POPULARITY
President Trump signs the Take It Down Act into law. A UK grocer logistics firm gets hit by ransomware. Researchers discover trojanized versions of the KeePass password manager. Researchers from CISA and NIST promote a new metric to better predict actively exploited software flaws. A new campaign uses SEO poisoning to deliver Bumblebee malware. A sophisticated phishing campaign is impersonating Zoom meeting invites to steal user credentials. CISA has added six actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. A bipartisan bill aims to strengthen the shrinking federal cybersecurity workforce. Our guest is Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 DBIR. DOGE downsizes, and the UAE recruits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Novak, Vice President of Global Cybersecurity Solutions at Verizon, sharing insights on their 2025 Data Breach Investigations Report (DBIR).Selected Reading Trump signs the Take It Down Act into law |(The Verge) Supplier to Tesco, Aldi and Lidl hit with ransomware (Computing) Fake KeePass password manager leads to ESXi ransomware attack (Bleeping Computer) Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers (Security Week) Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO (Cybersecurity News) New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials (GB Hackers) CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA) Federal cyber workforce training institute eyed in bipartisan House bill (CyberScoop) UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military (Zetter Sero Day) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
Drex covers essential cybersecurity reports including the HIMSS Survey, Cincinnati's Healthcare Cybersecurity Benchmarking Study, CrowdStrike's 2025 Global Threat Report, and Verizon's DBIR. Also highlighted: an Oracle engineering error affecting 45 hospitals' EHRs, Yale New Haven's breach impacting 5.5 million patients, and Blue Shield of California's Google Analytics configuration mistake exposing 4.7 million patients' data.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer
As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404
As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He'll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-404
In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404
In this episode of Security Squawk, we dissect a wave of high-impact cyber events: a Texas city forced offline by a cyberattack; a 9% jump in ransomware against U.S. infrastructure; the FBI's record-breaking $16.6 B loss in 2024; North Korean spies posing as U.S. firms to infect crypto developers; global cyberwarfare readiness; and headline-grabbing data leaks—from Legends International to Blue Shield's PHI slip. Plus, Randy breaks down AI's promise (and pitfalls) in cybersecurity, and we unpack Verizon's DBIR warning on third-party breach surges. In our Follow-Up, we revisit DaVita's dialysis response, Sensata's production halt, and Frederick Health's 1 M patient-record breach. Tune in now!
Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"
- For those not familiar with you and ThreatLocker, can you tell us a bit about yourself and the ThreatLocker team?- When we look out at the endpoint protection landscape, what do you feel some of the most pressing threats and risks are?- There of course has been a big push for Zero Trust in the industry being led by CISA, NIST, and industry. How does ThreatLocker approach Zero Trust when it comes to the Endpoint Protection Platform?- Another thing that caught my eye is the ThreatLocker Allowlisting capability. We know Applications remain one of the top attack vectors per sources such as the DBIR. Can you tell us about the ThreatLocker Allowlisting capability and blocking malicious app activity on endpoints?- Taking that a step further, you all often speak about your Ringfencing capability that deals with Zero Day vulnerabilities. As we know, traditional vulnerability management tools can't stop Zero Day exploits. How does the ThreatLocker platform handle Zero Day protection?- I saw you all recently had a webinar focused on CMMC and NIST 800-171, which applies to the Defense Industrial Base. Obviously endpoint threats are a big concern there for the DoD and the DIB. Can you talk about how ThreatLocker is working with that community?- For folks wanting to learn more about ThreatLocker, where should they go, and what are some things to keep an eye out for?Find out more about ThreatLocker!
In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CISTogether, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.Here are some highlights from our episode:02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR07.27. The two types of data that Verizon uses as input for its report13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement24:48. A glimpse at what goes into producing the DBIR28.33. The importance of leadership in guiding team dynamics and fun32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR teamResources2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report2024 Data Breach Investigations ReportThe VERIS FrameworkCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted.The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures.You can download the full report here.
Forecast = Expect a stormy week ahead in the cyber world, with high chances of CWE showers. In this episode of Storm⚡️Watch, we're diving deep into the cyber world with a lineup of intriguing topics and expert insights. The spotlight of this episode shines on the 2024 Verizon Data Breach Investigations Report, a comprehensive analysis that sheds light on the evolving landscape of cyber threats and vulnerabilities. We'll quiz Glenn on the key findings of the report, discussing the significant increase in vulnerability exploitation as an initial access point, which nearly tripled in 2023. This segment will delve into the implications of these findings for organizations and the importance of robust cybersecurity measures. Our Cyber Spotlight segment will explore the impact of a recent solar storm on precision farming, highlighting how geomagnetic disturbances knocked out tractor GPS systems during a critical planting season. We'll discuss the broader implications of solar storms on GPS-dependent technologies and the steps industries can take to mitigate these risks. Additionally, we'll touch on the threats to precision agriculture in the U.S., including the warning about using Chinese-made drones in farming operations. In Tool Time, we introduce CISA's Vulnrichment, a tool designed to enrich vulnerability management processes. This segment will provide insights into how Vulnrichment can aid organizations in identifying and mitigating vulnerabilities more effectively. Our Shameless Self-Promotion segment will feature exciting updates from Censys & GreyNoise, including an upcoming report and webcast on AI for cybersecurity, and a recap of the NetNoiseCon event. We'll also drop a link to the "Year of the Vuln" as highlighted in the 2024 Verizon DBIR, a post which offers our take on surviving this challenging period. To wrap up, we'll discuss the latest trends in cyber threats and active campaigns, providing listeners and viewers with a comprehensive overview of the current cyber threat landscape. Storm Watch Homepage >> Learn more about GreyNoise >>
In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations
Half of the Storm⚡Watch crew is DoS'd at RSA this week, so we're taking a bit of a break! But, the cyber news never stops, so, we've put together an async edition of the show to ensure our amazing live contributors, video-on-demand viewers, and podcast listeners have something to fill the dire gap that will exist in your lives. Rest assured, we'll be back next Tuesday with the full crew and plenty to dig into. Read the accompanying blog/show notes here. Storm Watch Homepage >> Learn more about GreyNoise >>
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360
A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizon's DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers' travel data. The Feds look to shift hiring requirements toward skills. In our Industry Voices segment, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. Major automakers take a wrong turn on privacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on Industry Voices, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. For more of Steve's insights into gen AI, check out his article in Forbes. Selected Reading Breach at J.P. Morgan Exposes Data of 451,000 Plan Participants (PLANADVISER) White House releases National Security Memorandum on critical infrastructure security and resilience (Industrial Cyber) DBIR Report 2024 - Summary of Findings (Verizon) Experimental Morris II worm can exploit popular AI services to steal data and spread malware (Computing) Major U.S. newspapers sue OpenAI, Microsoft for copyright infringement (Axios) Marriott admits it falsely claimed for five years it was using encryption during 2018 breach (CSO Online) Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms (AP News) Qantas Airways Says App Showed Customers Each Other's Data (GovInfo Security) Agencies to turn toward ‘skill-based hiring' for cyber and tech jobs, ONCD says (CyberScoop) Carmakers lying about requiring warrants before sharing location data, Senate probe finds (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
North Korea's increasingly supple cyber offensives. A look at Cl0p. The NetSupport RAT's fake update vectors. HotRat is a Trojan that accompanies illegally pirated software and games. Crackable radio encryption standard: a bug or a feature? Chris Novak from Verizon discusses ransomware through the lens of the DBIR. Carole Theriault describes a ransomware attack that hit close to home. And an alleged money-laundering crypto-rapper is back in the news. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/139 Selected reading. North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant (Mandiant) Ransomware Roundup - Cl0p (Fortinet Blog) FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT (Malwarebytes) Researchers Find ‘Backdoor' in Encrypted Police and Military Radios (Vice) Unmasking HotRat: The hidden dangers in your software downloads (Avast) Researchers Find ‘Backdoor' in Encrypted Police and Military Radios (Vice) Crypto rapper 'Razzlekhan,' husband reach plea deal over Bitfinex hack laundering (Reuters)
Vulnerabilities are identified and patched in Citrix Netscaler products and Adobe Coldfusion. The banking sector should be monitoring the dark web for leaked credentials and insider threats. Spyware vendors are added to the US Entity List. WhatsApp accounts may be at risk. Verizon's Chris Novak shares insights on Log4j from this year's DBIR. Our guest is Candid Wüest of Acronis discussing the findings of their Year-end Cyberthreats Report. Skirmishes in the cyber phases of Russia's war. And how do you demobilize cyber forces (especially the auxiliaries) once the war is over? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/136 Selected reading. Exploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns New critical Citrix ADC and Gateway flaw exploited as zero-day (BleepingComputer) Citrix alerts users to critical vulnerability in Citrix ADC and Gateway (Computing) Adobe, Microsoft and Citrix vulnerabilities draw warnings from CISA (Record) Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities (Rapid7) Dark Web Threats Against The Banking Sector › Searchlight Cyber (Searchlight Cyber) WhatsApp Remote Deactivation Warning For 2 Billion Users (Forbes) The United States Adds Foreign Companies to Entity List for Malicious Cyber Activities - United States Department of State (United States Department of State) Commerce Adds Four Entities to Entity List for Trafficking in Cyber Exploits (Bureau of Industry and Security) Russian hackers may be behind 'DDoS' attack on NZ Parliament website (Stuff) Russian medical lab suspends some services after ransomware attack (Record) If you want peace, prepare for… cyberwar - Friends of Europe (Friends of Europe)
CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/132 Selected reading. CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) How a Cloud Flaw Gave Chinese Spies a Key to Microsoft's Kingdom (WIRED) Chinese hackers breached U.S. and European government email through Microsoft bug (Record) FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan | The White House (The White House) National Cybersecurity Strategy Implementation Plan (White House) LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros (Fortinet Blog) New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware (Uptycs) Russia Is Trying to Leave the Internet and Build Its Own (Scientific American) The GRU's Disruptive Playbook (Mandiant) Hack Blamed on Wagner Group Had Another Culprit, Experts Say (Bloomberg)
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Last year Americans lost $10.3 billion to online crime; contrast that with the estimated $1.3 billion lost to home robberies. Today's interview with Dr. Zulfikar Ramzan from Aura gives our federal listeners ideas on how to protect your identity. We have learned that when a person's identity gets compromised, it can lead directly to their employer, an especially sensitive problem when considering people who work for the federal government. In the cybersecurity community the gold standard for a detached perspective on understanding cyber threats is the annual Verizon Data Breach Investigations Report, commonly referred to as the DBIR. This report reinforces many of the threats presented by Dr. Zulfikar. The DBIR shows that 74% of breaches involved the human element. This can be anything from compromised passwords to identity theft. In the corporate world, this can lead to financial compromise. In the federal world, it can lead to an international incident. Let's state the obvious: since Covid, remote workers have taxed the ability for systems managers to protect assets with simple username and password logins. Other ways to verify identity must be considered. Dr. Ramzan has a PhD. From MIT and 60 patents. He was involved in a leading cybersecurity organization when he heard of the innovations coming out of Aura. As a result, he decided to take his impressive background and hone in on helping individuals protect their identity. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com
As higher ed institutions continue to implement more digital technologies, data breach tactics have become increasingly sophisticated. Universities and colleges process and store massive amounts of sensitive personal and payments data, which are increasingly the target of cyberattacks. On this week's episode of FOCUS, Sean Davidson, Senior Manager of Security Solutions at Verizon, shares the latest trends in payment security and data breaches. Davidson also imparts wisdom on the best practices of cybersecurity that institutions can follow to keep data safe and under payment card industry (PCI) standards. Verizon in cybersecurity? On the surface, the correlation between Verizon, a telecommunications company, and cybersecurity might not be easy to make. However, Verizon has maintained dedicated cybersecurity services for 23 years. They offer security management and assessment services out of nine global security operation centers. Verizon was an original contributor to the PCI compliance requirements, offering primary forensic investigation (PFI) and qualified security assessor (QSA) services to companies so they can confidently validate that their environment is secure and PCI compliant. Data breach investigations report (DBIR) Verizon's most notable contribution to the cybersecurity industry is the Data Breach Investigation Report (DBIR). It's seen as the foremost authority on data breach investigations and reporting and made up of data gathered by Verizon and 86 partners and industry experts. In 2022, the DBIR confirmed 5,212 data breaches out of the 23,896 security incidents reported under the DBIR's framework. Davidson categorizes an incident as any time sensitive information is exposed, and breaches as anytime that information is then exfiltrated to outside environments. “We analyze that data, and we boil it down and come up with a view of the cybersecurity threat landscape that companies can use to better understand their threats, their attackers, their motives, and the defensive areas that they should bolster to help prevent impact from these attackers,” said Davidson. The DBIR's findings are published annually to the public, with 2022 marking the 15th publication. Trends In Davidson's observations, ransomware is five times more likely to affect education. Ransomware typically refers to sensitive information being compromised and held for a financial ransom. Even if the company pays the ransom, they might not regain access to the data or the data could still be leaked. A human element drives 82% of these breaches, mostly through phishing — which is when a scammer pretends to be a credible person within the victim organization to gain access to protected data. System intrusions are also a rising threat to higher ed institutions. A system intrusion is an instance of hacking through physical means or modems. This type of cyberattack can also take place due to miscellaneous errors like sending valuable details to a third party, leaving ports open on web applications, and other sometimes human mistakes. Web application attacks have decreased across the higher ed sector, possibly due to cloud service adoption. Protecting institutions One best practice to protect institutions is to have a solid security program with a good security posture. Cybersecurity insurance is a necessity, especially in the event of a breach. Davidson believes hiring a cybersecurity advisor is on the list of best practices to aid in cases of ransomware or phishing. Zero-trust environments are quickly becoming a proven safeguard for cybersecurity breaches. The environments are created by sharing data on a need-to-know authorization. This eliminates the amount of access given to data sets, limiting potential leak opportunities. Moving logins to two-factor authentication adds an extra layer of protection to accounts. This second step of identification could be as simple as a security question, or verification codes sent through text, email, or a phone call. Although the threat of cyberattacks never goes away, putting these best practices into action and being vigilant of system weaknesses can make all the difference in security. Resources from episode: Data Breach Investigations Report (DBIR) is available to download for free from Verizon: https://www.verizon.com/business/resources/reports/dbir/ Payment Security Report (PSR) is available to download for free from Verizon: https://www.verizon.com/business/reports/payment-security-report/ Contact Sean Davidson at sean.davidson@verizon.com. Special Guest: Sean Davidson.
In this episode:
The Cl0p gang claims responsibility for the MOVEit file transfer vulnerability. Verizon's DBIR is out. Palo Alto Networks takes a snapshot of last year's threat trends. A new criminal campaign targets Android users wishing to install modified apps. A smishing campaign is expanding into the Middle East. Cisco observes compromised vendor and contractor accounts as an access point for network penetration. Cyclops ransomware acts as a dual threat. Anonymous Sudan demands $1 million to stop attacks on Microsoft platforms. Ben Yelin explains a groundbreaking decision on border searches. Our guest is Matt Caulfield of Oort with insights on identity security. And a deepfaked martial law announcement airs on Russian provincial radio stations. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/108 Selected reading. Clop ransomware claims responsibility for MOVEit extortion attacks (BleepingComputer) CVE-2023-34362 Detail (National Institute of Standards and Technology) Microsoft links Clop ransomware gang to MOVEit data-theft attacks (BleepingComputer) BA, BBC and Boots hit by cyber security breach with contact and bank details exposed (Sky News) 2023 Data Breach Investigations Report (Verizon) 2023 Unit 42 Network Threat Trends Research Report (Unit 42) Tens of Thousands of Compromised Android Apps Found by Bitdefender Anomaly Detection Technology (Bitdefender) Chinese-speaking phishing ring behind latest fake fee scam targeting Middle East; another campaign exposed (Group-IB) Adversaries increasingly using vendor and contractor accounts to infiltrate networks (Cisco Talos) Cyclops Ransomware and Stealer Combo: Exploring a Dual Threat (Uptycs) U.S. Measures in Response to the Crisis in Sudan (US Department of State) Microsoft's Outlook.com is down again on mobile, web (BleepingComputer) Kremlin: fake Putin address broadcast on Russian radio stations after 'hack' (Reuters) Deep fake video of Putin declaring martial law is broadcast in parts of Russia (Semafor) Peskov called "Putin's emergency appeal" shown on some TV networks as a hack (TASS) Proceedings of the 2023 U.S.-Ukraine Cyber Dialogue (US Department of State)
Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
It is not just lemmings that follow a herd off the cliff; technology professionals are garden-variety humans and subject to herd thinking as well. If you try to keep up with trade publications you are subject to the editorial selection process of the folks who run the periodicals, newspapers, blog sites, newsletters, and podcasts. Catchy phrases pop up and it puts some joy into the drudgery of a daily tech column. You can take that from experience, I wrote over 500 weekly technology columns for The Washington Post. Occasionally, you need to get your head out of the sand to get a wider perspective. For each of the past fifteen years, Verizon has provided the community with the Data Breach Investigative Report, or the DBIR. During the interview, Melissa Gilbert tells listeners of the 23,816 incidents and 5,212 confirmed breaches included in the report. They gather information from over eighty organizations all over the world. She elucidates upon the difference between an event, an incident, and a breach. She details the data schema used for the report and explains the 4 A's: Actor, Action, Asset, and Attribute. You can get your own copy of the free report here: The Verizon Data Breach Investigative Report One of the key findings was the 13% increase in ransomware reported in the 2021 survey. If your agency has an initiative to prevent ransomware, you can be assured that you are not diving into an arcane topic. The conclusion is to focus on securing credentials. Most of these attacks start with credential theft and then move deeper into the system.
Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Chris has been a contributing author to the industry-recognized Verizon Data Breach Investigations Report (DBIR) since its inception (2008), a report which provides valuable information for CISOs on current trends and mitigation approaches. Join Chris as he reviews this year's (2022-2023) key trends with Ransomware, COVID-19 Remote Working impacts, threat actors, and risk mitigation. 2022 Data Breach Investigations Report, Verizon. https://www.verizon.com/business/resources/reports/dbir/ This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow Show Notes: https://securityweekly.com/csp90
In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw271
In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw271
This podcast is a discussion about the 2022 Verizon Data Breach Investigations Report and some of our key takeaways. From the Executive Summary of the DBIR: As introduced in the 2018 report, the DBIR provides “a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.” For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years. Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as the occurrence of shifting left. He would also like to speak to the solution he has found to this problem, specifically being that of developing a community, the Purple Book Community. This closely connects to the final topics he would like to cover, which include how breaches have continued to occur at an increasingly rapid pace, leading to the importance behind why and how companies should be prepared for when, not if, a cyber attack will occur. The talk will also cover how the Purple Book of Software Security came about and how it has now morphed into a global movement by security leaders, for security leaders, to develop secure software. Segment Resources: https://www.armorcode.com/ https://www.thepurplebook.club/ https://www.armorcode.com/what-is-appsecops https://www.armorcode.com/platform-overview https://www.armorcode.com/news https://www.armorcode.com/integrations This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw199
Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evolved, as well as how this has impacted development teams and security teams as well as the occurrence of shifting left. He would also like to speak to the solution he has found to this problem, specifically being that of developing a community, the Purple Book Community. This closely connects to the final topics he would like to cover, which include how breaches have continued to occur at an increasingly rapid pace, leading to the importance behind why and how companies should be prepared for when, not if, a cyber attack will occur. The talk will also cover how the Purple Book of Software Security came about and how it has now morphed into a global movement by security leaders, for security leaders, to develop secure software. Segment Resources: https://www.armorcode.com/ https://www.thepurplebook.club/ https://www.armorcode.com/what-is-appsecops https://www.armorcode.com/platform-overview https://www.armorcode.com/news https://www.armorcode.com/integrations This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw199
This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw199
This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw199
In this episode, we anxiously pore through the 2022 DBIR, looking for nuggets of wisdom we can apply to our defenses... only to find that not much changed this year. Ransomware is up, social engineering is down, but it's still a lot of the same types of attacks being done the same way by the same bad guys. If next year's is similar, we will not bother having a specific episode for review. Article - 2022 Data Breach Investigations Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!
An update on the DDoS attack against Norway. NATO's resolutions on cyber security. North Korea seems to be behind the Harmony cryptocurrency heist. MedusaLocker warninga. Microsoft sees improvements in a gang's technique. Google blocks underworld domains. The Israeli-Iranian conflict in cyberspace. Chris Novak from Verizon with his take on this year's DBIR. Our guest is Jason Clark of Netskope on the dynamic challenges of a remote workforce.And Now among the FBI's Ten Most Wanted: one Crypto Queen. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/126 Selected reading. Pro-Russian hackers launched a massive DDoS attack against Norway (Security Affairs) NATO establishes program to coordinate rapid response to cyberattacks (POLITICO) NATO to create cyber rapid response force, increase cyber defense aid to Ukraine (CyberScoop) FACT SHEET: The 2022 NATO Summit in Madrid | The White House (The White House) North Korean Lazarus hackers linked to Harmony bridge thef (TechCrunch) North Korea Suspected of Plundering Crypto to Fund Weapons Programs (Wall Street Journal) Crypto crash threatens North Korea's stolen funds as it ramps up weapons tests (Reuters) CISA Alert AA22-181A – #StopRansomware: MedusaLocker. (CISA Cybersecurity Alerts with the CyberWire) #StopRansomware: MedusaLocker (CISA) Microsoft warning: This malware that targets Linux just got a big update (ZDNet) Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers (The Hacker News) Google blocked dozens of domains used by hack-for-hire groups (BleepingComputer) Countering hack-for-hire groups (Google) Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack (Times of Israel) Proofpoint: Zionist covert operation? (PressTV) Zionist intelligence company cyberattacked by Iraqi hackers (Mehr) FBI Offers $100,000 Reward for Capture of Ten Most Wanted Fugitive ‘Cryptoqueen' (FBI)
Every year Verizon publishes the Data Breach Investigation Report (DBIR) that shows the statistical modeling of thousands of company compromises and breaches in the last 12 months. This report provides a quantitatively backed, global view of the current trends and attack patterns of threats in the cyber domain. Join INE's Director of Cybersecurity Content, Jack Reedy, and our Defensive Operations Instructor, Jason Alvarado, as they analyze the report findings, highlight key changes, and forecast the primary focus of business minded CISO's in the world today.
Every year Verizon publishes the Data Breach Investigation Report (DBIR) that shows the statistical modeling of thousands of company compromises and breaches in the last 12 months. This report provides a quantitatively backed, global view of the current trends and attack patterns of threats in the cyber domain. Join INE's Director of Cybersecurity Content, Jack Reedy, and our Defensive Operations Instructor, Jason Alvarado, as they analyze the report findings, highlight key changes, and forecast the primary focus of business minded CISO's in the world today.
Microsoft Zeroday guidance, 3.6M MySQL servers, DBIR Overview & China Cybersecurity News CyberHub Podcast June 1st, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Microsoft releases guidance for Office zero-day Over 3.6 million MySQL servers found exposed on the Internet Europol Announces Takedown of FluBot Mobile Spyware New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers Chinese Threat Actors Exploiting 'Follina' Vulnerability Verizon Report: Ransomware, Human Error Among Top Security Risks Story Links: https://therecord.media/microsoft-releases-guidance-for-office-zero-day-used-to-target-orgs-in-russia-india-tibet/ https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/ https://www.securityweek.com/europol-announces-takedown-flubot-mobile-spyware https://thehackernews.com/2022/06/new-xloader-botnet-version-using.html https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability https://threatpost.com/verizon-dbir-report-2022/179725/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: Your BRAND here - Contact us for opportunities today! ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 s Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity
Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss: - Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days - David's experience helping customers create their custom version of the DBIR ***Resources from this week's podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ 2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759 VSec Community: https://vsec.dk/about/ Checkout the “Roll your own DBIR” Templates on GitHub here: https://github.com/cvpl-fdca/rollyourown-DBIR
Verizon's 2022 Data Breach Investigation Report shows a sharp rise in ransomware. Origins of the Chaos ransomware operation. The GuLoader campaign uses bogus purchase orders. Security researchers are targeted in a malware campaign. Hyperlocal disinformation. Turla reconnaissance has been detected in Austrian and Estonian networks. Ben Yelin describes a content moderation fight that may be headed to the supreme court. Our guest is Richard Melick from Zimperium to discuss threats to mobile security. Robin Hood (or not). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/99 Selected reading. 2022 Data Breach Investigations Report (Verizon Business) Yashma Ransomware, Tracing the Chaos Family Tree (BlackBerry) Spoofed Saudi Purchase Order Drops GuLoader: Part 1 (Fortinet Blog) Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon (Cyble) Network of hyperlocal Russian Telegram channels spew disinformation in occupied Ukraine (CyberScoop) Russian hackers perform reconnaissance against Austria, Estonia (BleepingComputer) New ransomware forces victims to donate to poor (The Independent)
Verizon's Suzanne Widup joins the podcast to provide insight into cybersecurity trends and share key findings from the service provider's annual Data Breach Investigations Report (DBIR). The full report can be downloaded here. As the senior principal threat intel analyst for Verizon and co-author of the DBIR, Widup has her finger on the pulse of hackers' evolving efforts to undermine network security via phishing attacks, ransomware and social engineering. "We've seen tremendous growth in our data sets over time on both social attacks and ransomware," said Widup. Hacker's approach to ransomware has evolved as well – "Now you not only lose access to your data but they can give it to other people … we've seen the commoditization of ransomware, giving out ransomware-as-a-service and how mature these marketplaces have become." In addition, as enterprises became more reliant on cloud networking during the pandemic, hackers took advantage of this shift. Bad actors also took advantage of public interest in pandemic-related news by incorporating language around COVID-19 into their phishing lures. "We did see more of the attacks targeting the cloud systems than we had before," said Widup. "The phishing lures take whatever the current headline is, so COVID was all over the place there." See acast.com/privacy for privacy and opt-out information.
This week Gar is joined by Prescott Pym, Head of Managed Security Services for Verizon's APAC SOC and still a self-confessed ‘cyberholic'. With 14 years under his belt at Verizon his experience and insights run deep. Prescott brings his wealth of experience along with his passion for cyber resilience to this discussion focused on Verizon's 2021 Data Breach Investigations Report. Prescott walks us through the changes to Verizon's approach with the DBIR this year, key findings, some of the nuances in the industry and regional data such as the prevalence of social engineering in APAC, and what the data can be used for in terms of planning. To get your copy of Verizon's 2021 Data Breach Investigations Report please follow this link: https://vz.to/3A15sYM For the latest cyber news and insights head to www.getcyberresilient.com
TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Announcer: If your mean time to WTF for a security alert is more than a minute, it's time to look at Lacework. Lacework will help you get your security act together for everything from compliance service configurations to container app relationships, all without the need for PhDs in AWS to write the rules. If you're building a secure business on AWS with compliance requirements, you don't really have time to choose between antivirus or firewall companies to help you secure your stack. That's why Lacework is built from the ground up for the cloud: low effort, high visibility, and detection. To learn more, visit lacework.com. That's lacework.com.Jesse: Don't be stupid. Focus on your real risks, not hacker movie risks. It is easy to get caught up in a type of advance for persistent threats and the latest in obscure attack methodologies to the point where you spend all of your energy and time hunting for these in your systems. This stuff is right out of the latest bad hacking movie. It's a colossal waste of time for most of us. Spend your time on learning and monitoring things based on your real risk, not your overblown sense of self-importance that the latest international crime ring of nation-state-backed hackers wants to breach your defenses. News flash: APTs probably don't care about you. If you make it fairly easy to get your data and use your resources, of course you'll get popped. That's like leaving your wallet on a bench in the park; of course someone will take it. Raise the barrier to entry for obtaining your resources and you reduce opportunistic crime, just like locking your car at night protects from casual pilfering through your things.Meanwhile, in the news. Amazon Sidewalk Mesh Network Raises Security, Privacy Concerns. Tangential to cloud security, these types of networks worry me for privacy and physical security concerns more than cybersecurity for the device and users. As this article says, privacy and security are separate issues. Conflating the two can compromise one or the other or both. Don't confuse privacy and security as being one and the same.This Week in Database Leaks: Cognyte, CVS, Wegmans. I routinely hammer on securing your cloud storage and other ways to minimize self-exposure of sensitive data for a reason. You should be scared of the implications of these exposures in terms of business risk, reputation loss, and regulatory violations and fines. In other words, don't be stupid.Data is Wealth: Data Security is Wealth Protection. Ignore the schilling of services as usual and take in the message: protecting your data is your prime directive. Ask yourself every morning, “How will I protect my data today?” Doing anything else is doing it wrong.Google Workspace Adds Client-Side Encryption. This means you can store encrypted data in your Google accounts without Google having access to the contents of your data. This is a big deal. Take advantage of this if you use Google for document creation and storage.Corey: This episode is sponsored by ExtraHop. ExtraHop provides threat detection and response for the Enterprise (not the starship). On-prem security doesn't translate well to cloud or multi-cloud environments, and that's not even counting IoT. ExtraHop automatically discovers everything inside the perimeter, including your cloud workloads and IoT devices, detects these threats up to 35 percent faster, and helps you act immediately. Ask for a free trial of detection and response for AWS today at extrahop.com/trial.Jesse: Cybersecurity Tips for Business Travelers: Best Practices for 2021. I plan to avoid a return to routine business travel, but if you want to, or don't have a choice not to get back on the road, do it safely. If you don't want the US Customs and Border Patrol agents searching your devices, wipe your phone before reaching customs. You can set your device to wipe on too many failed passcode entries then backup your phone right before boarding or departing the plane and wipe it on the way to the customs by tapping one number over and over as you walk off the plane.2021 Verizon Data Breach Incident Report insights. The annual Verizon data breach incident report—known as DBIR—has incredible and useful insights for all tech workers, not just security practitioners. Once again, humans are the weak link. I know spending more time educating your people than hunting for ABTs is boring sauce, but you'll be better off.One in Five Manufacturing Firms Targeted by Cyberattacks. If you create real-world goods, you are a prize target. Don't be fooled into thinking you're safer because it's harder to steal things in meatspace than in cyberspace.Confidential Computing: The Future of Cloud Computing Security. Using hardware-level security is still possible in the cloud. Most of us don't need to encrypt everything on a system or everything running in memory, but some of us do need to be that paranoid. However, don't do this unless you really truly have a business case for it, and to implement checkout services like AWS CloudHSM for encryption of in-use memory and data.Many Mobile Apps Intentionally Using Insecure Connections for Sending Data. Don't use insecure transport in your apps. Encrypt your data in transit. Eventually, consumers will have ways to disable all apps that don't use basic security measures like proper authentication without stored credentials or using unencrypted channels. Don't be stupid. Are you sensing a theme of the week?The Art and Strategy of Becoming More Cyber Resilient. Resiliency in IT architectures and applications is becoming the only way to survive the modern distributed world, especially in cybersecurity. You need to change your whole paradigm to be risk and recovery-based, not just the old-school defender attitude of building lots of walls.Cyber is the New Cold War & AI is the Arms Race. The whole AI marketing trope gets old. Ugh. But the message is accurate. There is too much data even in small systems to manage detection and protection without advanced math hunting for anomalous things that go bump in the night. We are in an arms race and we are at war. If nothing else, I like this article because it says what many of us in security always say: “It isn't if you get popped; it's when you get popped.”The Future of Machine Learning and Cybersecurity. A reality check on using advanced math for security monitoring and analysis is important. Use it but don't rely on it too much. Like with all things in life, find balance between known attack analysis and mathematically finding potential attack indicators.And now for the tip of the week. Use a virtual private cloud or VPC for any systems or services not requiring direct public interaction. All three of the biggest public cloud providers have these available. Both AWS and GCP use the term VPC, but Azure calls it an Azure Virtual Network or VNet. This is as simple as setting up a private network for your compute and storage systems and adding a second network for public access for your outside interactions with users and external services. They're easy to implement, and you get significant improvements in security and risk profile reduction quickly using VPCs. This is the cloud version of keeping your things hidden behind a firewall on-prem.And that's it for the week. Securely yours Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.