponsor, Dropzone AI Meet Dropzone AI, the analyst who never rests. Investigating every alert with unparalleled speed and precision, delivering clear, actionable reports. No playbooks, no code. Experience the power of AI with a 3-month free trial at dropzone.ai. For the stories behind the headlines, head to CISOseries.com.
7/29/2024 • 6 minutes, 49 seconds
Week in Review: CrowdStrike developments, LA court shutdown, MGM casino claims win
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jana Moore, CISO, Belron, also vice president, EmpoWer – Supporting women in infosec. Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at Vanta dot com/headlines. All links and the video of this episode can be found on CISO Series.com
7/26/2024 • 26 minutes, 5 seconds
Microsoft Defender exploited, assassin’s encryption frustration, NK elite hackers
Hackers exploiting Microsoft Defender SmartScreen bug IT leaders note increase in severity of cyber-attacks, ransomware and BEC stand out, Trump shooting investigation revives the end-to-end encryption issue Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com
CrowdStrike dishes details Google scuttles third-party cookie deprecation BreachForums leaked on Telegram Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
Google’s $23 billion plan to buy Wiz falls apart U.S. government looking for answers amidst CrowdStrike aftermath dYdX exchange hacked in DNS hijack attack Thanks to our episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
7/24/2024 • 8 minutes, 9 seconds
CrowdStrike update, Russian criminals sanctioned, ransomware shuts down courts
CrowdStrike says “significant number” back up and running Russian cyber criminals sanctioned for infrastructure attacks Ransomware attack shuts down largest trial court in U.S. Huge thanks to our sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires. Our listeners get $1,000 off at vanta.com/headlines.
Microsoft confirms CrowdStrike update also hit cloud Windows PCs Cybercriminals exploit CrowdStrike problem to distribute malware CISA adds some big names to its KEV catalog Huge thanks to our sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
7/22/2024 • 7 minutes, 47 seconds
Week in Review: Crowdstrike Microsoft outage, AT&T breach implications, CDK pays up
Link to blog post – get exact one from https://cisoseries.com This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Adam Arellano, former vp, enterprise cybersecurity, PayPal Thanks to our show sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format – even PDFs! It will even auto-scroll and auto-complete portal-basedl questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
7/19/2024 • 31 minutes, 10 seconds
Fin7 sells malware, Synnovis blood shortage, SAP AI flaws
FIN7 sells security evasion tool to others via darknet UK national blood stocks suffer the effects of ransomware Security flaws in SAP AI Core cloud-based platform Thanks to today's episode sponsor, Conveyor It’s Friday and Conveyor hopes you don’t have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they’re in, so you don’t feel like you’re getting crushed by the wave of unfinished work. Learn why we’re the software your infosec friends love at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
7/19/2024 • 7 minutes, 14 seconds
UK ransomware reporting, Project Oscar, ransoms spike
UK mandatory ransomware reporting gets watered-down Google introduces AI agent to look for software bugs Critical infrastructure ransomware costs spike Thanks to today's episode sponsor, Conveyor Does the anticipation of the next monster security questionnaire wrecking your day ever make you feel like a balloon floating above a cactus field? If so, you should check out Conveyor. Conveyor is the market-leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. Yesteryears (DECISION) by Sascha Ende Free download: https://filmmusic.io/song/244-yesteryears-decision License (CC BY 4.0): https://filmmusic.io/standard-license
7/18/2024 • 7 minutes, 44 seconds
Rite Aid update, AT&T ransom laundered, Hacktivists leak Disney data
Rite Aid says 'limited’ cybersecurity incident affected over 2 million people AT&T ransom laundered through mixers and gambling services Hacktivists leak Disney data to protect artist rights Thanks to today's episode sponsor, Conveyor Why do teams choose Conveyor over the competition to automate answering security questionnaires? A few reasons. One. Market-leading AI accuracy Two. They don’t have to maintain a crazy knowledge base anymore because ConveyorAI can read from any source like external support sites, documents, past questionnaires and more. Three. It can process ANY customer file format - even PDFs! It will even auto-scroll and auto-complete portal-based questionnaires. Don’t believe it? Try it yourself for free at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
Alphabet in talks to acquire Wiz AT&T allegedly paid hacker to delete data Details on Squarespace domain hacks Thanks to today's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like you're in a rowboat trying to make it through a tsunami? If so, you should check out Conveyor. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete them fast, no matter the format they’re in, and never feel like you’re getting crushed by the wave of unfinished work. Learn more about the AI security review automation platform your infosec friends love at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
7/16/2024 • 7 minutes, 54 seconds
Rite Aid breach, AT&T breach implications, CDK paid ransom
Rite Aid announces data breach following June cyberattack The personal security implications of the AT&T breach US offers support to prevent Paris Olympics cyber and disinformation attacks Thanks to today's episode sponsor, Conveyor Ever feel like completing security questionnaires has become your full-time side hustle you’re not even getting paid extra for? If so, you should check out Conveyor. Conveyor is the market leader in instant, generative AI answers to entire security questionnaires no matter the format they are in. Yes, that’s right. Upload any file like Excel, Word docs and even PDFs for instant processing and tackle any portal-based questionnaire with a browser extension that auto-scrolls and fills in answers for you. Try a free proof of concept today at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Cannata, CISO, Primo Water Thanks to our show sponsor, Entro Security What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. All links and the video of this episode can be found on CISO Series.com
7/12/2024 • 20 minutes, 29 seconds
PHP vulnerability exploit, Auto Parts breach, dark patterns report
PHP vulnerability exploited, spreading malware and DDoS attacks Advance Auto Parts reveals damage from Snowflake breach FTC report reveals dark patterns used to trick consumers Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.
7/12/2024 • 7 minutes, 9 seconds
Australia targets foreign tech, banks sunset OTP, Veeam vulnerability exploited
Australia targets government tech under foreign control Singapore banks replace OTP with digital tokens New group targets Veeam vulnerability Thanks to today's episode sponsor, Entro What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
7/11/2024 • 7 minutes, 6 seconds
Russian bot takedown, Burdensome cyber regs, Fujitsu data exposed
US disrupts Russian AI-powered disinformation bot farm Senate takes aim at ‘overly burdensome’ cybersecurity regs Fujitsu confirms customer data exposed in cyberattack Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. Like an air tag for your non-human identities, The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more. For the stories behind the headlines, visit CISOseries.com.
7/10/2024 • 7 minutes, 40 seconds
Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps
Record-breaking 10 billion stolen passwords exposed Supreme court ruling makes cybersecurity regulations even trickier Apple removes popular apps at Russia’s request Thanks to today's episode sponsor, Entro Did you know that an attack on non-human identities and secrets is one of the top 2 cyber attack vectors out there ? With Entro, security teams can now manage and secure the lifecycle of Non-human identities and secrets. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more.
7/9/2024 • 8 minutes, 53 seconds
Alabama Education breach, OpenAI secrets breach, Florida Health breach
Alabama Department of Education suffers data breach New York Times claims hackers stole OpenAI secrets in a 2023 security breach RansomHub claims to have published Florida health department data Thanks to today's episode sponsor, Entro Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com.
7/8/2024 • 7 minutes, 16 seconds
Senator pressures CISA, Velvet Ant exploits Cisco, Europol crushes Cobalt
Senate leader demands answers from CISA re March Ivanti hack China’s Velvet Ant hackers exploiting new Cisco zero-day Europol law enforcement takes down Cobalt Strike servers Huge thanks to our sponsor, Demoed Buyers do 70% of their product research before talking to a company. That blew our minds. Why not give buyers as much information about your product as possible to help them decide? Eliminating friction has always been key to a solid sales strategy. With Demoed, buyers can research faster and more effectively. Sign up at demoed.com For the stories behind the headlines, head to CISOseries.com.
Evolve Bank data breach is evolving Patelco Credit Union cyberattack disrupts services for nearly 500,000 members LockBit claims cyberattack on Croatia’s largest hospital Huge thanks to our sponsor, Demoed Did you know that Demoed is the first platform that allows you to watch a live product demo and ask questions without receiving a barrage of follow-ups? We change buyer-vendor engagement: fewer follow-ups for buyers, more leads for vendors. Sign up now at demoed.com For the stories behind the headlines, visit CISOseries.com.
7/3/2024 • 7 minutes, 29 seconds
14 million Linux systems threatened, Critical patch for Juniper routers, Millions impacted by Prudential breach
14 million Linux systems threatened by ‘RegreSSHion’ vulnerability Critical patch issued for Juniper routers Millions not thousands impacted by Prudential breach Huge thanks to our sponsor, Demoed “I have extra time in my day” is something no security professional has ever said. Vendors on Demoed host 15-minute pitches highlighting their value and differentiation. Demoed allows buyers to browse and get educated without sales pressure—window shopping for enterprise sales. Sign up now at demoed.com
Update on the TeamViewer network breach HubSpot looks into customer account hacks U.S. businesses struggle to obtain cyber insurance Huge thanks to our sponsor, Demoed Demoed is a unique platform that connects buyers and sellers. Buyers want to see more products, and vendors want more leads. Demoed solves this for both by making buyers anonymous. Buyers can watch demos without follow-ups, hiding their identity until they are ready. Sign up now at demoed.com. For the stories behind the headlines, head to CISOseries.com.
7/1/2024 • 7 minutes, 28 seconds
Week in Review: CDK Blacksuit developments, Criminal nuclear failures. U.S. Kaspersky ban
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, CISO, Tampa General Hospital Thanks to our show sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com/threats to upload your own threat intelligence and see for yourself. All links and the video of this episode can be found on CISO Series.com
6/28/2024 • 22 minutes, 45 seconds
Gas chromatograph vulnerabilities, Cloudflare rebukes Polyfill, Evolve Bank breach
Gas chromatograph vulnerabilities reveal medical IoT challenges We never authorized polyfill.io to use our name, says Cloudflare Evolve Bank confirms data breach, undermining LockBit’s Federal Reserve claim Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
Android lying Snowblind in the sun Identity verification service exposed data for over a year Polyfill.io JavaScript attack impacts thousands of sites Huge thanks to our sponsor, Prelude Security 30 minutes to peace of mind. That’s what you’ll get with Prelude’s automated threat management platform where you can upload any piece of threat intelligence and quickly generate threat-hunting queries, detection rules, and more. Visit preludesecurity.com and get all of this in 30 minutes or get a pizza on Prelude.
6/27/2024 • 7 minutes, 28 seconds
Julian Assange plea, Latest MOVEit bug, Neiman Marcus data sale
Julian Assange to plead guilty and return to Australia Fresh MOVEit bug under attack just hours after disclosure Criminal selling Neiman Marcus customer info for $150K Huge thanks to our sponsor, Prelude Security Don’t be left wondering if you’re protected the next time a new threat hits the news. Week in review listeners can upload their threat intelligence to Prelude and receive a free bundle of relevant detection rules, hunt queries, and security tests. Any piece of threat intelligence. All in 30 minutes. Upload yours at prelude security dot com forward slash threats.
6/26/2024 • 8 minutes, 28 seconds
Indonesia battles Lockbit, DOJ charges cybercrime group, SEC reports following CDK Global attack
Indonesia battles Lockbit 3.0 ransomware DOJ charges cybercrime group for $71 million in damages SEC reports pile in following CDK Global attack Huge thanks to our sponsor, Prelude Security What would your security teams do with more time back in their day? Prelude provides an end-to-end threat management automation platform that quickly generates hunt queries, detection rules, and security tests from your threat intelligence to help you stay ahead of threats. Upload your own threat intelligence at preludesecurity.com and get all of that in just 30 minutes or less.
6/25/2024 • 8 minutes, 39 seconds
BlackSuit behind CDK, Microsoft spoofing bug, Nuclear compliance failures
CDK Global outage caused by BlackSuit ransomware attack Bug allows Microsoft corporate email account spoofing UK’s largest nuclear site pleads guilty over cybersecurity failures Huge thanks to our sponsor, Prelude Security When executives ask the question, are we vulnerable to this threat? How long does it take you to get a confident answer? Prelude automatically transforms threat intelligence into validated detections, so you can know with certainty in just a manner of minutes. Visit preludesecurity.com to upload your own threat intelligence and see for yourself. For the stories behind the headlines, head to CISOseries.com.
6/24/2024 • 8 minutes, 19 seconds
Week in Review: Breach restoration breached, Vermont privacy debate, Qilin blames victims, posts data
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Bil Harmer, operating partner and CISO, Craft Ventures, also at wilharm3.com. Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security Our listeners get $1,000 off at vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
6/21/2024 • 30 minutes, 43 seconds
CDK Global hacked again, LockBit activity, Kraken extorted for bug bounty
CDK Global gets hacked twice LockBit Activity on the rise Kraken extorted by security researcher Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines.
6/21/2024 • 7 minutes, 1 second
Nvidia most valuable, Markopolo’s meeting infostealer, Medibank MFA blame
Nvidia becomes world’s most valuable company Markopolo scam delivers infostealer through fake meeting software Medibank hack blamed on MFA failure Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
AMD investigates breach after data for sale on hacking forum Qilin demands $50 million ransom from UK hospital Hackers derail Amtrak Guest Rewards accounts Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
6/19/2024 • 8 minutes, 49 seconds
Snowflake breach escalates, MITRE has a memo for the president, Velvet Ant persists
Snowflake breach escalates with ransom demands and death threats MITRE has a memo for the president Velvet Ant maintains three-year cyber espionage campaign Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
6/18/2024 • 8 minutes, 44 seconds
CISA tabletop exercise, Keytronic confirms breach, Linux emoji malware
CISA leads first tabletop exercise for AI cybersecurity Keytronic confirms data breach after ransomware gang leaks stolen files New Linux malware controlled through Discord emojis Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
6/17/2024 • 7 minutes, 43 seconds
Week in Review: New York Times theft, Club Penguin hack, NHS wants blood
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Janet Heins, CISO, ChenMed and janetheins.com Thanks to our show sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com
6/14/2024 • 28 minutes, 10 seconds
Cyberinsurance claims increase, NATO’s Russia vigilance, Remcos RAT phishing
Record high for North American cyber insurance claims NATO members to increase vigilance over Russian sabotage attempts Remcos RAT discovered inside UUEncoding emails Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
6/14/2024 • 7 minutes, 20 seconds
Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows
Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
6/13/2024 • 8 minutes, 2 seconds
Snowflake hack update, BreachForums down again, Cylance data for sale
Pure Storage hacked via Snowflake workspace BreachForums down again and official Telegram channels deleted BlackBerry Cylance data up for sale Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, visit CISOseries.com.
Cyber assistance coming to rural hospitals UK and Canada launch investigation into 23andMe breach Mandiant and Snowflake sending out breach notices Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
6/11/2024 • 7 minutes, 12 seconds
Microsoft resets Recall, LastPass outage update, New York Times breach
Microsoft resets Recall plans LastPass says outage caused by bad Chrome extension update New York Times source code stolen using exposed GitHub token Thanks to today's episode sponsor, Vanta Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, and more. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security. Our listeners get $1,000 off at Vanta.com/headlines. For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Community Veterinary Partners, also cybersecurityintheboardroom.com. Thanks to our show sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
6/7/2024 • 26 minutes, 3 seconds
FCC moves forward with BGP security, LockBit victims get lifeline, Gitloker attacks target GitHub repositories
FCC moves forward with BGP security measures LockBit ransomware gang victims get lifeline from FBI Gitloker attacks target GitHub repositories Thanks to today's episode sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you’re ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
6/7/2024 • 8 minutes, 56 seconds
Psychology vs. threat actors, AI leveling up, Qilin hit Synnovis
US researches using psychology against threat actors AI leveling up unsophisticated threat actors London Hospital attacks linked to Qilin Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from easily sharing your security posture and SOC 2 to letting AI answer security questionnaires instantly with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. There’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com and mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
6/6/2024 • 7 minutes, 19 seconds
London hospitals hit by ransomware, Christie's stolen data sold, RansomHub claims Frontier breach
Ransomware attack forces London hospitals to cancel operations Christie’s stolen data sold to highest bidder RansomHub claims responsibility for Frontier breach Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click auto complete of your security questionnaires with AI. Teams like Lucid Software are finding in a free proof of concept that our AI is more accurate than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. A director of GRC told us the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales through the security review. See how best in class infosec teams measure their performance in Conveyor’s ultimate guide to the security review KPIs that matter. Go to www.conveyor.com and click the banner at the top. For the stories behind the headlines, visit CISOseries.com.
6/4/2024 • 7 minutes, 47 seconds
Ticketmaster breached, Ticketek Australia breached, HHS notification change
Ticketmaster hack affects 560 million customers, third-party denied liability Australia’s Ticketek sees customer details exposed in cyber security breach HHS changes tack, allows Change Healthcare to file breach notifications for others Thanks to today's episode sponsor, Conveyor Conveyor, the market-leading AI software for answering security questionnaires and securely sharing your security documents just released their ultimate guide to benchmarking your team’s performance on customer security reviews. Get all of the detailed metrics and learn how best in class infosec teams measure and tie their impact to revenue. Download the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, head to CISOseries.com.
6/3/2024 • 7 minutes, 41 seconds
Week in Review: Arc launch sabotaged, Cencora health breach, BlackBasta’s oil hit
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dimitri Van Zantvliet, CISO, Dutch Railways Thanks to our show sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com
Senator calls for UnitedHealth leadership to be held responsible Europol seizes 2,000 domains in dropper takedown Malware bricked over 600,000 routers Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/31/2024 • 8 minutes, 11 seconds
New NK hackers, Dutch bank breached, Wayback Machine attacked
New North Korean hacking group emerges Dutch bank ABN Amro discloses data breach Internet Archive, including Wayback Machine, impacted by DDoS Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/30/2024 • 7 minutes, 43 seconds
BreachForums returns, First American data breach, Chinese nationals sanctioned
BreachForums returns just weeks after FBI-led takedown First American data breach impacts 44,000 people Chinese nationals sanctioned for botnet that stole ‘billions’ in COVID-19 relief funds Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com.
New ransomware uses Windows BitLocker to encrypt victim data Sav-Rx discloses data breach impacting 2.8 million Americans New ATM malware poses significant global threat Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/28/2024 • 8 minutes, 23 seconds
Arc browser sabotaged, Cencora pharma breach, Albany County breach
Arc browser’s Windows launch sabotaged by malvertising Cencora breach exposed patient info from 11 drug companies Albany County investigating cybersecurity breach ahead of holiday weekend Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/27/2024 • 6 minutes, 47 seconds
Week in Review: Healthcare admin breach, China and Rockwell fallout, Military cyber service
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Mike Lockhart, CISO, EagleView. Make sure also to check out Mike's charity, the Grady Foundation for mental, physical and economic health. You can learn more and donate here. Thanks to our show sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso All links and the video of this episode can be found on CISO Series.com
5/24/2024 • 28 minutes, 19 seconds
Chinese hack military, Search engine outage, Mattis speaks out
Chinese hackers hide on military and government networks for 6 years Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search Mattis speaks out against separate military cyber service Thanks to today's episode sponsor, Tines Break away from traditional SOAR with Tines. Trusted by security teams at McKesson, Canva, and Mars, Tines is scalable and accessible for the whole team. Use Tines to automate security team toil, enrich alerts with data from across your tech stack, and foster a culture of cybersecurity. Start building for free at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
5/24/2024 • 8 minutes, 19 seconds
NY Stock Exchange owner fined, $50 million towards hospital security, LockBit no longer reigns supreme
NY Stock Exchange owner fined $10 million by SEC US agency pledges $50 Million to automate hospital security LockBit no longer reigns supreme Thanks to today's episode sponsor, Tines Digital threats evolve rapidly, making it difficult for security teams to keep pace. Tines security automation is different from traditional SOAR -- it allows teams to move faster and make better decisions in real-time. Built by security practitioners, for security practitioners, Tines powers mission-critical security workflows at McKesson, Canva, and Mars. Start building for free at tines.com/ciso
5/23/2024 • 9 minutes, 7 seconds
UK ransomware reporting, Tech Against Scams, secure Windows 11 defaults
Brits to propose mandatory ransomware reporting Industry heavyweights launch Tech Against Scams Microsoft targets secure defaults in Windows 11 Thanks to today's episode sponsor, Tines Automate the toil with SOAR that actually works for your team. With Tines, your whole team can build complex workflows, without having to write or manage code. Security teams at McKesson, Canva, and Mars use Tines to build, run, and monitor their most important workflows, from endpoint detection and response, to vulnerability management. Start building for free at tines.com/ciso
5/22/2024 • 6 minutes, 57 seconds
Cyber service amendment, GetCaught abuses services, chatbot jailbreaks
Military cyber service proposal picks up steam Threat actors abusing legitimate services in campaign Chatbots susceptible to jailbreaks Thanks to today's episode sponsor, Tines Security teams work best when all members are empowered to do their best work. With Tines, analysts and engineers have everything they need to automate the processes they’re closest to. The result? Hundreds or even thousands of hours that can be used on more impactful work. Built by security practitioners, for security practitioners. Get started today at tines.com/ciso
5/21/2024 • 7 minutes, 30 seconds
Grandoreiro Trojan reappears, Kimsuky’s new backdoor, More healthcare breaches
Grandoreiro banking Trojan reappears, hits banks worldwide Kimsuky deploys new backdoor in latest attack on South Korea Healthcare breaches in Australia and Texas Huge thanks to this week’s episode sponsor, Tines From endpoint detection and response to vulnerability management, Tines empowers security teams to automate even their most complex workflows. It’s fast, flexible, and secure by design. Your team can get up and running in minutes, not weeks. No code. No custom development. The world's smartest security teams trust Tines to support their mission-critical processes. Learn why at tines.com/ciso For the stories behind the headlines, head to CISOseries.com.
5/20/2024 • 8 minutes, 5 seconds
Week in Review: Okta chief speaks, Volt typhoon threat, FBI siezes BreachForums
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Ryan Bachman, evp and global CISO, GM Financial Thanks to our show sponsor, vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com
5/17/2024 • 30 minutes, 53 seconds
Nissan NA breach, VMware Pwn2Own fix, GE Ultrasound flaws
Nissan North America breach impacts over 53,000 employees VMware fixes workstation flaws, thanks Pwn2Own hackers Security flaws discovered in GE Ultrasound machines Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/17/2024 • 8 minutes, 24 seconds
FBI seized BreachForums, Android threat detection, US AI investment
FBI seizes BreachForums Android getting live threat detection Senators recommend billions for AI investments Editor's note: post updated to fix audio issue Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/16/2024 • 7 minutes, 59 seconds
Singing River breach, D-Link exploit released, Google AI spots scams
Singing River patient data was swiped in ransomware attack PoC exploit released for D-Link router zero-day Google to use GenAI to help identify phone scams Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/15/2024 • 9 minutes
FCC implements new classification, MITRE releases embedded devices framework, World renowned auction house attacked
FCC implements new classification to combat robocall groups MITRE releases threat-modeling framework for embedded devices World renowned auction house attacked ahead of mega-auction Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/14/2024 • 9 minutes, 40 seconds
Boeing confirms ransomware, Dell announces breach, Ascension Healthcare attacked
Boeing confirms $200 million ransomware extortion attempt Dell announces data breach affecting 49 million customers Ascension healthcare suffers cyberattack, goes offline Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/13/2024 • 9 minutes, 21 seconds
Week in Review: Neuberger’s operational approach, LockBit is back, Fed’s DMARC warning
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Sasha Pereira, CISO, WASH Thanks to our show sponsor, Vanta.com/ciso Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. All links and the video of this episode can be found on CISO Series.com
5/10/2024 • 27 minutes, 42 seconds
F5 Big-IP warning, UK Army breach, BetterHelp pays out
F5 Networks warns of new Big-IP vulnerabilities UK armed forces’ personal data hacked in MoD breach BetterHelp sends refund notices regarding data sharing lawsuit Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/10/2024 • 7 minutes, 29 seconds
Lockbit hit Wichita, AI export bans, Pathfinder on Intel
Lockbit takes credit for Wichita attack US looks at AI model export bans The Spectre of Pathfinder haunts Intel CPUs Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/9/2024 • 7 minutes
LockBit ringleader indicted, DocGo cyberattack, UK military data compromise
US indicts LockBit ransomware ringleader DocGo discloses cyberattack that compromised patient health data Payroll data breach exposed data of UK military personnel Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, visit CISOseries.com.
LockBit’s website is back Germany takes action amid alleged Russian attack Chinese-linked ArcaneDoor targets global network infrastructure Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour.
5/7/2024 • 9 minutes, 21 seconds
Neuberger proposes improvements, Olympic cybersecurity preparations, Microsoft VPN warning
NSC’s Neuberger suggests operational approach for on mitigating cyberattacks French cybersecurity teams prepare for “unprecedented” Olympic threat Feds warn about North Korean exploitation of improperly configured DMARC Huge thanks to our sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.
5/6/2024 • 8 minutes, 10 seconds
Week in Review: Dropbox Sign breach, Cybersecurity consultant arrested, Ukraine Microsoft hack
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Phil Beyer, former CISO, Etsy Thanks to today’s episode sponsor, Dropzone.ai Dropzone.ai’s AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai. Request a trial today! All links and the video of this episode can be found on CISO Series.com
Goldoon botnet exploits D-Link routers CISA adds Gitlab flaw to its KEV catalog Dropbox discloses breach of digital signature service Thanks to our episode sponsor, Dropzone AI Dropzone.ai's AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at dropzone.ai. Request a trial today! For the stories behind the headlines, head to CISOseries.com.
5/3/2024 • 8 minutes, 53 seconds
Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual NCSC release Advanced Mobile Solutions risk model China implements new State Secrets Law Thanks to our episode sponsor, Dropzone AI Cybersecurity leaders, are you being asked to leverage the power of Gen AI in your SOC? Dropzone.ai's AI Autonomous Analyst empowers your team to thoroughly investigate every alert. No playbooks, no code, just intelligent, adaptable alert investigation. Test drive on dropzone.ai to immediately see the results for yourself.
5/2/2024 • 6 minutes, 52 seconds
UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed Major U.S. wireless carriers face $200M FCC fine Marriott backtracks claims of encryption protection Thanks to our episode sponsor, Dropzone AI Dropzone.ai is proud to announce our selection as a Top 10 Finalist for the prestigious RSA Innovation Sandbox. Our AI Autonomous Analyst is revolutionizing the way SOC teams operate, replicating the techniques of elite analysts and autonomously investigating every alert. Meet us at RSAC and book a time at dropzone.ai.
5/1/2024 • 9 minutes, 45 seconds
USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? Dropzone.ai's AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit dropzone.ai to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can.
4/30/2024 • 7 minutes, 6 seconds
Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data DHS announces AI safety board Okta warns of “unprecedented” credential stuffing attacks on customers Thanks to our episode sponsor, Dropzone AI Introducing Dropzone.ai, the industry's first AI Autonomous SOC Analyst. Their patented LLM replicates the techniques of elite analysts, autonomously investigating every alert without playbooks or code. Force multiply your SOC team by 10X without adding headcount. Visit dropzone.ai to request a trial and experience the power of AI-driven cybersecurity. For the stories behind the headlines, head to CISOseries.com.
4/29/2024 • 7 minutes, 45 seconds
Week in Review: GitHub comments abused, networkless” attack techniques, Police bodycam AI reports
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 with Veracode. Join us as we unveil cutting-edge innovations and insights to tackle today’s most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC! All links and the video of this episode can be found on CISO Series.com
4/26/2024 • 23 minutes, 20 seconds
Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how Veracode is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to CISOseries.com.
4/26/2024 • 8 minutes, 27 seconds
Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. Veracode knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose Veracode, your security partner in the AI-driven era of development.
4/25/2024 • 6 minutes, 41 seconds
Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode Are you truly listening to both your security and development teams? Make informed decisions with Veracode. Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit veracode.com for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com.
4/24/2024 • 7 minutes, 56 seconds
TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House Sandworm targets critical Ukrainian orgs North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while Veracode swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and Veracode. We’ll be your wingman anytime.
RedLine stealer GitHub connection MITRE’s breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of Veracode. Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with Veracode. For the stories behind the headlines, head to CISOseries.com
4/22/2024 • 7 minutes, 29 seconds
Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Walsh, CISO, Paxos Thanks to our show sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on CISO Series.com
4/19/2024 • 26 minutes, 56 seconds
LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability
Police bust reveals sophisticated phishing-as-a-service platform Overlooked Windows Fibers offer handy route for malicious payload deployment Michigan healthcare organization suffers data breach Thanks to today's episode sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com.
4/19/2024 • 7 minutes, 9 seconds
Water utility threats, GPT-4 hacking, SIM swap solicitation
Sandworm-linked group tied to attack on water utilities GPT-4 reads security advisories Cell carrier workers solicited for SIM swaps Thanks to today's episode sponsor, Conveyor Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from sharing your security posture and SOC 2 in a single portal to using that same information to automate answering security questionnaires with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. It might sound like every other software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test it out in a free proof of concept at www.conveyor.com
4/18/2024 • 7 minutes, 21 seconds
Cisco MFA breach, Bad Bots surge, LockBit 3.0 propagates
Cisco announces breach of multifactor authentication message provider Bad bots drive 10% annual surge in account takeover attacks LockBit 3.0 variant generates custom, self-propagating malware Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires with AI so you can spend almost zero time on the manual tasks that make you want to cry into your laptop. Teams like Lucid Software are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to CISOseries.com.
4/17/2024 • 9 minutes, 38 seconds
Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul
Meta to close Threads in Turkey Palo Alto fixes backdoor zero-day Details on Microsoft’s security overhaul Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on sales. As infosec teams become hands on in the sales cycle, proving your value becomes key. A director of GRC said last week that the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales. See these trends and more in Conveyor’s ‘2024 State of the Security Review” report at www.conveyor.com. Click the banner at the top.
4/16/2024 • 7 minutes, 57 seconds
U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies
House passes reauthorization of U.S. surveillance program Roku says 576,000 accounts compromised in latest security breach Microsoft breach exposed federal agencies Thanks to today's episode sponsor, Conveyor It’s Conveyor again, the market-leading AI software for answering security questionnaires and securely sharing your security posture and documents. Conveyor’s ‘State of the Security Review” report for 2024 was just released and it’s all about what the “new era” of infosec holds. Learn how positioning security and compliance early in the sales cycles increases win rates by 42% and what infosec teams need to prepare for as they move closer to the sales function. You can find the report at www.conveyor.com by clicking on the banner at the top. For the stories behind the headlines, visit CISOseries.com.
4/15/2024 • 8 minutes, 3 seconds
Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Levin, deputy CISO, 3M Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated fast. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. All links and the video of this episode can be found on CISO Series.com
Palo Alto Networks fixes several DoS vulnerabilities in PAN-OS operating system Sisense breach exposes customers to potential supply chain attack Threat actors gaming GitHub Search Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, head to CISOseries.com.
CISA expands automated malware analysis US Cyber Command launched “hunt forward” missions Spectre v2: Linux Boogaloo CHECK OUT Capture the CISO season 2 here. Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso.
4/11/2024 • 7 minutes, 26 seconds
Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
Ukraine's head of cybersecurity suspended and assigned to combat zone Over 90,000 LG Smart TVs exposed to remote attack Microsoft exposed internal passwords in security lapse Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, visit CISOseries.com.
4/10/2024 • 8 minutes, 55 seconds
Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands
Cyberattack causes major disruptions for UK vet firm Data privacy bill pushes forward with bipartisan support Department of Justice hack exposes hundreds of thousands Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso.
4/9/2024 • 9 minutes, 23 seconds
Hospital hack warning, Five Eyes follow-up, NYC municipal hack
Government warns hospitals of hackers targeting IT help desks U.S. government contractor Acuity responds to alleged Five Eyes breach New York City becomes latest in municipal government hack attempts Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, head to CISOseries.com.
4/8/2024 • 8 minutes, 51 seconds
Week in Review: Five Eyes breach, Microsoft’s Chinese hack response, AT&T customer breach
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Steve Gentry, Advisor, Clari Thanks to our show sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso. All links and the video of this episode can be found on CISO Series.com
4/5/2024 • 27 minutes, 37 seconds
Five Eyes breach, cancer center breach, Pixel zero-day flaw
Classified Five Eyes data theft announced Cancer center data breach affects 800,000 Android Pixel phone zero-day flaws being exploited by forensic companies Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com.
4/5/2024 • 7 minutes, 55 seconds
Microsoft security failings, NIST NVD backlog, Chrome DBSC beta
Report criticizes Microsoft’s Chinese hack response NIST needs help with vulnerability backlog Chrome tests feature to prevent session hijacking Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more.
4/4/2024 • 7 minutes, 42 seconds
Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach
CISA releases draft rule for cyber incident reporting Google now blocks spoofed emails for better phishing protection Breach at online shopping platform PandaBuy affects 1.3 million customers Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more. For the stories behind the headlines, head to CISOseries.com.
Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at vanta.com/ciso to learn more.
4/2/2024 • 6 minutes, 48 seconds
AT&T data leak, Linux backdoor discovery, DHS phone data policy
Data of 73 million AT&T customers leaked on dark web Accidental Linux backdoor discovery likely prevented thousands of infections DHS expected to stop buying access to your phone info Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, businesses can automate compliance for in-demand frameworks like SOC 2, ISO 27001, HIPAA, and GDPR. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to prove trust and monitor risk more efficiently and confidently than ever before. Watch Vanta’s on-demand demo at vanta.com/ciso. For the stories behind the headlines, visit CISOseries.com.
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Yaron Levi, CISO, Dolby, and sageinsights.io Thanks to our show sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com
3/29/2024 • 24 minutes, 36 seconds
17 billion records exposed, Treasury FinSec warning, Hot Topic attacks
17 billion personal records exposed in data breaches in 2023 U.S. Treasury warns financial sector about AI cybersecurity threats Retail chain Hot Topic hit by new credential stuffing attacks Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
Spyware fuels rise in zero-day exploits CISA warns about Microsoft SharePoint vulnerability Facebook snooped on encrypted Snapchat traffic Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.
3/28/2024 • 7 minutes, 9 seconds
APT31 targets families, UK newspaper attacked, Apple MFA bombing
APT31 targeting family members to surveil targets Ransomware gang attacks UK newspaper supporting the homeless MFA bombing attacks target Apple users Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, visit CISOseries.com.
3/27/2024 • 7 minutes, 51 seconds
EU targets tech giants, China bans US tech, US cyber force
EU targets tech giants with DMA China starts US tech ban in government Think tank calls for US military cyber service Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries.
3/26/2024 • 7 minutes, 23 seconds
New Kimsuky technique, KDE Linux warning, Atlassian critical flaws
Kimsuky turns to compiled HTML Help files for cyberattacks KDE issues warning after theme wipes Linux user’s files Critical flaw in Atlassian Bamboo data center and server must be fixed immediately Thanks to today's episode sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.
3/25/2024 • 7 minutes, 42 seconds
Week in Review: McDonald’s outage explained, SIM swap fraud, spyware agreement support
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, Vanta Managing the requirements for modern security programs is increasingly challenging. Vanta’s trust management platform helps you quickly assess risk, streamline security reviews, and automate compliance for SOC 2, ISO 27001, HIPAA, and more. Plus, you can save time by completing security questionnaires with Vanta AI. Join over 7,000 global companies that use Vanta to automate evidence collection, unify risk management, and secure customer trust. To learn more, go to vanta.com/ciso All links and the video of this episode can be found on CISO Series.com
3/22/2024 • 32 minutes, 57 seconds
Microsoft Server crashes, npm package discrepancies, Nemesis marketplace raided
Microsoft confirms Windows Server issue behind domain controller crashes Over 800 npm packages found with discrepancies Nemesis darknet marketplace raided in Germany-led operation Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/22/2024 • 7 minutes, 20 seconds
Water task force, Loop DoS attacks, GitHub vulnerability fixer
US plans Water Sector Cybersecurity Task Force Loop DoS attack exploits the infinite regress of UDP GitHub tool uses AI to fix vulnerabilities Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
3/21/2024 • 7 minutes, 20 seconds
Mid-stream ESports hack, System glitch costs millions, LockBit reemerges with vengeance
Mid-stream hack postpones ESports league Bank loses $40 million after “systems glitch” LockBit reemerges with vengeance Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
3/20/2024 • 9 minutes, 57 seconds
Change Healthcare payout, FTC probe into Reddit, Japanese tech giant breached
UnitedHealth fronts over $2 billion in recovery efforts Spyware agreement gains more international support FTC probes Reddit's AI data licensing ahead of IPO Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
Global McDonald’s outage blamed on third-party vendor, not cyberattack Google adds real-Time URL protection for Chrome Network outages hit Birmingham Alabama Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/18/2024 • 7 minutes, 34 seconds
Week in Review: Russian Microsoft exfiltration, JetBrains Rapid7 feud, Change Healthcare fallout
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Alexandra Landegger, Executive Director and CISO Collins Aerospace Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
3/15/2024 • 26 minutes, 44 seconds
Change Healthcare fallout, Fortinet SQL warning, Yacht company breach
Change Healthcare - AHA asks for aid, HHS questions HIPAA compliance Fortinet warns of severe SQLi vulnerability in FortiClientEMS software Yacht company MarineMax announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Researchers find vulnerabilities in Gemini New York Times denies it “hacked” OpenAI for lawsuit Leaked GitHub secrets up 28% Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
3/14/2024 • 7 minutes, 57 seconds
LockBit claims hack, CISA understaffed, US and Russia election concerns
LockBit takes credit for hacking South African pension fund CISA’s OT attack response team understaffed US and Russia accuse each other of potential election cyberattacks Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
3/13/2024 • 9 minutes, 37 seconds
Roku forces reset, French agencies targeted, Fintech firm taken offline
Roku forces reset after 15,000 accounts compromised French government agencies targeted in “unprecedented” attacks Fintech firm taken offline by ransomware attack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/12/2024 • 9 minutes, 2 seconds
Microsoft breach update, CISA flags JetBrains, ChatGPT creds sale
Microsoft says Russian hackers breached its systems, accessed source code CISA adds JetBrains TeamCity bug to its KEV catalog Over 225,000 compromised ChatGPT credentials for sale Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
3/11/2024 • 8 minutes, 19 seconds
Week in Review: German Webex gaffe, Google engineer indicted, Cloudflare’s AI firewall
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David’s travel blog, DavidCrossTravels.com Thanks to our show sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All links and the video of this episode can be found on CISO Series.com
3/8/2024 • 26 minutes, 6 seconds
FlipperZero attacks Teslas, Google engineer indicted, PetSmart attack warning
Flipper Zero WiFi attack can unlock and steal Tesla cars Former Google engineer indicted for stealing AI secrets for Chinese companies PetSmart warns customers of credential stuffing attack Thanks to today's episode sponsor, Conveyor Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that our AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
3/8/2024 • 6 minutes, 44 seconds
Online fraud hits record losses, states urge Meta to crack down on scammers, Apple issues update for zero-day flaw
Online fraud hits record losses States urge Meta to crack down on scammers Apple issues update for zero-day flaw Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI security review automation software? We’ll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at www.conveyor.com. Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
3/7/2024 • 7 minutes, 55 seconds
US cyber strategy update, spyware sanctions, ALPHV exits
US cybersecurity strategy update on the way US Treasury issues first spyware sanctions UK denies responsibility for ALPHV takedown Thanks to today's episode sponsor, Conveyor Conveyor is the only GPT-powered customer trust portal that automates the entire customer security review process — from sharing your security posture and documents in a single portal to automating security questionnaire responses with 90% accuracy so you can fly through any customer security review in minutes. It might sound like every other compliance software claim out there, but there’s a reason our customers have dubbed Conveyor their ‘favorite security tool of the year’. Test our market-leading AI in a free proof of concept at www.conveyor.com
3/6/2024 • 6 minutes, 45 seconds
North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers
North Korea targets semiconductor industry ALPHV infrastructure goes dark China to offer computing vouchers to AI startups Thanks to today's episode sponsor, Conveyor AI is getting pretty smart so you shouldn’t settle for mediocre security questionnaire automation software that only generates the right answer 20 to 50 percent of the time or have to wait a day for the vendor’s team to check the answers. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy reducing time spent on security reviews by 80%, but now also autofills in OneTrust portal questionnaires with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan.
3/5/2024 • 6 minutes, 52 seconds
NSO code verdict, Change Healthcare fallout, law firm breach
NSO Group to ordered to give Pegasus code to WhatsApp Change Healthcare confirms BlackCat, Schumer asks for aid Law firm announces data breach affecting 325,000 people Thanks to today's episode sponsor, Conveyor We’ve got a returning sponsor this week – Conveyor. They’re the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires in OneTrust so you can spend almost zero time on the manual tasks that make you want to throw your computer out the window. Teams are finding in a free proof of concept that their AI is better than the rest. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Russ Ayres, SVP of Cyber & Deputy CISO, Equifax Thanks to our show sponsor, Egress People are the biggest risk to your organization’s security, and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. All links and the video of this episode can be found on CISO Series.com
3/1/2024 • 27 minutes, 37 seconds
Cencora pharma breach, Gen-AI explodes BEC, Chinese doorbell warning
Pharma giant Cencora announces data breach GenAI drives surge in BEC attacks Popular video doorbell easy hijacked Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com.
3/1/2024 • 8 minutes, 29 seconds
EO limits PII, Australia's espionage struggle, Lazarus zero-day
Biden signs order limiting the sale of personal data Australia claims its seeing unprecedented “foreign interference” Lazarus Group targeting Windows and PyPi Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
2/29/2024 • 7 minutes, 4 seconds
NIST framework 2.0, Optum linked to BlackCat, ScreenConnect exploitations continue
NIST releases cybersecurity framework 2.0 Optum attack linked to BlackCat ransomware ScreenConnect exploitations continue Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
SolarWinds attackers changing tactics Brand domains used in spam operation Steel giant hit with cyberattack Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today.
British police taunt LockBit administrator PayPal files patent for new stolen cookies detector Vending machine crash reveals face recognition tech Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. With more advanced threats getting through secure email gateway detection every day, Egress provides AI-powered email security that eliminates both inbound phishing attacks and outbound data breaches. What's more, Egress' adaptive security architecture personalizes security for each user based on their real-time risk score. Visit egress.com to learn more about Egress' Intelligent Cloud Email Security suite and start detecting email threats your secure email gateway is missing today. For the stories behind the headlines, head to CISOseries.com.
2/26/2024 • 8 minutes, 2 seconds
Week in Review: LockBit gets bitten, airline bot gaffe, exploding car keys
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Thom Langford, CISO, Velonetic Thanks to our show sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, we’ve been talking about it all week. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. All links and the video of this episode can be found on CISO Series.com
LockBit was building next gen encryptor before takedown Thousands of wireless customers suffer outage Prescription delays due to Change Healthcare cyberattack Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of their customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded our browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/23/2024 • 9 minutes, 58 seconds
LockBit gang doesn’t keep its word, the LockBit bounty, White House tackles U.S. maritime threats
Thanks to today's episode sponsor, Conveyor Happy Thursday. Are you tired of us talking about how Conveyor’s AI can now autofill OneTrust security questionnaires in one-click? Well, we’ll stop talking about it if you come talk to them. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept by booking a demo at www.conveyor.com. And mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/22/2024 • 9 minutes, 1 second
LockBit update, Signal usernames, NSA Cyber Director retires
LockBit takedown update Signal now lets users keep phone numbers private NSA Cybersecurity Director Rob Joyce to retire Thanks to today's episode sponsor, Conveyor No more portal scaries. Conveyor just launched AI autofill of OneTrust portal questionnaires. That means no more clicking question-by-question to copy-paste each answer when a customer sends you a OneTrust security questionnaire. Conveyor’s AI will read and autofill the whole page for you. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
LockBit disrupted by global police operation Cactus leaks Schneider Electric data on dark web ALPHV gang takes credit for LoanDepot, Prudential attacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. They’ve upgraded their browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/20/2024 • 7 minutes, 44 seconds
Chrome protects home, Zeus mastermind guilty, airline chatbot gaffe
Google Chrome feature blocks attacks against home networks Mastermind behind Zeus and IcedID malware pleads guilty Air Canada must honor refund invented by its chatbot, says court Thanks to today's episode sponsor, Conveyor Conveyor AI is so good, it can now autofill OneTrust portal questionnaires in one click. Yes, you heard us right. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy, but now fills in One Trust portals with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com
2/19/2024 • 7 minutes, 59 seconds
Week in Review: LLMs improve cyberattacks, Rhysida gets decrypted, US Blackcat bounty
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
2/16/2024 • 24 minutes, 55 seconds
Microsoft zero-day warning, Neuberger addresses Munich, trojan steals faces
Microsoft warns of new Exchange Server zero-day Neuberger: Pace of ransomware takedown operations isn’t enough Gold Pickaxe malware steals your face Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Trans-Northern Pipelines confirms cyberattack Threat actors using LLMs to improve cyberattacks Email provider published internal emails in plain text Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
2/15/2024 • 6 minutes, 58 seconds
Prudential data breached, Facebook Marketplace leak, BoA 3rd party breach
Prudential Financial data breached in cyberattack Facebook Marketplace user records leaked on hacking forum Bank of America customers at risk after third party breach Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/14/2024 • 8 minutes, 6 seconds
Repository framework, Romanian healthcare attack, Ivanti backdoored
CISA releases repository security framework Ransomware takes down Romanian healthcare management system Ivanti flaw used to deploy backdoor Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo.
2/13/2024 • 7 minutes, 55 seconds
Raspberry Robin warning, Hyundai ransomware attack, Cisco job cuts
Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
2/12/2024 • 8 minutes, 14 seconds
Week in Review: Volt Typhoon warning, Cloudflare’s nation-state breach, $25 million deepfake
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Doug Mayer, vp, CISO, WCG Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
2/9/2024 • 26 minutes, 5 seconds
Volt Typhoon warning, Cisco fixes Expressway, credit union theft
CISA, FBI issue sobering warning about Volt Typhoon Cisco fixes critical Expressway flaws 3 million records from thousands of credit unions exposed Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
CISA collaboration initiative on thin ice Iran focusing cyber efforts Ransomware payments cross $1 billion in 2023 Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/8/2024 • 7 minutes, 28 seconds
United front against spyware, spyware to blame for most Google zero-days, insider data breach hits Verizon
Tech giants and world govs unite to tackle spyware threats Spyware vendors to blame for most Google zero-days Insider data breach hits almost half of Verizon’s employee base Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/7/2024 • 8 minutes, 51 seconds
Spoutible API Leak, Fake IDs at scale, Sudo Windows
Spoutible API vulnerability leaks user data Illicit service cranks out fake IDs Sudo coming to Windows Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
Cloudflare announces nation-state level breach AnyDesk says hackers breached production servers, reset passwords Chicago children’s hospital announces cyberattack Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/5/2024 • 8 minutes, 5 seconds
Week in Review: Microsoft email explanation, Brazilian banking trojan, Mercedes GitHub error
Link to blog post Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mary Rose Martinez, vp, CISO Marathon Petroleum Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
2/2/2024 • 22 minutes, 41 seconds
FBI Director’s warning, Apple flaw warning, Pentagon supplier breach
FBI director warns of Chinese hacker threat to U.S. critical infrastructure CISA warns of exploited Apple flaw Pentagon Intelligence supplier allegedly hacked Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/2/2024 • 7 minutes, 51 seconds
Volt Typhoon takedown, refusing ransoms, Binance's big leak
FBI grounds Volt Typhoon More companies refuse to pay ransoms Binance internal info exposed on GitHub Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
2/1/2024 • 7 minutes, 41 seconds
Mercedes-Benz leak, Juniper Networks patch, ZLoader is back
Mercedes-Benz exposes sensitive data, source code Juniper Networks issues out-of-band fix for high severity flaws New ZLoader malware, now with 64-bit Windows compatibility Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
1/31/2024 • 8 minutes, 51 seconds
Microsoft takes another hit, Energy giant hit by ransomware, the NSA is secretly buying your data
Microsoft takes another hit Energy giant hit by ransomware The NSA is secretly buying your data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com.
Urgent patch alert for Jenkins Cisco flaw exposes Unified Comms systems Pro-Ukraine hackers wipe 2 petabytes of data from Russian intelligence center Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/29/2024 • 8 minutes, 28 seconds
Week in Review: TeamViewer still abused, ransomware’s hidden costs, X supports passkeys
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Kelley, vp, CISO, The E.W. Scripps Company and partner, OTAWireless.com. Thanks to our show sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
1/26/2024 • 28 minutes, 10 seconds
Hewlett Packard breach, exposed API study, Ukraine infrastructure attacks
Hewlett Packard Enterprise (HPE) attacked through Microsoft 365 email system Study reveals 18,000 exposed API secrets, including $20 million in vulnerable Stripe tokens Ukrainian energy, postal, and transportation services hit by cyberattacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software known for generating the most accurate AI answers to questionnaires is launching a much-requested feature. Conveyor’s AI can now use uploaded security documents like a SOC 2 and security policy whitepapers to auto-generate precise answers to entire questionnaires in seconds. See why customers like Lucid and Carta are raving about the software and try the AI yourself in a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
1/26/2024 • 8 minutes, 30 seconds
EquiLend offline, AI fueling ransomware, "mother of all breaches"
Cyberattack knocks EquiLend offline Brits warn of the AI impact on ransomware Data leak claims to hold over 26 billion records Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. How? Conveyor’s AI can now use uploaded security documents like a SOC 2 or security policy document to auto-generate precise answers to entire security questionnaires in seconds. You can test the AI in a free proof of concept at www.conveyor.com.
1/25/2024 • 6 minutes, 46 seconds
CISA boss swatted, Subway investigates LockBit, Australia sanctions hacker
CISA boss targeted in “harrowing” swatting attack Subway puts a LockBit investigation on the menu Australia sanctions REvil hacker behind Medibank data breach Thanks to today's episode sponsor, Conveyor Ever wish AI could auto-generate answers to security questionnaires for you just based on your SOC 2 or other documents? Spoiler alert - it can and you can now try it for free with Conveyor’s AI security questionnaire automation software. Set up takes a few seconds. Get a free Conveyor account and simply upload your security documents. Then, upload a new questionnaire to see AI generate answers in seconds based on your documents. Try a free proof of concept today at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
1/24/2024 • 7 minutes, 29 seconds
Thailand's data leak, CISA's Ivanti order, security funding drips
Thailand court attempts to suppress data leak CISA issues emergency directive on Ivanti zero-days Cybersecurity startup funding down 50% Huge thanks to our episode sponsor, Conveyor What’s worse than a last minute security questionnaire in your inbox? Having to maintain a thousand question and answer pairs to use to respond to a questionnaire. Now, Conveyor’s AI security questionnaire automation software can use security documents like a SOC 2 and a pared down question and answer bank to auto-generate precise answers to entire questionnaires in seconds. Try a free proof of concept today at www.conveyor.com.
1/23/2024 • 6 minutes, 47 seconds
Russia Microsoft breach, JPMorganChase hacking increase, TeamViewer still abused
Russian hackers breach Microsoft executive emails to learn about themselves JPMorgan Chase says hacking attempts are increasing TeamViewer still being abused to breach networks in new ransomware attacks Thanks to today's episode sponsor, Conveyor AI can now literally answer any question in seconds, yet infosec teams are still in a living nightmare manually filling out questionnaires. Conveyor AI’s can now use your uploaded security documents to auto-generate precise answers to entire questionnaires. The software one of our customers dubbed “my favorite security tool of the year” in 2023 has gotten even better and it takes just minutes to get started. Try a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
1/22/2024 • 9 minutes, 3 seconds
Week in Review: SEC X breach, pwned highlights leak, Kyivstar attack cost
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jerich Beason, CISO, WM Thanks to our show sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines. All links and the video of this episode can be found on CISO Series.com
1/19/2024 • 22 minutes, 21 seconds
Atlassian Jira outage, iPhone spyware solution, Russia’s Europe espionage
Atlassian outage briefly affected multiple cloud services iShutdown helps discover spyware on iPhones Russian state hackers COLDRIVER deploy malware in European espionage campaign Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines. For the stories behind the headlines, head to CISOseries.com.
1/19/2024 • 8 minutes, 14 seconds
Drone threats, PixieFail firmware, HIBP dataset
Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds “statistically significant” data leak Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines.
1/18/2024 • 7 minutes, 3 seconds
Google patches zero-day, Citrix zero-day warning, Phemedrone stealer warning
Google patches first Chrome zero-day vulnerability of the year Urgent warning from Citrix to patch two zero-day vulnerabilities New malware strain persists despite patch Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines.
Turkey blocks some VPNs OpenAI publishes election guidance Spanish municipality faces stiff ransomware demand Huge thanks to our sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines.
1/16/2024 • 7 minutes, 19 seconds
Water nonprofit targeted, Denmark energy update, SEC X update
Ransomware gang targets clean water nonprofit Denmark energy sector attacks likely not Sandworm after all SEC says X account breach did not lead to further breaches Thanks to our episode sponsor, Savvy Security Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines. For the stories behind the headlines, head to CISOseries.com.
1/15/2024 • 7 minutes, 35 seconds
Week in Review: Merck settles NotPetya, Google accounts hacked, GitHub abuse rises
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Allan Cockriel, Group CISO, Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
1/12/2024 • 24 minutes, 49 seconds
Ivanti zero-day, Akira targets backups, school data exposed
Ivanti VPN hit by zero-days Akira targeting backups Sensitive school data accidentally exposed online Remember to subscribe to the Cyber Security Headlines newsletter here. Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
1/12/2024 • 7 minutes, 28 seconds
Texas healthcare breach, enormous Brazil leak, Tortilla decryptor released
Texas healthcare provider suffer data breach Entire population of Brazil possibly exposed in data leak Decryptor for Tortilla ransomware released Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
Bitcoin price spikes after SEC Twitter account hijack Twitter account hijack wave affects Mandiant China claims it cracked Apple AirDrop Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/10/2024 • 8 minutes, 43 seconds
google hacked, loanDepot attacked, Netgear compromised
Google accounts hacked: No passwords required loanDepot joins growing list of US mortgage lenders attacked Netgear and Hyundai’s X accounts latest to be compromised in crypto scam Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo.
Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta’s platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
1/8/2024 • 7 minutes, 6 seconds
Week in Review: Hospitals sue cloud, Google settles Incognito, ransomware payment ban
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Johna Till Johnson, CEO, Nemertes, and podcaster at Heavy Strategy. Thanks to our show sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI’s ASM platform to hone in on what’s actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM All links and the video of this episode can be found on CISO Series.com
1/5/2024 • 25 minutes, 3 seconds
Mandiant Twitter hack, breach firm breached, Spanish mobile attacked
Mandiant Twitter account restored after crypto scam hack Law firm that handles data breaches hit by data breach Spanish mobile carrier suffers outage after account takeover Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to CISOseries.com.
1/5/2024 • 7 minutes, 43 seconds
Ransomware bans, voice cloning contest, slow data exports
A call for formal ban on ransomware payments FTC asks for ideas to fight voice cloning Cyberattack impacts French township Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.
1/4/2024 • 7 minutes, 10 seconds
Google $5 billion suit settled, Orbit Chain loses $80M, FDA cyber agreement
Google settles $5 billion ‘incognito mode’ lawsuit Over $80 million in crypto stolen from Orbit Chain Watchdog calls for updated medical device cyber agreement Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, visit CISOseries.com.
1/3/2024 • 6 minutes, 46 seconds
Sweden grocer cyberattack, Black Basta flaw, Boston hospital cyberattack
Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims’ files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more. For the stories behind the headlines, head to CISOseries.com.
1/2/2024 • 7 minutes, 3 seconds
German hospital ransomware, Ohio Lottery attacked, First American update
LockBit hits German hospital system over the holidays Ohio Lottery cyberattack claimed by DragonForce First American says funds are secure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/29/2023 • 6 minutes, 49 seconds
Barracuda backdoors, undocumented iPhone hardware, NYT sues OpenAI
Threat actors install backdoor on Barracuda appliances iPhone triangulation exploit used undocumented features New York Times starts the publisher LLM lawsuits Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.
12/28/2023 • 7 minutes, 30 seconds
National Amusements breached, Rockstar game leak, LoanCare parent hacked
CBS and Paramount owner hacked a year ago Rockstar Games allegedly suffers source code leak LoanCare says 1.3 million people affected by cyberattack Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com.
12/27/2023 • 7 minutes, 41 seconds
First American cyberattack, Iran APT campaign, ransomware victims spike
First American suffers cyberattack, website down Iran-linked group targets defense contractors worldwide November saw record numbers of ransomware leak site victims Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/26/2023 • 7 minutes, 24 seconds
HCL investigates ransomware, Agent Tesla returns, JavaScript bank malware
Indian tech company HCL investigating ransomware attack Agent Tesla and an old Microsoft Office vulnerability create new problems New JavaScript malware targets banks Thanks to today's episode sponsor, Barricade Cyber Solutions Is ransomware affecting your business operations? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security prevention and recovery. Go to recoverfromransomware.com and set up a time to connect with the team today. Again, that's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/22/2023 • 7 minutes, 25 seconds
BlackCat is back, CSAM in AI data, ESO breach
BlackCat came back Child abuse images found in AI datasets ESO solutions breach impacts million Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation with the CEO at recoverfromransomware.com now.
12/21/2023 • 6 minutes, 54 seconds
FBI disrupts BlackCat, International operation nabs thousands, Sony data leak
FBI disrupts BlackCat ransomware network International operation arrests thousands of cybercriminals Sony’s video game plans leaked by ransomware group Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Head over to recoverfromransomware.com to learn more. For the stories behind the headlines, visit CISOseries.com.
12/20/2023 • 7 minutes, 49 seconds
Play ransomware warning, QakBot is back, Mr. Cooper hack
Play ransomware is no game The return of QakBot Hacking with Mr. Cooper Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today.
12/19/2023 • 6 minutes, 50 seconds
Box suffers outage, MongoDB suffers breach, States lag in tackling political deepfakes
Box storage platform suffers outage MongoDB suffers breach States lag in tackling political deepfakes Thanks to today's episode sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 businesses cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. All you need to remember is recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/18/2023 • 7 minutes, 11 seconds
Week in Review: Irish water hack, Joe Sullivan speaks, UK ransomware predictions
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron, Chief Business Security Officer, ADP Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing your business MAJOR disruptions? Connect with Barricade Cyber Solutions, the trusted DFIR experts specializing in helping small to medium businesses, like yours, recover from ransomware. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting with advanced recovery services to quickly restore business data and services. Recover from ransomware with Barricade Cyber Solutions at recoverfromransomware.com. All links and the video of this episode can be found on CISO Series.com
French police arrest alleged Hive banker Train bricking accusations lead to lawsuit against ethical hackers New Hacker Group ‘GambleForce’ Targets APAC through SQL injection Thanks to today's episode sponsor, Barricade Cyber Solutions Has your organization faced a ransomware attack? Keep calm, breathe, and head over to recoverfromransomware.com. Barricade Cyber Solutions is the industry choice for ransomware recovery services that small and medium business leaders can rely on. With a track record of rescuing over 3,000+ businesses like yours in the last 5 years alone, you can trust Barricade Cyber Solutions' elite DFIR team for the recovery of your business' data and systems. Schedule a complimentary consult today at recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
12/15/2023 • 8 minutes, 5 seconds
UK ransomware report, OAuth abuse, push notification changes
UK ransomware report isn’t pretty MS warns of OAuth abuse Apple discloses pushback to push notification disclosure Thanks to today's episode sponsor, Barricade Cyber Solutions Don't let ransomware ruin the holidays again this year! Prepare and spread holiday cheer with recoverfromransomware.com! The trusted DFIR experts at Barricade Cyber Solutions have saved 3,000 and counting businesses from ransomware attacks, including small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and systems recovery. Book a meeting directly with the CEO to discover how to recover from ransomware. Visit recoverfromransomware.com.
12/14/2023 • 6 minutes, 18 seconds
Ukraine telco down, Sullivan advocates for CISOs, GAO on AI
Cyberattack shuts down Ukrainian telco Former Uber CISO advocates for CISO protections GAO report on government AI usage Thanks to today's episode sponsor, Barricade Cyber Solutions When you're hit with ransomware, remember recoverfromransomware.com. Barricade Cyber Solutions' experienced DFIR team is ready to help your business recover from ransomware now. You'll work directly with the CEO to resolve your case quickly and efficiently. Whether you're experiencing a ransomware attack or want to get ahead of one by discussing a prevention plan, contact Barricade Cyber Solutions at recoverfromransomware.com.
12/13/2023 • 7 minutes, 16 seconds
Internet fragmentation, EU AI Act, Lazarus loves Log4Shell
US tries to avoid internet fragmentation EU reaches agreement on AI Act North Korea finds continued success with Log4Shell Thanks to today's episode sponsor, Barricade Cyber Solutions Encountering a ransomware attack? Keep cool and reach out to Barricade Cyber Solutions, the trusted DFIR experts. Barricade is known for helping small and medium businesses just like yours restore their business data and successfully recover from ransomware. Escape the ransomware nightmare and bring your business back online now. Contact Barricade Cyber Solutions today at recoverfromransomware.com. That's recoverfromransomware.com.
12/12/2023 • 7 minutes, 10 seconds
5G network vulnerability, SLAM affects CPUs, CISA Qlik warning
5G network security vulnerabilities discovered, impacting chipset vendors and smartphones SLAM Spectre-based vulnerability affects CPUs CISA adds Qlik bugs to exploited vulnerabilities catalog Thanks to today's episode sponsor, Barricade Cyber Solutions Caught in a ransomware crisis? Barricade Cyber Solutions is your lifeline for recovery. Trust the industry's experienced DFIR experts, with a track record of saving over 3,000 businesses in the last 5 years. Remember to visit recoverfromransomware.com to connect with Barricade Cyber Solutions' trusted ransomware recovery team. This elite squad moves quickly to restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com.
12/11/2023 • 7 minutes, 50 seconds
Week in Review: Credit Union outages, Roblox, Twitch targeted, Nuclear site breached
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andy Ellis, operating partner YL Ventures Thanks to our show sponsor, Barricade Cyber Solutions Are ransomware attackers causing disruptions? Remember to stay composed and immediately contact Barricade Cyber Solutions, the trusted ransomware recovery experts specializing in small to medium businesses. Barricade Cyber Solutions has a proven track record of successfully handling over 3,000 business cases and counting- with advanced recovery services for rapid business restoration. Recover from ransomware with Barricade Cyber Solutions. Visit recoverfromransomware.com to learn more. All links and the video of this episode can be found on CISO Series.com
12/8/2023 • 25 minutes, 17 seconds
Aviva cyberattack warning, anti-aircraft data theft, car fleet vulnerability
Insurance firm sees cyberattacks as more likely than fire or theft North Korean hackers steal anti-aircraft system data Vulnerability discovered in fleet management software Huge thanks to our sponsor, Barricade Cyber Solutions Is ransomware affecting your business? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security. Remember recoverfromransomware.com, that’s recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.
Krebs on ICANN Lookups Wyden warns of spying push notifications Google unveils Gemini Huge thanks to our sponsor, Barricade Cyber Solutions Has your organization fallen victim to ransomware? Remain calm and head over to recoverfromransomware.com. Barricade Cyber Solutions is the "go-to" for ransomware recovery services that small to medium business executives can trust. Over the past 5 years, Barricade Cyber Solutions has saved 3,000+ businesses in your shoes. Trust the elite DFIR team at Barricade Cyber Solutions with your data and system security recovery. Book a free consultation at recoverfromransomware.com now.
Spyware trial implicating former Mexican president kicks off Federal agency breached through Adobe ColdFusion vulnerability Malicious loan app downloaded 12 million times from Google Play Huge thanks to our sponsor, Barricade Cyber Solutions Don't let ransomware ruin your holiday. Remember to visit recoverfromransomware.com! Barricade Cyber Solutions are THE trusted DFIR experts, and they've saved 3,000 and counting businesses from ransomware attacks, small and medium businesses just like yours! Barricade Cyber is YOUR solution for rapid data and security systems recovery. Book a meeting directly with the CEO to discuss securing your future today. Visit recoverfromransomware.com. That's recoverfromransomware.com. For the stories behind the headlines, visit CISOseries.com.
12/6/2023 • 8 minutes, 17 seconds
Nuclear site hacked, Iranian water breaches, ChatGPT data leaks
UK nuclear site attacked by state-linked attackers US confirms Iranian actors behind water breaches The infinite regress of ChatGPT data exfiltration Huge thanks to our sponsor, Barricade Cyber Solutions Facing a ransomware attack? Don't panic, remain calm and remember to contact Barricade Cyber Solutions, the DFIR team trusted to quickly recover business data with exclusive ransomware recovery services for small and medium businesses alike. Recover from ransomware and get your business back online with Barricade Cyber Solutions. Visit recoverfromransomware.com to schedule a call with the team today. That's recoverfromransomware.com.
12/5/2023 • 7 minutes, 14 seconds
Credit Unions outage, Roblox-Twitch extortion, Apple zero-days
Credit unions facing outages due to ransomware attack on cloud provider Roblox, Twitch allegedly targeted by ransomware cartel Apple fixes two new iOS zero-days in emergency updates Huge thanks to our sponsor, Barricade Cyber Solutions Experiencing ransomware? Barricade Cyber Solutions will help you recover from the nightmare. Trust the industry DFIR experts who have rescued over 3,000 business cases over the past 5 years. Remember to visit recoverfromransomware.com and connect with Barricade Cyber Solutions rapid ransomware recovery team. This elite team works quickly to recover and restore your business data and services. Visit recoverfromransomware.com today. For the stories behind the headlines, head to CISOseries.com.
12/4/2023 • 7 minutes, 46 seconds
Week in Review: Okta breach expands, Former Uber CISO speaks, OpenAI’s chatbot leak secrets
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, SpyCloud SpyCloud disrupts cybercrime by telling you what criminals know about your business and your customers, so you can take action on exposed authentication data to prevent ransomware, session hijacking, account takeover, and online fraud. With knowledge of the specific data criminals have in hand – like credentials, cookies, and PII compromised by breaches and malware infections – security teams have better visibility into the expanding attack surface that puts their organization at risk of cyberattacks and can respond quickly with SpyCloud’s automated solutions. Find out what cybercriminals know about your business by visiting spycloud.com/ciso to get your free exposure report. That’s spycloud.com/ciso. All links and the video of this episode can be found on CISO Series.com
12/1/2023 • 29 minutes, 2 seconds
Manufacturing tops extortion, RETVec battles spam, new Zyxel warnings
Manufacturing industry tops cyber extortion trend Google’s RETVec the latest warrior on bad emails Zyxel warns of vulnerabilities in NAS devices Huge thanks to our sponsor, SpyCloud New research from SpyCloud reveals a critical discovery: nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. These infostealers exfiltrate authentication data from infected systems to aid follow-on attacks – everything from passwords to 2FA codes, and even cookies that enable session hijacking without the need for credentials at all. SpyCloud specializes in recapturing and remediating data siphoned from infostealers to protect businesses and their users from cybercrime. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso. For the stories behind the headlines, head to CISOseries.com.
12/1/2023 • 8 minutes, 20 seconds
Okta breach expands, JAXA cyberattack, leaky GPTs
All Okta customers exposed in breach JAXA hit by cyberattack OpenAI’s chatbots leak secrets Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.
11/30/2023 • 6 minutes, 22 seconds
Ransomware gang busted in Ukraine, North Texas water utility cyberattack, Former Uber CISO breaks 6-year silence
Ransomware gang busted in Ukraine by international operation North Texas water utility hit with cyberattack Former Uber CISO speaks out after 6-year silence Huge thanks to our sponsor, SpyCloud SpyCloud has discovered that infostealer malware infections are an early warning signal for ransomware. In fact, nearly a third of ransomware victim companies this year were infected with infostealer malware like Raccoon, Vidar or Redline before they were attacked. Are you thinking about infostealers as a precursor to ransomware? SpyCloud believes that knowing what criminals have stolen from your managed, unmanaged and undermanaged infected machines is step one to stopping ransomware attacks. Get SpyCloud’s new research on this topic and check your company’s exposure from malware infections at spycloud.com/ciso. For the stories behind the headlines, visit CISOseries.com.
11/29/2023 • 7 minutes, 36 seconds
International AI agreement, water utility attack, Ukraine cyberattack on Russian aviation
International AI agreement PA water utility hit by cyberattack Ukraine claims cyber attack against Russian aviation Huge thanks to our sponsor, SpyCloud Our sponsor today, SpyCloud, wants us to pay attention to a ransomware precursor that’s not being talked about enough: infostealer malware. If you think you’re covered by endpoint protection and anti-virus solutions, think again. The SpyCloud team discovered that the presence of infostealers including Racoon, Vidar, and Redline on machines accessing work applications may indicate a likely future ransomware attack. They believe the first step in thwarting ransomware lies in knowing the data criminals have stolen from malware-infected systems and remediating it quickly. Get SpyCloud’s new research and check your malware exposure at spycloud.com/ciso.
11/28/2023 • 6 minutes, 55 seconds
London & Zurich, Fidelity National Financial attacks, Royal Family’s hospital, Vanderbilt University Med Center attacks, US Nuclear lab and Gulf Air breaches
London & Zurich, and Fidelity National Financial attacks Royal Family’s hospital and Vanderbilt University Med Center suffer cybersecurity incidents Gulf Air exposed to data breach Huge thanks to our sponsor, SpyCloud For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. Go to spycloud.com/ciso to see your company's exposure from data breaches and even infostealer malware infections that can open the door to ransomware. SpyCloud’s focus is helping businesses act on what criminals are using right now to target them – addressing stolen passwords, cookies, and even API keys automatically to stop criminals in their tracks. To learn more and get your darknet exposure report, go to spycloud.com/ciso.
11/27/2023 • 8 minutes, 6 seconds
Cyber exec hacked hospital, ‘Citrix Bleed’ vuln targeted, Binance CEO steps down in $4 billion settlement
Cyber exec admits hacking hospital as a sales tactic ‘Citrix Bleed’ vulnerability targeted by nation-state hackers Binance CEO steps down in $4 billion settlement Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, visit CISOseries.com.
11/22/2023 • 7 minutes, 38 seconds
Healthcare hit with MOVEit, malware uses trig, OpenAI shakeup
Healthcare platform impacted by MOVEit Threat actors find a use for trigonometry What’s happening with OpenAI Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today.
Clorox CISO departs months after cyberattack ALPHV/BlackCat Ransomware gang files SEC complaint Drenan Dudley acting national cyber director while Coker confirmation process continues Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. Egress is the only cloud email security platform to use an adaptive security architecture to automate threat detection and response for advanced phishing attacks and outbound data breaches, tailoring the experience for each user based on their real-time risk score. Visit egress.com to learn more about Egress’ Intelligent Cloud Email Security suite and start detecting email threats your existing solution is missing today. For the stories behind the headlines, head to CISOseries.com
11/20/2023 • 7 minutes, 9 seconds
Week in Review: UK Health data shared, SSH keys vulnerable
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jay Wilson, CISO, Insurity Thanks to our show sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. Learn more at Sysdig.com All links and the video of this episode can be found on CISO Series.com
11/17/2023 • 26 minutes, 31 seconds
Fortinet Injection bug, Another Samsung breach, government Rhysida warning
Fortinet warns of critical command injection bug in FortiSIEM Another data breach for Samsung Rhysida warning from FBI and CISA Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head to CISOseries.com.
11/17/2023 • 7 minutes, 41 seconds
Microsoft Copilot, YouTube addresses AI uploads, CISA's AI roadmap
Microsoft goes all in on Copilot YouTube’s AI disclosure requirement CISA’s AI Roadmap Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
11/16/2023 • 6 minutes, 53 seconds
IPStorm botnet dismantled, Social media giants will face child safety lawsuits, Authorities warn of Royal ransom gang threat
IPStorm botnet dismantled after hacker’s guilty plea Federal court rules social media giants must face child safety lawsuits Authorities warn of Royal ransom gang’s activities and rebranding Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, visit CISOseries.com.
11/15/2023 • 8 minutes, 42 seconds
Cyber Security Headlines: Australian ports attacked, impacts of AI on terrorist content, Google sees faked Bard ads
Australian ports hit with cyberattack AI companies join on to Christchurch Call to Action Generative AI threatens to dismantle terrorist content detection Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
11/14/2023 • 6 minutes, 48 seconds
China bank ransomed, UK health data shared, Boeing data published
Industrial and Commercial Bank of China suffers ransomware attack UK health data donated for medical research shared with insurance companies Boeing data published by LockBit Thanks to today's episode sponsor, Sysdig For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second. For the stories behind the headlines, head to CISOseries.com.
11/13/2023 • 7 minutes, 24 seconds
Week in Review: Okta explains hack, Google Calendar as C2, Selling military data
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Howard Holton, CTO, GigaOm Thanks to today’s episode sponsor, OffSec OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you’ll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization’s security. Register now at offsec.com/evolve All links and the video of this episode can be found on CISO Series.com
11/10/2023 • 25 minutes, 45 seconds
US most breached, ChatGPT gets DDoS, Clop exploits SysAid
US most breached country last quarter OpenAI blames DDoS attacks for ongoing ChatGPT outages Clop exploits SysAid vulnerability Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
11/10/2023 • 7 minutes, 56 seconds
Shields Ready campaign, AI imagery rules for the election, App Defense Alliance moves to Linux Foundation
US launches “Shields Ready” campaign Microsoft and Meta announced AI imagery rules App Defense Alliance moves under the Linux Foundation Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve
11/9/2023 • 7 minutes, 27 seconds
Marina Bay Sands customer data hacked, Atlassian bug escalated to 10.0 severity, Fake crypto app steals over $700,000
Singapore’s Marina Bay Sands customer data stolen in cyberattack Atlassian bug escalated to 10.0 severity Fake Ledger Live app steals over $700,000 in crypto Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, visit CISOseries.com.
11/8/2023 • 8 minutes, 1 second
Dropper bypasses Google, CISA’s zero-day worries, Google Calendar as C2
Android Dropper-as-a-Service Bypasses Google’s Defenses Increase in zero-day exploits worries CISA Google Calendar as a C2 infrastructure Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is running a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. Attend Evolve and get insider insights from a former bank hacker. Discover strategies on stretching your security budget and get tips to attract the crème de la crème of talent. It's more than just an event – it's a masterclass helping you elevate your cybersecurity leadership game. Hear from forward-thinking cybersecurity leaders from companies like CISCO, Amazon, Salesforce and more. Register today and get the insights you need to help shape the future of your company’s security. Sign up now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. During the event, you'll learn how to attract and assess top talent, how to craft positioning for budget conversations, why CISOs make great board members, and more. Hear from forward-thinking infosec leaders from companies like CISCO, Amazon, and Salesforce. Save your seat and equip yourself with actionable takeaways to help shape the future of your organization's security. Register now at offsec.com/evolve For the stories behind the headlines, head to CISOseries.com.
11/6/2023 • 7 minutes, 22 seconds
Week in Review: Cloudflare’s power outage, Washington breaches, Wiki-Slack attack
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Shawn Bowen, CISO, World Kinect Corporation Thanks to our show sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. All links and the video of this episode can be found on CISO Series.com
11/3/2023 • 29 minutes, 9 seconds
Cloudflare’s power outage, Apache HelloKitty attempt, Boeing incident continues
Power outage darkens Cloudflare dashboard and APIs Apache ActiveMQ flaw sees HelloKitty attempt Boeing says cyber incident affects parts and distribution Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, head to CISOseries.com.
11/3/2023 • 7 minutes, 36 seconds
UK summit pledge to tackle AI risks, ‘Kill switch’ shuts down Mozi botnet, EU regulator bans Meta's ad practices
Countries at UK summit pledge to tackle AI risks ‘Kill switch’ deliberately shuts down notorious botnet EU regulator bans Meta's targeted advertising practices Thanks to today's episode sponsor, Hunters There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, visit CISOseries.com.
11/2/2023 • 8 minutes, 3 seconds
Canada bans WeChat, no ransom pledge, India's opposition sees state-sponsored attacks
Canada bans WeChat on government devices 40 countries sign no ransom pledge Apple warns Indian opposition leaders about iPhone attacks Thanks to today's episode sponsor, Hunters If your SIEM is causing an endless cycle of noisy alerts, manually writing generic detection rules, and limited data ingestion & retention, your SOC might need an upgrade. Hunters is a SaaS platform, purpose built for your Security Operations team. Solaris Group, a leading German FinTech, implemented Hunters to replace their SIEM eliminating the burden of redundant detection engineering and manual event correlation. Solaris Group’s SOC analysts can now focus their time and energy on higher-value tasks. Visit hunters.security to learn how to replace your SIEM today.
11/1/2023 • 6 minutes, 26 seconds
AI Executive Order, Russia' VirusTotal, Roaming leaks locations
Executive order outlines generative AI rules in the US Russia launchings its own VirusTotal Roaming data could leak geolocations Thanks to today's episode sponsor, Hunters Piecing together a SIEM not only takes forever, but it wastes your security team’s valuable resources. Hunters is a SIEM alternative purpose built to help your Security Operations mature to the next level in a fraction of the time. Spontnana, a next-generation Travel-as-a-Service platform, uses Hunters’ built-in correlation and enrichment capabilities to make better security decisions and experienced value from day one. Are you ready to evaluate Hunters as a SIEM alternative? Visit Hunters.security to learn more.
10/31/2023 • 7 minutes, 43 seconds
DC Elections breach, LockBit Boeing breach, StripedFly’s stealthy sting
DC Board of Elections breach may include entire voter roll LockBit claims Boeing breach StripedFly malware infects 1 million Windows and Linux hosts Thanks to today's episode sponsor, Hunters Hunters is a SIEM alternative, built for your security team. Hunters empowers companies to replace their SIEM with unlimited ingestion and normalization of security data at a predictable cost. Using Hunters, a CISO at a leading online retailer “tripled the amount of data ingested by her security team while cutting costs from a legacy SIEM provider by 75%.” To learn more about the benefits of replacing your legacy SIEM with Hunters visit hunters.security today. For the stories behind the headlines, head to CISOseries.com
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Arvin Bansal, former CISO, Nissan Americas Thanks to our show sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. All links and the video of this episode can be found on CISO Series.com
ILeakage attack steals emails, passwords from Apple devices and browsers CISA protests potential 25% budget cut as “catastrophic” Surge in hyper-volumetric HTTP DDoS attacks Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/27/2023 • 7 minutes, 53 seconds
SMIC advanced chips, Roundcube exploit, Philadelphia email access
SMIC making advanced chips with ASML tech Roundcube webmail exploited with zero-day Philadelphia’s week somehow gets worse Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/26/2023 • 6 minutes, 49 seconds
Cisco IOS XE infections remain high, California sidelines GM’s driverless cars, Canada accuse China of ‘Spamouflage’ campaign
Cisco IOS XE Update: Number of infected devices via zero-day remains high California sidelines GM’s driverless cars, citing safety risk Canada accuse China of ‘Spamouflage’ disinformation campaign Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, visit CISOseries.com.
10/25/2023 • 8 minutes, 31 seconds
Chrome IP Protection, Microsoft Security Copilot, Cisco patches IOS XE
Chrome testing IP Protection Microsoft tests Security Copilot Cisco releases IOS XE patches Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/24/2023 • 7 minutes, 33 seconds
Okta system attacked, another Cisco vulnerability, RagnarLocker arrest
Okta HAR support system attacked Cisco identifies additional IOS XE vulnerability Key Ragnar Locker player arrested in Paris Thanks to today's episode sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/23/2023 • 8 minutes, 20 seconds
Week in Review: Water cyber-regs rescinded, Cisco zero-day attacks, Signal debunks zero-day
Link to blog post This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Wilder, CISO, Community Veterinary Partners Thanks to our show sponsor, Vanta “Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta’s market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. All links and the video of this episode can be found on CISO Series.com
10/20/2023 • 22 minutes, 49 seconds
Cops sting RagnarLocker, more 23andMe leaks, Casio discloses breach
International sting operation brings down RagnarLocker More 23andMe records leaked Casio discloses data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/20/2023 • 7 minutes, 59 seconds
WinRAR exploitation, Five Eyes warns about China, ServiceNow data exposure
State-backed attackers exploit WinRAR zero-day Five Eyes warns of Chinese IP theft ServiceNow data exposure issue identified Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/19/2023 • 7 minutes, 59 seconds
Zero-day attacks affect 10,000 Cisco devices, US government warns of Confluence vuln exploitation, D-Link confirms data breach
Zero-day attacks affect over 10,000 Cisco devices US government warns of widespread exploitation of Confluence vulnerability D-Link confirms data breach caused by phishing attack Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, visit CISOseries.com.
10/18/2023 • 7 minutes, 59 seconds
Security camera warnings, Signal denies zero-day, Equifax fined in UK
Israeli government warns to secure home security cameras Signal debunks zero-day report Equifax fined for 2017 data breach Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount.
10/17/2023 • 7 minutes, 1 second
CDW possibly attacked, AvosLocker joint advisory, EPA rescinds water regs
LockBit claims attack on CDW FBI and CISA publish joint advisory regarding AvosLocker ransomware EPA rescinds cyber regulations for water sector Huge thanks to our sponsor, Vanta Growing a business? That likely means more tools, third-party vendors, and data sharing — AKA, way more risk. Vanta's market-leading trust management platform brings GRC and security efforts together. Integrate information from multiple systems and reduce risks to your business and your brand — all without the need for additional staffing. And by automating up to 90% of the work for SOC 2, ISO 27001, and more, you’ll be able to focus on strategy and security, not maintaining compliance. Join 5,000 fast-growing companies that leverage Vanta to manage risk and prove security in real-time. Our listeners get $1,000 off Vanta. Go to vanta.com/ciso to claim this discount. For the stories behind the headlines, head to CISOseries.com.
10/16/2023 • 7 minutes, 35 seconds
Week in Review: Internet-wide zero-day DDoS, 23andMe data breach, curl flaw overhyped
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Martin Choluj, VP Security ClickHouse Thanks to our show sponsor, Hyperproof Are you struggling to showcase the value of your work? It’s a classic challenge in the risk and compliance space: leadership just doesn’t understand what exactly you do and why it matters. With Hyperproof, the leading risk and compliance management platform, you get access to real-time reports that can help your leadership team understand the impact of the valuable work you do every day. Get a demo at hyperproof.io. All links and the video of this episode can be found on CISO Series.com
10/13/2023 • 27 minutes, 20 seconds
Microsoft thwarts Akira, Sullivan appeals conviction, ToddyCat targets telcos
Microsoft thwarts large-scale ransomware attack Former Uber CISO files appeal ToddyCat group targets telcos Thanks to today's episode sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today.
10/13/2023 • 7 minutes, 24 seconds
Hijacked 404 pages, Chinese attackers target Confluence, Adobe's "icon of transparency"
404 pages hijacked Atlassian Confluence attacked by state-backed actors Adobe’s “icon of transparency” Thanks to today's episode sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
10/12/2023 • 7 minutes, 21 seconds
Zero-day fuels largest-ever DDoS attack, 23andMe resets user passwords after data leak, Exchange gets ‘better’ patch for critical bug
Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets ‘better’ patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
10/11/2023 • 8 minutes, 41 seconds
Middle East hacktivists, Curl security flaw, HelloKitty improves ransomware
Hacktivist attacks abound in the Middle East Network protocol open-source tool Curl faces worst security flaw in a long time HelloKitty ransomware source code leaked on hacking forum Thanks to today's episode sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io. For the stories behind the headlines, head to CISOseries.com.
MGM Resorts quotes ransomware tab at $110 million Blackbaud in $49.5 million settlement for May 2020 ransomware attack 23andMe investigates breach claims Thanks to today's episode sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
10/9/2023 • 7 minutes, 41 seconds
Week in Review: Progress FTPbug, CloudFlare DDoS mistake, Lazarus Meta recruiters
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Bob Schuetter, CISO, Ashland Thanks to our show sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
10/6/2023 • 25 minutes, 30 seconds
Apple zero-day patch, Cisco 911 patch, ICS exposure warning
Apple rolls out patch for active iOS Zero-Day Cisco patches urgent Emergency Responder flaw Researchers warn of 100,000 exposed ICS systems Thanks to our episode sponsor, Conveyor We can all agree that AI can take one job from us: answering security questionnaires. Enter Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
10/6/2023 • 7 minutes, 37 seconds
Red Cross hacktivist rules, Looney Tunables hit Linux, CISA violates First Amendment
Red Cross issues hacktivist rules Looney Tunables hits major Linux distros CISA may have violated the First Amendment Thanks to our episode sponsor, Conveyor Will security questionnaires ever go away? Maybe. But as long as they’re still here, you might as well get AI to complete them for you. Enter Conveyor. The AI security questionnaire automation software that auto-generates 80-90% accurate answers to entire questionnaires in seconds so all you have to do is review. There’s even a browser extension for the world’s worst portals. Not sure if it’ll work for you? Try a free one-week proof of concept at www.conveyor.com.
10/5/2023 • 6 minutes, 29 seconds
GPU driver exploits, EU strengthens spyware protections, NSA's AI Security Center
Arm and Qualcomm warn about exploited GPU drivers EU Parliament strengthens spyware protections for journalists NSA creates AI Security Center Thanks to our episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? Then you might want to check out Conveyor: the AI security review platform helping infosec teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com.
10/4/2023 • 6 minutes, 46 seconds
Progress FTP bug under active exploit, Norway urges Europe-wide Meta data collection ban, KillNet claims attack against Royal Family website
Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. For the stories behind the headlines, visit CISOseries.com.
10/3/2023 • 7 minutes, 28 seconds
Cloudflare’s protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter
Cloudflare DDoS protections bypassed using Cloudflare McLaren Health Care becomes latest ALPHV/BlackCat victim Lazarus Group poses as Meta recruiters to spearfish Spanish engineers Thanks to our episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
10/2/2023 • 7 minutes, 8 seconds
Week in Review: New MOVEIt troubles, fallout from government email breach, H&R Block faces RICO charges
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Andrew Storms, VP of security, Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni. All links and the video of this episode can be found on CISO Series.com
9/29/2023 • 28 minutes, 31 seconds
Government email damage, Johnson Controls attacked, Google’s 5th zero-day
Chinese hackers stole emails from US State Dept in Microsoft breach Johnson Controls faces $51 million ransomware demand Google fixes year’s fifth Chrome zero-day Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/29/2023 • 7 minutes, 44 seconds
GPU pixel-stealing, info-stealing on GitHub, Sony hackers hit NTT Docomo
GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
9/28/2023 • 6 minutes, 34 seconds
Multiple threat actors lay claim to Sony hack, Philippines health org struggling with ransomware recovery, Flair Airlines leaked user data for months
Multiple threat actors lay claim to Sony hack Philippines health org struggling to recover from ransomware attack Canadian Flair Airlines leaked user data for months Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
9/27/2023 • 7 minutes, 41 seconds
Mixin Network breach, Kia and Hyundai thefts explode, stress testing voting equipment
Mixin Network loses $200 million Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization’s SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What’s behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they’re blind to the true extent of their SaaS attack surface risk. Don’t gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
Car audio manufacturer Clarion hacked – ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps’ unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That’s where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company’s most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/25/2023 • 7 minutes, 1 second
Week in Review: UK and US cyberlaws, Microsoft’s bad week, Cisco buys Splunk
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Shawn Bowen, CISO, World Kinect Corporation Thanks to our show sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com
9/22/2023 • 26 minutes, 49 seconds
UK’s new cyberlaws, Cisco buys Splunk, Transunion denies breach
UK launches comprehensive new online safety laws Cisco buys Splunk TransUnion denies breach Huge thanks to our sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. For the stories behind the headlines, head to CISOseries.com.
9/22/2023 • 7 minutes, 1 second
Canadian airport DDoS, Huawei ships chips, Signal goes post-quantum
Cyber attack disrupted Canadian airports Huawei ships chips for surveillance cameras Signal adds quantum-resistant encryption Huge thanks to our sponsor, Hyperproof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
9/21/2023 • 6 minutes, 18 seconds
DHS to simplify cyber incident reporting rules, UK passes Online Safety Bill, PIILOPUOTI marketplace takedown
DHS council seeks to simplify cyber incident reporting rules UK passes the Online Safety Bill Finland and Europol take down PIILOPUOTI marketplace Huge thanks to our sponsor, Hyperproof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
9/20/2023 • 7 minutes, 26 seconds
Microsoft leaks AI data, UK CMA AI principles, Germany warns of natural gas terminal attacks
Microsoft leaks terabytes of internal data UK CMA outlines principles for AI regulation Germany warns of attacks on LNG terminals Huge thanks to our sponsor, Hyperproof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
9/19/2023 • 7 minutes, 16 seconds
Lazarus hit CoinX, Thailand’s CardX breach, trucking software attack
Lazarus Group suspected in CoinEx robbery Thailand financial company CardX discloses leak Ransomware hits trucking software provider Huge thanks to our sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
9/18/2023 • 7 minutes, 16 seconds
Week in Review: Las Vegas heists, mental health, Tesla’s no-hands option
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Davi Ottenheimer, VP, Trust and Ethics, Inrupt Thanks to our show sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software – powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the show, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
Caesars reportedly paid millions to stop Scattered Spider Cybersecurity incident impacts Canada’s Weather Network Blocked LockBit affiliate deploys 3AM instead Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
9/15/2023 • 7 minutes, 12 seconds
US asks to not pay ransoms, CISA's open source roadmap, Save the Children ransomware attack
NSC asks governments not to pay ransoms CISA’s open source software security roadmap Save the Children hit with ransomware Huge thanks to our sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor - the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate answers and decreasing the time spent on questionnaire answering by 91%. We’re excited about the success customers like Lucid and Carta have seen using Conveyor. Try a free proof of concept at www.conveyor.com.
MGM Resorts slot machines and ATMs disrupted by "cybersecurity incident" Hackers access sensitive data of thousands of Airbus vendors Cryptoqueen’s sidekick sentenced for $4 billion scam Huge thanks to our sponsor, Conveyor Here’s how to measure if your security questionnaire answering software is effective. We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time. Ready for 80-90% auto-generated accurate answers so you can fly through your review? Then you should try Conveyor’s AI-security questionnaire automation tool. Don’t believe us? Try a free proof of concept at www.conveyor.com For the stories behind the headlines, visit CISOseries.com.
9/13/2023 • 8 minutes, 17 seconds
Rising infrastructure attacks, Sponsor backdoor, Sri Lanka loses data in attack
UK government sees record critical IT infrastructure attacks Charming Kitten unleashes Sponsor backdoor Ransomware costs Sri Lankan government months of data Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor’s AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That’s it. That’s the ad. We’ll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com.
Evil Telegram fake apps send spyware Akamai announces mitigation of largest DDoS on a US financial company Rhysida attacks three more hospitals Huge thanks to our sponsor, Conveyor What’s scarier than the Sunday scaries? Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor's AI security questionnaire automation tool, powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with Conveyor at www.conveyor.com For the stories behind the headlines, head to CISOseries.com.
9/11/2023 • 6 minutes, 57 seconds
Week in Review: Microsoft MSA answers, Keystroke monitoring software, G-Man Mudge
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Dan Walsh, CISO, VillageMD Thanks to our show sponsor, Comcast DataBee DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee. All links and the video of this episode can be found on CISO Series.com
9/8/2023 • 23 minutes, 6 seconds
China's MSA key hack, cyberwar crimes, North Korea targeting Russia
How Chinese hackers stole a Microsoft signing key The ICC to prosecute cyberwar crimes North Korean cyberattacks against Russian targets Thanks to today's episode sponsor, Comcast DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee.
CISA close to finalizing incident reporting rules Krebs on cracked LastPass keys Connected cars not great for privacy and security Thanks to today's episode sponsor, Comcast Are you still using whiteboards and pivoting between tools to find out who owns what data sources and the relationships between data points? It’s time to improve your OODA loop and enhance your security and compliance efforts with DataBee, from Comcast Technology Solutions. Learn how DataBee weaves together and enriches data from across the enterprise to provide deeper insights into your security, risk and compliance posture. Visit https://comca.st/DataBee.
9/7/2023 • 7 minutes, 9 seconds
CISA hires ‘Mudge’, Call for Congress to address AI-generated CSAM, Stake.com loses $41 million in crypto
CISA hires ‘Mudge’ to work on security-by-design principles All 50 states call on Congress to address AI-generated CSAM Stake.com loses $41 million to hot wallet hackers Thanks to today's episode sponsor, Comcast What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit https://comca.st/DataBee. For the stories behind the headlines, visit CISOseries.com.
9/6/2023 • 8 minutes, 5 seconds
PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks
New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks Thanks to today's episode sponsor, Comcast Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit https://comca.st/DataBee For the stories behind the headlines, head to CISOseries.com.
9/5/2023 • 7 minutes, 16 seconds
X collects employment histories, Sandworm Chisel analysis, Callaway breach
X to collect member employment data Technical details of Sandworm malware ‘Infamous Chisel’ released Golf club maker Callaway suffers breach Thanks to today's episode sponsor, Comcast DataBee “Data is the currency of the 21st century”, yet for so many cybersecurity professionals, it’s still too difficult to access, correlate and use this ‘currency’ for better, faster security and compliance decision-making. That’s why Comcast Technology Solutions created DataBee™, a cloud-native security data fabric platform that can help you turn your security data into valuable business ‘currency’. Learn more at https://comca.st/DataBee. For the stories behind the headlines, head to CISOseries.com.
Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
9/1/2023 • 7 minutes, 7 seconds
China hacked Japan's NISC, trafficking fuels cyber scams, China approves generative AI
Chinese threat actors breached Japan’s cybersecurity agency Human trafficking into cyber scams China set to approve first generative AI services Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
8/31/2023 • 7 minutes, 2 seconds
FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty
FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
8/30/2023 • 8 minutes, 19 seconds
UK flight outage, the malware Big 3, spyware firm breached
UK network outage grounds flights The malware loader Big 3 Another spyware firm breached Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
8/29/2023 • 6 minutes, 35 seconds
Cisco fixes flaws, Windows BSOD reappears, FBI Barracuda warning
Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
8/28/2023 • 7 minutes, 54 seconds
Week in Review: Health hackers evolve, generative AI cyberattacks, NK spooks drills
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com
Lazarus Group exploits ManageEngine to drop new RATS on internet and healthcare Vulnerabilities in Rockwell ThinManager threaten industrial control systems Mississippi hospital system suffers cyberattack Huge thanks to our sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don’t know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit to get started today. For the stories behind the headlines, head to CISOseries.com.
8/25/2023 • 7 minutes, 30 seconds
Tornado Cash indictment, UN cybercrime treaty, Lazarus crypto cashout
Tornado Cash developers face indictment UN begins final cybercrime treaty talks FBI warns of North Korean crypto cash out Huge thanks to our sponsor, HyperProof It’s more critical than ever to focus on strategically addressing risk, but how can you do it when working with limited resources? That’s where Hyperproof comes in: Hyperproof is a risk and compliance operations platform that helps you automate evidence collection, task management, and collaboration within your organization so you can focus on what matters most: keeping your company secure by prioritizing strategy, not manual processes. Get a demo at Hyperproof.io.
8/24/2023 • 6 minutes, 37 seconds
CISOs’ cybersecurity confidence, Healthcare cyberbreach report, Duo outage
CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents Cyber Health Report: Hacker entry point shifts from email to network Duo outage causes Azure Auth authentication errors Huge thanks to our sponsor, HyperProof We get it. You’re a risk manager or compliance professional, and you’re overworked. You’re trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, head to CISOseries.com.
8/23/2023 • 8 minutes, 36 seconds
ChatGPT botnet, Brits tip ransomware targets, Tesla's insider breach
ChatGPT used in crypto botnet Brits tipping off ransomware targets Tesla data breach caused by insiders Huge thanks to our sponsor, HyperProof Imagine. You have an audit coming up, but instead of the usual rush, you actually feel prepared. You’ve collected your evidence. You can see which risks have been mitigated. And best of all, you don’t have to send out any last-minute emails to other teams begging them for that one screenshot. Sounds like a dream, right? With Hyperproof’s risk and compliance platform, this could be your reality. Get a demo at hyperproof.io.
8/22/2023 • 7 minutes, 23 seconds
NK attacks drills, Android APK malware, space industry warning
North Korean hackers suspected of targeting S. Korea-US drills Android malware apps use APK compression to evade detection Security agencies warn space industry of increased attacks Huge thanks to our sponsor, HyperProof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.
8/21/2023 • 7 minutes, 17 seconds
Week in Review: Ford WiFi vulnerability, LockBit’s publication struggle, Government ZeroTrust confidence
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest, Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group Thanks to our show sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. All links and the video of this episode can be found on CISO Series.com
8/18/2023 • 26 minutes
Cybercriminals finetune AI, Government ZeroTrust confidence, Citrix vulnerability warning
Influence operators fine-tuning AI to deceive targets 67% of government agencies claim confidence in adopting zero trust CISA warns of urgent Citrix vulnerability Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.
8/18/2023 • 6 minutes, 48 seconds
LockBit struggles, Google's quantum resilient key, orgs excitedly unprepared for AI
LockBit struggles to publish leaked data Google’s quantum resilient security key Organizations optimistic and unprepared for AI Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
8/17/2023 • 6 minutes, 44 seconds
LinkedIn accounts hijacked, Chinese spies hack US congressman's email, US watchdog plans to regulate data brokers
Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, visit CISOseries.com.
8/16/2023 • 7 minutes, 20 seconds
Moovit bug, Black Hat's NOC, DDoS origins
Moovit bug allowed for free rides A look at Black Hat’s network operations center Business and gaming disputes lead to DDoS attacks Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
8/15/2023 • 6 minutes, 57 seconds
Ford WiFi vulnerability, Government reviews Azure hack, TripAdvisor ransomware
Ford says cars with WiFi vulnerability still safe to drive Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack Knight ransomware distributed in fake TripAdvisor complaint emails Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.
8/14/2023 • 8 minutes, 35 seconds
Week in Review: Microsoft slapped by Tenable, Tampa Hospital lawsuit, Zoom's AI decision
Link to blog post This week’s Cyber Security Headlines – Week in Review, August 7-11, is hosted by Rich Stroffolino with guest, Michael Woods, CISO, GE Thanks to our show sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at Conveyor. All links and the video of this episode can be found on CISO Series.com
8/11/2023 • 24 minutes, 44 seconds
CISA’s .NET warning, Compellent exposes VMWare, DEFCON AI challenge
CISA Warns organizations of exploited vulnerability affecting .NET, Visual Studio Dell Compellent hardcoded key exposes VMware vCenter admin creds DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas Thanks to today's episode sponsor, Conveyor We can all agree there’s one thing the AI bots can take from us: completing customer security questionnaires. That’s why we built Conveyor’s GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It’s so accurate, your customers can now use it in our new ‘upload questions to trust portal’ feature. It’s exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.
8/11/2023 • 8 minutes, 12 seconds
AI Cyber Challenge, eavesdropping typing app, Android cellular security
AI Cyber Challenge announced at Black Hat Tencent typing app had real time “eavesdropper” Google adds cellular security to Android Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are HUNDREDS of questions long are no match for Conveyor’s GPT-security questionnaire tool - the most accurate questionnaire automation tool on the market. It’s so accurate that you can even let customers upload their own questions in your portal to get instant answers generated from your content. For questionnaires you still need complete, infosec and sales teams are spending 89% less time on answering questionnaires because they’re getting accurate answers to entire questionnaires that they don’t have to re-write. Try a free proof of concept with your own data. Learn more at www.conveyor.com
8/10/2023 • 7 minutes, 23 seconds
Google’s Messages app now encrypts chats, Electoral Commission apologizes to UK voters, Banks hit with fines for using chat apps
Google’s Messages app now uses RCS to encrypt chats Electoral Commission apologizes for security breach involving UK voters’ data Banks hit with over $500 million in fines for using out-of-band chat apps Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
White House rolls out school cyber initiatives North Koreans breach Russian missile developer Large language models getting worse at math Thanks to today's episode sponsor, Conveyor GPT for security questionnaires? Conveyor has already built that for you. Conveyor’s GPT-questionnaire response tool is so accurate, you can use it in two ways. One: Let your customers upload their own questions in your trust portal to get AI-generated answers based on the content in your portal. And Two: It’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Try a free proof of concept with your own data to see it in action. Learn more at www.conveyor.com
8/8/2023 • 6 minutes, 31 seconds
Tenable smacks Microsoft, hospital ransomware attacks, accurate acoustic spyware
Microsoft resolves vulnerability following criticism from Tenable CEO FBI investigating ransomware attack crippling hospitals across 4 states New acoustic attack steals data from keystrokes with 95% accuracy Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It’s Conveyor’s GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It’s so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it’s not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
8/7/2023 • 7 minutes, 40 seconds
Week in Review: IDOR vulnerability warning, Israel refinery cyberattack, spies bemoan AI training
Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 31-August 4, is hosted by Rich Stroffolino with guest, Jeff Hudesman, CISO, Pinwheel Thanks to our show sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal’s mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit opal.dev.
8/4/2023 • 22 minutes, 31 seconds
Fortinet tops vuln list, malicious Chrome Rilite, more Ivanti issues
Fortinet VPN bug tops CISA’s list of most exploited vulnerabilities in 2022 Chrome malware Rilide targets enterprise users via PowerPoint guides Researchers discover bypass for recently fixed Ivanti EPMM vulnerability Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.
8/4/2023 • 8 minutes, 27 seconds
Australia considers WeChat ban, US company aiding APTs, Veilid coming to DEF CON
Australian Senate recommends banning WeChat US company accused of aiding APT Hacking group to detail P2P protocol at DEF CON Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
8/3/2023 • 6 minutes, 40 seconds
Musk sues disinformation researchers, Cloud host found facilitating state-backed cyberattacks, UK spy agencies want to relax ‘burdensome’ AI laws
Musk sues disinformation researchers for driving away advertisers Researchers claim cloud host facilitated state-backed cyberattacks UK spy agencies want to relax ‘burdensome’ laws on AI data use Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, visit CISOseries.com.
8/2/2023 • 7 minutes, 52 seconds
National plan for cyber education, DeFi code exploit, study on cyber insurance
White House releases National Cyber and Workforce Education Strategy Latest DeFi exploit sees millions in losses No link found between cyber insurance and paying ransoms Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev.
8/1/2023 • 6 minutes, 23 seconds
Israel refinery cyberattack, TSA pipeline guidelines, CISA’s IDOR warning
Israel’s largest oil refinery website offline amid cyber attack claims TSA renews cybersecurity guidelines for pipelines CISA AND Australia warn of IDOR vulnerabilities after major breaches Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.
7/31/2023 • 8 minutes, 33 seconds
Week in Review: Stolen Microsoft key, government Maximus breach, Clop on clearweb
Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 24-28, is hosted by Rich Stroffolino with guest, TC Niedzialkowski, CISO, Nextdoor Thanks to today’s episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. All links and the video of this episode can be found on CISO Series.com
7/28/2023 • 23 minutes, 49 seconds
Maximus breach, Ubuntu Linux vulnerabilities, Cardio company cyberattack
Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
7/28/2023 • 8 minutes, 15 seconds
Cyber exec convicted, SEC disclosure, how the government gets breached
Russian court convicts cyber security executive of treason SEC to require incident disclosure Government cyber attacks rely on valid credentials Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
7/27/2023 • 6 minutes, 49 seconds
TETRA encryption flaws, Zenbleed strikes, Norway's government hit with Ivanti flaw
Vulnerability found in TETRA encryption Ryzen CPUs vulnerable to Zenbleed exploit Norwegian government breached with Ivanti zero-day Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com.
7/26/2023 • 6 minutes, 37 seconds
Cyber Security Headlines: Clop leaks on clearweb, EU pushes back on CSA centralization, rising data breach costs
Clop moves leaked data to clearweb sites EU governments push back on centralized cyber reporting Cost of data breaches up 15% Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don’t wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
7/25/2023 • 6 minutes, 50 seconds
Azure hack deepens, JumpCloud is Lazarus, DHL MOVEIt victim
Microsoft key stolen by Chinese hackers provided access far beyond Outlook JumpCloud breach traced back to North Korean state hackers DHL investigating MOVEit breach as number of victims surpasses 20 million Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
7/24/2023 • 8 minutes, 35 seconds
Week in Review: Fast acting Gamaredon, WormGPT AI weapon, Microsoft Azure mystery
Link to Blog Post This week’s Cyber Security Headlines – Week in Review, July 17-21, is hosted by Rich Stroffolino with our guest, Dimitri van Zantvliet, CISO, Dutch Railways Thanks to our show sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more here. All links and the video of this episode can be found on CISO Series.com
7/21/2023 • 23 minutes, 35 seconds
New Redis worm, more ColdFusion confusion, Estée Lauder breached
New P2PInfect worm targeting Redis servers on Linux and Windows systems Adobe releases new patches for exploited ColdFusion vulnerabilities Estée Lauder breached by two ransomware groups And now a word from our sponsor, OpenVPN According to Oriel Hernan Villalba Pinzetta, a System Administrator with CEDEC’s cybersecurity and IT department, “The pandemic meant we could not come to the office, and we needed to facilitate access to our local resources,” says Villalba. “Cloud Connexa was really easy and fast to set up, two things we really needed in that moment.” Read more at the link in our show notes. For the stories behind the headlines, head to CISOseries.com.
7/21/2023 • 7 minutes, 51 seconds
A rise in complex DDoS attacks, Mi6 warns of data traps, Microsoft expands log access
Complex DDoS attacks on the rise MI6 warns of Chinese data traps Microsoft expands cloud log access And now a word from our sponsor, OpenVPN Karim Hakim, CTO at Hakim Misr Paco, says that CloudConnexa has given him some long-sought peace of mind. “OpenVPN has helped my company to access remote nodes securely without worrying about security protocols,” he says. “My company has been looking for a similar solution for years, and we finally got what we were looking for.” Read more at the link in our show notes.