Security Researchers Identify Critical Vulnerabilities in AMD Chips: Chimera, Ryzenfall, Masterkey and Fallout

Critical Vulnerabilities in AMD Chips Security researchers at CTS-Labs, based out of Israel, disclosed 13 critical vulnerabilities and backdoors in certain AMD chips used in workstations, laptops and servers. Successful exploitation of these vulnerabilities could grant deep system access to attackers from which they could launch malware attacks undetected. The vulnerabilities are four in name:[…]

Advice for Studying and Passing the CISSP Exam

This past week I sat for the (ISC)2 CISSP exam and passed on my first attempt! With the entire preparation and test taking experience still fresh on my mind, I felt I should take time to document my experience and study approach similar to when I sat for the CISA exam last year. What is[…]

Tracking Data Breaches & Staying Informed

The Identity Theft Resource Center (ITRC) is a nonprofit organization that focuses on educating consumers, corporations, government agencies and other organizations on best practices related to fraud and identity theft detection, reduction and mitigation. Additionally, the organization does an excellent job of indexing and documenting data breaches as well! ITRC’s 2015 year-end report indexed 781[…]

I am an OPM Data Breach Victim- Next Steps

Nearly six months after the fact, I received a letter from the Office of Personnel Management notifying me that my information had officially been lost in the June 2015 breach. To add insult to injury, I was never actually a federal government employee. A few years ago, I consulted on a few enterprise systems migrations[…]

Target 2013 Breach: Understanding the Need for Secure Network Segmentation

A recent post from Cyber Security Investigative Reporter, Brian Krebs, does a great job of reminding IT and Information Security professionals everywhere why proper Network Segmentation is so important. The post, “Inside Target Corp., Days after 2013 Breach” goes into detail about how once criminals infiltrated Target’s corporate network, they were able to run free[…]

Items of Interest Week of 7/20/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. Hacked: Drones could be the malware delivery system of the future Threat Post: Car hacking gets the attention of Detroit and Washington Krebs on Security: Online Cheating Site Ashley Madison Hacked Business Insider:[…]

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: “CSAIL report: Giving government special access to data poses major security risks” Georgia Tech: “GT Professor testifies before U.S. senators about the balance of privacy & public safety.” Al[…]

Items of Interest Week of 6/22/2015

Here are some quick reads compiled by Shane and Christian for the week of June 22, 2015. If you have interesting links of your own share them in the comments.  NSA Tracking: NSA Has Reverse-Engineered Popular Consumer Anti-Virus Software In Order To Track Users Norman Marks on Risk Analysis: Popular GRC expert shares a few thoughts[…]

Items of Interest: Week of 6/15/2015

Throughout the week I share interesting tidbits I come across with my co-author, Christian. He said I tend to look at some pretty interesting stuff and suggested that I start compiling a list of links relevant to the risk3sixty blog. Below are my links for the week of 6/15/2015, along with a short description of[…]

TSA Failure Highlights the Importance of Audit and Assurance

Executives should love IT auditors because auditors provide something every CEO/CIO wants: A view into the operating effectiveness of their company or department. Without audit functions a company might be wasting money, man-power, or spending a lot of time doing things that have no impact on the business. Today, a story broke that an audit[…]