The CISO Times

Security Policies Nobody Reads: Are We Just Writing PDFs for Auditors?

You know the type: an 80-page Information Security Policy, full of numbered sections, cross-references, and words nobody ...
cisotimes

The Internet of Medical Things and Cybersecurity Risk

The healthcare and life sciences industry continues to be plagued by cybersecurity threats. 1 According to FTI Consulting’s U.S. Healthcare & Life Sciences Industry Outlook 2023 survey, 70 percent of ...
cisotimes

Insider Threat – From Detection to Prevention

From data leaks and cybersecurity incidents enabled by careless users to the malicious theft of intellectual property (IP) or even workplace violence, insider threats continue to pose a significant ...
cisotimes

ThePhish: An Open Source Phishing Email Analysis Tool

A new open source phishing email analysis tool has been published on Githhub, which helps automate the analysis process. ThePhish, was created by Emanuele Galdi, a researcher at Italian cybersecurity ...
cisotimes

How to Protect Your Business From a Little Known, Shockingly Simple Hacking Technique

“Search Engine Hacking,” also called “Google dorking,” has quickly become a favorite technique of hackers to find and expose private or sensitive information that is not intended for public access. By ...
cisotimes

Cloud Lateral Movement Via Exploited SQL Servers

Recent findings by Microsoft security researchers have unveiled a concerning cyberattack campaign that involves lateral movement to a cloud environment through a Microsoft SQL Server instance. While ...
cisotimes

SecurityScorecard Publishes List of Proxy IPs to Block Killnet DDoS Bot

SecurityScorecard’s researchers have published a list of proxy IPs used by the pro-Russia group, Killnet, with the intent of interfering with their operation and blocking their attacks. To help ...
cisotimes

Top 10 CI/CD Security Risks Guideline From OWASP

Continuous integration (CI) and continuous delivery (CD), also known as CI/CD, embody a culture, operating principles, and a set of practices that application development teams use to deliver code ...
cisotimes

Steps to a Secure Portfolio: Due Diligence During M&A & Beyond

Gina is the Information Security Official for TRACE3’s mountain state region. Prior to Trace3, Gina was responsible for the protection of numerous organizations as a vCISO. She managed several ...
cisotimes

CrowdStrike Unveils New Counter Adversary Operations Team to Thwart Modern Breaches

The introduction of these new initiatives signifies CrowdStrike’s proactive approach to staying ahead of cyber threats. “CrowdStrike Falcon Intelligence” integrates threat intelligence seamlessly into ...
cisotimes

How to Detect and Fix the “Text4Shell” Vulnerability

Similar to the Spring4Shell and Log4Shell vulnerabilities, Text4Shell is a new vulnerability reporter by Alvaro Munoz, in the Apache Commons Text library. Read further to learn how to detect and fix ...