All Articles

Digitally altered and synthetic media are becoming more of a problem.  Openly available tools, including AI Deep Learning, enable the easy modification of pictures and videos for distribution on the Internet.  Most are benign; clearing up acne, impro

Intel has released patches for several security vulnerabilities in their Active Management Technology (AMT) and Intel Standard Manageability (ISM) platforms.  One of them was a critical flaw in AMT that allowed remote privilege escalation  CVE-2020-8

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.

Straightforward penetration testing reve

I am seeing many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s

A recent article from ComputerWe

It simply makes no sense to call for IoT devices to be certified safe-and-secure.  Before you get bent out of shape, hear me out. 

Regulations are unwieldy blunt instruments, best left as a last resort.  Cybersecurity regulations are not nimble, tend

Join the free webinar on Oct 28th 10am PST to listen to the panel discuss how culture can contribute or destroy cybersecurity!

Why is the Sacramento region ripe for innovation in Cybersecurity?

Come join the online Sacramento Urban Technology Lab conference where a panel including Malcolm Harkins, Kimberley Owen, George Usi, Carmen Marsh, and myself will discuss why Sac is a

Does society want governments to take on the role of protecting the Internet? Should the Internet be considered a Critical Infrastructure and therefore be overseen by governments? Will such actions undermine privacy and liberty or will it be demanded

Microsoft and partners have taken down the Trickbot ransomware infrastructure. That is a temporary relief, as the cybercriminals will soon adapt. The bigger picture is how the Microsoft Digital Crimes Unit (DCU) has created a template and partnership

Security experts say don't pay ransomware, but now the U.S. Treasury Department is now declaring it illegal!  Every company on the Internet must deal with the threat and emerging regulations.  

Ransomware continues to be a growing problem because vict

Recent verified reports highlight exploitable vulnerabilities in Apple’s security chip that cannot be patched!  The announcement adds to the growing concerns and shifting perceptions about hardware security.

Hardware-based security has pros and cons. 

New phishing malware leverages Artificial Intelligence and worm functionality to rapidly spread to contacts of victims.  By leveraging previously established relationships the malware can bypass technical controls and easily fool new targets into bec

The U.S. Department of Justice filed charges against six Russian agents, identified as members of the APT group known as Sandworm.  The unsealed documents reveal that the six suspects are all current or have former ties to the Russian foreign intelli

"Why Sacramento is Ripe to be a Cybersecurity Hub" panel discussion, was lively and engaging. Moderated by Carmen Marsh and featuring Malcolm Harkins, Matthew Rosenquist, and George Usi, the panel discussed a broad range of topics including: Why pick

The U.S. National Security Agency knows which vulnerabilities China backed hackers are exploiting the most to gain access to sensitive data.

The Chinese state-sponsored information gathering engine is a vacuum when it comes to acquiring information fr

October is Cybersecurity Awareness Month.  It is a time to consider the risks we accept everyday when using computers and what we can do to better protect ourselves. 

I have a challenge for each and every person.  Something that will help people indiv

The California Consumer Privacy Act (CCPA) has been around since 2018, as the more protective data privacy legislation of any state, but not all businesses have been acting ethically in their compliance and respect for user privacy. 

As a result, the

The government’s Central Bank of the Bahamas has released the world’s first Central Bank Digital Currency (CBDC) - the “SAND DOLLAR”.

This is attracting the interest of cybercriminals as well as security professionals.  As national currencies transfor

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines.

This is an important finding as it

I am happy to see such cooperation across cryptocurrency exchanges to interdict these heinous crimes. 

Unfortunately, in addition to the beneficial uses, crypto is also leveraged as a means to support criminal acts which undermines legitimacy and the