Avsnitt
-
"Context Bombing" flips the script on prompt injections
Pentagon suspends CMMC Phase II requirements
Old tech, new problems
Get the show notes here: https://cisoseries.com/the-department-of-know-cmmc-suspended-sharefile-shutdown-context-bombing-strikes-back/
This week's Department of Know is hosted by Rich Stroffolino, with guests Tom Hollingsworth, networking technology advisor, Futurum Group, and Mark Eggleston, former CISO, CSC.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now:
How do we enable innovation without creating unnecessary risk?That's the challenge behind cloud adoption.
Behind AI. Behind automation. And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
ClickLock stealer uses kill loops to force password entry
TELEPUZ malware uses ClickFix to steal data and run commands
1Password's new Agentic Mode lets Claude log into accounts
Notes: https://cisoseries.com/cybersecurity-news-clicklocks-kill-loops-telepuz-clickfix-tricks-1passwords-agentic-login/
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk?
That's the challenge behind cloud adoption.
Behind AI.
Behind automation.
And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
Saknas det avsnitt?
-
Zoom's account takeover wake-up call
Two zero-days, one urgent SonicWall patch
23andMe's breach bill keeps growing
Show Notes: https://cisoseries.com/cybersecurity-news-zooms-wake-up-call-zero-day-sonicwall-patch-23andmes-growing-breach-bill/
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk?
That's the challenge behind cloud adoption.
Behind AI.
Behind automation.
And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
Pentagon suspends CMMC Phase II requirements
US troop location data under attack in Iran
"Context Bombing" flips the script on prompt injections
Get the show notes here: https://cisoseries.com/cybersecurity-news-cmmc-phase-ii-suspended-tracking-troops-in-iran-defenders-turn-to-context-bombing/
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk?
That's the challenge behind cloud adoption.
Behind AI.
Behind automation.
And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
Russia's router access routes
MemGhost haunts AI memory
DHS alert got waved off… twice
Get the show notes here: https://cisoseries.com/cybersecurity-news-russias-router-access-routes-memghost-haunts-ai-memory-dhs-alert-got-waved-off-twice/↗
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk?
That's the challenge behind cloud adoption.
Behind AI.
Behind automation.
And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
Windows backdoor stuffs multiple wipers and ransomware code into a single package
NSA brings back Tailored Access Operations name for elite hacking unit
Progress urges ShareFile customers to shut down storage zone controllers
Show notes: https://cisoseries.com/cybersecurity-news-multifunction-windows-backdoor-nsa-revives-tao-urgent-sharefile-warning/
Huge thanks to our sponsor, ThreatLocker
Every security leader is being asked the same question right now: How do we enable innovation without creating unnecessary risk?
That's the challenge behind cloud adoption.
Behind AI.
Behind automation.
And behind every major technology decision.
ThreatLocker helps organizations take a Zero Trust approach to that challenge—giving them greater control over what can execute, what can access their environment, and what users and applications are allowed to do.
That's why ThreatLocker is proud to support Cyber Security Headlines.
Because security works best when innovation and control move together. -
Link to the episode
This week's Department of Know is hosted by Rich Stroffolino, with guests Davi Ottenheimer, principal, Flying Penguin, and Chris Ray, field CTO, GigaOm.
Missed the live show? Check it out on YouTube.
The Department of Know is live every Friday at 4:00 p.m. ET. Join us each week by registering for the open discussion at CISOSeries.com.
Huge thanks to our sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
Interpol's fraud sweep goes global
China flags Claude Code
Old GitHub accounts, new tricks
Get the show notes here: https://cisoseries.com/cybersecurity-news-interpols-global-fraud-sweep-chinas-claude-code-flag-old-github-account-tricks/
Thanks to our episode sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
Mexico's first cyber test gets tested
Snoops break into Roundcube mailservers
Cash App owner pays up over lax security
Get the show notes here: https://cisoseries.com/cybersecurity-news-mexicos-big-cyber-test-roundcube-mailserver-snooped-on-cash-app-found-lax/
Thanks to our episode sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
The UK's Cyber Pledge and Cyber Shield
Millions exposed in Japanese telco attack
China looking to curb overseas model access
Get the show notes here:
Thanks to our episode sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
Suspected China-Nexus hackers use fake Indian tax filing utility to deploy DcRAT
Prompt injection attacks trick AI Agents into making crypto payments
France to stop certifying products without quantum-safe encryption
Get the show notes here: https://cisoseries.com/cybersecurity-news-india-tax-rat-prompt-injection-crypto-scam-france-pushes-quantum-safe/
Thanks to our episode sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
JadePuffer ransomware used AI agent to automate entire attack
AdaptHealth suffers cyberattack
UK's National Cyber Action Plan launch delayed by political leadership crisis
Get the show notes here: https://cisoseries.com/cybersecurity-news-first-ai-ransomware-adapthealth-suffers-cyberattack-uk-cyber-plan-delayed/
Thanks to our episode sponsor, Vanta
Your team just added its 67th AI tool. And unfortunately, also your 67th security blind spot.
The good news: The Vanta Agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk, and drafting fixes for you.
Vanta is the platform used by over sixteen thousand fast-moving companies like Ramp, Cursor, and Harvey who are shaping the future with AI, AND staying ahead of AI risk.
Get started at vanta.com/headlines. -
This week's Department of Know is hosted by Rich Stroffolino, with guests David Cross, CISO, Atlassian; Kathleen Mullin, Director, SABSA Institute; Montez Fitzpatrick, CISO, Navvis; and Howard Holton, former CEO, GigaOm.
Get the show notes here: https://cisoseries.com/the-department-of-know-peoplesoft-exploit-ford-brings-back-gray-beards-llm-vetting/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. -
Card data theft remains top concern for U.S. consumers
OMB chief to oversee spy agency budgets
Fortibleed leads to ransomware attacks and 430,000 Fortinet firewalls exposed
Get the show notes here: https://cisoseries.com/cybersecurity-news-consumer-security-worries-vought-supervises-spy-budgets-fortibleed-exposes-fortinet/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. Learn more at silentpush.com
-
Hide My Email bug shows real addresses
Fable 5 gets the greenlight
DHS confirms hackers breached HSIN
Get the show notes here: https://cisoseries.com/cybersecurity-news-hide-my-email-shows-real-addresses-fable-5-gets-greenlight-microsoft-teams-hits-back-on-bots/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. Learn more at silentpush.com
-
Bash can spell trouble GNU for AI agents
DHS to unveil critical infrastructure council
Aikido buys Root
Get the show notes here: https://cisoseries.com/cybersecurity-news-bash-hits-ai-dhs-announces-anchor-ci-aikido-buys-root/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. Learn more at silentpush.com
-
US seizes illegal World Cup domains
WhatsApp offers usernames for phone number privacy
$10M reward for Russia-based cyber campaign
Get the show notes here: https://cisoseries.com/cybersecurity-news-us-seizes-illegal-world-cup-domains-whatsapp-offers-usernames-for-phone-privacy-10m-reward-for-cyber-campaign/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. Learn more at silentpush.com
-
CISA sets urgent deadline to fix exploited Cisco flaw
Chinese cybersecurity company claims it has a better-than-Mythos bug finder
Amazon Q flaw enables cloud credential theft
Get the show notes here: https://cisoseries.com/cybersecurity-news-cisas-cisco-deadline-chinas-mythos-competitor-amazon-q-flaw/
Huge thanks to our sponsor, Silent Push
Most cybersecurity approaches are completely reactive. Victim organizations are hit with an attack and the chase ensues.
Silent Push closes this gap with its Preemptive Cyber Defense platform. Silent Push tracks adversary infrastructure and infrastructure changes across the Internet during the attack preparation phase - while attackers are still staging domains, IPs, and hosting and Silent Push turns that into Indicators of Future Attack® to defend with confidence.
For a CISO, that turns invisible risk into early warning, an average of 140 days before a campaign shows up in your environment. Time to act, and a smaller window of exposure, before a threat ever reaches your environment. Learn more at silentpush.com
-
ShinyHunters hits Madison Square Garden
Cal Water finds no evidence of OT activity
New CISA guide helps agencies adopt SASE for Zero Trust
Get the show notes here: https://cisoseries.com/cybersecurity-news-shinyhunters-hits-msg-cal-water-confirms-no-damage-cisa-sase-guide/
Huge thanks to our episode sponsor, Guardsquare
Attackers are treating your mobile app like an open book. Sixty-three percent of security leaders recently detected app tampering, cloning, or unauthorized modifications. When your code runs in an untrusted environment, you need runtime self-protection and code hardening to keep attackers out. Address tampering before it starts. Learn more at Guardsquare.com.
-
Copilot AI knocks down cybercrime tools
Hackers exploit Cisco zero-day
China's 360 says it matches Anthropic's Mythos
Get the show notes here: https://cisoseries.com/cybersecurity-news-copilot-ai-attacks-cybercrime-tools-hackers-exploit-cisco-zero-day-chinas-360-vs-mythos/
Huge thanks to our episode sponsor, Guardsquare
AI is speeding up development, but at what cost? While ninety-six percent of teams now use AI tools, eighty-one percent report that AI-generated code has introduced new vulnerabilities into their mobile apps. In a world with automated threats, you need multi-layered, polymorphic security to stay ahead of the curve. Learn more at Guardsquare.com.
- Visa fler