Tag: CISO
You also need to restrict administrative access at the application level. This can mean that only certain individuals have administrative privileges in the app, or it can mean that administrators can only access the control surfaces from specific subnets. Data sources for the application, whether internal or external, need to be treated to the same…
Read MoreF5’s executive leadership got an urgent message: a malicious actor within the company was sending confidential information to a third party that could put customers at serious risk. We immediately formed a combined response team of technical cybersecurity experts, executives, and business process stakeholders. Working together, we began to gather information about the nature and…
Read MoreFraud has become a pervasive part of the discussion around cybersecurity. In part, this reflects a change in attacker motives, as cyber-attacks were not always as vicious as they are now. From the 1980s into the early 2000s, hacking was not really about profit. It was primarily about achieving fame in the hacker community by…
Read MoreIt is in this spirit of collaboration, and with all the respect in the world for the incident responders who have had to deal with Log4Shell, that we want to use this event to reflect a bit on the present and immediate future of security as both an industry and a body of knowledge. In…
Read MoreBots are not new. Attackers have used bots to achieve scalability in a variety of attack techniques for decades, and defenders have been fighting bots, to varying degrees of success, for just as long. However, two events in 2022—the prolonged acquisition of Twitter by Elon Musk, with its attendant discussion about exactly how much of…
Read MoreManaging privacy online is a constant balancing act. On the one hand, we need to provide a certain amount of our personal information to authenticate ourselves. In select environments, we also want to provide some additional information to our friends, family, and peers. On the other hand, we want to withhold that information from those…
Read MoreIn July 2020, the FBI Cyber Division issued Flash Alert AC-000129-TT reporting that malware had been found in the software used to calculate China’s value-added tax (VAT). However, the Chinese State Taxation Administration requires companies to install this particular software to operate within China. Third-party applications are already risky, but here a pre-infected application was…
Read MoreNeutral/Mixed Intentions Many of the actors in this system are neither completely benign nor completely malicious. Some of these practices are bifurcated into legal and illegal practices, such as the rather obvious distinction between criminal and benign payment facilitators. Some of these provide services that can genuinely be used either way, such as reshipping services…
Read MoreOn November 9, 2022 Twitter CISO Lea Kissner resigned along with the company’s chief privacy officer and its chief compliance officer. The Washington Post and other media outlets reported that internal Slack messages at Twitter revealed serious concerns that new leadership was pushing for the release of products and changes without effective security reviews—and that…
Read MoreSecurity automation’s promises are laudable and include reducing manual work, improving mean time to know and remediate for detection programs, and reducing a junior hire’s required technical knowledge to help address the talent issues programs still face. Many security automation vendors are especially bullish on that last promise, investing in low-to-no code user experiences that…
Read MoreRecent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA