CISOs Into Americas Boardrooms The SEC Is About To Force CISOs Into America’s Boardrooms What changes will boardroom cyber expertise bring about to the cyber industry, cyber risk, and corporate governance? An article by Bob Zukis via Forbes This year is the twentieth anniversary of the U.S. legislation known as The Sarbanes-Oxley Act (SOX). The SEC moved quickly on SOX given the existential threat...
Kaseya VSA Breach Consequences of Security Failures The world has witnessed another large-scale cyber-attack. On July 2, 2021, Kaseya, an IT Systems Management software firm, disclosed a security incident impacting their on-premises version of Kaseya’s Virtual System Administrator (VSA) software. The result was up to 1500 companies being held hostage to a significant ransom demand. Incidents such as these are becoming more commonplace. We are seeing...
Mercedes Benz AMG Data Breach I regret to inform all of you that I just received an email from Mercedes Benz AMG stating my data which is hold by them has been hacked :( I am one of the 1000 AMG victims and again on of the 1.6 million victims which is hit in the Mercedes-Benz data breach , here are...
SunBurst APT against Solarwinds , mapped to Kill Chain Following the attack on FireEye, the details are revealed and the US Department of Homeland Security (DHS) has issued an Emergency Directive (ED) regarding a backdoor being exploited in SolarWinds Orion products. Several victims have been identified that has been infected using the same attack. Fireeye initiated first analysis upon the findings...
SolarWinds Onion in Shodan As of yesterday there is 1688 open @solarwinds Orion systems . You can easily find them on @shodanhq #SolarWinds #Orion .Just use the http.favicon string ... I will write an detailed blog post later To read more (more…)
CIO Tech Asia : Living The Life In Tech Free CIO Tech Asia has invited me to join them for a podcast where we discussed some of the major cybersecurity threats currently facing businesses in 2020 and beyond, while providing deeper insights around the steps CISOs need to take to better prepare themselves for when an attack occurs. l also delve deep...
Hackers steal 19 years worth of data News from ESET We Live Security A premier Australian university has disclosed a cyberattack that compromised the personal information of its students and staff extending back nearly two decades. “We believe there was unauthorized access to significant amounts of personal staff, student and visitor data extending back 19 years,” reads a statement from Brian Schmidt, Vice-Chancellor of...
10 years of virtual dynamite: A high-level retrospective of ATM malware POSTED BY VANJA SVAJCE via Talos Intelligence Executive summary It has been 10 years since the discovery of Skimer, first malware specifically designed to attack automated teller machines (ATMs). At the time, the learning curve for understanding its functionality was rather steep and analysis required specific knowledge of a manufacturer's ATM API functions...
The NEW Security baseline for Windows While I was still a Full-Time Employee at Microsoft I was fully aware of this “new baseline” recommendations, but I was waiting for the final announcement which came yesterday from my good friend Aaron Margosis, Here is the new security configuration baseline settings for Windows 10 and Windows Server (version 1903) Please note that the new Windows...
14 Recommended web sites for IT Security Pros As a Trusted Security Advisor at Microsoft, I used to receive if not hundreds, tens of emails nearly every day from people across the globe asking my help on how they become a Security Professional.Of course, this is not a one-night thing, or there is no secret recipe or a short cut, to...
