You’re in the middle of mitigating a breach, and your IT department can feel like you’re out on an island alone, but with a variety of resources available for free from the Department of Homeland Security Cybersecurity Infrastructure Security Agency, there’s no reason to go it alone, according to Cybersecurity Advisor George Reeves.

Reeves joined the Texas Virtual Cybersecurity Summit, held on April 7 and 8, offering IT professionals from throughout the region a variety of resources to help prepare for and handle a breach. After all, groups like Hafnium (who were behind the Microsoft Exchange hack) and other bad actors are becoming more active than ever.

Recent events have been a continuous reminder as to why it’s so important to stay informed on all the existing cybersecurity threats. From SolarWinds to Microsoft Exchange, more organizations than ever have been tested this year, Reeves said.

“Our job is to help you recover, help you restore and maintain your critical services,” said Reeves.

With CISA’s help, organizations have the tools to navigate these challenges. For organizations looking to assess their current security vulnerabilities, or needing help with specific issues such as the Microsoft Exchange vulnerabilities, one vital place to look is on CISA’s website, which is filled with free (taxpayer funded) tools, assessments, tests, and other resources that will help build your complete cybersecurity infrastructure.

All tools are available through CISA here, including ways to work through the SolarWinds supply chain compromise and the Microsoft Exchange on-prem vulnerabilities.

CISA has released an overview on MITRE ATT&CK, as well as a command-line tool to help with detection of vulnerabilities called CHIRP (CISA Hunt and Incident Response Program), that goes through your environment to see if there are any hits. It is also useful to check out the Malware Analysis Reports, including details on the China Chopper Webshell, according to Reeves.

They’ve also just released the Aviary Dashboard, a companion resource to the Sparrow detection tool. It’s a dashboard that allows you to take down information and visualize current threats, Reeves said.

CISA works hard to develop tools and raise awareness of the current and imminent threats, including Automated Indicator Sharing (AIS) and the Multi-State Information Sharing & Analysis Center. AIS is a threat-sharing platform, collaboratively from across the country, while the MS-ISAC is a vital tool for the public sector – DHS-CISA supplements this. It’s a free program that allows for you to mediate and mitigate with the guidance of the experience of others who may have already seen this, Reeves said.

Managing a Breach? Don’t Miss CISA’s Va …

Industry News Posted by Jen Greco on Apr 16, 2021

Understanding New Regulatory Requirements and Managing Threats Remains Essential for IT Professionals

CHICAGO — APRIL 13, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in the Midwest next week.

The 2021 Chicago Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. 

Headlining this two-day summit on Tuesday and Wednesday, April 20-21 are four prominent keynote presentations: 

• Amy Nicewick, Section Chief for the Cybersecurity Division, Department of Homeland Security Cybersecurity Infrastructure Security Agency
• EJ Hilbert, Former FBI Cyber Agent and CISO & Founder of KCECyber
• Justin Fanelli, Chief Architect of Defense Medical Intelligence Data and Technical Director at the Naval Information Warfare Center
• Joe Nocera, Lead of the PwC Cyber & Privacy Innovation Institute

In the coming months, all cybersecurity professionals will be dealing with the transition between pandemic- and post-pandemic life. PricewaterhouseCoopers’ (PwC) Joe Nocera will be addressing this topic in detail for the community.

“As we approach a post-COVID world, I’m working with clients to address a myriad of cyberthreats that have either intensified or evolved over the past year. Particularly as virtual work has led to companies handling more data than ever before, it is critical for companies’ customers and employees to feel confident that they can trust them to keep their data safe and manage it responsibly. I look forward to discussing these challenges and sharing best practices for building cyber trust at the Chicago event,” Nocera said. 

In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations. Malicious actors continue to adjust and evolve their ransomware tactics over time. In January, CISA started the Reduce the Risk of Ransomware Awareness Campaign. CISA’s Amy Nicewick will be addressing this topic and the awareness campaign in a session for the community.

“CISA is working collaboratively with our public and private sector partners to protect their networks from ransomware. Our awareness campaign highlights readily available and important best practices and resources that can be leveraged to better protect against, mitigate, and recover from a potential ransomware attack. Our goal is to help organizations at all levels reduce their risk of ransomware victimization,” Nicewick said.

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around limiting the risk of ransomware, regulations surrounding the Department of Defense’s Cybersecurity Maturity Model Certification, DevSecOps and the cloud, the role of cybersecurity in the Internet of Things, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the Midwest:

• Fred Kwong, Ph.D. — CISO & AVP Security, Identity & Operations, Delta Dental Plans
• Matthew Zielinski — Director, Technology Infrastructure & CISO, Vivid Seats
• Ron Zochalski — CTO/CISO, Lake County Government
• Jim Serr — CIO, Joliet Junior College
• Stephanie Southard — CISO, BCU 

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Cymulate, Ordr and many more.

The Summit will take place over two days, Tuesday and Wednesday, April 20-21 at 8:00 a.m. CT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/chicago

Compliance Issues, Ransomware Headline Chic …

Press Releases Posted by Jen Greco on Apr 13, 2021

In a recent panel as part of the Southern California Virtual Cybersecurity Summit, Capsule8 Security Strategist Jason Madey joined Moderator Merritt Baer, Principal Security Architect for Amazon Web Services, and fellow panelists Jonathan Knudsen, Synopsys, and Carlo Beronio, Attivo Networks, to discuss DevOps Security and its relationship with the cloud.

The discussion provided an opportunity for leading experts in the field to touch on the ongoing challenge of security trying to keep up with the rapid speed of feature releases and bug fixes made possible by DevOps. Madey and his fellow panelists discussed what companies need to do to ensure security doesn’t get left behind but that bug fixes and feature rollouts remain on schedule. How can DevSecOps become a realistic component of the modern enterprise?

The Old Tropes – Security as a Blocker

To start, panelists discussed the old tropes of DevOps and security – specifically that security is a blocker for development and innovation, acting as a gatekeeper for progress. Jonathan Knudsen spoke to the reality of the situation and how many companies are starting to move beyond this 1.0 view of application security. In the old model, dev teams would make a product and throw it over the wall, where security teams were tasked with catching any and all issues. Often, when the security team identified a security issue, it was too late – the product team was almost done with the process. This conflict has defined application security’s narrative for years, but it’s not necessarily the reality any longer. As Knudsen states, “what we’re seeing now is the transition to 2.0, in which application security integrates with the dev teams, becoming a part of the development cycle. So we talk about DevOps, but what we really mean now is ‘DevSecOps.'”

Of course, this is easier said than done. As Carlo Beronio notes, we’re in the midst of a substantial transformation as many companies move their terrestrial networks to the cloud. The perimeter is still there in some sense, but “there’s a new methodology of understanding how to apply security to these transitioned environments, and the ability to actually leverage your existing toolsets and morph them into those environments becomes critical.”

So what do the changes to security controls look like as many organizations move into the cloud?

Jason Madey discussed how we’re often talking about Linux in these situations and how many organizations are making “significant shifts from the way we did things on-premise to new management consoles and new says that we’re building and packaging and delivering our applications.” Traditional systems are end-user-centric, not necessarily workload-centric or container-centric, so it’s become vital to find and implement solutions that help gain visibility into the new cloud delivery environments.

Evaluating Vendors for Security Controls versus the Alternatives

Because the perimeter is dead, as Carlo notes and the traditional tools don’t offer the visibility needed, how does an organization evaluate vendors for cloud-native protection?

Madey notes that the model long used has started to change. In the past, the security tools used needed to be best-in-breed, and there was a siloed approach that eventually morphed into a single platform that can work across all systems. Now, however, many organizations operate in unique environments that each serve a unique purpose. “We need to recognize that environments are all completely different, and using one solution across all of them is simply not effective anymore. We need to be more specific, and of course, that’s going to come with plenty of research and market analysis, but we need to get away from having a one-size-fits-all solution and identify tooling that is born and bred for each specific environment.”

For this to work, however, it needs to be implemented correctly. Knudsen notes that “It has to be automated because you don’t ever want to be in this situation where you’re waiting around for a security engineer to push the button to run some tests, and it has to be integrated so that the results that you’re getting out of security testing are actually being fed back into the issue tracker or whatever other processes you’re already using.” The vague outlines for development are consistent across many companies, but the specifics will be unique. Tools need to be flexible enough to adapt to the different styles of development in use.

Going beyond this, Beronio notes that “it’s not just best-of-breed but ‘what’s integrating with my traditional workflow?’ How do we integrate a tool that can feed into specific environments, because it’s vital that security understands how dev teams are being compromised and that they understand where data is being placed.” The two most important questions for security end are “how are users getting compromised?” and “how are attackers using compromised users or credentials to access the rest of the networks?”

Measuring Performance to Drive Improvement

When looking at a truly integrated cloud-native model where companies can obtain economies of scale, what influence does that have on security?

Madey touched on several key points. In a lift and shift approach from traditional on-premise infrastructure to cloud environments, little changes. “I’m going to stand up those servers and run those applications, just instead of my closet, it’s going to be Amazon’s closet.” But when companies start to evaluate “truly building, creating and delivering applications from a Cloud-Native perspective, they must also start looking at how to intelligently build out containers, build into modern CI/CD pipelines, adopt cloud-native technologies and make leaner, more performant, and scalable applications.”

Containers are a major concern, for example. They allow companies to run applications leaner, scale them faster, ensure less downtime, and positively impact the bottom line. However, they are also newer; therefore a bigger target for attackers and traditional tools don’t offer the same level of visibility as they do for other environments.

Regulatory Considerations for Cloud-Native Environments

A big point of contention for many companies when considering cloud adoption is the regulatory piece. As Madey points out, it’s vital that vendors are transparent, running a clean operation, and that they are consistently dealing with the basic configuration and vulnerability tasks needed to keep your data safe. “We need a level of trust between us and our vendors to continue building and developing and pushing out software in the manner that we are.”

Baer emphasizes this: “Show me an industry that isn’t regulated in some sense or that doesn’t have to interact with regulated entities. We’re all impacted by compliance considerations.” But at the same time, when moving to the cloud, the bottom layers of the stack have now been outsourced to those providers. That means less overhead to maintain audit and compliance documentation for on-premise equipment.

When asked about risk frameworks, Beronio highlighted ISO 27000, NIST, and the MITRE ATT&CK Framework, allowing issues to be mapped to the appropriate individuals to deal with them as they come in. More importantly, MITRE has created a framework specifically for Linux and is working on building one specifically for containers, ensuring a more catered solution for all organizations, regardless of the environments they are running.

The Goal of Successful DevOps and Security Integration

Many elements can improve the communication between DevOps and security, helping to build a better, more responsive cloud-native environment for your organization. Culture is a significant part of this. As Knudsen notes, it’s not about “finding the most knowledgeable engineers. This is important, but so too is hiring people who communicate and will work closely with your DevOps teams, discussing security in a way they will understand and helping them integrate processes in a way that works without slowing down development.” Leadership is a significant part of this. Security is traditionally seen as a blocker, but when integrated carefully from the top down, it can be more fully integrated with DevOps, helping make it an organizational priority where everyone is on the same page. It’s about mindset as much as the process.

Capsule 8 is one of Data Connectors’ key partners. Learn more about the company and what great services they provide. Do you want to submit a guest blog post? Contact us.

Guest Post: The New World of DevSecOps and …

Hot Topics in Cybersecurity Posted by Michael Hiskey on Apr 7, 2021

Future wars won’t be fought by the fittest and strongest with guns and bombs; it’ll be done from behind a keyboard and mouse.

That’s according to Marc Crudgington, based on the extensive research in his book, “The Coming Cyber War.” The challenge, he says, is for both organizations and individuals to be prepared and how to handle the inevitable — the cyber attack that might clear them out financially or cause a life and death situation.

The book is a solid page-turner, with incredible anecdotes — including the tale of an explosion 1/7th the size of the atomic bombs from World War II, deep in the heart of Siberia. The work also considers Crudgington’s extensive personal experience within the cybersecurity community, including his current role as a CISO of a major bank based in the Houston area.

Crudgington had his “I can write a book” wake-up call while on a ferry ride on the Potomac, in the heat of a discussion with an industry colleague. It was 2016, and like many others in the industry, they were talking about the allegations of election meddling by outside actors like Russia through digital means. Geopolitical factors affecting security became top-of-mind for him, and it ultimately inspired him to start writing.

“I felt that the moment I stepped off the boat, I thought I had something to say,” he said. “There, I termed it ‘the coming cyber war,’ and then I started writing the book little by little.” (That title, by the way, just came naturally, Crudgington said.)

The book, according to Crudgington, covers the dynamics of the CISO’s relationship with company executives, members of the Board of Directors, and highlights the vital role of the individual contributor in the security of an entire organization. These dynamics are covered in their own individual sections, allowing for a full picture of what organizations are up against in the cyber war.

“You cannot just keep security in the basement anymore,” he said. “The relationship between CISOs and other executives and their boards

After several years of research and collecting various experiences, it was the COVID-19 pandemic that really fired up Crudgington’s writing process, thanks to the extra down-time while at home. With the changing security environment that includes working-from-home and even more cyber scams, the outcomes from the pandemic also shaped some of the content of the book, he said.  of directors is becoming incredibly important.”

This is (Cyber) War: Thoughts on The Future …

Interviews Posted by Jen Greco on Apr 6, 2021

Leaders from U.S. Secret Service, Cybersecurity and Infrastructure Security Agency, Digital Forensics Lab Gather with CISOs to Collaborate to Move Past Rash of Advanced Persistent Threats

DALLAS, TEXAS – APRIL 6, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in Texas this week.

The 2021 Texas Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. Leaders from law enforcement agencies team with Chief Information Security Officers (CISOs) from the private sector at the two-day summit this Wednesday and Thursday, April 7-8, which will feature: 

• Special Agent in Charge William Smarr, US Secret Service, Dallas Field Office
• VP and Chief Information Security Officer Andrew Vezina, Equitable Bank
• Cybersecurity Advisor (CSA) George Reeves, Cybersecurity and Infrastructure Security Agency (CISA) 
• Stephen Gemperle, Senior Special Agent, Lab Director for Regional Forensic Lab, US Secret Service – San Antonio Field Office
• Clarke Skoby, Technical Staff Assistant, Advanced Digital Forensics Expert US Secret Service – Houston Field Office 

“We’re going to be discussing some leading-edge ideas for organizations across Texas, namely how to develop a Risk Balance Sheet so that companies can truly understand the threats they’re facing,” said Vezina, who will be giving the Wednesday afternoon keynote. “One of the biggest challenges we have in our industry is how to communicate the needs of the information security team to the rest of our organizations, but the good news is that there’s a better way.”

“It seems like every week we’re faced with a new cybersecurity threat,” said CSA Reeves.   “It’s important for organizations in Texas to know how to properly handle any disruption to their information systems, and for them to know how CISA can help,” he added. 

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around user-centered security, the benefits of having a risk balance sheet, defense-in-depth, artificial intelligence and machine learning in cybersecurity, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout Texas:

• Roman Medina, Jr — VP,  CISO, Jefferson Bank
• Luis Ossorio — Director IT, FROSCH
• Ray Jay Yepes — CISO, Texas Department of Family and Protective Services
• Marc Crudgington — CISO; SVP Information Security, Woodforest National Bank
• John Frushour — Deputy CISO, New York-Presbyterian Hospital
• Mark Adams — Senior Manager, IT Security and Compliance, and vCISO, Superior Energy
• Mike Davis — CISO, ExactlyIT, Inc.

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Druva, Attivo Networks, Pure Storage, Proofpoint, SEI, and many more.

The Summit will take place over two days, Wednesday and Thursday, April 7-8 at 8:00 a.m. CT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/texas

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Cyber Fraud Task Force, Digital Forensics, …

Press Releases Posted by Jen Greco on Apr 6, 2021

Chief Information Security Officers from Seattle and Portland Share Insight on Managing Cybersecurity Amid Pandemic Attack Landscape

SEATTLE  – MARCH 29, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading live Virtual Summits in the Pacific Northwest this week.

The 2021 Seattle and Portland Virtual Cybersecurity Summit provides senior executives in the area education regarding new solutions, as well as the latest updates and challenges in the industry. 

Headlining this two-day summit this Wednesday and Thursday, March 31-April 1 are three prominent keynote presentations: 

• Special Agent Timothy Hunt, US Secret Service, Cyber Fraud Task Force
• Cybersecurity Advisor Ronald Watters, DHS Cyber Infrastructure Security Agency (CISA) 
• “Offensive Security” host and author Jonathan Helmus

“Each year, we’re seeing newer and bigger threats, making the role of cybersecurity professionals more important than ever. It’s vital that CISOs stay on the cutting edge,” said Dawn Morrissey, CEO and Founder of Data Connectors. “Through these discussions by industry experts and thought leaders in information security, our attendees have the chance to get ahead.”

The Summit will also feature live virtual exhibits and informative presentations from cybersecurity solution providers, as well as live, topical expert panels fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around the SolarWinds & Hafnium/Microsoft attack, DevSecOps & Pentesting, user-centered security, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the Pacific Northwest:

• Kevin Morrison – CISO & Managing Director, Alaska Airlines
• Dave Estlick – CISO, Chipotle Mexican Grill
• Dennis Tomlin – CISO, Multnomah County
• Robert Thomas – CISO, 180AConsulting.com
• Hadas Cassorla – CISO & Principle, Scale Security Group
• Bryan Hurd – CISO & VP, Aon Cyber Solutions 
• Jon Washburn – CISO , Stoel Rives, LLP

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Okta, Cymulate, OneTrust, Ordr, Attivo Networks, Ivanti, Pure Storage, and many more.

The Summit will take place over two days, Wednesday and Thursday, March 31-April 1 at 9:00 a.m. PT on both days. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/seaport.

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

U.S. Secret Service, Homeland Security Head …

Press Releases Posted by Hubspot System on Mar 30, 2021

Weekly Partner Roundup: The Data Edition

Industry News Posted by Jen Greco on Mar 26, 2021

On the Heels of Hafnium, SolarWinds Attacks, Senior Cybersecurity Executives Gather Online to Understand More of Communist Governments’  Intelligence Exercises—and What it Means to Their Duties to Protect New York Area Businesses

NEW YORK CITY – MARCH 22, 2021 Data Connectors, representing the largest cybersecurity community in North America, continues its industry-leading series of Virtual Summits, arriving in the New York Metropolitan Area this week.

The 2021 will take place, and is slated to allow the local community of cybersecurity professionals to gain insights and education regarding the latest updates and challenges in the industry, despite the continued efforts for social distancing during the pandemic. 

Headlining the New York City Virtual Cybersecurity Summit this Wednesday, March 24 is a preeminent expert on the strategy behind Communist China’s intelligence-gathering efforts, Dr. Jonathan Ward.  The author of “China’s Vision of Victory,” and recurring guest on various news programs on Fox, Bloomberg, CNBC, MSNBC, Ward will be joining the summit for a live interactive question-and-answer session. 

“The Chinese Communist Party (CCP), and cybersecurity professionals they employ, are playing by a different set of rules,” Ward said.  “Deception, intellectual property rights, data privacies, etc. and the usual rules of engagement don’t apply. US institutions of all sizes are well served to understand where the CCP is directing their energies, and get out ahead with preparedness and defense,” he added. 

The Summit will also feature industry expert presenters and virtual exhibits from cybersecurity solution providers, as well as live, topical expert panel discussions fielded by leading subject-matter experts. At the Summit, industry experts will dive into topics around the SolarWinds hack, the future of cybersecurity, and user-centered security, and the key trends on which Chief Information Security Officers (CISOs) should most concern themselves in 2021 in panel discussions. 

The Virtual Summit will also feature a live, interactive panel discussion, with some of the top CISOs from organizations throughout the New York metro:

• Tim Rohrbaugh: CISO, JetBlue Airways
• Suresh Chawdhary: Head of Security and Privacy, Nokia
• Bernie Cowens: Chief Security Officer, Utility Technology Solutions
• Stan Mierzwa: Director & Lecturer, Center for Cybersecurity, Kean University
• Gene Barskiy: Head of IT and Security, Fisk Alloy
• Christopher Frenz: AVP of IT Security, Mount Sinai South Nassau

Attendees will ask questions and interact online with the CISOs, as well as each other and the organizations who will feature their solutions at the event. Featured solutions providers at this summit include Auth0, Cisco, Proofpoint, and many more.

The Summit will take place on Wednesday, March 24 at 8:00 a.m. ET. Registration is free for qualified professionals, who can also obtain Continuing Professional Education (CPE) credits for participation. 

More information can be found at dataconnectors.com/nyc

About Data Connectors
Since 1999, Data Connectors (dataconnectors.com) has facilitated collaboration between senior cybersecurity professionals, government/law enforcement agencies, industry luminaries, and solution providers. Today, the community comprises over 650,000 members and 250 active vendor partners across North America. Members enjoy informative education, networking and support via our award-winning Virtual Summits, live conferences, Web Briefings, and regular communications.

Geopolitical Luminary Dr. Jonathan Ward Hig …

Press Releases Posted by Jen Greco on Mar 23, 2021

DHS-CISA is offering insight to our community on how to manage this unprecedented vulnerability 

They’ve dubbed it, “Operation Exchange Marauder,” and this one might cut even deeper than the SolarWinds supply chain compromise that was uncovered in December — leaving some tens of thousands of on-premises Microsoft Exchange accounts open for breaches. 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued Emergency Directive 21-02, and the Data Connectors Community received clear instructions on how to handle this vulnerability from the agency’s Cybersecurity Advisor Klint Walker. 

“I would love to tell you that I had a great presentation lined up for you today that had big-name actors with explosions and action scenes with car chases, and lots of comedy mixed in, but instead, we have actual danger to discuss. Not flashy or cinematic by any means, but real and persistent,” Walker said. 

For those not in the loop, on March 2, CISA, NSA, Microsoft and Volexity announced four newly discovered vulnerabilities in the Microsoft Exchange on-premises product which opened some 30,000+ organizations to a possible attack. Through these vulnerabilities, an attacker could get persistent access and control of an enterprise network. 

Microsoft quickly released patches to address and rectify these issues, but not before some organizations were breached.

“Within 24 hours though, we (CISA) started noticing that there were already exploitations of those vulnerabilities,” Walker said. “Look at how fast that gap closed; the vulnerabilities were announced and immediately people were exploiting them, or maybe they were even exploiting them before the vulnerabilities were announced. Every moment that you are not patched and you are not taking mitigation efforts is putting you at risk.”

WHO IS RESPONSIBLE

According to the Microsoft Threat Intelligence Center, they’ve attributed this breach to a state-sponsored group out of China called HAFNIUM.

They’ve made this assessment with high confidence, particularly based on the primary targets — namely, infectious disease researchers (particularly, according to Walker, in relation to COVID-19 research), law firms, higher education institutions, defense contractors, think tanks and non-governmental organizations. These targets tend to work particularly close to the federal government in terms of providing research, and as a result, were seen as opportunities for these hackers. 

“This isn’t (HAFNIUM’s) first rodeo; there’s been activity seen from HAFNIUM in the past. Usually, they compromise victims by exploiting vulnerabilities, especially anything that’s internet-facing,” Walker said. “Once they’ve gained access to your network, they’re going to exfiltrate as much data as they possibly can.”

SUCCESSFUL MITIGATION

In this can’t-ignore session, Walker outlined the steps required for successfully ensuring that your network is safe and preserved following these major vulnerabilities. 

Walker discussed the immediate actions that need to take place within your organization, as well as steps to complete a more in-depth forensic analysis on this particular issue. Take a look at his recommendations, as well as review his suggestions for which tools would best serve you. 

Watch the entire presentation for Walker’s CISA-approved, complete action plan for managing these vulnerabilities. Complete the form below to access the video.

How to Survive the Microsoft Exchange Hack: …

Hot Topics in Cybersecurity Posted by Jen Greco on Mar 12, 2021

Cybersecurity professionals are coming up short in their understanding of blockchain and cryptocurrency, according to William Callahan, a retired Special Agent of the United States Drug Enforcement Agency, and one of the Keynote speakers at the Southern California Virtual Cybersecurity Summit on March 10-11.

His presentation is titled “Cryptocurrency and Blockchain Technology in a Public Underground World.”

Callahan, who inspired by watching Miami Vice as a kid growing up in New Jersey, pursued a long career with the Drug Enforcement Agency at various posts across the country, ranging from St. Louis to the D.C. metro and New York. Through his career, he watched the old drug street crime moving out of the dark alleyways and onto the Dark Web. 

THE BRIGHT SIDE OF THE DARK WEB

First Look: Cryptocurrency & Blockchain …

Interviews Posted by Jen Greco on Mar 2, 2021