Author Ian Keller Posted on Categories CISO BlogTags , , , , ,   Leave a comment on The Password Era is Dying (Slowly)

The Password Era is Dying (Slowly)

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

The FIDO Alliance has been dropping some knowledge on the state of digital identity and security. And let’s be honest, it’s a mixed bag.

On the one hand, we’ve got the Credential Exchange Format (CXF), which is like a translator for your digital credentials. It helps your devices and apps talk to each other without getting lost in translation. This is a big deal because it means smoother transitions between platforms and less risk of data loss.

But on the other hand, we’ve got the FIDO Alliance Consumer Barometer 2024, which paints a picture of consumers who are still stuck in the past. Despite the rise of stronger authentication methods like biometrics and passkeys, passwords are still the king of the castle. It’s like people refusing to give up their flip phones when smartphones hit the scene.

Author Ian Keller Posted on Categories Threat ActorsTags , , , , , , , ,   Leave a comment on GoldenJackal: The Air-Gapped Assassin

GoldenJackal: The Air-Gapped Assassin

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

GoldenJackal the cybercriminal, who’s defying the laws (or is it paws) of physics and cybersecurity and like the furry hairball namesake is also expanding its territory. This sophisticated threat actor has managed to breach air-gapped networks not once, but twice, using two separate toolsets designed to infiltrate even the most isolated systems.

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on CISO’s in Retail: From Gatekeepers to Growth Catalysts

CISO’s in Retail: From Gatekeepers to Growth Catalysts

It’s a tale as old as time: the CISO, the eternal pessimist, the blocker of all things fun and innovative. But times are a-changin’. Thanks to the relentless march of technology and the ever-evolving threat landscape, the CISO is finally shaking off their reputation as the corporate buzzkill. According to a new report released by Netscope, retail CISOs are embracing their role as business enablers, not just gatekeepers. They’re saying “yes” to innovation, taking risks, and even embracing the chaos … Continue reading “CISO’s in Retail: From Gatekeepers to Growth Catalysts”

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott’s Massive Meltdown: A Tale of Neglect and Fallout

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Marriott, the hotel giant that promised luxury and comfort, has instead delivered a nightmare of data breaches. Over the years, Marriott and its subsidiary, Starwood Hotels, have been a veritable buffet for hackers, leaving millions of customers’ personal information exposed.

The breaches were so egregious that Marriott has agreed to pay a hefty $52 million fine and implement stricter security measures. It’s like a slap on the wrist for a company that’s practically invited hackers to their digital party.

Author Ian Keller Posted on Categories CISO BlogTags , , , 2 Comments on Mamba 2FA: The Low-Life’s New Phishing BFF

Mamba 2FA: The Low-Life’s New Phishing BFF

Don’t be fooled by the name. We’re not talking about the sleek, black snake that can strike faster than the blink of an eye. No, we’re talking about Mamba 2FA, a new phishing platform that’s just as deadly, but in a much more insidious way.

Mamba 2FA is like a snake in the grass, lurking in the shadows of the digital world. It’s a PhaaS (Phishing-as-a-Service) platform, which means even the most clueless cybercriminal can unleash a sophisticated phishing attack with a few clicks. It’s like arming a toddler with a bazooka!

Don’t be fooled by the name. We’re not talking about the sleek, black snake that can strike faster than the blink of an eye. No, we’re talking about Mamba 2FA, a new phishing platform that’s just as deadly, but in a much more insidious way.

Mamba 2FA is like a snake in the grass, lurking in the shadows of the digital world. It’s a PhaaS (Phishing-as-a-Service) platform, which means even the most clueless cybercriminal can unleash a sophisticated phishing attack with a few clicks. It’s like arming a toddler with a bazooka!

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on The State of SaaS: A Complex Landscape of Opportunity and Risk

The State of SaaS: A Complex Landscape of Opportunity and Risk

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

The 2024 State of SaaS Security Report highlights the dual nature of SaaS: revolutionizing work while introducing security vulnerabilities. Key issues include decentralized control, lack of visibility, and overlooked SSPM. Organizations should educate employees, establish clear rules, prioritize critical assets, and invest in strong SSPM solutions to mitigate these challenges.

Author Ian Keller Posted on Categories CISO BlogTags , , ,   Leave a comment on Beware of the Bait: How Fake Trading Apps Are Stealing Millions

Beware of the Bait: How Fake Trading Apps Are Stealing Millions

Another Day, Another Scam It’s a sad reality that the world of online finance is rife with fraudsters looking to exploit unsuspecting victims. The latest scam involves fake trading apps distributed through the Apple App Store and Google Play Store. These apps, cleverly disguised as legitimate financial tools, are designed to lure users into a world of fake investments and stolen funds. What’s particularly concerning about this scam is the sophistication of the attackers. They’ve managed to bypass Apple’s App … Continue reading “Beware of the Bait: How Fake Trading Apps Are Stealing Millions”

Author Ian Keller Posted on Categories Book ReviewsTags   Leave a comment on Enterprise Cyber Risk Management as a Value Creator

Enterprise Cyber Risk Management as a Value Creator

Bob Chaput’s book, “Enterprise Cyber Risk Management as a Value Creator,” argues that cybersecurity should be seen as a strategic asset rather than a compliance necessity. It highlights the benefits of a robust cyber risk management program, such as enhancing brand reputation and customer trust, driving revenue growth, and attracting top talent, while offering practical guidance using the NIST framework.

Bob Chaput’s book, “Enterprise Cyber Risk Management as a Value Creator,” argues that cybersecurity should be seen as a strategic asset rather than a compliance necessity. It highlights the benefits of a robust cyber risk management program, such as enhancing brand reputation and customer trust, driving revenue growth, and attracting top talent, while offering practical guidance using the NIST framework.

Author Ian Keller Posted on Categories CISO BlogTags ,   Leave a comment on Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

Hacking Kia: Remotely Hijack A Car Using Only Its License Plate

In a recent security breach that sent shockwaves through the automotive industry, researchers discovered a vulnerability that allowed them to remotely hijack Kia and Hyundai vehicles using only their license plates. This alarming revelation has raised serious concerns about the security of modern cars and the potential for malicious actors to exploit these vulnerabilities. How It Works The attack leverages a flaw in the vehicles’ keyless entry systems. By capturing the radio signal emitted by the car’s key fob, hackers … Continue reading “Hacking Kia: Remotely Hijack A Car Using Only Its License Plate”

Author Ian Keller Posted on Categories CISO BlogTags , , , ,   Leave a comment on A Critical Infrastructure Alert: Automatic tank gauges (ATGs)

A Critical Infrastructure Alert: Automatic tank gauges (ATGs)

Automatic tank gauges (ATGs) are indispensable tools for monitoring and managing critical infrastructure, such as fuel storage, water reservoirs, and chemical tanks. However, these systems are increasingly becoming targets for cyberattacks, exposing vulnerabilities that could have severe consequences. Recent research has highlighted critical vulnerabilities in ATGs, including: These vulnerabilities could lead to: To mitigate these risks, organizations must: By taking these steps, organizations can help safeguard their critical infrastructure and prevent costly disruptions.