Cybersecurity Headlines

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Mar 21-25, is hosted by Rich Stroffolino with our guest, John Prokap, CISO, Success Academy Charter Schools Thanks to our episode sponsor, Varonis Customer: "The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically." Hear more at www.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com

UK police arrest 7 people in connection with Lapsus$ North Korean hackers exploit Chrome zero-day weeks before patch Anonymous claims to have hacked the Central Bank of Russia Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

Microsoft expands program to fill cyber skills gap Cyber Crime Losses Up 64% in 2021 Microsoft confirms Lapsus$ breach Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit www.varonis.com/cisoseries.

Ransomware attack on Okta leads to data breach Lapsus$ leaks 37GB of Microsoft source code Anonymous hacks Nestlè for operating in Russia Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com

Ransomware puts the breaks on Bridgestone Phishing with browser-in-a-browser attacks Conti Leaks leaks Conti code Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.

CISA, FBI tell satellite communications network owners to watch out for hacks after Ukraine attack Hackers claim to breach TransUnion South Africa with 'Password' password Developer sabotages own npm module prompting open-source supply chain security questions Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Mar 14-18, is hosted by David Spark with our guest, Eric Hussey, CISO, Aptiv Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries. All links and the video of this episode can be found on CISO Series.com

Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at www.varonis.com/cisoseries.

Phony Instagram 'support staff' emails hit insurance company Facebook hit with $18.6 million GDPR fine over 12 data breaches in 2018 Microsoft Defender tags Office updates as ransomware activity Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

More destructive wiper malware strikes Ukraine German security agency recommends replacing Kaspersky antivirus HackerOne apologizes to Ukrainian hackers for blocking payouts Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats, and streamline privacy and compliance. Visit www.varonis.com/cisoseries for a demo of Varonis' leading data security platform. For the stories behind the headlines, visit CISOseries.com

Ukraine's IT army hit with malware Mobile endpoints see a lot of malicious apps AMD vulnerable to Spectre v2 Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at www.varonis.com/cisoseries.

Ubisoft changes employee passwords after "cyber security incident" Cyber Command chief tells Congress chip shortage has national security implications LockBit claims hack on Bridgestone tires Thanks to our episode sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to "Zero Trust." Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Mar 7 – 11, is hosted by Rich Stroffolino with our guest, Anshu Gupta, Investor, Silicon Valley CISO Investments Thanks to our sponsor, Torq Security Automation Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. All links and the video of this episode can be found on CISO Series.com

Russia creates its own TLS certificate authority to bypass sanctions Online sleuths are using face recognition to ID Russian soldiers Basic text-color trick can fool phishing filters There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Chipmakers warn of new speculative execution bugs US worked to shore up Ukraine's cyber defense in 2021 Twitter Tor service launches There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io.

Google to purchase cybersecurity firm Mandiant for $5.4 billion Security vendors help infrastructure orgs protect against Russian cyberattacks Russian VPN demand soars amidst social media crackdown There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head over to CISOseries.com

Leaked Nvidia data used in malware Russia says it's okay to download a car Sharkbot takes a bite out of the Play Store There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.

Charities and NGOs that provide support to Ukraine hit by malware 'Most advanced' China-linked backdoor ever raises alarms for cyber-espionage investigators Hackers allegedly leak Samsung data, source code There are many misconceptions about security automation, so today's episode sponsor Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Feb 28-Mar 4, is hosted by Rich Stroffolino with our guest, Ody Lupescu, CISO, Ethos Life Thanks to our episode sponsor, Torq There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. All links and the video of this episode can be found on CISO Series.com

Cyberattack attempts on Ukraine surge tenfold Ukraine's "IT army" targets Belarus railway network, Russian GPS Eight-character passwords can be cracked in less than 60 minutes There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 5: You Should Automate All Security Processes False. You should automate routine, repetitive tasks that are not subject to much conditional variance. But workflows that can't be reliably managed by automation tools, such as assessing the financial consequences of a breach or determining whether a security incident should trigger an application rollback, should remain the domain of humans. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Conti and Trickbot code leaks API attacks surge in 2021 Log4Shell still being used in the wild There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 4: Automation Will Replace Skilled Security Professionals Not true. Any business that attempts to automate security will quickly find that most high-stakes security issues are far too complex to be detected and remediated by automation tools alone. Human security professionals need to take the lead delivering nuanced insight about the business impact of a large-scale breach. To learn more about the realities of automation, head to torq.io.

Russia-Ukraine War update Nvidia confirms company data was stolen in hack Half of employees use unauthorized file services at work There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 3: Only Enterprises Need Security Automation Debunked. While enterprises with thousands of endpoints and sprawling teams certainly need automation, businesses of all sizes face challenges related to other forms of scale when it comes to security. For instance, there are about 1 billion known types of malware in existence, and they imperil businesses of all sizes equally. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, go to cisoseries.com

Toyota suspends Japanese production due to cyberattack Microsoft providing threat intelligence to Ukraine Twitter to label tweets from state-owned media There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 2: Security Automation Is Just a New Term for Automated Security Testing Wrong. While scanning and testing may be one example of a security automation use case, it's hardly the only one. Automation can be used to do things like help manage complex security workflows and optimize collaboration between different stakeholders. These are tasks that were not traditionally automated. To learn more about the realities of automation, head to torq.io.

Ukraine recruits volunteer IT army to hack list of Russian entities Russia demands Google restore access to its media YouTube channels in Ukraine Chipmaker giant Nvidia hit by ransomware attack There are many misconceptions about security automation, so Torq is debunking a security automation myth each day this week. Myth 1: Automation Is Only a Reactive Part of SecOps Incorrect. Proactive management of security incidents is just as important, like automatically scanning IaC configurations to detect vulnerabilities, automating collaboration between devs, IT ops and SecOps to prevent risks before they're threats. To learn more about the realities of automation, head to torq.io. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Feb 21-25, is hosted by Rich Stroffolino with our guest, Mark Eggleston, CISO, CSC Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. All links and the video of this episode can be found on CISO Series.com

Cyberattacks accompany Russian military assault on Ukraine Putin's government warns Russian critical infrastructure of potential cyberattacks Manufacturing was the top industry targeted by ransomware last year Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.

Samsung shipped devices with flawed encryption New York state gets cybersecurity center Microsoft Defender adds support for GCP Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.

IRS is allowing taxpayers to opt out of facial recognition UK Defence Secretary warns Russia of cyber-retaliation Slack confirms outage for some users Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to cisoseries.com

Researches find decryption for Hive ransomware In the Google Play Store, no one can hear you scream Linux leads in patching speeds Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register.

White House attributes Ukraine DDoS incidents to Russia's GRU Master key for Hive ransomware retrieved using a flaw in its encryption algorithm New phishing campaign targets Monzo online-banking customers Thanks to our episode sponsor, Tines Tines is hosting a virtual game show in conjunction with Lacework on March 8. It's free to attend, with security trivia, fun prizes, and donations going to good causes like Women in Cybersecurity. Places are limited, so head over to tines.com/gameshow to register. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Feb 14-18, is hosted by Rich Stroffolino with our guest, Mike Hanley, CSO, GitHub Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program's capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! All links and the video of this episode can be found on CISO Series.com

DOJ beefs up efforts to combat criminal use of cryptocurrencies Canada's major banks go offline in mysterious hours-long outage Hackers slip into Microsoft Teams chats to distribute malware Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, and pentest automation to improve communication and collaboration. PlexTrac upgrades your program's capabilities by making the most of every team member and tool. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.

State-sponsored hackers hits defense contractors Unskilled hacker targeted aviation industry for years Privacy Sandbox heading to Android Thanks to our episode sponsor, PlexTrac Solve your talent shortage with PlexTrac. Use PlexTrac to automate security tasks and workflows to keep your red, blue, and purple teams focused on the real security work. Gain precious time back in your team's day and improve their morale by making them more effective with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

Cyberattacks take down Ukrainian military and bank websites Super Bowl ad shines a light on QR code risks CISA directs agencies to patch actively exploited Chrome and Magento bugs Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, visit cisoseries.com

FTC warns VoIP providers about robocalls SEC outlines new cybersecurity rules for investment firms Rampant plagiarism hits NFT marketplace Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Map risks to the MITRE ATT&CK framework to create a living risk register. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

San Francisco 49ers hit by Blackbyte ransomware attack Linux malware attacks are on the rise, and businesses aren't ready for it Fake Windows 11 upgrade installers deliver RedLine malware Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Feb 7-11, is hosted by Rich Stroffolino with our guest, Dave Stirling, CISO, Zions Bancorporation Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ All links and the video of this episode can be found on CISO Series.com

Donation site for Ottawa truckers' "Freedom Convoy" protest exposed donors' data FritzFrog botnet returns to attack healthcare, education, government sectors If you use Zoom on a Mac, you might want to check your microphone settings Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.

Ukraine takes down social media bot farm Federal use of cell siphoning tech on the rise Microsoft expands security business Thanks to our episode sponsor, Datadog Datadog's Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog's observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/

DOJ arrests New York couple, seizing $3.6 billion in bitcoin Google sees 50% drop in compromises after 2SV enrollment Puma employee data stolen as a result of Kronos attack Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to cisoseries.com

Stolen crypto used to fund North Korean missile program Microsoft disables protocol used by malware Meta may pull out of the EU Thanks to our episode sponsor, Datadog Datadog's Cloud Security Platform delivers real-time threat detection and continuous configuration audits across your entire production environment, so you can bring speed and scale to your security organization. The Cloud Security Platform is built on top of Datadog's observability platform, which breaks down silos between Security and DevOps teams and aligns them to shared organizational goals. To learn more about how Datadog Security Monitoring can solve cloud complexity challenges with a unified platform, download the product brief at datadoghq.com/ciso/

US House passes bill to boost chip manufacturing and R&D One in seven ransomware extortion attempts leak key operational tech records New Argo CD bug could let hackers steal secret info from Kubernetes apps Thanks to our episode sponsor, Datadog Datadog Security Monitoring is part of the Datadog Cloud Security Platform, which protects an organization's production environment and provides threat detection, posture management, workload security, and application security in a single pane of glass. In this Datadog Security Monitoring product brief, you'll learn how to: Solve cloud complexity challenges with threat detection tools, detect and analyze security threats anywhere in your stack, and deploy turnkey detection rules mapped to the MITRE ATT&CK framework. Download the brief today to learn more at datadoghq.com/ciso/ For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Jan 24-Feb 4, is hosted by Rich Stroffolino with our guest, Brian Lozada, CISO, HBOMax Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io All links and the video of this episode can be found on CISO Series.com

iPhone flaw exploited by second Israeli spy firm Target shares its own web skimming detection tool with the world MFA adoption pushes phishing actors to reverse-proxy solutions Thanks to our episode sponsor, Pentera Align validation to the MITRE ATT&CK framework and the OWASP Top 10. By aligning to industry standards, security teams ensure that their testing covers the latest adversary techniques. Most attacks succeed by leveraging the most common TTPs, so challenging the attack surface against these frameworks provides comprehensive coverage of adversary techniques in the wild. In addition, it allows security executives to clearly report to management on security control efficacy and enterprise readiness against potential threats. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com.

Iran-linked APT activity on the rise Hacker claims responsibility for North Korean internet disruptions TikTok: the once and future national security threat Thanks to our episode sponsor, Pentera To continuously know the exploitable attack surface, automate your validation. Security validation must be as dynamic as the attack surface it's securing. Periodical and manual tests aren't enough to challenge the changes an organization undergoes. Security teams need to have an on-demand view of their assets and exposures, and the only way to get there is by automating your testing. Find out more at pentera.io

Cyber attack disrupts German oil firm operations Tesla recalls Full Self Driving feature that lets cars roll through stop signs FBI recommends using burner phones at the Olympics Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, security teams need to cover the full scope of potential attacks. Adversaries take the path of least resistance to the critical assets. This means using a variety of techniques to progress an attack, leveraging any vulnerability and its relevant correlations along the way. For this reason, the validation methods used must match - they need to go beyond the static vulnerability scan or control attack simulation to include a full penetration test scope. Find out more at pentera.io For the stories behind the headlines, head to CISOseries.com

Your GPU knows your secrets UPnP behind Eternal Silence router campaign DeFi platform hacked for $80 million Thanks to our episode sponsor, Pentera To understand the exploitable attack surface, take the adversarial perspective. The way to know which vulnerabilities are exploitable is to…well, exploit them. This way, security teams get a concise attack vector pointing to the organization's weakest link. From here remediation requests handed to IT are focused, manageable, and based on true business impact. Find out more at pentera.io

Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their 'Tip of the Day'. Or visit pentera.io to find out more. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Jan 24-28, is hosted by Rich Stroffolino with our guest, Gary Hayslip, CISO, Softbank Investment Advisers Thanks to our episode sponsor, deepwatch All links and the video of this episode can be found on CISO Series.com

US says national water supply 'absolutely' vulnerable to hackers Microsoft mitigated a record 3.47 Tbps DDoS attack on Azure users BotenaGo Mirai botnet code leaked to GitHub Thanks to our episode sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. For the stories behind the headlines, head to CISOseries.com.