All Articles

China has implemented a 1-hour reporting requirement for severe cybersecurity incidents! First, this is in stark contrast to the disorganized and lengthy US reporting requirements, but more importantly it provides insights to one of the most aggressi

Aggressive nation-states are increasingly leveraging cyberattacks as tools to advance their foreign policy objectives. In this case, Iran sponsored Pay2Key Ransomware-as-a-Service (RaaS) is offering an increase in profit sharing (80%) to affiliates w

Compromising the hardware layer, especially the CPU, is the Holy Grail of cyberattacks. Recent work by Christiaan Beek, a leading cybersecurity researcher at Rapid7, into developing a ransomware proof-of-concept that infects at the hardware layer, in

Nations are investing heavily in offensive cyber capabilities. The proposed 2026 US defense budget earmarks an additional $1 billion in funding for offensive cyber operations, specifically to the US Indo-Pacific Command (USINDOPACOM). In 2025, the De

The SEC has fined four major companies for materially misleading investors regarding cyberattacks.

Tech in Trouble

Regulatory actions have been brought against Unisys, Avaya, Check Point, and Mimecast for their purposeful decisions to not clearly infor

Let’s break down the CrowdStrike outage in non-technical terms!

Thanks for watching! Be sure to subscribe for more Cybersecurity Insights!

Follow me on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/ and on my YouTube channel for more Cybersec

Carta has a full blown reputation crisis underway, but all is not lost, if the company acts in a meaningful and ethical way!

In today’s video, I give my take on how they can recover and rebuild trust!
 
 
Referenced TechCrunch Article: https://techcrunch

The White House just released an Executive Order intended to lay down some standards intended to manage the risks of Artificial Intelligence. I absolutely like the idea of establishing guardrails to make AI safe, secure, and trustworthy, but I am uns

Hackers are exploiting an un-patchable vulnerability (CVE-2023–2868) in Barracuda Email Security Gateway appliances. Barracuda has announced that customers should discontinue using the email security product or upgrade. Hackers are using multiple typ

I greatly appreciate being included in the “Top Cyber Security Experts & Influencers to Follow in 2023” list from WhizLabs!

This group of leaders is a driving force for cybersecurity education, evolving best practices, communicating emerging risks, an

The cyber attacks on LastPass continue to be more invasive and damaging to its customers. Numerous security failures and poor leadership decisions have undermined this cybersecurity company’s reputation and sent its customers scrambling to protect t

I hope this nonsense does not escalate down this path, but as Russia continues to fail with their attempts to conquer Ukraine, Putin will become more desperate and want to lash-out at Ukraine’s biggest international supporters.  Cyberattacks are a gr

On Sept 15^th a curious teenage hacker looking for fun, compromised Uber in a serious way, gaining administrative access to the company’s massive cloud instance, development environments, tools, and even their access management server!  The hacker jok

As Putin’s war on Ukraine reveals stunning failures of Russian forces, the embarrassed leader becomes more desperate. This has ramifications on the overall global security of digitally connected systems, potentially affecting all of us.

In today’s pod

Uber’s latest breach is big and fraught with concerns about the maturity of the company’s cybersecurity capability. Failure abounds across their technology, behaviors, and processes. We can all learn from Uber’s mistakes!

For more strategic insights

Peiter “Mudge” Zatko, head of security at Twitter and now whistleblower, was explicit as he testified to Congress about Twitter Security Flaws. Mudge outright accused Twitter executives of misleading the government, users, and shareholders regarding