Week 51 in Review: Zoom's VISS and a Surge in Zero-Days
A lot of writing this past week, but most of which won’t be published for the next few weeks, since my editors are caching articles for the coming...
Week 50 in Review: LinkedIn scams target Middle East, and an introduction to CVSS 4.0
I had two articles published this week, one over at Dark Reading covering the relative improvement in LinkedIn scams targeting the Middle East and another for Synack’s README.security...
Week 49 in Review: Cloud security in the Middle East, and OT ransomware
I had four articles published this week. The top story was based on analyses from Palo Alto Networks and Microsoft that showed that the Russian hacking group known...
Week 48 in Review: Ransomware in the Middle East, law firms under fire
Only two articles out this week. As part of Dark Reading’s increased focus on the Middle East and Africa, I covered the surge in ransomware and other threats...
Week 47 in Review: A look at the KEV list, a Kubernetes rootkit, and web shells
Happy Thanksgiving to those who celebrate it. This week, Dark Reading published three articles, including coverage of the strengths and weaknesses of the the Known Exploited Vulnerabilities (KEV)...
Week 46 in Review: Molerats Change Tactics, Flaws in AI Tools, Developers Under Attack
This week I covered the Molerats group’s adoption of a more advanced payload for its espionage campaign, more than dozen vulnerabilities found in an handful of popular AI...
Week 45 in Review: Mainframes, AI, and 'Shields Ready'
My articles this weeks spanned the seemingly old (mainframes), the seemingly new (vulnerability-fixing AIs), and the never-ending effort to stop bad guys, this time with a focus on...
Website is back
A couple of weekends ago, I moved over my domain and mail infrastructure to new providers, so I decided to use the momentum to get my blog back...
Week 44 in Review: Budget Cuts to Hit CISA, Cybersecurity Jobs Report
I mainly focused on the economy in my published reports this week. Both articles are for Dark Reading.
Week 43 in Review: Rockwell Buys Cybersecurity, SMS 2FA Still Sticky
A breach of at least one developer on the Steam game platform led Valve, the owner of Steam, to required a cell number for every developer for 2-factor...
Week 42 in Review: A Look as OSQuery, a README feature on MOVEit
Open-source software is the critical technology that has allowed cloud services to take off. Why has a similar effect not happened in the security world. The open-source infrastructure...
Containers under attack: What your app sec team needs to know
As a network-penetration expert, Wesley McGrew regularly runs red-team exercises against the networks of his clients, and increasingly he is seeing containerized applications being targeted.
Overwhelmed by security data? Science to the rescue
When Charles Givre, lead data scientist at Deutsche Bank, teaches security teams about the benefits of applying security data science techniques, he often focuses on a common malware...
The Race to Build a Cybersecurity Workforce
Secureworks can’t hire cybersecurity pros fast enough.
Some Git techniques
Here are some techniques that I handled.
Changes to the site
This year has been an exciting one so far. I’ve tackled a number of data-analysis projects, including investigating data on the cybersecurity workforce shortfall and a deep dive...
Recent ransomware attacks: Is it an epidemic or overblown?
Major news organizations stated that cybercriminals had raked in more than $209 million from ransomware victims in the first quarter of 2016, more than an eight-fold increase compared...
Cite your sources
Digging into a data point that has minimal citation finds it is more three years older than expected and came from a completely different source.
Two decades
February 2017 marked a major anniversary for me: Two straight decades as a journalist and writer.
Month in review: No privacy for home computers, and the end of 'trustworthy' ransomware?
It’s amazing how quickly a month can pass and how easily a commitment to regularly update your blog goes by the wayside. The past month, I’ve written more...
Week in review: Breach losses no biggie
Phishing is one of those problems that the security industry is not going to solve. However, they are making it tougher.
Week in review: USB drives and toothbrushes
Ransomware is a significant threat companies and consumers. No surprise, then, that U.S. lawmakers are calling hearings on the increasing number of attacks. I hadn’t heard about
Getting past the planning stage
I’m a planner. While often a good thing — planning out a large report can make the resultant work much easier — when it comes to embarking on...
