Get the free Shadowserver special report to see if Qakbot was on your network. If yes, the bad guys could still be on your network. Read More
Why are the top National Security Teams Yelling for you to Fix your Network?
The top National Security Teams are yelling at you to fix your network. The Joint Advisory is not a simple act of collaboration. The first 12 are highlighted for a reason. We do not know the insider reasons other than they are ACTIVELY EXOLIOTED with NOT ENOUGH ORGANIZATIONS MITIGATING that are PUTTING ORGANIZATIONS at RISK. Read More
Performance Review? Lead with your Resume
Starting your annual performance conversation with an updated version of your resume was mentioned in a previous article (see Resume First – Step 1 in your Annual Performance Review). The technique works. The dialog over the resume helps to focus on that annual performance review. Are you adding market value to yourself and your organization? But Read More
Secure Coding? Don’t get Stuck!
We now have static application security testing (SAST) deployed. All should be good. No, all is NOT Good! The most challenging parts of any SAST tool deployment are the initial shock of potential vulnerabilities, coding errors, and risk. When I come into an organization for an audit, it is common to find their SAST tool Read More
CISOs, get your First Sergeant
Behind Every Effective CISO, a First Sergeant is Clearing the Path for the organization’s success. The way we’re setting up our CISO structure is NOT working as expected. The threats keep on coming. Organizations put their fingers in the dike, plugging security risks while exhaustingly bailing water from a sinking boat. This is a no-win Read More
Cyberwarfare is here; now what?
Cyberwarfare activities were always on the Internet. STUXNET, Google Aurora, and many other attacks were a fact of life. We had cyber attacks when Yugoslavia broke up. We have constant attacks in the Middle East. Cyberwar was part of a security practitioner’s threat model from the late ‘80s until the early 2000s. Then, cybercrime started Read More
SCADASEC – a Security Trust Groups in for the Industry
SCADASEC is a community created ~2004 to mirror the success of the Internet Backbone’s Security Trust Group (NSP-SEC). SCADASEC focuses on “security discussions, trends, and overall discussions pertaining to critical infrastructure protection (CIP) and SCADA/control systems security.” Over the years, the information shared, joint action, threat updates, consultation, and collective action have been critical to Read More
Protect your BGP Sessions from DDoS Attacks
Networks that think they are “DDoS resilient” get surprised when their BGP Sessions go down from an easily crafted DDoS. BGP port (179) is left open to the Internet and is an easy target for a low-level attack that will knock down your BGP session. Shodan’s BGP Report 325,082 open port 179 instances (June 2023). Read More
“I saw you comment on Linkedin Scams ….”
Someone asked me about an old comment/post I did on Linkedin Scams. He is getting a log of Linkedin Scams and needs more quality connections. It is always interesting to see the questions I get asked. Their questions instigate more thinking on my side on how I can help. Of course, I first check the Read More
Shadowserver Dashboard in Indonesian, Malay, Filipino, Thai & Arabic
Have you seen the Shadowserver Dashboard? Did you know it provides critical information on what people outside your network can see into your network? Did you know that the Dashboard and free reports can save your network …. all you need to do is track down the exposure and fix it (before the criminals use Read More