All Articles

One of my cybersecurity predictions for 2023 is the rise of cyber Private Military Companies (PMC) to specialize in cyberattacks.

One of the most famous PMCs currently in the news is the Russian Wagner group that is fighting for Russia on the ground

The cyber attacks on LastPass continue to be more invasive and damaging to its customers. Numerous security failures and poor leadership decisions have undermined this cybersecurity company’s reputation and sent its customers scrambling to protect t

On January 19, 2023, it was reported that thousands of PayPal accounts have been hacked. This news has caused concern among PayPal users who are now wondering if their own accounts have been compromised. In this blog post, we will provide an overview

The recent outage of the Federal Aviation Administration’s Notice to Air Missions (NOTAM) Pilot-Alert system, which triggered a 90 minute “ground stop” delayed over 9 thousand flights and was behind the cancelation of 1300, leaving countless flyers s

There are 3 things that LastPass customers need to know and do, to protect themselves from the recent encrypted vault breach! 

Consider this a community service video for LastPass users!

I hope this nonsense does not escalate down this path, but as Russia continues to fail with their attempts to conquer Ukraine, Putin will become more desperate and want to lash-out at Ukraine’s biggest international supporters.  Cyberattacks are a gr

Uber’s latest breach is big and fraught with concerns about the maturity of the company’s cybersecurity capability. Failure abounds across their technology, behaviors, and processes. We can all learn from Uber’s mistakes!

For more strategic insights

The Syniverse hack may be the most important data breach of the year!

Hackers had access for 5 years and potentially compromised hundreds of billions of SMS text messages, likely including 2nd Factor Authentication codes that protect logins and are us

No doubt you had heard about Chrysler’s recall of affected cars as it appeared in all the top media. You’ll be even more surprised if you see how many recalls happened because of technical issues in recent months. But there is something that we may m

Zoom is in crisis mode, facing grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user exper

The first warning sign was “hackproof” in the 360Lock marketing materials. As it turns out, with no surprise to any security professional, the NFC and Bluetooth enabled padlock proved to be anything but secure.

Straightforward penetration testing reve

A group of security vulnerability researchers, after many months of work, were able to figure out the update process and secret key used to decrypt Intel microcode updates for the Goldmont architecture product lines.

This is an important finding as it

Another vulnerability and exploit named VoltPillager has been published for Intel Corporation's SGX security technology.  The attack itself is simply a hardware version of a previously discovered PlunderVolt software vulnerability where voltage to th

Cyber attackers continue to move down the compute stack with the latest variant of TrickBot now targeting firmware for malicious manipulations.  This is when it gets serious.  The firmware sits below the operating system and is a perfect place for ma

Even the best security organizations can be hacked!  Watch my message to both the cybersecurity industry as well as those attackers that hacked FireEye and stole the RedTeam tools. 

This skirmish went to the hackers, but the battle continues.

The cybersecurity industry is consumed with scale and effectiveness of one of the biggest hacks in recent memory.  The emerging narrative and stories are missing important pieces of the puzzle.  The attackers, likely a nation-state, gained unpreceden

The SolarWinds hack has had a significant ripple effect on the cybersecurity community, with over 18k organizations discovered to be severely vulnerable and at the mercy of nation-state hackers.  The security community realized some of the biggest co

It is important to look into the motivations of government orchestrated cyberattacks, such as SolarWinds, as understanding the threat-agent’s objectives can provide important insights to their long-term goals and potential next steps.

Today I discuss

It appears France is the main victim for this recent attack which has several uncanny similarities to the SolarWinds exploitation that exposed thousands of U.S. government agencies, critical infrastructure organizations, and major businesses.  Let me