Cybersecurity Headlines

Link to Blog Post This week's Cyber Security Headlines – Week in Review, August 9-13, 2021, is hosted by Rich Stroffolino with our guest, Ben Sapiro, CISO, Canada Life Thanks to our episode sponsor, Sotero All links and the video of this episode can be found on CISO Series.com

Another unpatched PrintNightmare zero-day PrintNightmare vulnerability weaponized by ransomware gang Notorious darknet market comes back to life Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com

China signals tech crackdown will deepen Poly Network hacker has a change of heart PrintNightmare finally patched for good Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.

eCh0raix ransomware now targets both QNAP and Synology NAS devices At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks US Senate sends infrastructure bill to House Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com.

Ransomware demands surge in 2021 Flaw found in IOT random number generators Apple says nation states cannot add to CSAM scanning lists Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.

Actively exploited bug bypasses authentication on millions of routers A zero-day RCE in Cisco ADSM has yet to be fixed Password of three random words better than complex variation, experts say Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, August 2-6, 2021, is hosted by Rich Stroffolino with our guest, Sandy Dunn, Blue Cross of Idaho Thanks to our episode sponsor, PlexTrac All links and the video of this episode can be found on CISO Series.com

US partners with Amazon, Google, and Microsoft to help fight cyber threats Conti ransomware gang falls victim to insider data leak Microsoft announces new 'Super Duper' browser security feature Thanks to our episode sponsor, PlexTrac PlexTrac is the Purple Teaming Platform. Use the Runbooks Module to facilitate your tabletop exercises, red team engagements, breach and attack simulations, adversary emulation, and pentest automation to improve communication and collaboration. PlexTrac provides the platform to measure real progress and demonstrate real results. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com

Google and Amazon patch DNS-as-a-Service bugs Asian telcos hit by separate Chinese cyber attacks US government struggles against the cyber security skills shortage Thanks to our episode sponsor, PlexTrac Level up your team's capabilities with PlexTrac. Regardless of size, resources, or maturity, every team can take steps to improve defenses against imminent threats like ransomware. PlexTrac is the perfect platform to make the most proactive engagements by tracking tactics, visualizing metrics, supporting communication, and measuring remediation. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

Federal agencies are failing to protect sensitive data, Senate report finds Spear phishing attackers increasingly targeting non-C-suite employees All apps on Google Play Store will need privacy policy by next April Thanks to our episode sponsor, PlexTrac PlexTrac is the solution to deal with your data. Aggregate findings from all assessments to produce the analytics needed to make informed decisions. Produce data visualizations and add them to reports with one click to communicate effectively to leadership. PlexTrac is the premier product for security data management. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.

APT targeting Microsoft IIS servers Pegasus spyware confirmed on journalist phones Someone is spoofing military ship locations Thanks to our episode sponsor, PlexTrac Gain a real-time view of security posture with PlexTrac by consolidating scanner findings, assessments, and bug bounty tools. Visualize your posture in the Analytics Module to quickly assess and prioritize, creating a more effective workflow. Robust filtering allows for effortless options in viewing and communicating your data. Track your signal through the noise with PlexTrac. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

BlackMatter ransomware gang rises from the ashes of DarkSide, REvil Remote print server gives anyone Windows admin privileges on a PC Justice Department says Russians hacked federal prosecutors Thanks to our episode sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! For the stories behind the headlines, head to CISOseries.com.

Biden warns that severe cyberattacks could escalate to an actual war New ransomware gangs emerge on cybercrime forums New Android malware uses VNC to spy and steal victim passwords Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com

Link to Blog Post This week's Cyber Security Headlines – Week in Review, July 26-30, 2021, is hosted by Rich Stroffolino with our guest, Robb Reck (@robbreck), founder and host, Colorado = Cybersecurity Thanks to our sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit varonis.com/risk All links and the video of this episode can be found on CISO Series.com

Federal agencies directed to develop cyber security standards for infrastructure Controversial vulnerability search engine re-released at Defcon The most exploited vulnerabilities of the year Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.

Microsoft rushes fix for PetitPotam attack PoC Apple releases urgent zero day bug patch for Mac, iPhone and iPad devices Google launches new Bug Hunters vulnerability rewards platform Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.

No More Ransom project five-years in Google Cloud Commits to APIs WhatsApp CEO details 2019 Pegasus spyware attack Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk

French president pushes for Israeli inquiry into NSO spyware concerns Microsoft shares mitigations for new PetitPotam NTLM relay attack Fake Windows 11 installers already distributing malware Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.

NSO Group says to blame its customers Saudi Aramco confirms data leak Sophos to acquire Braintrace Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, July 19-23, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average employee can access 17 million files they don't need, and only a handful live on their laptop. Protect your data from the inside out and detect early signs of ransomware – automatically with Varonis. Visit varonis.com/risk All links and the video of this episode can be found on CISO Series.com

Israel creates task force to look into NSO spyware Bill could increase the FTC's role in fighting ransomware NPM package stealing saved browser passwords Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.

China fires back at US after Exchange hack accusations Unpatched iPhone bug allows remote device takeover 16-year-old bug in printer software gives hackers admin rights Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com

Leaked NSO group data hints at widespread Pegasus spyware infections UK and White House blame China for Microsoft Exchange Server hack Saudi Aramco data breach sees 1TB of stolen data for sale Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.

Israeli firm uses Windows zero-days to deploy spyware Cyberattacks increased 17% in Q1 of 2021, with 77% being targeted attacks Another unpatched bug in Windows print spooler Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.

Facebook says it disrupted Iranian Tortoiseshell hacking campaign US offers $10 million reward to combat state-sponsored cyberattacks Report identifies top threats to Tokyo Olympic Games Thanks to our episode sponsor, Varonis We all know devasting ransomware goes beyond the endpoint. Big game ransomware defense for your cloud and on-prem data is on everyone's mind. Varonis can help ease your worries with a free ransomware preparedness assessment. Visit varonis.com/risk for more information. For the stories behind the headlines, head to CISOseries.com

Link to Blog Post This week's Cyber Security Headlines – Week in Review, July 12-16, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Norman Hunt, deputy CISO, GEICO Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform. ll links and the video of this episode can be found on CISO Series.com

China issues new zero-day rules Google discloses four zero-days tied to Russian APT Microsoft announces Windows 365 at Inspire 2021 Thanks to our episode sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform.

REvil web sites mysteriously shut down New BIOPASS malware livestreams victim's computer screen New CISA director confirmed, White House gains cyber-director Thanks to our episode sponsor, Varonis The first time we got hit with ransomware it took us weeks to recover. The second time we got hit, it took us two hours. Why? Because we had Varonis. Varonis reduces the ransomware blast radius and monitors our most important data, automatically. Hear more at varonis.com/risk For the stories behind the headlines, head to CISOseries.com.

Ransomwhere site hopes to provide transparency Microsoft to buy RiskIQ The scope of China's Great Firewall internet censorship Thanks to our episode sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Learn more at varonis.com/risk

Cyber-attack hits Iran's transport ministry and railways Hackers use a new technique to disable macro security warnings in weaponized docs MacOS targeted in WildPressure APT malware campaign Thanks to our episode sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Visit varonis.com/risk to help make sure your data is protected. For the stories behind the headlines, head to CISOseries.com.

Phishing campaign spells double-trouble for Kaseya customers Google sued by 36 states over Play Store fees Morgan Stanley falls victim to third-party data breach Thanks to our episode sponsor, Viakoo Want to use 802.1x or TLS certificates on IoT devices, but believe it's hard to manage? It isn't if you use Viakoo. Let Viakoo show you how to manage certificates enterprise-wide from a single console and quickly improve your cyber hygiene. We're available at Viakoo.com. For the stories behind the headlines, head to CISOseries.com

Link to Blog Post This week's Cyber Security Headlines – Week in Review, July 5-9, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Shawn M. Bowen, CISO, World Fuel Services Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don't work for IoT. Viakoo's award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com. All links and the video of this episode can be found on CISO Series.com

Russian APT targets Republican National Committee White House urges mayors to review cyber security posture Incomplete PrintNightmare emergency patch released Thanks to our episode sponsor, Viakoo IT vulnerability remediation solutions don't work for IoT. Viakoo's award-winning agentless and automated IoT vulnerability remediation solution can quickly shrink the attack surface created by distributed and unmanaged IoT devices. See Viakoo at Black Hat, and visit us at Viakoo.com.

Kaseya patches imminent after zero-day exploits REvil lowers ransom for universal decryptor Pentagon cancels $10 billion JEDI cloud contract that Amazon and Microsoft were fighting over Thanks to our episode sponsor, Viakoo Did you know IP cameras are responsible for 1/3rd of all IoT cyber breaches? And that 7 out of 10 cameras are running out of date firmware? Viakoo has proven solutions to automate cyber hygiene on cameras and other IoT devices. Sign up for a personalized demo at Viakoo.com. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.

REvil confirms Kaseya attack White House will attribute Hafnium Exchange hacks Cyber reinsurance rates see a spike Thanks to our episode sponsor, Viakoo Using a discovery solution like Armis, Forescout, Ordr, and others? Great news – when you discover vulnerable IoT devices you can automate firmware, certificate, and password management to make those devices secure. Learn more at Viakoo.com.

Kaseya was fixing zero-day just as REvil sprang their attack DHS announces most successful cybersecurity hiring initiative in its history Robinhood ordered to pay $70 million over 'harm' caused to millions of traders Thanks to our episode sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com.

Russian military cyber-unit behind large-scale brute-force attacks Authorities seize DoubleVPN service used by cybercriminals Microsoft research team reveals critical vulns in Netgear routers Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.

Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 28-July 2, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Gerhard Rickert, VP, Information Security, Central Pacific Bank Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial's information. Despite a multi-million-dollar ransom payment, the pipeline's stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts. All links and the video of this episode can be found on CISO Series.com

Secrecy orders abound in Microsoft's government data requests When proof of concepts go wrong Maine passes strong facial recognition ban Thanks to our episode sponsor, Keyavi Worried about being the next ransomware victim, like Colonial Pipeline? Cyber criminals stole gigabytes of data before their first extortion attempt, demanding payment to decrypt Colonial's information. Despite a multi-million-dollar ransom payment, the pipeline's stolen data is in the hands of these attackers forever. Head to www.keyavi.com/sessions to learn more about protecting data from extortion attempts.

Data for 700 million LinkedIn users posted for sale House lawmakers introduce American Cybersecurity Literacy Act to mitigate cyber risks UK foreign secretary's private mobile number has been online for at least 11 years Thanks to our episode sponsor, Keyavi Ransomware is big business. This nightmare usually gives cyber criminals multiple opportunities to hold your data hostage. After stealing it, attackers can also threaten to reveal the contents of your data publicly and damage reputations in the process. If your data self-protects, it becomes totally useless to criminals. Visit www.keyavi.com/sessions to learn how to protect your data from extortion. For the stories behind the headlines, head to CISOseries.com.

Windows 11 CPU confusion continues EA ignored domain vulnerabilities for months Ransomware increasingly hiding in VMs Thanks to our episode sponsor, Keyavi 7 in 10 white-collar employees in the U.S. are still working remotely. Virtual teams boomed in 2020 and are here to stay. Locking down networks, restricting collaboration and prohibiting BYOD may limit some security risks. But a much bigger attack surface today exposes remote workers to far greater risks. Visit www.keyavi.com/sessions slash-sessions -- to learn how self-protecting data equals peace of mind.

Microsoft admits to signing rootkit malware in supply-chain fiasco Senate fails to confirm new CISA director before two-week break, drawing criticism Hackers release free games laced with cryptomining malware Thanks to our episode sponsor, Keyavi Google Security VP Royal Hansen said recently that the biggest security challenge over the next 10 years will be "shifting the focus of security from the technical hygiene of code and configuration to self-defending data." Guess what? Self-protecting data isn't 10 years away – it's here now! Visit www.keyavi.com/sessions to see how the previously impossible is now possible. For the stories behind the headlines, head to CISOseries.com.

Dell bug puts 30 million PCs at risk Irish health services still feel the impact of ransomware Google delays third-party cookie ban Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Read our 'CISOs Guide to Salesforce' at RevCult.com.

Link to Blog Post This week's Cyber Security Headlines - Week in Review, June 21-25, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Ira Winkler, CISO, Skyline Technology Solutions Thanks to our sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. All links and the video of this episode can be found on CISO Series.com

Antivirus pioneer John McAfee found dead in Spanish prison MITRE releases D3FEND framework Tulsa issues fraud warning after police citation leak Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses. For the stories behind the headlines, head to CISOseries.com

DirtyMoe is a rapidly growing Windows botnet Majority of web apps in 11 industries are vulnerable all the time Lexmark printers open to arbitrary code-execution Zero-Day Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Read our 'CISOs Guide to Salesforce' at RevCult.com. For the stories behind the headlines, head to CISOseries.com

Data leak marketplace dials up the pressure Bay Area water treatment plant targeted in cyber attack CISA lacks info on federal agency security Thanks to our episode sponsor, RevCult On average, 18% of all your Salesforce data fields are highly sensitive and 89% of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment at RevCult.com to understand your Salesforce security weaknesses.

New iPhone bug can permanently break WiFi simply by connecting to a rogue hotspot New York City Law Department hacked SASE: 64% of businesses are adopting or plan to adopt in the next year Thanks to our episode sponsor, Viakoo If you discover vulnerable IoT devices on your network, stop port-blocking them. Instead, use Viakoo to remediate vulnerabilities and keep devices delivering their value as full network citizens. Visit Viakoo.com to learn more. And come visit us at Black Hat this year. For the stories behind the headlines, head to CISOseries.com.

Ukrainian and South Korean police raids collar Clop ransomware gang suspects Over one billion CVS Health records exposed online Scammers using fake Ledger devices to swipe cryptocurrency Thanks to our episode sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more. For the stories behind the headlines, head to CISOseries.com

Link to Blog Post This week's Cyber Security Headlines - Week in Review, June 14-18, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Peter Liebert (@LiebertPeter), CISO, Cerner Government Services. With all the cybersecurity tools you have, why is your data still vulnerable? You're assuming data cannot protect itself. BUT NOW IT CAN! Need to revoke access after data leaves your possession? Authorize remote locations real-time? Or change permissions on the fly? Seeing is believing. Sign-up at www.keyavi.com/sessions -- that's K-E-Y-A-V-I-dot-com-slash-sessions -- and take control of your data today. All links and the video of this episode can be found on CISO Series.com