North Korean Hackers Master the Art of Invisibility
What Caught My Attention This Week?
Unit 42 revealed Silent Skimmer
Germany’s New Law: A Win for Security Researchers
Snowflake Data Breach Arrest
And on Threat Vector this week, I had a conversation with Assaf Dahan about what makes North Korean hackers a cyber force to be reckoned with. Their motivations go beyond financial gain to include sabotage, espionage, and political influence.
Iran’s Cyber Arsenal Blends Deepfakes with Disruption
Kyle Wilhoit and Michal Goldstein join me on Threat Vector to discuss how adaptive, intelligence-led incident response is key to tackling hybrid threats like deepfakes, doxing, ransomware, and stealthy espionage campaigns. From Iran’s disinformation playbook to China’s prolonged intrusions, war rooms must be ready for it all. Plus, Macron’s Strava leak highlights the privacy risks of location-tracking apps.
Crisis Leadership Secrets to Survive Cyber Chaos
Crisis Tips from Chris Scott
Decisiveness, drills, and transparency are vital as SEC penalties highlight the cost of secrecy.
Microsoft Rootkit Risk
A driver flaw opens systems to stealthy rootkits. Monitor kernel activity.
SolarWinds Fines Warn CISOs
SEC penalties stress the need for honest breach disclosure.
Crackdown on Disinfo Domains
Senator Warner targets Russian-linked sites, increasing scrutiny on registrars.
Inside Threat Vector’s Bold Conversations on IoT, XDR, and Quantum Security
This week, Unit 42 exposed "Deceptive Delight," a method for bypassing AI safeguards by embedding harmful prompts in harmless ones, underscoring the need for stronger AI defenses. Meanwhile, Lumma Stealer malware is bypassing CAPTCHAs to steal sensitive data, and Bumblebee malware has resurfaced, more dangerous and harder to detect, highlighting the urgency of robust ransomware defenses. On Threat Vector, I had thought-provoking conversations with Dr. Daniel Ford on cyber hygiene, Dr. May Wang on IoT security, and Allie Mellen from Forrester on XDR, offering fresh insights into evolving cyber challenges.
Why Education Can’t Afford to Wait on Cybersecurity
In the ever-evolving landscape of cybersecurity, educational institutions face unique challenges. From limited budgets to the expansive attack surfaces created by remote learning, schools are increasingly vulnerable to cyber threats. In the latest episode of Threat Vector, I sat down with Mike Spisak, a seasoned cybersecurity expert, to explore these challenges and uncover practical strategies for schools to enhance their security posture.
Why Your Identity Is the Only Perimeter That Matters
In a recent episode of Threat Vector, I spoke with Jamie Fitz-Gerald, Sr. Director of Product Management at Okta, about the crucial role of identity security in the hybrid work era. With employees accessing resources from various locations, identity has become the new perimeter, necessitating robust controls like multifactor authentication (MFA) and passwordless authentication. Jamie emphasized that identity is the cornerstone of a zero trust security strategy, where every user, device, and application is verified before access is granted. He also highlighted emerging trends like phishing-resistant authentication and identity proofing as vital tools in the fight against cyber threats. Tune in to the full interview to learn more about Jamie's insights and the future of identity security.
Insights into the Evolution of Cyber Conflict and Defense Strategies
In the latest episode of Threat Vector, I had the privilege of watching Michael Sikorski, CTO of Unit 42, and Jason Healey, Senior Research Scholar at Columbia University, dive deep into the evolution of cyber conflict and defense strategies. Their discussion highlighted the need for innovation and collaboration to outpace threat actors. Key takeaways include the importance of evolving defense tactics and using outcome-based metrics to measure success. This episode is a must-listen for cybersecurity leaders looking to make a real impact and secure our digital future.
Unpacking Congressional Testimony on Ransomware Attacks and Cyber Defense
This post features takeaways from an episode of Threat Vector with Sam Rubin, VP and global head of operations at unit 42, discussing his testimony to Congress on the evolving sophistication and speed of ransomware attacks, the changing tactics of threat actors, and the impact on sectors like education, healthcare, and government. The conversation also emphasizes the importance of public-private partnerships in combating cyber threats, the impact on strengthening collaborations, and the significance of preparing the cyber workforce for the future.
Reflecting on Rings and Running
Reflecting on a year where I’ve chased a fitness goal. More work to do, but proud to make it this far and thankful for help from friends an a little tech from Apple.
The pandemic sent us home, and while there was much we’ve given up in the year+ to stay safe and protect each other, there have been new opportunities. Like many, I took the year to improve my heath and wanted to share my thoughts as I reflect on a year where I was able to swap a commute for a run.
Concept: A way to make meetings better through technology.
f you are like me, you have attended a lot of phone only and or virtual meetings. As a new Salesforce employee I have attended my share of “Go to Meeting” and WebEx meetings. These faceless encounters make getting to know a virtual team difficult. The meetings tend to start right on time or even a minute or two late and leave little room for pre-meeting small talk.
I tried an IDEO class and I liked it.
This past week I finished up an class from IDEO and Acumen called Design Kit: The Course for Human-Centered Design. I took the class with, what were at the time, three strangers. The class was to take about six weeks and would allow us to go through the IDEO design process end-to-end, and if we finished on-time we would receive a certificate.