Cybersecurity Headlines

Popular open source libraries leaked keys for "research" DuckDuckGo gives Microsoft a pass on trackers Microsoft weathers the vulnerability storm Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust.

Interpol warns nation-state malware could become a commodity on dark web soon General Motors Hit by cyber-attack exposing car owners' personal info Canada to ban China's Huawei and ZTE from its 5G networks Thanks to today's episode sponsor, Optiv Up for a Zero Trust Crash Course? Join our expert, Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide," as he delivers the following takeaways: - An introduction to Zero Trust - An overview of Optiv's Zero Trust principles - How to visualize your Zero Trust journey and place it in the proper context Catch Jerry's Zero Trust crash course or learn more by going to www.optiv.com/zerotrust. For the stories behind the headlines, head to CISOseries.com.

Cyberattack divorces Zola users from registries A look at the RansomHouse data-extortion operation Now we have to worry about pre-hijacking attacks Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com

Ransomware victim trolls hackers with obscene pics CISOs list top cyber threats to enterprises in 2022 YouTube removes more than 9,000 Ukraine war-related channels Thanks to today's episode sponsor, Optiv Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust. For the stories behind the headlines, go to CISOseries.com

Link to Blog Post This week's Cyber Security Headlines – Week in Review, May 16-20, is hosted by Rich Stroffolino with our guest, Jerich Beason, CISO, Commercial Bank, CapitalOne Thanks to today's episode sponsor, Torq All links and the video of this episode can be found on CISO Series.com

Greenland health services limited from cyberattacks Phishing attacks surge in Q1 Google details 2021 zero-days And now let's thank today's sponsor, Torq Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io.

VMware bugs abused to deliver Mirai malware Microsoft to debut of zero trust GDAP tool Bank of Zambia refuses to pay ransom to cyberattack group Hive And now let's thank today's sponsor, Torq Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Buffalo massacre suspect signaled plans on Discord for months Google faces litigation for unauthorised use of medical records Venezuelan doctor accused of developing and distributing ransomware And now let's thank today's sponsor, Torq Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com

Costa Rican ransomware rhetoric somehow gets uglier DOJ files its first criminal cryptocurrency sanctions case Trying to fix open source supply chain security And now let's thank today's sponsor, Torq Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.

Ukraine CERT-UA warns of new attacks launched by Russia-linked Armageddon APT Microsoft fixes new PetitPotam Windows NTLM relay attack vector Hackers are exploiting critical bug in Zyxel firewalls and VPNs And now let's thank today's sponsor, Torq Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, May 9-13, is hosted by Rich Stroffolino with our guest, Rich Lindberg, CISO, JAMS Thanks to our sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com

Google will use mobile devices to thwart phishing attacks CISA urges organizations to patch actively exploited F5 BIG-IP vulnerability Kick China off social media, says tech governance expert Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.

Old botnets are new again Meta withdraws Oversight Board guidance request EU proposes new CSAM rules Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/

Russian TV hacked on Victory Day US pledges to help Ukraine keep internet and lights running Pentagon's concerns China may prompt vetting startups Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/

Ransomware state of emergency in Costa Rica Microsoft launches service to fill the cyber skills gap College closes permanently due to ransomware Thanks to our episode sponsor, Datadog Break down silos between DevOps and Security teams to enable collaboration and strengthen the security of your environment. In this on-demand webinar, hear from one of Datadog's engineers on how teams can speed up investigations by assessing security and observability data using Datadog's unified platform to reduce security threats by detecting vulnerabilities. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/

Google Play now blocks paid app downloads, updates in Russia NIST releases updated guidance for defending against supply-chain attacks US State Department offering $10 million reward for information about Conti members Thanks to our episode sponsor, Datadog In this on-demand webinar, you'll learn how to best utilize the suite of Datadog Cloud Security products to identify the root cause of an attack and how a unified platform provides real-time threat-detection and continuous configuration audits across applications, hosts, containers and cloud infrastructure. Built on top of the observability platform, Datadog brings unprecedented integration between security and devops aligned to shared organizational goals. Watch the on-demand webinar now to learn how to get full-stack security for your production environment at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, May 2-6, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Censys Why Censys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It's the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io. All links and the video of this episode can be found on CISO Series.com

Decade-old bugs discovered in Avast, AVG antivirus software Thailand and Hong Kong Banks used most in BEC Every ISP in the US must block these 3 pirate streaming services Thanks to today's episode sponsor, Censys Why Censys? Our Attack Surface Management tool is designed from the ground up to seamlessly integrate with existing security workflows. It's the only ASM tool that discovers modern cloud specific assets like storage buckets and our scanning platform finds more than 85% more services than our nearest competitor. Start with Censys at censys.io. For the stories behind the headlines, head to CISOseries.com.

CuckooBees campaign stings targets for years Health and Human Services hammered over security Docker images used to DDoS Russian sites Thanks to today's episode sponsor, Censys Censys' Attack Surface Management tool discovers and inventories all Internet-facing assets including traditional assets like hosts, IPs, and cloud services like storage buckets across all accounts and networks. ASM gives you a continuous picture of your attack surface. Start with Censys at censys.io.

Google claims to have blocked billions of malicious app downloads NortonLifeLock willfully infringed malware patents Former eBay exec pleads guilty to cyber stalking Thanks to today's episode sponsor, Censys Tom the CTO can't go into the boardroom unprepared. It's his job to know all the risks to his company – especially the one that could land him on the front page of the newspaper. His best bet for survival is staying ahead of the most critical threats. Tom, you can be that source of truth; start with Censys at censys.io right now. For the stories behind the headlines, head to CISOseries.com

Solana network goes dark after bot swarm The spyware in Spain falls mostly on the politicians Security isn't top of mind for mental health apps Thanks to today's episode sponsor, Censys All Pat the Security Practitioner wants is to do a good job and be the frontline in keeping his company safe. He's got great tools, but nothing that can show him if there are company assets that have somehow made their way onto the internet. If only Pat knew about Censys' Attack Surface Management tool. Now you do – start with Censys at censys.io.

Top 15 exploited security vulnerabilities in 2021 India gives orgs 6 hours to report cyber incidents The White House wants more powers to crack down on rogue drones Thanks to today's episode sponsor, Censys What Chris the CISO wants is to protect against revenue loss and damage to his company's brand from data breaches and compliance failures. But he's got a blind spot around his internet exposure. What assets are out there on the internet that his team doesn't know about? Well, Chris, it's simple – start with Censys at censys.io. For the stories behind the headlines, visit CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines - Week in Review, Apr 25-29, is hosted by Rich Stroffolino with our guest, Hadas Cassorla, CISO, M1 Financial Thanks to our episode sponsor, Feroot All links and the video of this episode can be found on CISO Series.com

Global security spending set to hit $198bn by 2025 New malware loader Bumblebee adopted by known ransomware access brokers Cloudflare thwarts record DDoS attack Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.

Russia experiences hacks at scale State Department puts a price on NetPetya's head Two-thirds of organizations hit with ransomware Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.

Elon Musk's Twitter takeover could be bad for security and privacy Stormous Ransomware targets Coca Cola US offers $10 million reward for help locating Russian hackers Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.

Mandiant finds record zero-days in 2021 Bored Ape Yacht Club hacked Oracle patches critical Java vulnerability Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.

Hackers find 122 vulnerabilities, 27 deemed critical, during first round of DHS bug bounty program Anonymous has leaked 5.8 TB of Russian data since declaring cyber war AWS's Log4j patches blew holes in its own security Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com.

Critical chipset bugs open millions of Android devices to remote spying New Five Eyes alert warns of Russian threats targeting critical infrastructure Machine-learning models vulnerable to undetectable backdoors And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.

Okta reports on Lapsus$ breach Popular VPNs use risky certificates Project Zero disclosed a new vulnerability record And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.

LinkedIn is now the most popular phish bait Lenovo patches firmware vulnerabilities impacting millions of users Ukraine war stokes internet connectivity concerns in Taiwan And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com

Catalan leaders targeted by NSO spyware Researchers share a deep dive into PYSA ransomware operations Most security teams feeling the talent shortage And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.

Microsoft: Office 2013 will reach end of support in April 2023 Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Mute button in conferencing apps may not actually mute your mic And here's a word from our sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.

Data breach disclosures surge 14% in Q1 2022 Windows 11 tool to add Google Play secretly installed malware DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.

Industrial cybersecurity companies form coalition Microsoft disrupts ZLoader T-Mobile hired someone to get their data back Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.

RaidForums hacker marketplace shut down in cross-border law enforcement operation Sandworm hackers fail to take down Ukrainian energy provider CISA warns of Russian state hackers exploiting WatchGuard bug Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more. For the stories behind the headlines, head to CISOseries.com.

NSO Group spyware reportedly used against European Commission The malware is coming from inside the phone OpenSSH gets ready for quantum computing Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme.

New Meta information stealer distributed in malspam campaign NB65 group targets Russia with a modified version of Conti's ransomware Elon Musk unveils vision for Twitter after joining board Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Apr 4-8, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, American Century Investments Thanks to our sponsor, Code42 It's not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.

Newly discovered flaw could allow hacking of Samsung Android devices Adobe Creative Cloud Experience makes malware easier to hide Parrot redirect service infects 16,500 sites to push malware Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.

US disrupted Russian botnet Twitter shadowbans Russian government accounts DOJ charges Russian national with operating Hydra Thanks to our episode sponsor, Code42 Surprise! Surprise! Five years from now, Jamie, who's resigning today, will ring the NASDAQ bell officially launching her company on the public market. And what you'll soon realize is that Jamie stole your most valuable data to start her new company. Learn how Code42 Incydr can stop data theft and protect your organizations' most valuable assets. Visit Code42.com/showme to learn more.

Germany takes down world's largest darknet market Anonymous leaks personal details of Russian soldiers CISA adds Spring4Shell to list of exploited vulnerabilities Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, visit CISOseries.com

Russian secret police exposed in data leak MailChimp hit with breach The Bureau of Cyberspace and Digital Policy goes live Thanks to our episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Ts should define any IRM program: transparency, training, and technology. Shift your security culture from "watchdog" to "guide dog" and everyone wins. Learn more at Code42.com/showme.

New Borat remote access malware is no laughing matter Apple rushes out patches for 0-days in MacOS, iOS National Security Agency employee indicted for 'leaking top secret info' Thanks to our episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Mar 28-Apr 1, is hosted by Rich Stroffolino with our guest, Fredrick Lee, CISO, Gusto Thanks to our episode sponsor, Varonis All links and the video of this episode can be found on CISO Series.com

Palo Alto Networks error exposed customer support cases, attachments New AcidRain data wiper malware targets modems and routers Remote code execution flaws in Spring and Spring Cloud frameworks put Java apps at risk Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, head to CISOseries.com.

Hackers abusing the power of subpoena Lapsus$ claims hack of Globant Brian Krebs sued by Ubiquiti for defamation Thanks to our episode sponsors, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.

Ukraine destroys panic-spreading bot farms Yandex is sending iOS user data to Russia Ronin Network victimized in record-breaking crypto heist Thanks to our episode sponsors, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com.

Ukraine ISP taken down by cyber attack Windows can now block drivers Deepfakes take a turn for the banal Thanks to our episode sponsors, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.

Critical Sophos Firewall vulnerability allows remote code execution Okta: "We made a mistake" delaying the Lapsus$ hack disclosure CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog Thanks to our episode sponsors, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.