If you told me a year ago that I would meet a cold war hero at a birthday party, I wouldn’t have believed you. And I would be even more skeptical if you told me she would be an unintimidating, approachable music professor with an infectious smile. The Birthday Party It’s the summer of 2021. After more than a year without travel due to COVID, my wife, Kim, and I were excited to attend the birthday party of a close friend, and spend a few relaxing days in southern California. The party was held at our friend’s house and perfect weather allowed everyone to mingle both inside and outside. We only ..read more

If you are reading this, you likely have heard about Log4Shell, the December, 2021 critical zero-day remote-code execution vulnerability in the popular Log4j software library that is developed and maintained by the Apache Software Foundation. Apache has patched this vulnerability in version 2.15.0, however vendors who use this library will need to patch their affected systems. Amit Yoran, CEO of the cybersecurity firm Tenable, called it “the single biggest, most critical vulnerability of the last decade” – and possibly the biggest in the history of modern computing. In addition to the remote-c ..read more

Last year, Humble Bundle teamed up with the great tech publisher, No Starch Press, to offer deeply discounted hacking ebooks for as little as one dollar with the Hacking 101 By No Starch Press Humble Bundle of ebooks. This year, on Giving Tuesday, No Starch Press has a new Hacking Book Bundle. The regular cost for the ebooks is more than $800 but you can get all of these ebooks for thirty dollars or just a few of the ebooks for as little as one dollar. When Can I Get This Deal? Humble Bundle cycles through deals like this on a regular basis and this one is available for the next 20 days (Decem ..read more

October is Cybersecurity Awareness Month and Breast Cancer Awareness Month. Since this is a cybersecurity blog, we will focus on cybersecurity but let’s take a moment to talk about the important topic of breast cancer. Breast Cancer Awareness Month On September 30th, President Biden proclaimed October 2021 as National Breast Cancer Awareness Month. Biden’s proclamation states that 1 in 8 women will develop breast cancer over the course of their lifetime and 281,550 women will be diagnosed with breast cancer in the United States in 2021. Early detection is critical so be sure to get screened re ..read more

The Colonial Pipeline ransomware attack took down the largest fuel pipeline in the United States and resulted in consumer hoarding of fuel and a short-term shortage of gasoline on the east coast of the U.S.. While pipeline systems were not directly infected with ransomware, the pipeline was shut down as a precaution during the investigation and ransom negotiation. What happened? A cybercrime group named, DarkSide, has taken responsibility for the ransomware attack according to Vice. The cybercriminals discovered a username and password associated with a VPN that the Colonial Pipeline used ..read more

Aiming to improve cybersecurity in the United States, President Biden signed an executive order (EO) on May 12, 2021. Although the EO focuses on U.S. federal departments’ and agencies’ cybersecurity, it will likely result in standards that will change the way the private sector manages cybersecurity within the United States and globally. This cybersecurity EO was signed soon after the world experienced a series of widespread cybersecurity incidents such as the SolarWinds supply chain attack, the Microsoft Exchange zero-day vulnerability attacks and the ransomware attack that cau ..read more

It’s World Password Day! Are your passwords strong enough? Do you have a long, unique password for every account? Do you use multi-factor authentication where available? If you answered, “no” to any of these questions or if you’re not sure, please read on. If you answered yes, then congratulations! Although you can read on too because you may need to send this blog to some family and friends who need it. Thursday May 6, 2021 is the eighth annual World Password Day and it provides a great opportunity for everyone to look at their password strategy and make changes if necessary. (Spoiler alert ..read more

I have always considered myself pretty lucky in that I rarely receive fraudulent text messages. That luck recently ran out. Over the past few weeks I have noticed an uptick in the number of SMS phishing (smishing) messages that I receive on my phone. A few days ago, the smishing seemed to become even more frequent. If you’re not familiar with smishing, you can learn more in this Between The Hacks blog. Interestingly, most of the fraudulent text messages that I received were using a name that I only use on Facebook, which of course leads me to believe that the attackers got the cell phone numbe ..read more

Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a list of 2021 cybersecurity reports. We will add more categories and reports as we come across them. If you find anything that should be on this list, please let us know. If you’re looking for a report from 2020, check out the Between The Hacks list of 2020 Cybersecurity Reports 2021 Cybersecurity Reports Threats 2021 Dragos Cyber Threat Perspective - Manufacturing Sector 2021 IBM X-Force Threat Intel ..read more

The March 2021 issue of Security magazine, partnering with (ISC)2, featured their inaugural list of the Top Cybersecurity Leaders for 2021. As the author of this blog, I am both humbled and honored, to not only be part of the inaugural team, but also to be recognized with these accomplished cybersecurity professionals. “Security partnered with (ISC)², the world’s leading cybersecurity professional organization, to find enterprise information security executives who have made and continue to make significant contributions in the cybersecurity space to their organizations and the security profes ..read more