Former Uber CISO Appealing His Conviction

Joe Sullivan, Uber’s CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident ...
By the Numbers Brian Yelm Blog Hero with opened lock

CISO Global 2023-07-13 10:51:47

By Brian Yelm, Managing Director of Secured Managed Services, CISO Global, Inc. With digital transformation having taken a front seat over the past 3 years due to a global shift in how ...

How Attorneys Are Harming Cybersecurity Incident Response

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should ...

SolarWinds Detected Six Months Earlier

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it ...
The Truth About Why Malicious Links Get Through Security

The Truth About Why Malicious Links Get Through Security

KNOWN FACT: Malicious links are hosted on legitimate services like Google, Microsoft, AWS (Amazon Web Services), Wix, GoDaddy and many others, and these services are thought safe by many security services. The ...

SolarWinds and Market Incentives

In early 2021, IEEE Security and Privacy asked a number of board members for brief perspectives on the SolarWinds incident while it was still breaking news. This was my response. The penetration ...
perimeter security cybersecurity startups

RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach

The ongoing spate of breaches against critical infrastructure and government entities underscores the vulnerability of this sector. In July 2022, officials announced the federal court system had experienced a major data breach ...
Security Boulevard

LastPass Breach

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse: While no customer data was accessed during the August 2022 incident, ...
Flashpoint Year In Review: 2022 Breaches and Malware Threat Landscape

Flashpoint Year In Review: 2022 Breaches and Malware Threat Landscape

Mostly motivated by greed, threat actors will target any organization regardless of sector. Therefore, data breaches provide key insights into the methods and tactics of hackers—since they will do whatever it takes ...
Nmap Tool for Open Ports

Your VPN Has Already Been Hacked

Remote Access VPNs have been around for over 20 years. Having worked in this space for a long time, I know the early evolution was fast. We went from dedicated concentrators to ...