LastPass Discloses Second Breach in Three Months
By Jai Vijayan & featuring Joshua Crumbaugh
December 1, 2021
An attacker who breached the software development environment at LastPass this August and stole source code and other proprietary data from the company appears to have struck the password management firm again.
Chesapeake police looking into social media account that has similarities to Walmart shooter
By Michelle Wolf for WAVY-10-News, Featuring Joshua Crumbaugh
December 1, 2022
CHESAPEAKE, Va. (WAVY) — A social media account is circulating online after some claim it belongs to the man who killed six people at the Battlefield Walmart in Chesapeake.
How Penetration Testing Showed Me What’s Missing in Security
By Joshua Crumbaugh for CPO Magazine
December 1, 2022
Over the course of four years, I breached one of the largest financial institutions in the United States and gained access to their most highly classified systems. It wasn’t even that hard.
I simply tailgated outside the building and talked with a friendly employee. I made that person believe I was an auditor, and each year he let me walk through the front doors.
The psychological warfare behind ransomware attacks
By Joshua Crumbaugh for Security Magazine
November 23, 2021
Hackers continue to improve their methods and pull off increasingly sophisticated attacks. IBM data shows ransomware as the most popular form of attack for over three years, making up 21% of all attacks. Businesses with deep pockets aren’t the only targets. Hackers are also going after less traditional victims.
Elections Protect a messy, but better Alternative
By Gregory Sims for The Cipher Brief
November 7, 2022
On the eve of the US midterm elections, it is a good time to reflect on cyber threats to our political process, particularly from foreign state adversaries due to their vast resources, advanced capabilities, and malign intent. Cyber threats to our election system come from other, non-state sources as well, such as hacktivists and criminal organizations, but while they can also cause problems…
Putin’s Next Strike may not be Nuclear
By Gregory Sims and Joshua Crumbaugh for The Cipher Brief
October 14, 2022
In a performance worthy of Joseph Goebbels, Vladimir Putin’s announcement of the formal annexation of occupied portions of eastern Ukraine – along with his earlier speech on the mobilization of Russian military manpower – accused Western governments of “open Satanism” and of being out to plunder Russia.He also accused what he refers to as…
How AI and machine learning are changing the phishing game
By Joshua Crumbaugh for Venture Beat
Oct 10, 2022
Bad actors have learned: The more data they’re able to harvest about you, the more likely they’ll be able to successfully phish you. Which is probably why this attack vector has never been more popular.
American Airlines suffers data breach
Security Magazine
September 21, 2022
American Airlines has confirmed that a data breach has affected a “very small number” of customers and employees.
According to NPR, American Airlines notified customers recently that the security breach was discovered in July. The company locked down the breached accounts and hired a cybersecurity firm to assist with the investigation.
How phishing attacks are becoming more sophisticated
Featuring Joshua Crumbaugh for Help Net Security
June 27, 2022
The latest APWG’s Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks—the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million. There were 384,291 attacks in March 2022, which was a record monthly total…
Here’s an easy way to create a bot, a hacker said and got banned from Twitter
Cyber News
June 22, 2022
It’s hard to convince a well-known ethical hacker Joshua Crumbaugh that bots account for only 5% of Twitter’s active daily users. After deep-diving into the marketplaces selling Twitter accounts, he believes a social media giant could do a better job weeding out bots designed to misinform and scam people.
Learning In The Mud—From Training Individuals To Building An Organization That Learns: The Case For After Action Reviews In Intelligence
by Gregory Sims for the Center for the Study of Intelligence
March, 2021
Today the United States faces an array of disruptive threats that challenge the Intelligence Community’s ability to protect our nation. Many of these threats are novel and intertwined, and the only way to navigate them is to learn our way through. But for numerous organizations, concepts of learning are heavily weighted toward teaching established skills-things people already know how to do.
Intelligence Reimagined: Don’t Forget the Human Dimension in the Pursuit of Technological Solutions
By Gregory Sims for Just Security
March, 2021
The transition to a new presidential administration has coincided with several thoughtful assessments on the future of U.S. intelligence that warn of an urgent need for reinvention in response to rapidly evolving circumstances and threats.