Optimize Shadowserver’s value! Stop the Threat Actors! You are at risk if you get any of the +120 daily reports. Most issues are easily fixed. All these reports share details the threat actor can potentially exploit. Take 15 minutes once a quarter to update your contacts, ASNs, IPs, Domain, APIs, and other details. Quarterly Reviews Read More
My Birthday Wish is for you to be Cyber Safe
To all those who pinged me via social media, thank you for remembering me on my birthday. I hope the year will be prosperous, connecting, and loving for all. Some people ask what is my birthday wish. This year (like last year), Digital Safety “self-care” actions. These “self-care actions” will help protect you, your family, Read More
Think first – then Act – Apache Struts CVE-2023-50164
The days when the good guys can take a security break during the December Holidays are over. Plan and expect issues that require teams to come in and mitigate/minimize risk to be the “new normal” for the holidays. This year, researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload Read More
Thanksgiving Holiday Fun! Five Eyes Warn of LockBit 3.0 Ransomware!
Do you know if your network is vulnerable to LockBit 3.0 Ransomware crew getting into your network via NetScaler CVE-2023-4966 vulnerability? Boeing – a company with a powerful cybersecurity team – was penetrated by the LockBit crews using CVE-2023-4966. Is this your Thanksgiving holiday fun? For those subscribed to Shadowserver free Cyber Civil Defence reporting, Read More
Qakbot – it is not over yet!
Get the free Shadowserver special report to see if Qakbot was on your network. If yes, the bad guys could still be on your network. Read More
Why are the top National Security Teams Yelling for you to Fix your Network?
The top National Security Teams are yelling at you to fix your network. The Joint Advisory is not a simple act of collaboration. The first 12 are highlighted for a reason. We do not know the insider reasons other than they are ACTIVELY EXOLIOTED with NOT ENOUGH ORGANIZATIONS MITIGATING that are PUTTING ORGANIZATIONS at RISK. Read More
Performance Review? Lead with your Resume
Starting your annual performance conversation with an updated version of your resume was mentioned in a previous article (see Resume First – Step 1 in your Annual Performance Review). The technique works. The dialog over the resume helps to focus on that annual performance review. Are you adding market value to yourself and your organization? But Read More
Secure Coding? Don’t get Stuck!
We now have static application security testing (SAST) deployed. All should be good. No, all is NOT Good! The most challenging parts of any SAST tool deployment are the initial shock of potential vulnerabilities, coding errors, and risk. When I come into an organization for an audit, it is common to find their SAST tool Read More
CISOs, get your First Sergeant
Behind Every Effective CISO, a First Sergeant is Clearing the Path for the organization’s success. The way we’re setting up our CISO structure is NOT working as expected. The threats keep on coming. Organizations put their fingers in the dike, plugging security risks while exhaustingly bailing water from a sinking boat. This is a no-win Read More
Cyberwarfare is here; now what?
Cyberwarfare activities were always on the Internet. STUXNET, Google Aurora, and many other attacks were a fact of life. We had cyber attacks when Yugoslavia broke up. We have constant attacks in the Middle East. Cyberwar was part of a security practitioner’s threat model from the late ‘80s until the early 2000s. Then, cybercrime started Read More