18 Dec 2019

11 Habits of Highly Effective CISOs

What does it take to be a highly effective CISO? Over the past 25 years, I’ve consulted for hundreds of executives on cybersecurity issues including direct support to dozens of CISOs working to effectively manage cyber risk in a wide variety of organizations.  With this post, I’ve attempted to capture some of the best practices from the most effective CISOs I know. In future articles, we’ll look at each of the 10 habits in greater detail, including direct input from the CISO community. 

Read More
11 Dec 2019

Data Leak Week: Billions of Sensitive Files Exposed Online

Earlier this week, separate data exposure incidents left a total of 2.7 billion email addresses, 1 billion passwords, and nearly 800,000 applications for copies of birth certificates were found on unsecured cloud buckets by security researcher Bob Diachenko. Organizations continue to fail to lock down their cloud servers, and researchers

Read More
11 Dec 2019

Here’s what will happen to your Windows 7 PC on January 15, 2020

After January 14, Windows 7 users will get no more security updates to the operating system for free, warns Microsoft. Even though users will be able to continue to run Windows 7 after January, they could potentially face more security problems. Microsoft plans to deliver a new pop up notification

Read More
09 Dec 2019

Microsoft Security: Password Problem Affecting 44 Million Users Revealed

The Microsoft threat team recently analyzed a database that contained leaked login credentials of over 44 million users, exposed from multiple security breaches. Microsoft disclosed that the information came from multiple sources, including law enforcement agencies and open source resources. In the first three months of 2019, Microsoft uncovered that

Read More
05 Dec 2019

Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM

IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity

Read More
03 Dec 2019

Report: ‘Smishing,’ Deepfakes to Continue to Rise in 2020

Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that

Read More
02 Dec 2019

5G hackers: These six groups will try to break into the networks of tomorrow

European security agency Enisa has identified the groups it believes are the biggest threat to 5G networks. Enisa warns that threats to telecoms infrastructure will increase with the arrival of 5G and next-generation mobile connectivity. 5G will present a wide array of risks, from automated factories to connected cars, attracting

Read More
02 Dec 2019

Snapshot: Top 25 Most Dangerous Software Errors

The Homeland Security Systems Engineering and Development Institute (HSSEDI), under the Department of Homeland Security, updated the top 25 Common Weakness Enumeration (CWE) list for the first time in eight years. The CWE list compiles the most critical errors that lead to flaws in software. The CWE list is vital

Read More
25 Nov 2019

Cybercriminals targeting e-commerce website vulnerabilities this holiday season

98% of Alexa 1000 websites have not adopted sufficient client-side cybersecurity measures to prevent threat actors from attacking the websites to carry out personal, financial and credential theft, a recent study by Tala Security found. This risk is elevated during the holiday season when ecommerce sales and cybercriminial activity related

Read More
25 Nov 2019

Developers worry about security, still half of teams lack an expert

A new survey by WhiteHat sheds light on the state of security in the context of software development. Three in four (75%) developers express concerns about application security and 85% say that security is of high importance in the  software development lifecycle (SDLC). However, close to half of software development

Read More