More CISOs are dissatisfied with the role today than ever before, with studies showing that a high number of security chiefs (75%) are interested in a job change. What gives? Researchers, advisors and CISOs themselves cite a litany of reasons for the current discontentment, ranging from a lack of executive support to the increased level of liability created by recently enacted security regulations like those implemented recently by the US Securities and Exchange Commission (SEC). It doesn’t help that in several recent incidents, CISOs have been held legally personally responsible for the han ..read more

Breaches are inevitable due to the asymmetry of attacks – carpet checks versus guerilla warfare. Companies – regardless of size – have been breached. For years, security leaders have spoken about the myth of the infallible Protection doctrine and reasons for improving on detection, response, and recovery. We broached on the need for threat intelligence, advanced threat-hunting, responding through table-top exercises, and having tightly integrated SIEMs (security information and event management) and SOARs (security orchestration, automation, and response) to quickly contain breaches. However ..read more

Absence of adequate remote access authentication has emerged as the probable cause of the infamous Change Healthcare ransomware attack. Attackers “compromised credentials on an application that allows staff to remotely access systems” before infiltrating Change Healthcare’s networks on or around February 12, an unnamed person “familiar with the ongoing investigation” told the Wall Street Journal. Multi-factor authentication controls were absent on this application — contrary to industry best practice — leaving the vulnerable application exposed. Cybercriminals subsequently loitered on the US ..read more

Russia-linked advanced persistent threat (APT) actor Forest Blizzard had, since June 2020, exploited a now-patched Windows vulnerability to drop previously unknown, custom post-compromise malware, GooseEgg, according to a Microsoft report. Forest Blizzard, linked previously to the Russian intelligence agency General Staff of the Armed Forces of the Russian Federation (GRU), deployed GooseEgg to gain elevated access to target systems and steal credentials and information. “Although Russian threat actors are known to have exploited a set of similar vulnerabilities known as PrintNightmare (CVE ..read more

While chief information security officers (CISOs) are rarely tasked with the full range of health and human safety concerns that facilities teams or chief security officers must act upon, CISOs still have a huge part to play in enterprise physical security strategies from physical security systems that connects to IT systems to physical access to IT assets. What is physical security? Physical security is the protection of people, property, and physical assets from actions and events that could cause damage or loss. Though often overlooked in favor of cybersecurity, physical security is equal ..read more

After the CSRB report, Microsoft must eschew marketing hyperbole while apologizing for its cavalier security practices, communicating its remediation plan, and report honest metrics to the security community as it proceeds. On March 20 of this year, the Cyber Safety Review Board (CSRB), an organization under the Cybersecurity and Infrastructure Security Agency (CISA) that was established pursuant to President Biden’s Executive Order (EO) 14028 on ‘Improving the Nation’s Cybersecurity’, published a report titled: “Review of the summer 2023 Microsoft Exchange Online Intrusion.“ As the title su ..read more

An increasing number of attackers are trying to exploit a critical vulnerability in firewall appliances from Palo Alto Networks after proof-of-concept exploit code was published last week. The flaw was originally reported on April 12th as a zero-day after an APT group was found exploiting it in the wild in limited attacks. As of April 18, there were still about 22,500 devices accessible from the internet that were potentially vulnerable, according to statistics from the Shadowserver Foundation. While the number is significant considering that every such device is a potential gateway into a c ..read more

Modern software has completely transformed the way organizations operate and compete in the market. With the increasing demand for secure and reliable software delivered at scale, the pressure to meet time-to-market deadlines has never been greater. To manage software risk and also increase development velocity and agility, organizations are deploying more and more security tools that promise to meet these challenges head-on.   But this is having the opposite of its desired effect; security tool proliferation has resulted in complexity that has slowed down development teams, decreased o ..read more

It’s been said before—long before. It’s the 18th-century philosopher Voltaire who gets credit for the timeless proverb “Perfect is the enemy of good.” But here we are, centuries later, and it’s still relevant—in this case to modern software development. If you try to make software perfect, not only will you fail at that, but you’ll also fail to get a product out the door. To do what’s good while actually getting things done requires setting priorities: Fix the biggest problems, eliminate the worst threats, and get the product to market. That’s what DevSecOps, done right, can do. But doing it ..read more

A ..read more