Ah, the CISO. In the past decade no job title has become more fashionable. At the same time, no job title has carried more of an air of mystery. What, exactly, is a CISO? What do they do? How do they do it? And how can you become one? Let’s find out.

On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

Understanding the ins and outs of threat intelligence can be complicated for an organization. If your business is anything but cyber, it’s understandable to be overwhelmed by terms like ransomware, cryptocurrency, and DDoS attacks, especially in relation to your systems and assets. That’s okay.

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.

It was the worst-case scenario for Uber, the popular ride-sharing app, when the company suffered a major data breach in early September. While the extent of the damage, and the data potentially stolen, is still being uncovered, the attack — and the methods used to execute it — can be examined and used to teach other organizations what (and what not) to do.

Imagine a burglar. They’ve spent large amounts of time researching their target — your house. They’ve perfected their infiltration techniques, found your weak points, learned your schedule, and know the best time to strike. They’ve shown up when you least expect it and jimmied open the lock on the back door. And now, rather than head inside and steal your valuables, they hold the door open for someone else.

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VoIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems.

Each organization has its own unique attack surface, operating model, and risk tolerance. The challenge for CISOs (Chief Information Security Officers) and IT teams is how to keep business running smoothly, without interruption, while at the same time securing and protecting data. And, since every organization is different, no single strategy will work for everyone.

Ransomware dominated the cybersecurity sphere yet again in August, with victims ranging from wealthy European nations to humble libraries to one of the most storied franchises in American sports. Also, people who send disgusting pranks via mail got some of their business put out on the street. What can we say, it was a weird month. Here are some of the breaches, hacks, and attacks that captured our attention in August 2022.

The Federal Trade Commission has recently updated the 2003 Gramm-Leach-Bliley Act ‘Safeguards Rule’ to create new standards and procedures that will apply to auto dealerships and go into effect in December 2022. The Safeguards Rule outlines the standards required for the protection of consumer data. The new updates create stricter criteria and procedures that car dealers will need to implement, both to reduce the risk of a data breach and to better protect customer data.