Information Security

Recommended
Latest
26 Jul 2024
55

🌐 Browse Safely. Earn Rewards. Meet ThreatSlayer



Interlock has launched ThreatSlayer, a Web3 security extension, with its token on Arbitrum—not Solana—but a Solana version could be a great idea.



This product improves online safety using a crowdsourced security community with rewards.

Share your thoughts! 💬💡

image
image

9 Dec 2024
17


Importance of Soft Skills in Cybersecurity - The Cybersecurity Vault podcast - episode 38, with guest Evgeniy Kharam. 

Soft Skills are essential cybersecurity as they enable communication, teamwork, leadership, and relationship building.

Evgeniy Kharam and I discuss the challenges, opportunities, and valuable benefits of soft skills in cybersecurity. We identify recommendations for workers, managers, and those seeking careers in cybersecurity, to build stronger and more capable teams.


4 Nov 2024
14

How often do CISOs smile? Not very often. The role is difficult, ambiguous, and chaotic. 

However, some cybersecurity events set themselves apart as CISOs build partnerships, commiserate, and communicate both best practices and pitfalls to avoid. 

Mindfluence was one of those events! (…although the perfect weather, being hosted in Napa CA, and amazing wines might have also contributed to overall jovialness)  

I am looking forward to future events!

image
image
image
image

24 Oct 2024
15


This is an interesting tactic by cyber attackers — using virtual machine hard drive files to bypass email malware filters!

The use of virtual machine hard drive files like .vhd and .vhdx, that can be opened by Windows and function like a physical drive, are perfect to hide malware from email gateway filters.

This maneuvering is typical of the never-ending game of cybersecurity!

Related Article

image

18 Jul 2024
48


Did you know that over 100 million AT&T customers had their data breached? Check out my latest post and video explaining what you need to know and what we all need AT&T to do, to secure customer data!

https://www.bulbapp.io/p/7573c365-5b11-453c-bc9e-b1c98822bdb4/att-data-breach-understanding-the-fallout


21 Aug 2024
16

I am not too surprised that CrowdStrike customers are quiet-quitting and looking at other options. CrowdStrike refuses to acknowledge the root cause of their recent massive outage and aren't planning on fixing it.

Instead, they plan on boosting the error handling controls that reside on their clients machines, but not thoroughly testing all code and instructions before they push to customers.

That keeps a flawed model of using customers environments as their test network. Not a good practice.

image

23 Aug 2024
19


Conveying the risks and progress for a cybersecurity program to executives is difficult.  Over the years, I have explored countless ways to quickly and effectively distill the complexities of cyber risk into a simple graphic that informs management teams so the best decisions can be made. 


7 Nov 2024
16

I had a tremendous time at the InForum Montreal forum. The speakers, panels, fellow practitioners, and events were outstanding!

My panel, led by Nataliya Khylenko, discussed how to strike a balance when protecting data in the age of AI.  Fellow panelists Sandra Estok, Tania Tanic, and Brandon Pugh were brilliant in providing diverse and relevant perspectives.

The Gala Cocktail was spectacular, featuring a local mariachi band!

They also announced an expansion to San Antonio and Japan for 2025!


image
image
image
image

12 Nov 2024
14

Fraudsters Abuse DocuSign API for Legit-Looking Invoices!
Attackers create a legitimate DocuSign account that allows them to change templates and use the API directly. They employ a special template that masquerades as well-known brands to send the billing invoice. Because the fraudulent invoice is directly sent from the DocuSign platform, it appears legitimate and won’t be stopped by email filters.

The process can be automated on a massive scale, spraying large numbers of unsuspecting victims.


image

19 Jul 2024
25

Did anyone notice that the CrowdStrike outage today reportedly only effected Microsoft Windows 10 machines? What decisions were made that left these machines so vulnerable to an update from a 3rd party software company, that it caused widespread Blue Screens of Deaths (BSOD) to appear across the globe?

Let's be clear, the root cause is with CrowdStrike, but Microsoft did have a hand in this game. They have the power to limit the impacts of 3rd party software that is misbehaving.

image