Reckless Reporting: Respect Information Handling Guidance

Security professionals and their organizations, journalists, media organizations, and all those who may have access to security-related privileged information, are acting recklessly and irresponsibly when they publicly post that information, contrary to the designated information handling guidance associated with that information.

Continue Reading →

The Cybersecurity Evangelist, Episode 2; Demystifying Cybersecurity Myths – Part 2

This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity, even if we don’t have an online presence. And why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.

Continue Reading →

The Risk Roundtable: EP 10 – Geopolitics, Partnerships and Information Sharing

the Gate 15 team discusses geopolitics and the impacts they have on organizations around the world. The team touches on security concerns around current issues including U.S.-China tensions and why TikTok is a topic of discussion and the idea that how nations and leaders see each other – as adversaries or competitors – is also an important consideration. Listen to Dave, Jorhena, Jen, and Andy then speak on the importance of partnerships and the need to build and engage in trusted relationships and information sharing. But they couldn’t completely escape the enduring threats of ransomware and COVID, and they weighed in on the continued impact it is having on sports leagues while hearing Andy’s hope for his favorite football team. Andy also shares his current earworm struggles and gets mocked for his choice of attire…

Continue Reading →

Blended Threats: VPN Bugs Could Cause Physical Impacts with Critical Lifeline Sectors

In a blog post on 28 Jul, security researchers at Claroty shared that they have “discovered remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. These dedicated remote access solutions are mainly focused on the industrial control system (ICS) industry… Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage.”

At Gate 15, we spend a lot of time discussing Blended Threats. A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Continue Reading →

Blended Threats: Can IoT devices be abused to overdose dementia sufferers (and kids)?!

In a post on 9 July 2020, the team at Pen Test Partners wrote “Hacking smart devices to convince dementia sufferers to overdose,” stating, that they had recently discovered a flaw “that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.”

Continue Reading →