CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape

Mike Wilkes has had a career many cybersecurity professionals could only dream of. An adjunct professor, former CISO of Marvel and MLS, member of the World Economic Forum, drummer, and board member at the National Jazz Museum in Harlem, his interests and achievements are as eclectic as they are...

CVE-2023-1358

A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument useremail leads to sql injection. ...

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy IWORD 2024 at Johns Hopkins University's Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to...

Second Interdisciplinary Workshop on Reimagining Democracy

Last month, I convened the Second Interdisciplinary Workshop on Reimagining Democracy IWORD 2023 at the Harvard Kennedy School Ash Center. As with IWORD 2022, the goal was to bring together a diverse set of thinkers and practitioners to talk about how democracy might be reimagined for the...

Ethical Problems in Computer Security

Tadayoshi Kohno, Yasemin Acar, and Wulf Loh wrote excellent paper on ethical thinking within the computer security community: "Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversation": Abstract: The computer security research community regularly tackles ethical...

Refreshing Rapid7's Coordinated Vulnerability Disclosure Policy

As 2023 comes hurtling towards us like some kind of maniacal arctic train full of disturbingly realistic AI-generated people, I wanted to take a moment on the blog here to announce that we here at Rapid7, Inc. have refreshed our coordinated vulnerability disclosure CVD policy and philosophy. If y...

How to Support Agile Development Through Cybersecurity Best Practices

Understanding other peoples problems It’s often said that people only notice cybersecurity when it fails, or when it gets in the way of them doing their jobs. Organizations, and especially software development teams, want to be able to develop quickly and easily to stay ahead of their competition...

Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program

Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...

street-philosophy.de Improper Access Control vulnerability OBB-2210565

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Sx - Fast, Modern, Easy-To-Use Network Scanner

sx is the command-line network scanner designed to follow the UNIX philosophy. The goal of this project is to create the fastest network scanner with clean and simple code. Features 30x times faster than nmap ARP scan : Scan your local networks to detect live devices ICMP scan : Use advanced ICMP...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: Ill be part of a European Internet Forum virtual debate on June 17, 2021. The topic is "Decrypting the encryption debate: How to ensure public safety with a privacy-preserving and secure Internet?" I’m speaking at the all-online...

Caught on Camera: Rethinking IoT Security

We all know that we're on camera pretty much constantly -- most coffee shops, convenience stores, and even offices employ security cameras for protection. But what happens when those devices built to keep us safe become unsafe? Hacks are becoming more frequent and attacking personal, private data...

Risk Decisions in an Imperfect World

Risk decisions are the foundation of information security. Sadly, they are also one of the most often misunderstood parts of information security. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. To properly evaluate the risk...

New Book! The Best of TaoSecurity Blog, Volume 1

I'm very pleased to announce that I've published a new book! It's The Best of TaoSecurity Blog, Volume 1: Milestones, Philosophy and Strategy, Risk, and Advice. It's available now in the Kindle Store, and if you're a member of Kindle Unlimited, it's currently free. I may also publish a print...

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center SOC operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team DART, who helps our customers addre...

Q&A with Ashley Fidler, Chief Product Officer at eSentire: Women in Cybersecurity

In a few short weeks, Carbon Black will be hosting our annual user conference, CBConnect19, in sunny San Diego. This year, we’re bringing together a group of powerhouse women from across a variety of industries for our annual Women in Cybersecurity Panel to share their knowledge and experience fr...

Talos Vulnerability Discovery Year in Review - 2018

Introduction Cisco Talos' Vulnerability Discovery Team investigates software and operating system vulnerabilities in order to discover them before malicious threat actors. We provide this information to vendors so that they can create patches and protect their customers as soon as possible. We...

Cb Customer Spotlight Series: Q&A Landmark Credit Union’s Matt Goodacre

Featuring Matt Goodacre, Security Analyst at Landmark Credit Union With all their endpoints in high enforcement mode, Matt Goodacre, Security Analyst at Landmark Credit Union in Wisconsin, is confident the organization’s workstations are up to locked down when it comes to security. Here’s how...

Detect Illegal Wireless Network Activities: WIPI-HUNTER

WipiHunter is developed for detecting illegal wireless network activities; howver, it shouldn’t be seen only as a piece of code. Instead, actually it is a philosophy. You can infer from this project new wireless network illegal activity detection methods. New methods, new ideas and different poin...

Trend Micro: Winning at Wellness Again

In the never-ending race for profits, shareholder value and customer wins, organizations can sometimes forget about their employees. Yet in reality, your workers are your number one asset: if they feel undervalued or disrespected it can rip the heart and soul out of the organization, setting off ...