Similar Posts
CrowdStrike tackles BIOS attacks with new Falcon features
ByKayneIn the past few years, security researchers and advanced persistent threat actors have demonstrated attacks on the BIOS, said Kayne McGladrey, IEEE member and director of security and IT at Seattle-based Pensar Development.
These rare attacks can provide a persistent and hidden bridgehead into an enterprise network, McGladrey said.
Cybersecurity experts talk about the digital world
ByKayne“Administrative passwords — they’re sort of interesting,” McGladrey says. “If you can get an application’s password, that’s what got us to the Panama Papers a few years ago, where the third-party attacker was able to compromise the WordPress password, which, because of poor password storage technologies, happened to be the same as their database password.
“All of a sudden we got — three terabytes or something like that; it was something absurd — of ex-filtrated client data. The prime minister of Iceland got in a little bit of trouble about that, as well as people like Jackie Chan, all because the organization didn’t have a good mentality around rotating the passwords that were associated with apps. That problem transitions. It’s not a technology problem. It’s a cultural problem. And it transitions, regardless of environment.”
What are your predictions for Cybersecurity in 2022?
ByKayneRansomware threat actors will continue to find new and innovative ways of generating revenue for their criminal operations throughout 2022. If organizations deploy adequate governance and technical controls in 2022 alongside an effective multinational policy response, we can anticipate a gradual ransomware slowdown in the fourth quarter as those threat actors not in prison re-skill as part of a workforce transition to other profitable criminal enterprises. Those countries giving license to ransomware threat actors inside their borders have a unique opportunity to provide a path to legitimate careers for those criminals who choose to voluntarily leave the market, and while this should not necessarily relieve them of any legal actions pending, it may be a useful incentive when considering sentencing.
Yahoo porn hacking breach shows need for better security: 5 ways to protect your company
ByKayneSecurity expert Kayne McGladrey, who serves as director of security and IT at Pensar Development and is a member of the Institute of Electrical and Electronics Engineers, said companies need to add extra steps to everything.
“The company could choose to add friction, whether it’s multi-factor authentication or an email link just to put a little additional scrutiny and raise the bar so it is materially more difficult for threat actors who have obtained someone’s credentials to be able to reuse those,” he said.
“The benefit of this strategy is that it applies universally. All of the automated attacks these days around credential stuffing and credential spraying do what the Yahoo hacker had done on a much larger scale. They get compromised credentials and test them across a whole bunch of websites using a distributed botnet.”
Noberus Amps Its Tactics: How IT Leaders Can Keep Up with Evolving Ransomware
ByKayneThe updates to Noberus are concerning but expected. “This is the new normal. Criminal groups will continue to reinvest part of their profits in research and development to drive the innovation cycle of development and distribution of their unwanted products,” says Kayne McGladrey, field CISO at Hyperproof.
Podcast: Art of Cyber Defense: Insights from a Theatrical Minded CISO with Kayne McGladrey
ByKaynePrepare to laugh until your stomach hurts with our most hilarious episode yet, featuring the one and only theater kid turned cybersecurity guru, Kayne McGladrey, Field CISO at Hyperproof. Join us for a rollercoaster of emotions as we dive into the absurdity of security info in 10K filings, engage in heated debates over the polarizing cinnamon sticky bun ale, and champion the cause for more singing and dancing in cybersecurity. Think of it as the “Cybersecurity’s Got Talent” episode you never knew you needed! Kayne’s journey is packed with invaluable insights and captivating stories that are as unique as they are engaging.