CISO Roundtable

First Annual Long Island CISO Roundtable

Two weeks ago CCSI held its first annual CISO Roundtable to discuss cybersecurity trends, issues and solutions. The conversation was focused on how local CISO’s are currently handling security from an executive level. In attendance were ten cybersecurity leaders on Long Island who brought years of experience and expertise to ... Read More
Matthew Pascucci

IoT and Machine Identity Protection: Getting Smarter about Securing Smart Technologies

The internet of things (IoT) is a living, breathing beast that’s surreptitiously infiltrating our lives. We now have smart cities where the street lights and trash bins are calculating data to schedule efficient lighting and trash pickup. Our homes are connected to devices that allow remote adjustment of lights and ... Read More

LDAP injection: How can it be exploited in an attack?

Joomla is a popular content management system that accounts for almost 3% of all websites on the internet, and it has been downloaded over 84 million times. A static analysis organization called Rips Technologies recently found it to be vulnerable to an LDAP injection vulnerability. This vulnerability was in the ... Read More

BlueBorne vulnerabilities: Are your Bluetooth devices safe?

Last month, a series of Bluetooth vulnerabilities was discovered by research firm Armis Inc. that enables remote connection to a device without the affected users noticing.The vulnerabilities were reported on Android, Linux, Windows and iOS devices. These vendors were all contacted to create patches for the BlueBorne vulnerabilities and worked ... Read More

How can Windows digital signature check be defeated?

Recently, it was determined by a SpecterOps researcher, Matt Graeber, that there is a way to bypass a Windows digital signature check by editing two specific registry keys. This is an important discovery because Windows uses digital signature protection to validate the authenticity of binary files as a security measure.Digital ... Read More

Active Cyber Defense Certainty Act: Should we ‘hack back’?

Recently, a bill was proposed by Georgia Congressman Tom Graves named the Active Cyber Defense Certainty Act, which has now gone on to be called the hack back bill by individuals in the cyber community. This bill is being touted as a cyberdefense act that will enable those who have ... Read More

iOS updates: Why are some Apple products behind on updates?

A new study from mobile security vendor Zimperium Inc. showed that nearly a quarter of the iOS devices it scanned weren't running the latest version of the operating systems. If Apple controls iOS updates, and enterprise mobility management vendors can't block them, then why are so many devices running older ... Read More

PGP keys: Can accidental exposures be mitigated?

Recently, security researcher Juho Nurminen attempted to contact Adobe via their Product Security Incident Response Team (PSIRT) regarding a security bug he wanted to report. Instead, he stumbled across something much more vulnerable.It turns out that Adobe not only published their public key on their website, which is used to ... Read More

VMware AppDefense: How will it address endpoint security?

VMware recently added a new service called AppDefense to their cybersecurity portfolio that aims to lower false positives and utilize least privilege in order to secure endpoints living on the host. VMware also has NSX to create microsegmentation on the network layer, which can integrate into AppDefense. However, with AppDefense, ... Read More

Killer discovery: What does a new Intel kill switch mean for users?

Recently, security researchers from Positive Technologies discovered a way to disable the Intel Management Engine that referenced a National Security Agency (NSA) program.Over the years, the Intel ME has caused controversy while being touted as a backdoor into systems for governments, mainly the NSA. With the finding of the Intel ... Read More