All Articles

I didn’t see much visibility on this DocuSign hack. This is a situation where the product features were not vetted to understand if they could be misused by malicious fraudsters. There is not a technical vulnerability, it comes down to a design weakn

I’m thrilled to join the incredible team at The Cyber Express as a member of their Editorial Advisory Board! It’s an honor to collaborate with an esteemed group of cybersecurity experts, all dedicated to delivering accurate, timely, and valuable insi

A “Perfect” 10 vulnerability score is not what users of Cisco Ultra-Reliable Wireless Backhaul (URWB) systems were expecting. The recently discovered cybersecurity vulnerability CVE-2024–20418 is remote, easy, and gives full Admin rights to the devi

I had a tremendous time at the InCyber Montreal forum. The speakers, panels, fellow practitioners, and events were outstanding!

I bumped into Dan Lohrmann and Nancy Rainosek before their panel with Sue McCauley on CISO challenges. We had some very int

This is an interesting tactic by cyber attackers — using virtual machine hard drive files to bypass email malware filters!

Never underestimate the creativity and resourcefulness of intelligent adversaries in finding ways to leverage technology for the

The SEC has fined four major companies for materially misleading investors regarding cyberattacks.

Tech in Trouble

Regulatory actions have been brought against Unisys, Avaya, Check Point, and Mimecast for their purposeful decisions to not clearly infor

It is good to see US government leaders realize that ransomware is a growing existential threat to our country, at the hands of our adversaries.

A top US national cybersecurity advisor stated in a recent op-ed, “This is a troubling practice that must

The most influential cybersecurity experts discuss adversaries, risks, cyber warfare, and supply chain outages on the Cybersecurity Insights podcast!

1. Reality of Cybersecurity Risks for AI — Ejona Preci 
2. Cybersecurity is Adversarial — Our Failures are

Secureworks released a report detailing how North Korean attackers are targeting western countries with a new tactic. Attackers are fraudulently obtaining positions so they can victimize the employer!

I predict we will see more of these types of attac

There are big predators in our digital world. In recent keynotes I have been talking about the big 4 aggressive nation states and how they are heavily investing in offensive cyber capabilities that trickles down to everyday cybercriminals.  

Cybersec

Ransomware attacks are vicious, expensive, impactful, and becoming commonplace. So, let’s take a look at what Ransomware is, how attacks typically unfold, and what potential victims can do to improve their risk posture.

Watch the full video here: http

A recent report by Trellix indicated that due to growing complexity, responsibility, and regulatory accountability, a majority of CISOs believe their role should be split into separate positions.

This finding struck me as a little odd. It seems counte

Explaining cybersecurity is challenging, but with the right visual interface, it is easier to understand the behavioral, technical, and process aspects of cyberattacks.

For the full video Explaining Ransomware: https://www.youtube.com/watch?v=njXi-NoL

Two Cryptocurrency Exchanges were recently taken down by authorities. The PM2BTC and Cryptex sites were seized.

Video: https://youtube.com/shorts/wvRelrVSOcE

This is important for two reasons:

1. It disrupts illegal money laundering, in this case, hund

Ransomware is one of the most devastating challenges in cybersecurity today. The attacks are vicious, expensive, impactful, and becoming commonplace.

Over the years I have predicted its rise, discussed why it is so challenging, debunked myths like bla

This is how to redefine CISO events! I had a spectacular time at the “Locked In — The Cybersecurity Event of the Year!” Organized by Rinki Sethi and Lucas Moody, it was nothing short of epic! Forget long boring sessions and tracks, this was about CIS

I had a great discussion on the SECURITYbreak podcast talking about security vulnerability research impacting Apple vision pro VR headsets, MasterCard’s acquisition of threat intelligence vendor Recorded Future, and some horrific aspects of cybercrim

The National Public Data breach has been a nightmare, exposing names, addresses, birthdates, emails, phone numbers, and Social Security Numbers of countless individuals — including mine.

As a California resident, I have the legal right to demand that

The decentralized finance (DeFi) and cryptocurrency industries are being targeted by North Korean social engineering schemes in highly personalized and convincing ways.

Here is an example that the FBI is showcasing:

1. A person from your dream company,

The cybersecurity landscape is evolving at an unprecedented pace, driven by rapid technological advancements and increasingly sophisticated cyber threats. What was sufficient yesterday, will be lacking for tomorrow. Organizations must stay ahead of t