A newly released set of vulnerabilities termed “Thunderspy” allow an attacker with physical access to your encrypted computer in sleep mode (not powered off and not hibernated) to take full control of your system utilizing a Thunderbolt port. In this compelling video, Thunderspy’s author, Björn Ruytenberg, demonstrates bypassing the Windows lock screen in under five minutes using a set of …
NFL Twitter Hack and Password Reset Functions
Discussing the recent Twitter account breaches of 15 NFL teams and Facebook resulting from a password reset flaw in a third party-developed application, Khoros. Learn how hackers use password reset flaws to bypass authentication and what we can all do to improve social media account security and make sure these flaws don’t bite us! It is time we start treating …
How To Approach Vendor Risk Management
In my latest video below I discuss the largest healthcare data breach of 2019 and how organizations should approach vendor risk management to manage the risk that your vendors present to you. 63% of all healthcare data breached in 2019 was due to the breach of one third-party collection agency, American Medical Collection Agency (ACMA). This breach affected Quest Diagnostics, …
The Single Best Risk Assessment Interview Question
There is one question that I ask in every risk assessment interview that time and time again has yielded the best results. It is a question that goes to the heart of understanding how the business works, not just how the IT department operates. It is a question that IT and Security Pros get to use on a regular basis …