Cyber Security Headlines (CISO Series)
Explorez tous les épisodes de Cyber Security Headlines
| Date | Titre | Durée | |
|---|---|---|---|
| 12 Sep 2023 | Rising infrastructure attacks, Sponsor backdoor, Sri Lanka loses data in attack | 00:07:43 | |
UK government sees record critical IT infrastructure attacks Charming Kitten unleashes Sponsor backdoor Ransomware costs Sri Lankan government months of data Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor’s security questionnaire automation software - powered by OpenAI. | |||
| 22 Jun 2022 | June 22, 2022 | 00:07:22 | |
Cloudflare outage impacts crypto exchanges Biden signs a pair of cybersecurity bills 7-zip now supports Windows ‘Mark-of-the-Web’ security feature Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: For the stories behind the headlines, head to CISOseries.com | |||
| 01 Sep 2020 | September 1, 2020 | 00:05:40 | |
Apple accidentally notarized malware on macOS Security researchers detail a Netwalker play-by-play Mozilla find out "Why We Still Can't Browse in Peace" Thanks to our sponsor, Trusona. Trusona enables enterprises to provide enhanced security and usability to the workforce by removing passwords from the Windows 10 login experience. The solution works with your existing infrastructure without requiring any software or hardware upgrades like Windows Hello, cameras, biometric readers or on-premises servers — making it the most cost-effective and user-friendly to deploy. For more, head to CISOSeries.com | |||
| 21 Feb 2023 | Samsung guards against zero-clicks, ransomware cat and mouse, Norway seizes Laxarus crypto | 00:07:22 | |
Samsung guards against zero-click attacks Rethinking ransomware cat and mouse Norway seizes Lazarus Group crypto Thanks to this week's episode sponsor, Barricade Cyber Solutions
Have you fallen victim to a ransomware attack? Don't worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Our proprietary ransomware recovery services are designed to quickly get your business back on track. Our team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on us to the security of your data and systems. Visit barricadecyber.com | |||
| 13 Nov 2024 | Giant Food cyberattack, Snowflake suspects indicted, zero-day vulnerability surge | 00:07:45 | |
Dutch cybersecurity incident affects Giant Food and Hannaford Indictment against Snowflake breach suspects is released Surge in zero-day vulnerability exploits is new normal, says Five Eyes Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. Get the stories behind the headlines at CISOSeries.com | |||
| 08 Oct 2021 | Week in Review – Oct 4-8, 2021 | 00:22:05 | |
This week’s Cyber Security Headlines – Week in Review, Oct 4-8, is hosted by Rich Stroffolino with our guest, Adrian Ludwig, Chief Trust Officer, Atlassian Thanks to our episode sponsor, Votiro
Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year. All links and the video of this episode can be found on CISO Series.com
| |||
| 30 Jun 2023 | Week in Review: SolarWinds CISO blamed, Military smartwatch mystery, submarine cable risk | 00:24:10 | |
Link to Blog Post This week’s Cyber Security Headlines – Week in Review, June 26-30, is hosted by Rich Stroffolino with our guest, Cassio Goldschmidt, CISO, ServiceTitan Thanks to our show sponsor, AppOmni
Over provisioned users could expose your organization’s most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni’s identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. All links and the video of this episode can be found on CISO Series.com
| |||
| 09 Nov 2021 | November 9, 2021 | 00:06:27 | |
US infrastructure bill includes cybersecurity provisions Chipmakers respond to US call for supply chain info REvil hackers arrested Thanks to our episode sponsor, Vulcan Cyber Ryan Gurney spent years as CSO and security exec for companies like Google Looker, Zendesk, Engine Yard, and eBay. Ryan has seen a few things and is done pretending cyber security is something it isn’t. Attend the Vulcan Cyber virtual summit on December 9th to get Ryan’s take on the difference between negligent and effective cyber security. It’s a fine line. Go to vulcan.io and click the button at the top of the screen to register for the event. | |||
| 30 Apr 2021 | April 30, 2021 | 00:06:52 | |
Babuk ransomware operators announce shutdown Now we need to worry about deepfake satellite images QNAP hit with AgeLocker ransomware Thanks to our episode sponsor, Aptible
Compliance teams have a ton of work to do such as completing access reviews, mitigating risks, and collecting evidence towards an audit pst Aptible Comply can help automate all of those things. The last thing the compliance team should be spending time on is sharing infosec documentation. That’s why we also created Rooms. Now your security docs are instantly available to your customers; no back-and-forth to sign NDAs, watermark docs, or provide new docs. Focus on compliance and help the sales team close deals with Rooms. Go to aptible.com/ciso to create your free Room now. | |||
| 11 Jul 2024 | Australia targets foreign tech, banks sunset OTP, Veeam vulnerability exploited | 00:07:06 | |
Australia targets government tech under foreign control Singapore banks replace OTP with digital tokens New group targets Veeam vulnerability Thanks to today's episode sponsor, Entro
What are you doing to secure your company’s non-human identities? Vaults and scanners are helpful, but they don’t give the context for where your secrets are, how they’re being used, or when it’s time to remove or rotate them. The entro platform provides automated lifecycle management and seamless integration, ensuring comprehensive security & compliance through a unified and easy to use interface. Visit https://entro.security/ to learn more. | |||
| 19 Jun 2023 | Microsoft’s June cyberattacks, third MOVEit vulnerability, US Clop bounty | 00:07:18 | |
Microsoft says early June service outages were cyberattacks Third MOVEit vulnerability raises alarms as US Agriculture Department says it may be impacted US govt offers $10 million bounty for info on Clop ransomware Thanks to today's episode sponsor, Wing Security
The folks at Wing believe that SaaS Shadow IT discovery is the basic first step to securing your SaaS usage. They believe it so strongly that they launched a completely free SaaS Shadow IT Discovery solution. Check out wing.security to self-onboard today, no strings attached, no time limit. Wing.security. For the stories behind the headlines, head to CISOseries.com. | |||
| 14 Jun 2022 | June 14, 2022 | 00:06:50 | |
Leaky continuous integration logs Exchange servers used to deploy Black Cat Bluetooth can be used to track phones Thanks to today’s episode sponsor, Datadog
Check out Datadog's on-demand fireside chat with CTO Cormac Brady. Over the course of his 20+ year career at Thomson Reuters, Cormac consistently built bridges between technical teams—and in the process helped teams achieve superior results and earned himself senior leadership positions. Watch now at datadoghq.com/ciso/ | |||
| 30 Sep 2021 | September 30, 2021 | 00:07:01 | |
Ransomware gangs cause headaches for hacker forums too Don’t look a Grifthorse in the mouth Ransomware’s impact on patient care Thanks to our episode sponsor, VMware
INCIDENT RESPONSE FIRMS ENGAGE POST-BREACH – IT’S A FASCINATING VANTAGE POINT WITH LESSONS TO LEARN. Join me and thousands of our peers at VMworld 2021 to hear Dr. Amelia Estwick, Director of Threat Research here at VMware, share her perspective on the ground truth for organizations that have experienced breaches. Not to be missed! Register today at vmware.com/vmworld | |||
| 15 May 2024 | Singing River breach, D-Link exploit released, Google AI spots scams | 00:09:00 | |
Singing River patient data was swiped in ransomware attack PoC exploit released for D-Link router zero-day Google to use GenAI to help identify phone scams Thanks to today's episode sponsor, Vanta
Are lengthy security reviews pulling attention away from your security program? For the stories behind the headlines, head to CISOseries.com. | |||
| 21 Mar 2022 | March 21, 2022 | 00:07:57 | |
CISA, FBI tell satellite communications network owners to watch out for hacks after Ukraine attack Hackers claim to breach TransUnion South Africa with 'Password' password Developer sabotages own npm module prompting open-source supply chain security questions Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com. | |||
| 02 Feb 2023 | FDIC cyber risk improvements, high-risk containers, record crypto hacks | 00:06:55 | |
Watchdog calls for improved bank cyber testing Containers hold high-risk vulnerabilities 2022 set a record for crypto hacks Thanks to this week's episode sponsor, Hunters
Hunters is a complete SOC platform, purpose built for your Security Operations team. Hunters’ brand new IOC Search is a game-changing search tool that determines if a known ‘Indicator of Compromise’ has been in your organization’s environment - without needing to write a single line of code. Type an IOC into the search bar, hit ‘enter’ and get results within seconds. Visit hunters.ai to learn more. | |||
| 12 Oct 2021 | October 12, 2021 | 00:06:57 | |
Microsoft report details the changing cybercrime landscape LibreOffice issues fix for signed document spoofing You got nuclear secrets in my peanut butter! Thanks to our episode sponsor, Bitsight
Did you know that 1-in-10 organizations are now creating cybersecurity-specific committees at the board level? From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com | |||
| 03 Nov 2020 | November 3, 2020 | 00:06:07 | |
Twitter clarifies its election results policy Google discloses Windows zero-day Maze ransomware operators call it quits Thanks to our sponsor, Trusona.
Trusona enables enterprises to secure and simplify user access by removing passwords from the Windows 10 login experience. With a single desktop sign-in using Trusona’s passwordless MFA, employees are automatically authenticated into Office 365 or their SSO, giving them secure access to all of their corporate applications. Give your workforce a solution they don’t have to work around. For more on all the stories, head to CISOseries.com. | |||
| 20 Nov 2023 | Clorox CISO departure, BlackCat’s SEC complaint, Dudley interim NCD | 00:07:09 | |
Clorox CISO departs months after cyberattack ALPHV/BlackCat Ransomware gang files SEC complaint Drenan Dudley acting national cyber director while Coker confirmation process continues Thanks to today's episode sponsor, Egress People are the biggest risk to your organizations' security and they are most vulnerable when using email. For the stories behind the headlines, head to CISOseries.com | |||
| 22 Apr 2022 | April 22, 2022 | 00:08:36 | |
Critical chipset bugs open millions of Android devices to remote spying New Five Eyes alert warns of Russian threats targeting critical infrastructure Machine-learning models vulnerable to undetectable backdoors And here’s a word from our sponsor, Votiro
Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com. | |||
| 21 Apr 2023 | Microsoft 365 outage, Capita burglary evidence, 3CX attack update | 00:07:40 | |
Microsoft 365 outage blocks access to web apps and services Capita has 'evidence' customer data was stolen in digital burglary 3CX supply chain attack was the result of a previous supply chain attack Thanks to today's episode sponsor, Pentera
This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. For the stories behind the headlines, head to CISOseries.com. | |||
| 16 Jun 2023 | US federal agencies affected by MOVEit breach, Pentagon leak suspect indicted, Suspected LockBit ransomware affiliate nabbed | 00:07:35 | |
US federal agencies affected by MOVEit vulnerability Pentagon leak suspect indicted by a federal grand jury Suspected LockBit ransomware affiliate nabbed Thanks to today's episode sponsor, Conveyor Your scariest questionnaires that are hundreds of questions long are no match for Conveyor’s GPT-questionnaire tool - now with a browser extension for complex portals. For the stories behind the headlines, visit CISOseries.com.
| |||
| 27 Aug 2024 | SonicWall access flaw, Microsoft security summit, Telegram details | 00:07:05 | |
SonicWall warns of critical access control flaw Microsoft to host security summit More details on Telegram CEO’s arrest Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.
Find the stories behind the headlines at CISOSeries.com | |||
| 30 Apr 2024 | USPS phishing, UK IoT law, industrial USB attacks | 00:07:06 | |
USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? Dropzone.ai's AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit dropzone.ai to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can. | |||
| 26 Oct 2021 | October 26, 2021 | 00:06:37 | |
Microsoft report on Nobelium Healthcare organizations struggle with breaches ProtonMail wins appeal on surveillance data And now a word from our sponsor, Banyan Security
Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments. | |||
| 16 Feb 2024 | Week in Review: LLMs improve cyberattacks, Rhysida gets decrypted, US Blackcat bounty | 00:24:55 | |
Link to blog post This week’s Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta
From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
| |||
| 24 Sep 2021 | Week in Review - Sep 20-24, 2021 | 00:22:20 | |
This week’s Cyber Security Headlines – Week in Review, Sep 20-24, 2021, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, Edelman Financial Engines Thanks to our episode sponsor, Kanu Solutions
Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions’ Lunch-n-Learn by registering at kanusolutions.com/events. All links and the video of this episode can be found on CISO Series.com
| |||
| 15 Jan 2025 | Snyk’s mysterious package, Baltic cable suspicions, second BeyondTrust vulnerability | 00:07:09 | |
Snyk mysteriously deploys apparently malicious packages Baltic sea cable cuts can’t be accident, says EU tech chief CISA warns of second BeyondTrust vulnerability Huge thanks to our sponsor, Dropzone AI Does your SOC feel like it’s drowning in alerts? Dropzone AI cuts through the noise, triaging 100% of alerts and giving you clear, actionable insights. Ready to break free? Check out the demo at dropzone.ai. For the stories behind the headlines, head on over to CISOSeries.com | |||
| 17 Mar 2021 | March 17, 2021 | 00:06:57 | |
Microsoft shares one-click ProxyLogon mitigation tool for Exchange servers Microsoft Teams, Exchange and more went down for four hours on Monday Signal is down in China after 100 million reported downloads Thanks to our episode sponsor, Trend Micro
The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO For the stories behind the headlines, head to CISOseries.com. | |||
| 21 Sep 2021 | September 21, 2021 | 00:06:57 | |
Google expands app permissions reset Epik confirms it got hacked Telegram suspends Russian election bots Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events.
| |||
| 03 Oct 2023 | Progress FTP bug under active exploit, Norway urges Europe-wide Meta data collection ban, KillNet claims attack against Royal Family website | 00:07:28 | |
Critical Progress FTP bug now being exploited in attacks Norway urges Europe-wide ban on Meta's targeted data collection KillNet claims DDoS attack against Royal Family website Thanks to our episode sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? For the stories behind the headlines, visit CISOseries.com. | |||
| 20 Feb 2025 | Signal conversations hacked, Ransomware group hits infrastructure, Patch Palo Alto flaw | 00:09:04 | |
Russian hackers tap into Signal conversations Ransomware group hits critical infrastructure globally CISA says patch Palo Alto flaw immediately Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. | |||
| 29 Jun 2021 | June 29, 2021 | 00:07:03 | |
Windows 11 CPU confusion continues EA ignored domain vulnerabilities for months Ransomware increasingly hiding in VMs Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions slash-sessions -- to learn how self-protecting data equals peace of mind. | |||
| 23 Aug 2021 | August 23, 2021 | 00:08:08 | |
Microsoft Exchange under attack with ProxyShell flaws Australians hit by ‘Flubot’ malware that arrives by text message Cyberattack hits State Department Thanks to our episode sponsor, Privacy.com
Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com.
| |||
| 25 Aug 2021 | August 25, 2021 | 00:07:48 | |
Modded WhatsApp delivers Triada trojan Bahraini activists targeted with new iOS zero-click exploit New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them Thanks to our episode sponsor, Privacy.com
Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com.
| |||
| 02 Feb 2024 | FBI Director’s warning, Apple flaw warning, Pentagon supplier breach | 00:07:51 | |
FBI director warns of Chinese hacker threat to U.S. critical infrastructure CISA warns of exploited Apple flaw Pentagon Intelligence supplier allegedly hacked Thanks to today's episode sponsor, Vanta
From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, visit CISOseries.com. | |||
| 30 Aug 2023 | FBI dismantles Qakbot operation, University of Michigan cuts internet after cyberattack, Microsoft criticizes UN cybercrime treaty | 00:08:19 | |
FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni
Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. For the stories behind the headlines, visit CISOseries.com. | |||
| 24 Feb 2022 | February 24, 2022 | 00:06:40 | |
Samsung shipped devices with flawed encryption New York state gets cybersecurity center Microsoft Defender adds support for GCP Thanks to our episode sponsor, Tines
Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. | |||
| 18 Jan 2024 | Drone threats, PixieFail firmware, HIBP dataset | 00:07:03 | |
Chinese drones considered national security threat PixieFail could spell trouble for cloud providers Have I Been Pwned adds “statistically significant” data leak Huge thanks to our sponsor, Savvy Security
Shadow identities on SaaS apps are growing unchecked, rapidly expanding an attack surface where businesses have little-to-no visibility or control. Savvy helps security teams safely embrace SaaS benefits by automating the discovery and removal of the most toxic combinations of SaaS identity risk. Savvy’s automation playbooks and just-in-time security guardrails guide users at scale towards proper identity hygiene. That’s Savvy—Identity-First SaaS Security. Learn more at savvy.security/headlines. | |||
| 04 Jun 2021 | June 4, 2021 | 00:08:21 | |
NYC transportation authority hacked using Pulse Secure zero-day Cybercriminals hold contest to find new cryptocurrency exploits FBI confirms REvil as JBS ransomware attacker Thanks to our episode sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. For the stories behind the headlines, head to CISOseries.com | |||
| 30 Mar 2022 | March 30, 2022 | 00:07:42 | |
Ukraine destroys panic-spreading bot farms Yandex is sending iOS user data to Russia Ronin Network victimized in record-breaking crypto heist Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis’ leading data security platform. For the stories behind the headlines, visit CISOseries.com. | |||
| 07 Feb 2025 | Outlook RCE bug, Kimsuky forceCopy malware, Treasury tightens DOGE | 00:07:48 | |
Critical RCE bug in Microsoft Outlook now exploited in attacks Kimsuky uses forceCopy malware to steal browser-stored credentials Treasury agrees to block additional DOGE staff from accessing sensitive payment systems Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. Find the stories behind the headlines at CISOseries.com. | |||
| 05 Sep 2024 | Spyware research, Cicada rebrand, MacroPack malware | 00:07:05 | |
Spyware research report They found a way to make Cicadas more annoying MacroPack red teaming tool used for malware Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io. | |||
| 21 Oct 2020 | October 21, 2020 | 00:06:56 | |
Justice Department charges Google in antitrust lawsuit Microsoft partners with SpaceX to launch Azure Space initiative Twitter is temporarily changing how you retweet Thanks to our episode sponsor, SecureLayer7.
Getting rid of vulnerabilities within the systems can be quite an intricate task. But why bother with anything else when there is an all in one cybersecurity package for organizations. A platform where existing, and prospective vulnerability threats can be identified and mitigated through their pentests within set time slots. For the stories behind the headlines, go to CISOseries.com. | |||
| 06 Feb 2025 | Spain arrests hacker, FCC Robocallers, Ransoms decrease 35% | 00:08:48 | |
Spain arrests hacker of U.S. and Spanish military agencies Robocallers called the FCC pretending to be from the FCC Ransomware payments decreased 35% year-over-year Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com. For the stories behind the headlines, visit CISOseries.com. | |||
| 23 Nov 2022 | Twitter enlists George Hotz, $575 million crypto scheme, DrafKings $300K theft | 00:07:33 | |
Twitter enlists hacker George Hotz for 12 week “internship” Estonian duo arrested for masterminding $575 million Ponzi scheme Hackers steal $300K from DraftKings customers Thanks to today’s episode sponsor, Compyl
Preparing a Thanksgiving meal can be stressful, but managing your security and compliance program doesn't have to be. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete visibility and comprehensive reporting along the way. Learn about Compyl today at www.compyl.com. For the stories behind the headlines, visit CISOseries.com | |||
| 13 Jul 2022 | FTC anonymization crackdown, TikTok privacy change, gov't contractor pays $9 million | 00:07:15 | |
FTC is cracking down on false claims of anonymizing data TikTok halts privacy policy change in Europe Government contractor pays $9 million over whistleblower allegations Thanks to today’s episode sponsor, Edgescan
Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com | |||
| 05 May 2023 | Royal ransoms Dallas, new PaperCut exploit, CISA’s Mirai warning | 00:08:23 | |
City of Dallas hit by Royal ransomware attack impacting IT services Researchers uncover new exploit for PaperCut vulnerability that can bypass detection Mirai botnet loves exploiting unpatched TP-Link routers, CISA warns Thanks to today's episode sponsor, TrendMicro
Cybersecurity is not just about protection, it’s about foresight, agility, and resilience. For the stories behind the headlines, head to CISOseries.com. | |||
| 02 Sep 2021 | September 2, 2021 | 00:07:02 | |
BrakTooth bites major SoC vendors The cost of ransomware to schools Posts surrounding January 6th disappear from Facebook data Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com. | |||
| 07 Dec 2020 | December 7, 2020 | 00:06:56 | |
Drug dealers offer Pfizer vaccine on the Dark Web Data theft from Italian defense manufacturer was an inside job Philadelphia food bank loses $1 million in BEC scam Thanks to our sponsor, Code42.
Code42 is a cybersecurity company that offers a completely new approach to the old problem of insider threats. Code42’s insider risk platform, Incydr, helps organizations foster a culture of speed and collaboration while still preventing data loss – without blocking. Learn more at Code42.com. For the stories behind the headlines, go to CISOseries.com. | |||
| 01 Aug 2023 | National plan for cyber education, DeFi code exploit, study on cyber insurance | 00:06:23 | |
White House releases National Cyber and Workforce Education Strategy Latest DeFi exploit sees millions in losses No link found between cyber insurance and paying ransoms Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. | |||
| 02 Mar 2023 | Russia bans foreign messaging apps, GitHub scans for secrets, Bootkit beats Secure Boot | 00:07:06 | |
Russia bans foreign private messaging apps GitHub expands secret scanning Bootkit bypasses Secure Boot Thanks to this week's episode sponsor, Conveyor “I HATE security questionnaires with the fury of a thousand suns.” said one of our customers. Makes sense, since tools used to answer them haven’t changed in years. At Conveyor, we’re on a mission to get teams out of the questionnaire stone age by implementing GPT-3 into our first-of-its-kind questionnaire eliminator. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. | |||
| 24 Jun 2021 | June 24, 2021 | 00:08:43 | |
Antivirus pioneer John McAfee found dead in Spanish prison MITRE releases D3FEND framework Tulsa issues fraud warning after police citation leak Thanks to our episode sponsor, RevCult
On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com | |||
| 07 Aug 2024 | Android kernel zero-day, voter portal flaw, ransomware as terrorism | 00:08:15 | |
Google patches Android kernel zero-day Researchers find flaws in Georgia voter portal Law would make ransomware a terrorist threat Huge thanks to our sponsor, Vanta | |||
| 16 Sep 2020 | September 16, 2020 | 00:06:43 | |
Senator calls for US to reject Oracle’s TikTok deal MFA bypass bugs opened Microsoft 365 to attack Ex-Facebook employee reveals extent of bot manipulation intended for political gain Thanks to our sponsor, Dtex Systems
Forget projects, get answers. Start preventing insider threats, stopping data loss, and monitoring remote employees in minutes, not days. And do it all without invading user privacy. DTEX Systems helps enterprises run safer and smarter with a first-of-its-kind human-centric approach to enterprise operational intelligence. Learn more and start a free 30-day trial at dtexsystems.com. For more on CISO Series, go to cisoseries.com. | |||
| 19 Mar 2021 | March 19, 2021 | 00:08:36 | |
Over $4.2 billion in cybercrime losses reported to FBI in 2020 Fake iPhone charger blows up in researcher’s face Taxpayers attacked with Trojan-inflicting phishing campaign Thanks to our episode sponsor, Trend Micro
The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO | |||
| 30 Aug 2021 | August 30, 2021 | 00:07:38 | |
“Worst cloud vulnerability you can imagine” discovered in Microsoft Azure Work from home increased worldwide phishing attacks T-Mobile hacker brute-forced his way through the network Thanks to our episode sponsor, Semperis Do you know your Active Directory security vulnerabilities? Cybercriminals love to exploit Active Directory: It has dozens of security gaps because of misconfigurations and new sophisticated hacking tools. But hang on, help is on the way: Download Purple Knight, a free Active Directory security assessment tool from Semperis that scans your environment for 70-plus indicators of exposure and compromise. Check it out at Purple-Knight.com. For the stories behind the headlines, head to CISOseries.com.
| |||
| 29 Mar 2024 | 17 billion records exposed, Treasury FinSec warning, Hot Topic attacks | 00:08:48 | |
17 billion personal records exposed in data breaches in 2023 U.S. Treasury warns financial sector about AI cybersecurity threats Retail chain Hot Topic hit by new credential stuffing attacks Thanks to today's episode sponsor, Varonis
Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com. | |||
| 05 May 2022 | May 5, 2022 | 00:06:47 | |
CuckooBees campaign stings targets for years Health and Human Services hammered over security Docker images used to DDoS Russian sites Thanks to today's episode sponsor, Censys
Censys’ Attack Surface Management tool discovers and inventories all Internet-facing assets including traditional assets like hosts, IPs, and cloud services like storage buckets across all accounts and networks. ASM gives you a continuous picture of your attack surface. Start with Censys at censys.io. | |||
| 06 Sep 2022 | Sextortion ring busted, TikTok denies breach, Cloudflare cuts off Kiwi Farms | 00:06:23 | |
Transnational sextortion ring dismantled TikTok denies breachtok Cloudflare cuts off Kiwi Farms Thanks to today’s episode sponsor, Snyk
Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That’s why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity | |||
| 07 Jan 2022 | January 7, 2022 | 00:07:36 | |
Honda, Acura cars hit by Y2K22 bug that rolls back clocks New trick could let malware fake iPhone shutdown to spy on users secretly Attackers exploit flaw in Google Docs’ comments feature Thanks to our episode sponsor, deepwatch
Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com. | |||
| 05 Sep 2023 | PDF MalDoc warning, MinIO storage compromises, Okta helpdesk attacks | 00:07:16 | |
New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks Thanks to today's episode sponsor, Comcast Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? For the stories behind the headlines, head to CISOseries.com. | |||
| 27 Jul 2022 | $6 million music platform hack, Rogers coding error, increased North-Korean bounty | 00:07:45 | |
Hacker swipes $6 million from blockchain music platform Coding error to blame for Rogers outage US doubles reward for tips on North Korean-backed hackers Thanks to today’s episode sponsor, Snyk
Developers want to code fast and security wants to ship securely. And that’s why they both choose Snyk. For the stories behind the headlines, head to CISOseries.com | |||
| 02 Jun 2023 | Week in Review: Amazon Ring privacy violations, Gigabyte firmware problems, AI extinction threat | 00:25:13 | |
Link to Blog Post This week’s Cyber Security Headlines - Week in Review, May 29-June 2, is hosted by Sean Kelly with our guest, Howard Holton, CTO, GigaOm Thanks to today’s episode sponsor, Barricade Cyber
Have you fallen victim to a ransomware attack? Don’t worry! Barricade Cyber Solutions has helped thousands of customers in situations just like yours. Their proprietary ransomware recovery services are designed to quickly get your business back on track. Their team of experts will identify the source of the attack and provide a comprehensive solution to prevent it from happening again. You can count on them for the security of your data and systems. Visit barricadecyber.com All links and the video of this episode can be found on CISO Series.com
| |||
| 04 Feb 2022 | February 4, 2022 | 00:08:38 | |
iPhone flaw exploited by second Israeli spy firm Target shares its own web skimming detection tool with the world MFA adoption pushes phishing actors to reverse-proxy solutions Thanks to our episode sponsor, Pentera
Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com. | |||
| 11 Jun 2024 | Rural hospital support, 23andMe investigation, Snowflake breach notices | 00:07:12 | |
Cyber assistance coming to rural hospitals UK and Canada launch investigation into 23andMe breach Mandiant and Snowflake sending out breach notices Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.
| |||
| 30 Nov 2023 | Okta breach expands, JAXA cyberattack, leaky GPTs | 00:06:22 | |
All Okta customers exposed in breach JAXA hit by cyberattack OpenAI’s chatbots leak secrets Huge thanks to our sponsor, SpyCloud
For some people ignorance is bliss – but that’s not an option for those of us in cybersecurity. SpyCloud has a free tool that lets you check your company’s darknet exposure, and you might find some things that are pretty alarming. | |||
| 06 Dec 2024 | Feds investigate group 764, Russians hack hackers, AWS PQC migration | 00:08:30 | |
Feds find cybercriminal tools used by sextortion group Russian hackers hack hackers Amazon’s post-quantum migration plan Huge thanks to our sponsor, Vanta Get the stories behind the headlines at CISOSeries.com | |||
| 14 Dec 2020 | December 14, 2020 | 00:08:01 | |
Adrozek malware can infect over 30K Windows PCs a day Subway UK finds TrickBot on its menu Ransomware in schools grew in 2020, more on the way in 2021 Thanks to our sponsor ReversingLabs For the stories behind the headlines, head to CISOseries.com. | |||
| 29 Apr 2022 | April 29, 2022 | 00:07:57 | |
Global security spending set to hit $198bn by 2025 New malware loader Bumblebee adopted by known ransomware access brokers Cloudflare thwarts record DDoS attack Thanks to today’s episode sponsor, Feroot
Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot’s automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com. | |||
| 04 Nov 2021 | November 4, 2021 | 00:06:47 | |
CISA creates exploited bug catalog Bots used to scam 2FA codes US sanctions companies selling hacking tools Thanks to our episode sponsor, Trend Micro
Reimage your Cloud! That’s the theme for CLOUDSEC 2021, a 3-day global event that will be held virtually starting on November 16th. Learn the latest trends in cloud and cybersecurity with global keynotes and session tracks tailored to your role’s unique challenges. Test your skills and win prizes in the 24-hr CLOUDSEC Challenge, a hands-on immersive experience that has something for everyone – from novice application coders to experienced security practitioners! Join for FREE on November 16th, for free. Sign up at cloudsec.com | |||
| 08 Jul 2024 | Alabama Education breach, OpenAI secrets breach, Florida Health breach | 00:07:16 | |
Alabama Department of Education suffers data breach New York Times claims hackers stole OpenAI secrets in a 2023 security breach RansomHub claims to have published Florida health department data Thanks to today's episode sponsor, Entro
Reclaim control over your Non-human identities! Entro enables security teams to manage and secure the lifecycle of non-human identities and secrets from inception to rotation. Think of it like an airtag for your secrets - know where they are, how they’re being used, and their risk level in one seamless platform. Visit https://entro.security/ to learn more. For the stories behind the headlines, head to CISOseries.com. | |||
| 12 Jul 2022 | Ransomware hits French telco, NSO Group acquisition called off, Krebs on Experian security | 00:06:38 | |
Ransomware hits French telco NSO Group acquisition called off Krebs on Experian security Thanks to today’s episode sponsor, Edgescan
Edgescan offers a single platform solution that covers the full stack, from Web Applications to APIs to the Network and data layer. Continuous Attack Surface Management coupled with automated & strategic Pen-testing as a Service (PTaaS) yields fully scalable coverage. | |||
| 05 Nov 2020 | November 5, 2020 | 00:05:40 | |
Facebook and Instagram add pop-up banners about election results Election night was seemingly free of cybersecurity drama California passes Prop 24 Thanks to our sponsor, Trusona.
Secure your workforce with desktop MFA (passwords not included). Security leaders have been tasked with securing a remote workforce across a vulnerable variety of locations — and Trusona is here to help. With a single passwordless desktop MFA sign-in, employees are automatically authenticated into their SSO for simple, secure access to all corporate applications, including Office 365. To learn more, visit trusona.com/desktopSSO. For more on any of our stories, head to CISOseries.com. | |||
| 04 Jun 2024 | Russian criminals unmasked, Background check firm breach, Creds added to HIBP | 00:07:47 | |
Authorities unmask criminals behind malware loaders 3 billion records stolen from background check firm Creds for 361 million accounts added to HIBP Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on the business through revenue. For the stories behind the headlines, visit CISOseries.com. | |||
| 12 Sep 2022 | Intermittent encryption warning, HP firmware bugs, SEC crypto office | 00:08:02 | |
Ransomware gangs switching to new intermittent encryption tactic Firmware bugs in many HP computer models left unfixed for over a year U.S. SEC to set up new office for crypto filings Thanks to today’s episode sponsor, Edgescan
Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com. | |||
| 05 Aug 2022 | Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper | 00:08:46 | |
Cyberattacks hit Taiwan to coincide with Speaker Pelosi’s visit4 Cisco addresses critical flaws in Small Business VPN routers DOJ now relies on paper for its most sensitive court documents, official says Thanks to today’s episode sponsor, HYAS
We know IT and security teams are already overloaded — facing constant pressure to improve security without additional resources. That’s why it’s so important to find solutions that bolster your security, not your workload. HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn’t require day-to-day hand-holding — letting you focus on keeping your business moving full forward. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com. | |||
| 03 Dec 2024 | Hydra Market leader sentenced, Pegasus spyware arrest, SpyLoan malware targets millions | 00:08:32 | |
Hydra Market leader sentenced to life Former Polish spy chief arrested in Pegasus spyware probe SpyLoan malware targets millions Huge thanks to our sponsor, Vanta Get the stories behind the headlines at CISOSeries.com | |||
| 19 Apr 2023 | Elon Musk wants to develop TruthGPT, Southwest disrupted by ‘technical issue’, Officials warn of hackers targeting Cisco routers | 00:07:40 | |
Elon Musk wants to develop TruthGPT Southwest’s operations resume after a ‘technical issue’ US, UK warn of govt hackers targeting Cisco routers Thanks to today's episode sponsor, Pentera
This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization’s leaked credentials and automatically tests their exploitability across the external and internal attack surface. For the stories behind the headlines, head to CISOseries.com. | |||
| 21 Apr 2021 | April 21, 2021 | 00:07:44 | |
Hundreds of networks reportedly hacked in Codecov supply-chain attack Remote code execution vulnerabilities uncovered in smart air fryer Biden administration unveils plan to defend electric sector from cyberattacks Thanks to our episode sponsor, Palo Alto Networks
In Latin, the word "spectrum" means "image". Spectrum also happens to be a cloud security event that's all about container images…and CI/CD pipeline security, cloud transformation strategies, and much more. Join Prisma Cloud by Palo Alto Networks on April 27 for a virtual event covering all things cloud security. Learn more at go.paloaltonetworks.com/spectrum For the stories behind the headlines, head to CISOseries.com.
| |||
| 11 Nov 2024 | Regulator limits phone use, Hacked police emails, UK seniors scammed | 00:07:59 | |
U.S. financial regulator calls for reduced cell phone use at FBI warns of spike in hacked police emails and fake subpoenas Cyberscoundrels target UK senior citizens with Winter Fuel Payment texts Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. Get the stories behind the headlines at CISOSeries.com | |||
| 02 Feb 2021 | February 2, 2021 | 00:07:31 | |
Deloitte’s CDC vaccine system comes up short Myanmar internet and telecom disruptions continue due to coup Sprite Spider emerges as one of the most destructive ransomware threat actors this year Thanks to our sponsor, HID Global
Evolving organizations need strong MFA. With the broadest selection of authentication options in the industry, HID Global’s advanced multi-factor authentication solution is capable of building a frictionless user experience that blends convenience and protection. Learn more at https://hidglobal.com/mfa For the stories behind the headlines, head to CISOseries.com. | |||
| 23 Jun 2022 | June 23, 2022 | 00:06:57 | |
Daycare apps found insecure Encryption flaws found in Mega Microsoft retires cloud facial recognition Thanks to today's episode sponsor, Optiv Modernizing your identity control plane from AD to the cloud is complex. Ralph Martino, who is leading the identity and access management (IAM) group for Optiv, discusses what challenges CISOs are facing in today’s ever-changing climate: | |||
| 31 Jan 2022 | January 31, 2022 | 00:08:22 | |
Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera
Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their ‘Tip of the Day’. Or visit pentera.io to find out more. For the stories behind the headlines, head to CISOseries.com. | |||
| 09 Aug 2024 | Chameleon malware reappears, Rhysida hospital attack, Blacksuit’s $500m tally | 00:08:19 | |
Chameleon reappears targeting Canadian restaurant chain Rhysida claims attack on Bayhealth Hospital in Delaware BlackSuit/Royal achieves $500m in ransomware demands Huge thanks to our sponsor, Vanta For the stories behind the headlines, head to CISOseries.com. | |||
| 02 Feb 2024 | Week in Review: Microsoft email explanation, Brazilian banking trojan, Mercedes GitHub error | 00:22:41 | |
Link to blog post Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mary Rose Martinez, vp, CISO Marathon Petroleum Thanks to our show sponsor, Vanta
From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com | |||
| 06 Nov 2023 | Okta’s hack explanation, Looney Tunables exploited, Lazarus likes KandyKorn | 00:07:22 | |
Okta explains hack source and response timeline Looney Tunables now being exploited Lazarus Group uses KandyKorn against blockchain engineers Thanks to today's episode sponsor, OffSec And now a word from our sponsor. OffSec (formerly Offensive Security), the cyber training company behind the well-known OSCP certification and Kali Linux distro, is hosting a virtual summit for CISOs and Cybersecurity leaders called Evolve on November 15th. For the stories behind the headlines, head to CISOseries.com. | |||
| 03 Jun 2021 | Week in Review - May 31-Jun 4, 2021 | 00:22:46 | |
This week’s Cyber Security Headlines - Week in Review, May 31- Jun 4, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Bryan Zimmer, Head of Security, Humu Thanks to our sponsor, ReversingLabs Recent supply chain attacks and executive orders have left 1000’s scrambling for guidance. Join ReversingLabs as they take their exclusive supply chain roadshow to your local region virtually. Hear from app sec specialists and security execs, as they discuss lessons learned, and innovative approaches, that will move your supply chain security and compliance program forward. For more information, visit reversinglabs.com. All links and the video of this episode can be found on CISO Series.com | |||
| 01 Nov 2024 | Week in Review: Deepfake targets Wiz, Black Basta leverages Teams, Russia’s Linux plans | 00:24:35 | |
Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David’s travel blog and recent “Secure by Default” white paper at IT ISAC. Thanks to our show sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Add to Description: All links and the video of this episode can be found on CISO Series.com | |||
| 20 May 2024 | Grandoreiro Trojan reappears, Kimsuky’s new backdoor, More healthcare breaches | 00:08:05 | |
Grandoreiro banking Trojan reappears, hits banks worldwide Kimsuky deploys new backdoor in latest attack on South Korea Healthcare breaches in Australia and Texas Huge thanks to this week’s episode sponsor, Tines
From endpoint detection and response to vulnerability management, Tines empowers security teams to automate even their most complex workflows. It’s fast, flexible, and secure by design. Your team can get up and running in minutes, not weeks. No code. No custom development. The world's smartest security teams trust Tines to support their mission-critical processes. Learn why at tines.com/ciso For the stories behind the headlines, head to CISOseries.com. | |||
| 11 Nov 2022 | Lockbit operator extradited, Twitter CISO quits, NotPetya insurance shakeup | 00:08:18 | |
Alleged LockBit operator to be extradited from Canada to U.S. Musk’s ends remote work and promised to fight spam. CISO Kissner quits. Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup And now a word from our sponsor, AppOmni
For the stories behind the headlines, head to CISOseries.com. | |||
| 03 Nov 2023 | Cloudflare’s power outage, Apache HelloKitty attempt, Boeing incident continues | 00:07:36 | |
Power outage darkens Cloudflare dashboard and APIs Apache ActiveMQ flaw sees HelloKitty attempt Boeing says cyber incident affects parts and distribution Thanks to today's episode sponsor, Hunters
There’s nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity & cost for the SOC. Visit hunters.security to learn how you can replace your SIEM today. For the stories behind the headlines, head to CISOseries.com. | |||
| 06 Oct 2023 | Week in Review: Progress FTPbug, CloudFlare DDoS mistake, Lazarus Meta recruiters | 00:25:30 | |
Link to blog post This week’s Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Bob Schuetter, CISO, Ashland Thanks to our show sponsor, Conveyor Got a scary security questionnaire to complete and you’d rather have AI do it? Your infosec friends are making the switch from outdated RFP and compliance tools to Conveyor: the most accurate security questionnaire automation software on the market. The proof is in the AI. Customers are seeing 80-90% accurate auto-generated answers by and decreasing the time spent on questionnaire answering by 91%. Try a free one-week proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com
| |||
| 22 Mar 2023 | BreachForums to shut down, Zero-day used to drain Bitcoin ATMs, DC Health Link hacker motivated by Russian patriotism | 00:06:38 | |
BreachForums to shut down amidst law enforcement concerns Hackers use zero-day to drain $1.6 million from Bitcoin ATMs DC Health Link hacker motivated by Russian patriotism Thanks to this week's episode sponsor, Conveyor Does the mountain of security questionnaires in your inbox make you feel like a 2 dollar umbrella in a hurricane? For the stories behind the headlines, visit CISOseries.com. | |||
| 30 Jul 2024 | HealthEquity data breach, CrowdStrike impact grows, Proofpoint exploit | 00:08:07 | |
4.3 million impacted by HealthEquity data breach Microsoft admits CrowdStrike incident far greater than first reported Proofpoint exploit allows for millions of fake emails Huge thanks to our sponsor, Dropzone AI Imagine an analyst who never misses an alert. Dropzone AI autonomously investigates every alert and provides decision-ready reports, enhancing your SOC’s efficiency. Try it free for 3 months at dropzone.ai. | |||
| 24 Sep 2021 | September 24, 2021 | 00:08:30 | |
Second farming cooperative shut down by ransomware this week Canadian VoIP provider battles massive DDoS attack REvil double-crosses ransomware affiliates using sneaky backdoor tactics Thanks to our episode sponsor, Kanu Solutions Over the next few weeks Kanu Solutions is offering a series of educational sessions on a variety of topics in security, such as endpoints, networks, privileged access management, Internet of things, and governance, risk management and compliance, or GRC. Attend these sessions to get some savvy education from the security experts at Kanu Solutions. You could also get a twenty dollar UberEats Gift Card just for attending. You can participate in Kanu Solutions' Lunch-n-Learn by registering at kanusolutions.com/events. For the stories behind the headlines, head to CISOseries.com | |||
| 28 Aug 2024 | Another MOVEit incident, U.S. Marshals disputes breach, Park’N Fly data swiped | 00:08:06 | |
Texas credit union user data exposed in another MOVEit breach US Marshals Service disputes ransomware gang's breach claims Park’N Fly notifies 1 million customers of data breach Thanks to today's episode sponsor, Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Their best-in-class features like process automation, AI, and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit scrut.io to schedule a demo or learn more. That’s www.scrut.io.
Find the stories behind the headlines at CISOSeries.com
| |||
| 27 Feb 2023 | NewsCorp reveals attack, TELUS investigating leak, Dish goes offline | 00:07:43 | |
News Corp reveals that attackers remained on its network for two years TELUS investigating leak of stolen source code, employee data Dish Network goes offline after likely cyberattack, employees cut off Thanks to this week's episode sponsor, Conveyor AI can now literally answer any question on the internet in seconds, yet infosec teams are still living a nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need in minutes. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at conveyor.com. For the stories behind the headlines, head to CISOseries.com. | |||
| 08 Feb 2023 | Tech firms race to integrate AI, FAA needs until 2030 to fix safety system, Biden addresses children’s online safety | 00:07:29 | |
ARMO, Microsoft, Google race to integrate AI into their products FAA needs until 2030 to fix its safety system Biden’s State of the Union addresses children’s online safety and privacy… again Thanks to today's episode sponsor, US, yes, CISO Series
"I value Cyber Security Headlines early every morning as it provides me advance notice of what I might need to explore first thing at the start of the day." That’s active listener David Cross, SVP, CISO of Oracle SaaS Cloud. And for sponsors of Cyber Security Headlines what you get are the ears and eyes of avid security leaders. Sponsorship includes the podcast, our blog, and our daily newsletter. In whatever format our listeners want, Cyber Security Headlines reaches cyber leaders who want to quickly consume daily cyber news. To learn more about pricing and audience, email us at info@cisoseries.com. For the stories behind the headlines, visit CISOseries.com. | |||
| 12 Oct 2022 | UK warns of Chinese security threat, Toyota data leak, CISOs at risk of being overworked | 00:07:18 | |
UK warns of Chinese global security threat Toyota data leak impacts 300,000 customers CISOs at risk of being overworked Thanks to today’s episode sponsor, Noname Security
Stop API vulnerabilities before production with Noname Security. Automatically run over 100 dynamic tests that simulate malicious traffic, including the OWASP API Top Ten. Integrate with your existing CI/CD pipelines and tools, such as Jenkins and Postman, as well as all your ticketing and workflow tools such as ServiceNow, Slack, and Jira. Learn more at nonamesecurity.com/active-testing For the stories behind the headlines, head to CISOseries.com | |||
