Hot Topics

Teri Robinson
From the time she was 10 years old and her father gave her an electric typewriter for Christmas, Teri Robinson knew she wanted to be a writer. What she didn’t know is how the path from graduate school at LSU, where she earned a Masters degree in Journalism, would lead her on a decades-long journey from her native Louisiana to Washington, D.C. and eventually to New York City where she established a thriving practice as a writer, editor, content specialist and consultant, covering cybersecurity, business and technology, finance, regulatory, policy and customer service, among other topics; contributed to a book on the first year of motherhood; penned award-winning screenplays; and filmed a series of short movies. Most recently, as the executive editor of SC Media, Teri helped transform a 30-year-old, well-respected brand into a digital powerhouse that delivers thought leadership, high-impact journalism and the most relevant, actionable information to an audience of cybersecurity professionals, policymakers and practitioners.

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

| | code security , GitHub , key , repository , rotation , SSH
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. “Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations ... Read More
Security Boulevard

Twitter Presses GitHub to Turn Over User Who Leaked Source Code

| | Breach , Data Security , GitHub , leaks , Source Code , Twitter
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for the platform’s security. “Unlike other recent source code leaks, it is concerning that Twitter has not released a ... Read More
Security Boulevard

ChatGPT Less Convincing Than Human Social Engineers in Phishing Attacks

| | AI , chatbots , ChatGPT , Malware , Phishing , social engineering
Tech companies large and small are all jumping on the AI chatbot bandwagon—Google just opened up access to its Bard offering and ChatGPT is already on version 4—and, not surprisingly, threat actors will likely press AI into action to carry out nefarious actions. For now, though, human social engineers still ... Read More
Security Boulevard

Success of National Cybersecurity Strategy Rests on Swift Action

| | Cybersecurity , government , National Cybersecurity Strategy , White House
Just a week after the White House unveiled its long-anticipated National Cybersecurity Strategy, a pair of incidents—a breach at DC Health Link that may have exposed the personal data of members of Congress and a warning that hackers were exploiting old vulnerabilities in VMware—underscored the importance of shoring up cybersecurity ... Read More
Security Boulevard

Known Vulnerabilities Drove Most Cyberattacks in 2022

| | cyberattacks , Log4j , Log4Shell , Tenable , threat landscape , Vulnerabilities
New research revealed an all-too-familiar theme: Known vulnerabilities for which patches have been issued were the main way threat actors executed cyberattacks in 2022. “The data highlights that long-known vulnerabilities frequently cause more destruction than the shiny new ones,” Bob Huber, CSO and head of research, Tenable, said in a ... Read More
Security Boulevard

LastPass Devs Were Phished for Credentials

| | credential stuffing , cyberattack , lastpass , Phishing , social engineering
LastPass has followed news of last month’s breach with details on a second attack in which developers were phished for their credentials. In the January incident, the password manager’s parent, GoTo, said that in addition to stealing encrypted backups containing customer data, hackers nicked an encryption key last November. “An ... Read More
Security Boulevard

NIST Shores Up CSF 2.0 With Supply Chain, Governance Reforms

| | CSF , Cybersecurity , NIST , nist framework , supply chain security
The U.S. Dept. of Commerce National Institute of Standards and Technology (NIST) will open a comment period for stakeholders on proposed significant reform to its Cybersecurity Framework (CSF). In advance of the public comment period, the standards organization wrapped up the last stakeholder workshops last week. It is the first ... Read More
Security Boulevard

Ransomware Attack Brings Dole Operations to a Temporary Halt

| | cyberattack , cyberthreats , Dole , Ransomware
At a time when companies are plagued by supply chain issues, inflation is skyrocketing and cyberattacks proliferate, Dole PLC recently found itself the victim of a ransomware attack that temporarily shuttered some of its North American operations. “The Dole ransom attack highlights how the just-in-time nature of food supply chains makes them ... Read More
Security Boulevard

Weak Creds, Unpatched Flaws, Reliance on Tools Plagued Orgs in 2022

| | application security tools , cyber threat intelligence , EDR , Horizon3.ai , Security Tools
Organizations often either have weak credential policies or don’t enforce them, making it easy for attackers to use legitimate credentials to log in—or live off the land—rather than using topflight tools to hack their way into systems. That’s just one of three major themes that emerged in 2022, according to ... Read More
Security Boulevard

‘Sophisticated’ Threat Actor Stole GoDaddy Code

| | cyberattack , Dwell Time , GoDaddy , Incident Response , Source Code
Threat actors lingered in GoDaddy’s systems, installing malware and stealing source code in a security incident that lasted years. After receiving complaints from a few customers in December that their websites were being “intermittently redirected,” the web hosting service said it “found that the intermittent redirects were happening on seemingly ... Read More
Security Boulevard