- Categories:
- Financial Services
- Governance
- Healthcare
- Incident Response
- Industrial Control Systems
- NASA Framework
- News
- Software Security
- Uncategorized
- vCISO
- Webinar
Show all-
Radical Idea in ICS Cybersecurity?
Idaho National Laboratory recently published an article, Internet Insecurity, by Andy Bochman. Many of the ideas in this article are shared by other thought leaders in the industry. The main theme from the article is that due to the inherent flawed design of the Internet, there will be a resulting lack of assurance for industrial control … Continue reading Radical Idea in ICS Cybersecurity? READ MORE >
-
Lowering Risk By Putting Response Before Incident
Justin Silbert As individuals, some people are good at improvisation, that is, dealing with things as they come and creating the best outcome for it. But, organizations in the midst of an incident are notoriously terrible at improvising. There is no better example than Equifax, whose initial response was fraught with missteps. First, it downplayed … Continue reading Lowering Risk By Putting Response Before Incident READ MORE >
-
When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble
By Seth Jaffe. Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure … Continue reading When It Comes to Cyber Security, Lack of Vendor Oversight Can Lead to Legal Trouble READ MORE >
-
Just How Prolific is Ransomware?
Our friends over at Bromium recently published a study entitled “into the web of profit” that focussed on revenue flow and profit distribution as it pertains to ransomware. The annual revenue from the ransomware supply chain – $1.5 trillion (no, this isn’t a typo). The amount of money involved is staggering when you consider that … Continue reading Just How Prolific is Ransomware? READ MORE >
-
Dev Overflow – Part 9
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 8 Yep, it is still here, and here to stay! What are we talking about today? A7 – Cross-Site Scripting (XSS) “XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or … Continue reading Dev Overflow – Part 9 READ MORE >
-
Securing Automobile Control Systems Part 1
By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to … Continue reading Securing Automobile Control Systems Part 1 READ MORE >
-
NIST Releases Cybersecurity Framework 1.1
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The National Institute of Standards and Technology (NIST) announced on April 16, 2018 the release of the Cyber Security Framework (CSF) 1.1, intended to improve Critical Infrastructure Cybersecurity. The focus of this framework when first developed in 2014 was geared towards industries vital to economic and national security, … Continue reading NIST Releases Cybersecurity Framework 1.1 READ MORE >
-
Andrew Hay Interviewed on RSAC TV
By Andrew Hay, Co-Founder and CTO, LEO Cyber Security I had the pleasure of being interviewed by Eleanor Dallaway, Editor & Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference. In the interview, we spoke of what I had observed on the show floor, the state of … Continue reading Andrew Hay Interviewed on RSAC TV READ MORE >
-
FDA and the Medical Device Security Action Plan
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA Since 2013, cyber professionals have been warning about the cyber risk and exposure healthcare organizations face from cyber-attacks on medical devices and software. As a result of these concerns the Health and Human Services (HHS) extended security and privacy rules to business associates, and the Federal Drug Administration … Continue reading FDA and the Medical Device Security Action Plan READ MORE >
-
To Pay or Not to Pay (Ransomware)
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The recent ransomware attack on the City of Atlanta cost the city an estimated $2.7 million, and raises the question, do you pay or do you not pay? Ransomware has exploded over the last few years and has been especially hard on the healthcare industry – who can … Continue reading To Pay or Not to Pay (Ransomware) READ MORE >
read moreLEO Cyber Security provides the content on this blog as commentary on current issues. Your review of this content does not establish an attorney-client relationship, nor should the content be considered legal advice, which depends on the facts of each situation. LEO makes NO WARRANTIES OR REPRESENTATIONS OF ANY SORT with respect to the content of the blog, including any warranties or representations as to the accuracy or completeness of any of the information, facts, or opinions contained herein.
