All Articles

Actionable Insights For CISOs:

1. Rebuild Threat Models to Reflect Today’s Multi-Layered Adversaries

Threat modeling can no longer assume that the main attackers are cybercriminals or opportunistic insiders. CISOs will need to evolve to continuous, l

In an age where AI-driven agents increasingly handle sensitive requests, the critical question is: how do we trust the identity behind every interaction? Traditional methods like passwords and OTPs are proving inadequate in stopping fraud, deepfakes,

Microsoft faces ongoing, systemic cybersecurity failures rooted in blind spots within its very organizational design. These vulnerabilities repeatedly result in serious product blunders and damaging breaches. This has once again become evident with t

My article on Help Net Security highlighting how the banking industry is leveraging their powerful lobbying groups to try and undermine the U.S. Securities and Exchange Commission 4-day cybersecurity reporting rule, which has been in place for over a

Banking industry lobbyists are pressuring the SEC to gut the four-day breach disclosure rule — an essential safeguard for shareholders and potential victims. Their arguments are misleading, self-serving, and designed to protect profits over public tr

There are many cybersecurity and privacy risks to consider, both from the user and the enterprise, when it comes to Microsoft's new OneDrive feature that will connect their personal OneDrive with their work device!

LinkedIn: https://www.linkedin.com/

Misuse of the newly announced Microsoft OneDrive synchronization feature puts corporate security and personal privacy at serious risk in ways not likely understood by the users. Microsoft wants people to connect their personal OneDrive file share wit

For over a decade, we warned the healthcare industry this was coming. They ignored us. Their sole focus was HIPAA compliance — checking regulatory boxes rather than securing critical systems. We told them that system and service availability attacks

I had such a wonderful conversation with Debbie Reynolds on here podcast "The Data Diva Talks Privacy". Cybersecurity and Data Privacy are conjoined. We will succeed or fail together! We all must work closer to protect the data and systems of our dig

The National Public Data breach has been a nightmare, exposing names, addresses, birthdates, emails, phone numbers, and Social Security Numbers of countless individuals — including mine.

As a California resident, I have the legal right to demand that

The arms race continues between those attempting to detect GenAI-created content and those who want to keep their origins concealed. For example, detecting if ChatGPT was employed to write content, such as academic papers. According to reports, OpenA

As an AT&T customer, I did receive the unwelcome news that they suffered a data breach.

Here is a rundown for what you should to know.

BREACH DETAILS

· This is a sizable data breach of about 109 million customers

· Call and text interactions from May 1,

YouTube has announced that it will facilitate requests to remove AI generated content that is created to look or sound like you.

It is a nice gesture on behalf of YouTube, but the process to protect from deepfakes is not scalable.  The attackers will

Microsoft created Recall as a tool to benefit the user, but it has far more value to cybercriminals, hackers, data brokers, digital extortionists, and malicious insiders!

In today’s video, I discuss the risks and what Microsoft should do to protect us

Carta has a full blown reputation crisis underway, but all is not lost, if the company acts in a meaningful and ethical way!

In today’s video, I give my take on how they can recover and rebuild trust!
 
 
Referenced TechCrunch Article: https://techcrunch

Caesars Rewards Members are receiving notice of the data breach that occurred more than a month prior. The breach occurred in August 2023, but Caesars did not report it to regulatory officials until September 2023 and is finally notifying victims in

Cybersecurity and Privacy are both necessary for organizations to earn and maintain trust with their partners and customers.

This lively discussion brings together privacy, cybersecurity, and business leadership experts to unravel the benefits, risks,

Has the CRYSTALS-Kyber encryption algorithm, one of 4 quantum resistant methods that NIST has recommended to replace legacy encryption, fallen even before it has been rolled out? 

There is news that researchers from the KTH Royal Institute of Technolo