-
What is the cyber kill chain? A model for tracing cyberattacks
PRIVACY PRIVACY As an infosec professional, you’ve likely heard about using a cyber kill chain to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is an explanation of the cyber kill chain and how you might employ it in…
-
5 Ongoing Cybersecurity Concerns and How SLTTs Can Beat Them
PRIVACY PRIVACY Many SLTTs have been grappling with the same five cybersecurity concerns since 2015. But these obstacles aren’t insurmountable. Read More
-
Rare and dangerous Incontroller malware targets ICS operations
PRIVACY PRIVACY In the second major industrial control system (ICS) threat development this week, the U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory (CSA) warning of a complex and dangerous ICS threat. The CSA says…
-
Kyndryl rolls out Dell partnership for disaster recovery and security
PRIVACY PRIVACY A new system recovery offering from former IBM division and current managed infrastructure service provider Kyndryl incorporates air-gapped data vaulting technology from Dell for faster recovery from major cybersecurity incidents like ransomware attacks. The Cyber Incident Recovery service is a four-part system, says Kyndryl global security and resiliency practice leader Kris Lovejoy. Kyndryl…
-
US Government warns of new malware attacks on ICS/SCADA systems
PRIVACY PRIVACY Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure. Read more in my article on the Tripwire State of Security blog. Read More
-
MetroHealth Data Breach Involved 1700 Patients
PRIVACY PRIVACY The breach involved patient names, care provider names and appointment details Read More
-
Upcoming Speaking Engagements
PRIVACY PRIVACY This is a current list of where and when I am scheduled to speak: I’m speaking at Future Summits in Antwerp, Belgium on May 18, 2022. I’m speaking at IT-S Now 2022 in Vienna on June 2, 2022. I’m speaking at the 14th International Conference on Cyber Conflict, CyCon 2022, in Tallinn, Estonia…
-
Industrial Control System Malware Discovered
PRIVACY PRIVACY The Department of Energy, CISA, the FBI, and the NSA jointly issued an advisory describing a sophisticated piece of malware called Pipedream that’s designed to attack a wide range of industrial control systems. This is clearly from a government, but no attribution is given. There’s also no indication of how the malware was…
-
Smashing Security podcast #270: Bearded Barbie, EDR scams, and hobbyist crime detectives
PRIVACY PRIVACY Pulchritudinous women with glossy long hair are targeting Israeli officials via Facebook – but why? Scammers have found a new way to gain access to your most sensitive information – but how? And armchair detectives are helping investigating cold cases involving DNA – but should they? All this and much more is discussed…
-
Balooning growth of digital identities exposing organizations to greater cybersecurity risk
PRIVACY PRIVACY A wave of digital initiatives by organizations worldwide has created an explosion of human and machine identities that are increasing the exposure of those organizations to ransomware and supply chain threats, according to CyberArk’s 2022 Identity Security Threat Landscape report released Tuesday. The report found that nearly four out of five of the…