Crypto scams are skyrocketing: In 2022, the FBI tracked an 183% year-over-year increase, driving $2.57 billion in losses. Last week, the popular YouTube channel Linus Tech Tips (LTT for short) – and two associated channels – became the latest crypto scam victim and unsuspecting accomplice.
When 921 password attacks occur per second, it’s time to treat everyday employees’ credentials like the true operational risk they are. Today’s attackers assign a level of value to employees’ passwords they once reserved for privileged users’ credentials. Why? Workers now have a shocking amount of access to sensitive resources. I’ll elaborate… but through the perspective of a chief information officer kept up at night by risks.
You’ve heard about it. A lot. But there are quite a few nuances when it comes to how Zero Trust security is defined and discussed. Is it a platform or a principle? It’s one of those terms that’s so widely cited that it has the tendency these days to elicit eye rolls within the cybersecurity industry and to be referred to as a buzzword by those sitting at the cool kids’ lunch table.
Today’s guest is Den Jones, who’s Chief Security Officer (CSO) at Banyan Security, a startup Zero Trust network access solution (and a CyberArk technology partner). Jones spent almost 19 years at Adobe, followed by a stop at Cisco, before landing at Banyan in 2021. As his Twitter bio tells it, he’s a “Large Scale Zero Trust Deliverer,” which is part of his multifaceted CSO charge.
“Black Swan” author Nicholas Nassim Taleb once wrote that “intelligence consists in ignoring things that are irrelevant (avoiding false patterns).” Organizations must take this definition to heart as they incorporate Identity Security intelligence – an essential element of any Zero Trust cybersecurity strategy. Many organizations have dedicated Security Operations Center (SOC) teams responsible for their threat detection, investigation and response efforts.
Once threat actors gain a foothold on a system, they must implement techniques to maintain that access, even in the event of restarts, updates in credentials or any other type of change that might disrupt access. These techniques are collectively known as persistence techniques. In this blog post, we will focus on how malware can achieve persistence by abusing the Windows Registry.
There’s always a balancing act when it comes to building and deploying cloud-native applications in environments like Amazon Web Services (AWS). The whole point of moving production to the cloud is that developers can move faster than ever before, innovating and shipping new features on a daily basis. But that same speed can be an organization’s downfall if development outpaces security processes and accidentally exposes secrets or other credentials to potential attackers.
Today’s episode is part two of our conversation with former White House CIO, bestselling author and founder and CEO of Fortalice Solutions, Theresa Payton. If you missed part one, you can start here and go back to that episode. Or, you can start there and come back to this one – but you’re already here, so maybe just stick around?
Phishing is a big problem that’s getting even bigger as cybercriminals find new ways to hook employees. With threats coming from every direction – emails on company computers, text and voice messages on mobile devices and in personal communications channels, malicious typosquatting sites, phony marketing QR codes and more – it’s only a matter of time before someone trips up and opens or clicks on something they shouldn’t.
Have you ever received a puzzle as a gift from a well-intentioned friend? They likely thought something along the lines of, “Hey, this person’s into solving problems — I bet they’d love putting together this bad boy on a rainy day.” The sentiment was spot-on. Puzzles are your thing.
