Artwork

内容由Cybersecurity Growth提供。所有播客内容(包括剧集、图形和播客描述)均由 Cybersecurity Growth 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal
Player FM -播客应用
使用Player FM应用程序离线!

#1 - Secure Controls Framework, Introduction

1:36:07
 
分享
 

Manage episode 352887913 series 3438766
内容由Cybersecurity Growth提供。所有播客内容(包括剧集、图形和播客描述)均由 Cybersecurity Growth 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

Title: Cybersecurity Growth #1 — Secure Controls Framework (Part 1)

Opening

  • When You Arrived (by Spartan Valley) theme song

- introductions & pleasantries (5 minutes)

Welcome to Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. I’m your host Shawn Valle, Exec Director and CISO of Cybersecurity Growth

Former Chief Security Officer of Rapid7 and former CISO of Tricentis

Musician here on Twitch and elsewhere, MusicBySV (more on that later)

Top News Stories

https://www.csoonline.com/article/3685368/study-shows-attackers-can-use-chatgpt-to-significantly-enhance-phishing-and-bec-scams.html Lucian Constantin at CSO Online from Jan 11.

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.

https://www.csoonline.com/article/3684771/twitters-mushrooming-data-breach-crisis-could-prove-costly.html Cynthia Brumfield at CSO Online from Jan 6

Twitter's mushrooming data breach crisis could prove costly

An apparent data breach potentially impacting hundreds of millions of users could damage Twitter's finances and operations. EU regulators pose the biggest threat to the Elon Musk-owned company.

the picture surrounding Twitter's data breach is murky. This latest headache for the company began in July when an actor known as "devil" put up for sale on a breached data forum a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts. Devil demanded payment of $30,000 for the data and claimed to have swiped it via a vulnerability disclosed to Twitter on January 1, 2022. Twitter fixed the flaw on January 13, 2022.

vulnerability affected Android users and allowed anyone without authentication to obtain a Twitter ID for any user by submitting a phone number or email handle, even if the user prohibited this action in the privacy setting. About a month after devil's posting, Twitter confirmed that a bad actor had taken advantage of the vulnerability and said it would send out notices to account owners affected by the breach.

The data containing the 5.4 million users' data was released for free on November 27, 2022. However, another database allegedly containing details on 17 million users was also circulating privately in November.

in late December, Alon Gal, the co-founder and CTO of Israeli cybercrime intelligence company Hudson Rock spotted on a criminal data breach forum a posting by a user called "Ryushi" offering to sell the emails and phone numbers of 400 million Twitter users.

Troy Hunt, who runs the data breach reporting site HaveIBeenPwned, says he found 211.5 million unique email addresses in the leaked database.

User account breaches have begun. Well-known users include Piers Morgan and Ed Sheeran.

Brian Krebs said in a tweet, "Hey @elonmusk , since you don't seem to have much of a media/comms team anymore, can you address the apparently legitimate claim that someone scraped and is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply."

Gal tells CSO, "Twitter failed to acknowledge this breach, and it is a shame. They should acknowledge it as soon as possible, so users are alert to the risks they are now facing. I urge Twitter users to change passwords and be suspicious of phishing attempts and for Twitter to acknowledge this breach as soon as possible."

Death By PowerPoint

- Walk through an introduction of Secure Controls Framework

What’chu Listening To

- Talk about music

That’s a Wrap

  • Concluding topics (5 minutes)
  • Thank you for listening
  • I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
  • Cybersecuritygrowth.com and cybersecuritygrowth.com/webcasts
  • @shawnvalle or @cybersecuritygrowth
  • Today I provided an overview of Secure Controls Framework (straight from the “SCF Start Here” document. Next week, we will cover Practical uses for SCF. Future streams/episodes I plan to go deep into CISO strategy, Risk Management, Incident Response, Ransomware Preparedness, Automating third party risk management, and more.
  • Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later

🔐 Hire a cybersecurity consultant or vCISO: https://cybersecuritygrowth.com/services

🟢 Free Blogs, Videos and Podcasts: https://cybersecuritygrowth.com/webcasts/

------------------------------------------------------------------------------------

CYBERSECURITY GROWTH SOCIALS

Website: https://cybersecuritygrowth.com

Tik Tok: https://www.tiktok.com/@cybersecgrowth

Facebook: https://www.facebook.com/100066411043800/

Linkedin: https://www.linkedin.com/company/cybersecurity-growth

SHAWN'S MUSIC SOCIALS

Website: https://musicbysv.com/

Spartan Valley (Shawn's artist site): https://spartanvalley.band/

Octavate (Shawn's other music project): https://www.octavate.band/

Spotify: https://open.spotify.com/playlist/6SN1n1xhWt0ztYaJbGSwgu

Instagram: https://www.instagram.com/musicbysv_

https://www.instagram.com/spartanvalleysv/

https://www.instagram.com/octavate.band/

Tik Tok: https://www.tiktok.com/@musicbysv_

https://www.tiktok.com/@octavate

Facebook: https://www.facebook.com/ShawnValleMusic

https://www.facebook.com/SpartanValley

Linkedin: https://www.linkedin.com/in/musicbysv/

Twitter: https://x.com/SpartanValleySV

https://x.com/MusicBySV

YouTube: https://www.youtube.com/@SpartanValley

https://www.youtube.com/@musicbysv_

https://www.youtube.com/@octavateband

  continue reading

27集单集

Artwork
icon分享
 
Manage episode 352887913 series 3438766
内容由Cybersecurity Growth提供。所有播客内容(包括剧集、图形和播客描述)均由 Cybersecurity Growth 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal

Title: Cybersecurity Growth #1 — Secure Controls Framework (Part 1)

Opening

  • When You Arrived (by Spartan Valley) theme song

- introductions & pleasantries (5 minutes)

Welcome to Cybersecurity Growth. A show for aspiring and existing cybersecurity leaders. I’m your host Shawn Valle, Exec Director and CISO of Cybersecurity Growth

Former Chief Security Officer of Rapid7 and former CISO of Tricentis

Musician here on Twitch and elsewhere, MusicBySV (more on that later)

Top News Stories

https://www.csoonline.com/article/3685368/study-shows-attackers-can-use-chatgpt-to-significantly-enhance-phishing-and-bec-scams.html Lucian Constantin at CSO Online from Jan 11.

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.

https://www.csoonline.com/article/3684771/twitters-mushrooming-data-breach-crisis-could-prove-costly.html Cynthia Brumfield at CSO Online from Jan 6

Twitter's mushrooming data breach crisis could prove costly

An apparent data breach potentially impacting hundreds of millions of users could damage Twitter's finances and operations. EU regulators pose the biggest threat to the Elon Musk-owned company.

the picture surrounding Twitter's data breach is murky. This latest headache for the company began in July when an actor known as "devil" put up for sale on a breached data forum a database of phone numbers and email addresses belonging to 5.4 million Twitter accounts. Devil demanded payment of $30,000 for the data and claimed to have swiped it via a vulnerability disclosed to Twitter on January 1, 2022. Twitter fixed the flaw on January 13, 2022.

vulnerability affected Android users and allowed anyone without authentication to obtain a Twitter ID for any user by submitting a phone number or email handle, even if the user prohibited this action in the privacy setting. About a month after devil's posting, Twitter confirmed that a bad actor had taken advantage of the vulnerability and said it would send out notices to account owners affected by the breach.

The data containing the 5.4 million users' data was released for free on November 27, 2022. However, another database allegedly containing details on 17 million users was also circulating privately in November.

in late December, Alon Gal, the co-founder and CTO of Israeli cybercrime intelligence company Hudson Rock spotted on a criminal data breach forum a posting by a user called "Ryushi" offering to sell the emails and phone numbers of 400 million Twitter users.

Troy Hunt, who runs the data breach reporting site HaveIBeenPwned, says he found 211.5 million unique email addresses in the leaked database.

User account breaches have begun. Well-known users include Piers Morgan and Ed Sheeran.

Brian Krebs said in a tweet, "Hey @elonmusk , since you don't seem to have much of a media/comms team anymore, can you address the apparently legitimate claim that someone scraped and is now selling data on hundreds of millions of Twitter accounts? Maybe it didn't happen on your watch, but you owe Twitter a reply."

Gal tells CSO, "Twitter failed to acknowledge this breach, and it is a shame. They should acknowledge it as soon as possible, so users are alert to the risks they are now facing. I urge Twitter users to change passwords and be suspicious of phishing attempts and for Twitter to acknowledge this breach as soon as possible."

Death By PowerPoint

- Walk through an introduction of Secure Controls Framework

What’chu Listening To

- Talk about music

That’s a Wrap

  • Concluding topics (5 minutes)
  • Thank you for listening
  • I’m Shawn Valle, creator of this show and the music here on Cybersecurity Growth
  • Cybersecuritygrowth.com and cybersecuritygrowth.com/webcasts
  • @shawnvalle or @cybersecuritygrowth
  • Today I provided an overview of Secure Controls Framework (straight from the “SCF Start Here” document. Next week, we will cover Practical uses for SCF. Future streams/episodes I plan to go deep into CISO strategy, Risk Management, Incident Response, Ransomware Preparedness, Automating third party risk management, and more.
  • Live on Twitch weekly, Fridays at 10:30 AM EST, 7:30 AM PST, 3:30 PM GMT in your pod feeds a few days later

🔐 Hire a cybersecurity consultant or vCISO: https://cybersecuritygrowth.com/services

🟢 Free Blogs, Videos and Podcasts: https://cybersecuritygrowth.com/webcasts/

------------------------------------------------------------------------------------

CYBERSECURITY GROWTH SOCIALS

Website: https://cybersecuritygrowth.com

Tik Tok: https://www.tiktok.com/@cybersecgrowth

Facebook: https://www.facebook.com/100066411043800/

Linkedin: https://www.linkedin.com/company/cybersecurity-growth

SHAWN'S MUSIC SOCIALS

Website: https://musicbysv.com/

Spartan Valley (Shawn's artist site): https://spartanvalley.band/

Octavate (Shawn's other music project): https://www.octavate.band/

Spotify: https://open.spotify.com/playlist/6SN1n1xhWt0ztYaJbGSwgu

Instagram: https://www.instagram.com/musicbysv_

https://www.instagram.com/spartanvalleysv/

https://www.instagram.com/octavate.band/

Tik Tok: https://www.tiktok.com/@musicbysv_

https://www.tiktok.com/@octavate

Facebook: https://www.facebook.com/ShawnValleMusic

https://www.facebook.com/SpartanValley

Linkedin: https://www.linkedin.com/in/musicbysv/

Twitter: https://x.com/SpartanValleySV

https://x.com/MusicBySV

YouTube: https://www.youtube.com/@SpartanValley

https://www.youtube.com/@musicbysv_

https://www.youtube.com/@octavateband

  continue reading

27集单集

Tous les épisodes

×
 
Loading …

欢迎使用Player FM

Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。

 

快速参考指南

边探索边听这个节目
播放