Uncategorized

https://youtu.be/k7vRGh1NIJw A talk I gave at SumoLogic Illuminate 2021.

I originally wrote this for Pathwire at: https://www.mailgun.com/blog/Mailgun-Log4j-Defense/ On December 10, 2021 the world was rocked by a huge vulnerability that left millions of IT and security professionals scrambling. The vulnerability, dubbed Log4Shell, left assets vulnerable to a (ridiculously) simple exploit that led to Remote Code Execution (RCE). This blog post isn’t a technical article about the vulnerability itself– there … Continue reading Corporate Blog: Mailgun’s Log4j Defense

Found the following 'Immutable laws of Security Administration' the other day. Apparently Microsoft first published this back in 2000. That is twenty years ago now. For reference, common technology in use back then: The first camera phone appeared, The Sims was launched, and USB drives were just then becoming commonplace. https://www.computerhistory.org/timeline/2000/ What is crazy to … Continue reading The 10 Immutable Laws of Security Administration

This is a blog post I wrote for LifeOmic: Ransomware is a scourge on businesses everywhere today, and the Kaseya ransomware incident was no different. Except, it was an exceptional attack that utilized advanced procedures not normally seen in large scale, public, ransomware incidents. TrueSec provides an excellent overview of the initial compromise: Obtained an … Continue reading Corporate Blog: A Look at the Kaseya Incident