The Zero Day Initiative has a blog post to discuss the Top 5 Bugs submitted in 2021. In essence the good hackers try to find bugs or problems in software which would allow an attacker to perform functions that should not be done. An example from the Pwn2Own 2021 blog post: Hi, I am Orange … Read more
Threatpost has the stories – “China Suspected of News Corp Cyberespionage Attack” media giant news Corp was attacked with BEC (the most likely method of attack) Business Email Compromise. Here is an excellent FBI explanation of BEC. In a BEC scam, criminals send an email message that appears to come from a known source making … Read more
Yes take a look at the latest CISA(Cybersecurity Infrastructure Security Agency) Infographic: Goto CISA webpage for fullsize infographic if you want. CISA is trying to convince you into creating segmentation in different pieces of your network. We need to go through this process to make sure you understand why this method is a good … Read more
In Other Words – instead of assuming a risk profile, and assess risks – assume it will happen to you (it is just a matter of time). Now what? In fact it may be a good exercise to think about the ramifications of a failure in cybersecurity. The idea is to create a scenario … Read more
Let us not make the same mistakes as we may have done in the past when it was time to move to a new year. We should review the current year(2021) So what happened in 21 that may be different with 22? What should we focus on planning for new year? Of course Jocko Willink … Read more