Fresh Thinking for the Modern CISO

powered by Kudelski Security
  • CredManifest: Azure AD Information Disclosure Leading to Privilege Escalation & Free Tool Released

    Summary On November 17th, 2021 Microsoft disclosed the existence of a high severity information disclosure vulnerability impacting Azure Active Directory (Azure AD) that could allow authenticated Azure AD user to escalate their privileges. Azure AD is Microsoft’s Identity and Access Management system used by Azure Cloud and Office 365. The vulnerability, dubbed “CredManifest” (CVE-2021-42306) existed…

    Read More >>
  • From Theory to Practice: How to Get Started with Red Teaming

    It seems like everyone is talking about red teaming these days, and for good reason. Red teaming can be an incredibly useful exercise for organizations looking to test their threat detection and response capabilities as well as their maturity as whole. It’s an evolution of the traditional network pentest, but there are key differences in…

    Read More >>
  • Defending Against Cyberattacks in the Increasingly Vulnerable Manufacturing Industry

    As manufacturing relies more and more on remote access and automation, cyber hygiene continues to be one of the top challenges in securing manufacturers across the nation. In light of several major supply chain disruptions across manufacturing sectors, the Biden Administration recently announced the creation of a Supply Chain Disruptions Task Force to strengthen critical supply chains…

    Read More >>
  • Attack Surface Reduction: Transforming Discovery and Vulnerability Management for a New Era

    In this two-minute read, Zach outlines three simple things that CISOs and security leaders can do to reduce the modern enterprise attack surface: discovery, contextualization, response. You can’t secure what you don’t know exists; you can’t hide what you don’t know is exposed. John Binns, the self-professed perpetrator of this summer’s T-Mobile breach, reminded us…

    Read More >>
  • OT: The Time for Remote Access Security is Now

    Critical infrastructure systems are becoming increasingly connected to traditional IT systems, and as a result, are increasingly targeted. Critical infrastructure systems are becoming increasingly connected to traditional IT systems, and as a result, are being increasingly targeted. A Siemens study found that 56 percent of the world’s gas, wind, water and solar utilities experienced at least one…

    Read More >>
  • Bridging the AI Security Divide

    If you are reading this post, then there’s a good chance you understand the need for security surrounding AI systems. As more and more development teams look at ways to increase the intelligence of their applications, the surrounding teams, including security teams, are struggling to keep up with this new paradigm and this trend is only…

    Read More >>
  • 5 Minutes with Ernie Anderson – The Importance of a Deputy CISO

    Ernie Anderson, Head of Professional Services at Kudelski Security, knows a thing or two about enabling the CISO to fulfil their mission. Being one of the most difficult jobs in the cybersecurity industry, a CISO needs lieutenants to have an effective security team. With lack of funding in companies’ security programs and rampant attacks around…

    Read More >>
  • Microsoft Warns Azure Customers of a Vulnerability in the Azure Container Instances (ACI) Service that Could Expose their Data

    Microsoft recently reported that they have mitigated a vulnerability that was reported in July by security researchers from Palo Alto. This vulnerability impacts the Azure Container Instances feature that allows azure users to deploy containers without the need for Kubernetes or some sort of Linux VM running the docker software to host the container. It…

    Read More >>