Fresh Thinking for the Modern CISO
powered by Kudelski Security
The Might of a (Cyber) Nation!
Recently, Andrew Howard, Kudelski Security CTO was asked to comment in CSOonline on the need for a Cyber National Guard. A US congressman recently proposed the idea, citing digital security as a component of national security amidst headlines of other nations meddling...
read moreSecurity Advisory: WCry2 Ransomware Outbreak (updated)
wCry2 Ransomware spreading via EternalBlue (MS17-010) Update May 15 Attribution attempts Mid-morning (U.S time) Neel Mehta, a security researcher at Google, posted a cryptic tweet with the hashtag “#WannaCryptAttribution”: The tweet referenced hashes of...
read more
WannaCry Ransomware Webcast
The number of individuals, organizations and countries affected by the WannaCry malware attack is growing at an alarming rate. After the initial infection is executed, no user intervention at all is required for the malware to spread. As this is one of the largest...
read more
Security Advisory: WCry2 Ransomware Outbreak
wCry2 Ransomware spreading via EternalBlue (MS17-010) Update May 13 Data was coming in very quickly on Friday and while we worked to provide timely and reasonable information we know now more about what happened and how the Wana Decrypt0r 2.0 ransomware outbreak...
read more
Managing connected devices in the field or the post-market security headache
Over the past few months, numerous breaches have been reported in connected embedded devices ranging from medical devices to programmable logic controllers (PLCs). The so-called Internet of Things (IoT) is now under attack in similar ways to the rest of the IT...
read more
Don’t Let Crypto Ruin Your Day
A few years ago, a customer handed us a report from a Big 4 consulting firm describing how, after close to 100 person-hours of review, a team of ‘highly-qualified senior security engineers’ had failed to find any flaw in their encrypted communications product. Half a...
read more
API Security: Awareness in a Cloud-Connected World
Earlier this month, the Open Web Application Security Project (OWASP) published a release candidate for its well-known Top 10 list of the most critical web application vulnerabilities. In this first update since 2013, some vulnerabilities have been combined or...
read more
Finding Top Security Talent: If You Build It, They Will Come
I recently attended a meeting of likeminded Chief Information Security Officers who were discussing the challenges of their role. Conversation bounced between the need for better reporting metrics to the lack of value in threat intelligence, but one topic seemed to...
read more