Cyber Security Headlines
Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
info_outline
Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach
05/03/2024
Goldoon exploits D-Link, CISA GitLab warning, Dropbox Sign breach
Goldoon botnet exploits D-Link routers CISA adds Gitlab flaw to its KEV catalog Dropbox discloses breach of digital signature service Thanks to our episode sponsor, Dropzone AI AI Autonomous Analyst is transforming cybersecurity as we know it. By replicating the techniques of elite analysts and autonomously investigating every alert, our patented system force multiplies your SOC team by 10X without adding headcount. Experience the future of threat detection and response at . Request a trial today! For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/31010413
info_outline
Chinese disinformation, NCSC AMS, new State Secrets law
05/02/2024
Chinese disinformation, NCSC AMS, new State Secrets law
Chinese disinformation proving ineffectual NCSC release Advanced Mobile Solutions risk model China implements new State Secrets Law Thanks to our episode sponsor, Dropzone AI Cybersecurity leaders, are you being asked to leverage the power of Gen AI in your SOC? AI Autonomous Analyst empowers your team to thoroughly investigate every alert. No playbooks, no code, just intelligent, adaptable alert investigation. Test drive on to immediately see the results for yourself.
/episode/index/show/cisoseries/id/31010418
info_outline
UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
05/01/2024
UnitedHealth Group CEO faces congress, U.S. wireless carriers face majors fine, Marriott backtracks protection claims
UnitedHealth Group CEO faces congress & cause of hack revealed Major U.S. wireless carriers face $200M FCC fine Marriott backtracks claims of encryption protection Thanks to our episode sponsor, Dropzone AI is proud to announce our selection as a Top 10 Finalist for the prestigious RSA Innovation Sandbox. Our AI Autonomous Analyst is revolutionizing the way SOC teams operate, replicating the techniques of elite analysts and autonomously investigating every alert. Meet us at RSAC and book a time at
/episode/index/show/cisoseries/id/31010423
info_outline
USPS phishing, UK IoT law, industrial USB attacks
04/30/2024
USPS phishing, UK IoT law, industrial USB attacks
USPS phishing sites are popular UK bans bad IoT credentials USB malware attacks targeting industrial sites Thanks to our episode sponsor, Dropzone AI Attention cybersecurity professionals! Are you investigating 100% of the alerts from your IT and security systems? AI Analyst autonomously investigates every alert without playbooks or code, enabling you to turn over every rock. Visit to learn more and request a trial. Offload your tier-1 analysis to an AI analyst that never sleeps so you can.
/episode/index/show/cisoseries/id/31010428
info_outline
Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
04/29/2024
Kaiser Permanente breach, DSH Safety Board, Okta stuffing attack
Kaiser Permanente website tracking tools may have compromised customer data DHS announces AI safety board Okta warns of “unprecedented” credential stuffing attacks on customers Thanks to our episode sponsor, Dropzone AI Introducing , the industry's first AI Autonomous SOC Analyst. Their patented LLM replicates the techniques of elite analysts, autonomously investigating every alert without playbooks or code. Force multiply your SOC team by 10X without adding headcount. Visit to request a trial and experience the power of AI-driven cybersecurity. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/31010433
info_outline
Week in Review: GitHub comments abused, networkless” attack techniques, Police bodycam AI reports
04/26/2024
Week in Review: GitHub comments abused, networkless” attack techniques, Police bodycam AI reports
Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , CIO, Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 with . Join us as we unveil cutting-edge innovations and insights to tackle today’s most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC! All links and the video of this episode can be found on
/episode/index/show/cisoseries/id/31007533
info_outline
Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
04/26/2024
Google postpones cookies, Brocade vulnerability warning, ICICI card gaffe
Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30910968
info_outline
Chinese keyboard flaws, hacked news story, TikTok on the clock
04/25/2024
Chinese keyboard flaws, hacked news story, TikTok on the clock
Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose , your security partner in the AI-driven era of development.
/episode/index/show/cisoseries/id/30910963
info_outline
Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
04/24/2024
Iranian hackers charged, Siemens fixing Palo bug, Russia hacks water plant
Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode Are you truly listening to both your security and development teams? Make informed decisions with . Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com.
/episode/index/show/cisoseries/id/30910958
info_outline
TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
04/23/2024
TikTok ban update, Sandworm hits Ukraine, North Korean streaming animators
TikTok ban passes the US House Sandworm targets critical Ukrainian orgs North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and . We’ll be your wingman anytime.
/episode/index/show/cisoseries/id/30910953
info_outline
RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites
04/22/2024
RedLine GitHub connection, MITRE Ivanti breach, E-ZPass spoof sites
RedLine stealer GitHub connection MITRE’s breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of . Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with . For the stories behind the headlines, head to
/episode/index/show/cisoseries/id/30910948
info_outline
Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout
04/19/2024
Week in Review: Cisco MFA breach, Bad bots surge, Microsoft mail breach fallout
Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , CISO, Thanks to our show sponsor, Conveyor Happy Friday! Are you tired of hearing about Conveyor’s AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at . Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. All links and the video of this episode can be found on
/episode/index/show/cisoseries/id/30906648
info_outline
LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability
04/19/2024
LabHost police bust, Michigan healthcare attack, Windows Fibers vulnerability
Police bust reveals sophisticated phishing-as-a-service platform Overlooked Windows Fibers offer handy route for malicious payload deployment Michigan healthcare organization suffers data breach Thanks to today's episode sponsor, Conveyor Happy Friday! Are you tired of hearing about AI security review automation software? We’ll stop talking about it if you book a call. Ready to give the market leading AI for security questionnaires a spin? Try a free proof of concept at . Don’t forget to mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30808888
info_outline
Water utility threats, GPT-4 hacking, SIM swap solicitation
04/18/2024
Water utility threats, GPT-4 hacking, SIM swap solicitation
Sandworm-linked group tied to attack on water utilities GPT-4 reads security advisories Cell carrier workers solicited for SIM swaps Thanks to today's episode sponsor, Conveyor is the market leading AI-powered platform that automates the entire customer security review process — from sharing your security posture and SOC 2 in a single portal to using that same information to automate answering security questionnaires with 90% accuracy. Use Conveyor to fly through any customer security review in minutes. It might sound like every other software claim out there, but there’s a reason our customers have dubbed their ‘favorite security tool of the year’. Test it out in a free proof of concept at
/episode/index/show/cisoseries/id/30808898
info_outline
Cisco MFA breach, Bad Bots surge, LockBit 3.0 propagates
04/17/2024
Cisco MFA breach, Bad Bots surge, LockBit 3.0 propagates
Cisco announces breach of multifactor authentication message provider Bad bots drive 10% annual surge in account takeover attacks LockBit 3.0 variant generates custom, self-propagating malware Thanks to today's episode sponsor, Conveyor is the AI security review automation platform helping infosec teams automate everything from securely sharing a SOC 2 to one-click autofilling security questionnaires with AI so you can spend almost zero time on the manual tasks that make you want to cry into your laptop. Teams like Lucid Software are finding in a free proof of concept that our AI is better than the rest. Learn more at . Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30808903
info_outline
Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul
04/16/2024
Threads out in Turkey, Palo Alto backdoor, Microsoft' security overhaul
Meta to close Threads in Turkey Palo Alto fixes backdoor zero-day Details on Microsoft’s security overhaul Thanks to today's episode sponsor, Conveyor What are infosec teams measuring these days? More often than not, their impact on sales. As infosec teams become hands on in the sales cycle, proving your value becomes key. A director of GRC said last week that the most direct value for their CEO was showing the efficiencies and the dollars that security has been able to bring in from enabling sales. See these trends and more in report at . Click the banner at the top.
/episode/index/show/cisoseries/id/30808908
info_outline
U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies
04/15/2024
U.S. surveillance reauthorization, Roku breach update, Microsoft breach exposed agencies
House passes reauthorization of U.S. surveillance program Roku says 576,000 accounts compromised in latest security breach Microsoft breach exposed federal agencies Thanks to today's episode sponsor, Conveyor It’s Conveyor again, the market-leading AI software for answering security questionnaires and securely sharing your security posture and documents. report for 2024 was just released and it’s all about what the “new era” of infosec holds. Learn how positioning security and compliance early in the sales cycles increases win rates by 42% and what infosec teams need to prepare for as they move closer to the sales function. You can find the report at by clicking on the banner at the top. For the stories behind the headlines, visit CISOseries.com.
/episode/index/show/cisoseries/id/30808913
info_outline
Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b
04/12/2024
Week in Review: Government hospital warning, Sisence breach, Financial firms lose $12b
Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , deputy CISO, Thanks to our show sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated fast. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at . All links and the video of this episode can be found on
/episode/index/show/cisoseries/id/30804848
info_outline
Palo Alto patches, CISA’s Sisense warning, GitHub repos gamed
04/12/2024
Palo Alto patches, CISA’s Sisense warning, GitHub repos gamed
Palo Alto Networks fixes several DoS vulnerabilities in PAN-OS operating system Sisense breach exposes customers to potential supply chain attack Threat actors gaming GitHub Search Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at . For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30709568
info_outline
CISA malware analysis, "hunt forward" missions, Spectre v2
04/11/2024
CISA malware analysis, "hunt forward" missions, Spectre v2
CISA expands automated malware analysis US Cyber Command launched “hunt forward” missions Spectre v2: Linux Boogaloo CHECK OUT Capture the CISO season 2 . Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at .
/episode/index/show/cisoseries/id/30709563
info_outline
Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
04/10/2024
Ukraine cyber head suspended, LG TV vulns, Microsoft exposed passwords
Ukraine's head of cybersecurity suspended and assigned to combat zone Over 90,000 LG Smart TVs exposed to remote attack Microsoft exposed internal passwords in security lapse Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at . For the stories behind the headlines, visit CISOseries.com.
/episode/index/show/cisoseries/id/30709558
info_outline
Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands
04/09/2024
Cyberattack impacts vet firm, data privacy bill movement, DOJ hack exposes thousands
Cyberattack causes major disruptions for UK vet firm Data privacy bill pushes forward with bipartisan support Department of Justice hack exposes hundreds of thousands Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at .
/episode/index/show/cisoseries/id/30709553
info_outline
Hospital hack warning, Five Eyes follow-up, NYC municipal hack
04/08/2024
Hospital hack warning, Five Eyes follow-up, NYC municipal hack
Government warns hospitals of hackers targeting IT help desks U.S. government contractor Acuity responds to alleged Five Eyes breach New York City becomes latest in municipal government hack attempts Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at . For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30709548
info_outline
Week in Review: Five Eyes breach, Microsoft’s Chinese hack response, AT&T customer breach
04/05/2024
Week in Review: Five Eyes breach, Microsoft’s Chinese hack response, AT&T customer breach
Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , Advisor, Thanks to our show sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With Vanta, you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at . All links and the video of this episode can be found on
/episode/index/show/cisoseries/id/30701308
info_outline
Five Eyes breach, cancer center breach, Pixel zero-day flaw
04/05/2024
Five Eyes breach, cancer center breach, Pixel zero-day flaw
Classified Five Eyes data theft announced Cancer center data breach affects 800,000 Android Pixel phone zero-day flaws being exploited by forensic companies Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at to learn more. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30604593
info_outline
Microsoft security failings, NIST NVD backlog, Chrome DBSC beta
04/04/2024
Microsoft security failings, NIST NVD backlog, Chrome DBSC beta
Report criticizes Microsoft’s Chinese hack response NIST needs help with vulnerability backlog Chrome tests feature to prevent session hijacking Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at to learn more.
/episode/index/show/cisoseries/id/30604588
info_outline
Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach
04/03/2024
Cyber incident reporting rule, Google blocks spoofed emails, PandaBuy breach
CISA releases draft rule for cyber incident reporting Google now blocks spoofed emails for better phishing protection Breach at online shopping platform PandaBuy affects 1.3 million customers Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at to learn more. For the stories behind the headlines, head to .
/episode/index/show/cisoseries/id/30604583
info_outline
Incognito settlement, hallucinated software, phone protocols vulnerable
04/02/2024
Incognito settlement, hallucinated software, phone protocols vulnerable
Google to delete Incognito tracking data Hallucinated software packages as a security vulnerability FCC investigating phone infrastructure security Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at to learn more.
/episode/index/show/cisoseries/id/30643203
info_outline
AT&T data leak, Linux backdoor discovery, DHS phone data policy
04/01/2024
AT&T data leak, Linux backdoor discovery, DHS phone data policy
Data of 73 million AT&T customers leaked on dark web Accidental Linux backdoor discovery likely prevented thousands of infections DHS expected to stop buying access to your phone info Thanks to today's episode sponsor, Vanta The average security pro spends nearly a full workday every week just on compliance. With , you can automate compliance for in-demand frameworks like SOC 2, ISO 27001, and HIPAA. Even more, Vanta’s market-leading Trust Management Platform enables you to unify security program management with a built-in risk register and reporting, and streamline security reviews with AI-powered security questionnaires. Over 7,000 fast-growing companies like Atlassian, Flo Health, and Quora use Vanta to manage risk and prove security in real time. Watch Vanta’s on-demand demo at to learn more. For the stories behind the headlines, visit CISOseries.com.
/episode/index/show/cisoseries/id/30604573
info_outline
Week in Review: Spyware boosts zero-days, MFA bombing targets Apple, Facebook snooped Snapchat
03/29/2024
Week in Review: Spyware boosts zero-days, MFA bombing targets Apple, Facebook snooped Snapchat
Link to This week’s Cyber Security Headlines – Week in Review is hosted by with guest , CISO, , and Thanks to our show sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today at All links and the video of this episode can be found on
/episode/index/show/cisoseries/id/30600618