A recent study from Bitglass found 40% of organizations had malware in their cloud services. Interestingly, this includes infected files in cloud storage used to spread ransomware.
Watch more videos on my YouTube channel.
Archive for the ‘Blogs’ Category
Stuck in Traffic – Open Threat Taxonomy
Posted byLive in the snowy north long enough, and you develop a finely honed risk assessment. Too bad we don’t have the same instinct for cyber security threats and risks.
Watch more videos on my YouTube channel.
Stuck in Traffic – Maryland Joint Insurance Association
Posted byThe difference between what is and what is documented, that’s the space where criminals can take advantage. That’s what Maryland Joint Insurance Association policy just found, exposing 60GB of personal information.
Watch more videos on my YouTube channel.
Stuck in Traffic – Best Practice for Daily Security Operations
Posted byEvery day, we check the logs. Every day, we check the file changes. Every day, we make the donuts. Or so we think. But then, the auditors ask us to prove it. Here’s some best practice for those daily operations.
Watch more videos on my YouTube channel.
Stuck in Traffic – Grammarly Lets Attackers Read What You Wrote
Posted byGrammarly, specifically the browser extension in Chrome or Firefox, had a flaw which leaked authentication tokens. Attackers could use these tokens to gain access to what we wrote online. The vuln was reported by Tavis Ormandy and Google’s Project Zero. And no, I did not check this post with Grammarly.
Watch more videos on my YouTube channel.
Stuck in Traffic – Detecting Big Changes to Stop Big Risks
Posted byEmbedding security into a lifecycle works when you have a defined lifecycle. (Well, sometimes.) It is harder when projects and initiatives aren’t centralized. Harder … but not impossible. Here are some tricks.
Watch more videos on my YouTube channel.
Stuck in Traffic – Hacking Kaseya to Mine Cryptocurrency
Posted byAs seen in the wild, criminals are remotely exploiting Kaseya to install miners for cryptocurrency. Let’s walk through the attack path.
Watch more videos on my YouTube channel.
Stuck in Traffic – Monero for Drive-by Downloads
Posted byCryptomining is all the rage for making money off drive-by download attacks. One often seen currency is Monero (XMR). Today, a quick overview of Monero and indicators of compromise, such as the miners XMRig and Coinhive.
Watch more videos on my YouTube channel.
Stuck in Traffic – Defining the Problem of Container Security
Posted byAbstraction is a powerful tool. Abstraction is creation. It allows builders and developers to create apps, features, and functionality. Abstraction is also destruction. It’s the difference between abstraction and implementation that allows hackers to misuse and abuse systems. And abstraction is the place to begin when defining the problem of container security, such as Docker.
Watch more videos on my YouTube channel.
Stuck in Traffic – OnePlus Hacked, Tabletop
Posted byOnePlus’s Web store was compromised and up to 40,000 consumers had credit cards stolen. Let’s take it as an example of how to turn a breach press release into an incident response tabletop exercise.
Watch more videos on my YouTube channel.