Stolen laptops. It happens. It happens a lot, actually, according to breach statistics. And this common incident provides a way to talk about security controls.
Watch more videos on my YouTube channel.
Archive for February, 2018
Stuck in Traffic – But it’s just a Phish
Posted byTackling an tactic without the context of the overall scam leaves us with a false sense of security. We may even miss potential defenses outside IT. Example? Financial fraud that starts as phishing email.
Watch more videos on my YouTube channel.
Stuck in Traffic – World Writable S3 Buckets and Cryptocurrency
Posted byWhile we’re all reading about world readable Amazon S3 buckets leaking data, (cough, FedEx), criminals were moving to compromise world writable S3s. It’s a good reminder on breach fatigue.
Watch more videos on my YouTube channel.
Stuck in Traffic – The Best Time to Hack a Company
Posted byWhen’s the best time to hack a company? Or put differently, when do companies slide backwards in their compliance and slouch in their security posture?
Watch more videos on my YouTube channel.
Stuck in Traffic – Tesla Cryptojacked
Posted byOne of Tesla’s Amazon cloud instances was hijacked to mine cryptocurrency. Weak creds on Kubernetes led to Amazon creds, which were used for the miner. Thing is, the instance credentials also had access to vehicle telemetry data in S3.
Watch more videos on my YouTube channel.
Stuck in Traffic – Monitoring for Insider Threats
Posted byHere’s two things to monitor for, when it comes to insider threats.
Watch more videos on my YouTube channel.
Stuck in Traffic – Cloud Storage for Ransomware
Posted byA recent study from Bitglass found 40% of organizations had malware in their cloud services. Interestingly, this includes infected files in cloud storage used to spread ransomware.
Watch more videos on my YouTube channel.
Stuck in Traffic – Open Threat Taxonomy
Posted byLive in the snowy north long enough, and you develop a finely honed risk assessment. Too bad we don’t have the same instinct for cyber security threats and risks.
Watch more videos on my YouTube channel.
Stuck in Traffic – Maryland Joint Insurance Association
Posted byThe difference between what is and what is documented, that’s the space where criminals can take advantage. That’s what Maryland Joint Insurance Association policy just found, exposing 60GB of personal information.
Watch more videos on my YouTube channel.
Stuck in Traffic – Best Practice for Daily Security Operations
Posted byEvery day, we check the logs. Every day, we check the file changes. Every day, we make the donuts. Or so we think. But then, the auditors ask us to prove it. Here’s some best practice for those daily operations.
Watch more videos on my YouTube channel.