You’re a chief information security officer (CISO) who’s managing the security requirements for your organization’s value chain. As a former CISO (and current virtual CISO to several companies), I know that’s one of the core functions of our role. How do you know you’re doing a good job? How would you evaluate your performance? The…
Read More
Public sector customers include those in education, nonprofit and on Microsoft’s Government Community Cloud. Microsoft has delayed three deadlines related to Cloud Solution Provider partners selling subscriptions through the vendor’s New Commerce Experience to public sector customers and migrating existing subscriptions on to NCE. The first revised deadline CSP partners need to keep in mind…
Read MoreThankfully, this alert was a mistake and there was no real danger, but the incident raises a far broader question: how many of our critical systems are this vulnerable to human error, poor software design, and insufficient security controls, all of which were factors in the HIEMA incident? Many of the real-world systems we depend…
Read MoreIt’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses. Source link lol
Read More
Open Extended Detection and Response (XDR) marks a paradigm shift in enterprise security, focusing on using comprehensive data insights to enhance threat detection and response across diverse systems and environments. This approach champions flexibility and interoperability over traditional vendor lock-in, allowing for a tailored security posture that keeps pace with the evolving threat landscape. The…
Read MoreFigure 2: Latest attack request targeting Windows servers As shown in Figure 2, the latest attack requests are targeting the same URL, keeping the same HTTP header values and the same exploit structure, however, they are now using Windows shell commands to download and execute a file. Using the Windows certutil Tool While Linux…
Read MoreIn the F5 and Ponemon report, The Evolving Role of CISOs and their Importance to the Business, security leaders were asked to rank their top threats to their security ecosystem. The number one answer was advanced persistent threats (ranked 8.8 out of 10). We’ve already talked about why CISOs should manage the most likely damaging…
Read MoreOnce upon a time I was a security consultant. I was assigned to review the firewall configuration for a sizeable Seattle startup of about 800 employees. They were in the business of hosting websites for thousands of small businesses across the world and therefore had a somewhat complex Internet connectivity setup. I sat down and…
Read MoreThere’s a lot of speculation in cryptocurrency right now. People are mining coins all over the place, and even though it’s getting harder and harder to make money mining coins, interest is still high. All it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power…
Read MoreThere’s an old joke that a job in security is a safe place to be grumpy. From what I’ve seen over my career, that is often true. Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be…
Read More