Discover and read the best of Twitter Threads about #RSAC

Most recents (15)

And now, the most horrifying security vulnerability I've seen in ages, staring @Microsoft @Azure.

A thread...
So @orcasec found a vulnerability in @azure and reported it to Microsoft back in January. @Azure's response was to go out and buy a booth for @RSAConference, then get back to Orca six short weeks later.

A speedy month and a half later, Azure releases a patch.

I AM NOT DONE.
Orca was able to BYPASS THE PATCH. @Azure security swung into action and expanded the size of their #RSAC booth, while paying @orcasec a $60K bug bounty. (This remains the only thing Azure got right in this entire debacle.)
Read 8 tweets
Mandiant’s Nick Bennett & Dave Wong have taken the stage at #RSAC for a discussion on multifaceted extortion. Image
“In 2022 we are seeing #ransomware attackers get very creative,” say Nick Bennett during the #RSAC presentation. “They want to create as much leverage as they can to force the victims to pay the ransom.” Image
One of the lessons we’ve learned in our work with organizations, Dave Wong shares at #RSAC, is “#ransomware detection is about the whole attacker life cycle. Defenders need to focus on both prevention and detection.” Image
Read 4 tweets
Happening now: Our CEO Kevin Mandia is joining a panel at #RSAC discussing lessons learned from the #SolarWinds cyber breach & how businesses can transform to face tomorrow’s cyber threats.
Asked about increasing sophistication in #cybersecurity, Kevin says that “in 2021 we saw over 70 zero days. Hackers are gaining capabilities & there is enough money in cybercrime that actors are buying zero days.”
“I don’t think the #cybersecurity landscape looks remarkably different in 2022, but we do see nations states and cyber criminals becoming more sophisticated. The lesson from this is that we have to make cyber security national security.” - @CISAJen during the #RSAC panel.
Read 8 tweets
#ElevateWICS is getting started early today with a breakfast and panel featuring #cybersecurity leaders discussing their careers and the importance of supporting women in the industry. #RSAC
"Elevate is not just for women rising at the early stage of their career...women at every stage need this community's support," says Erin Joe, Mandiant SVP, Strategy and Alliances & Executive Sponsor of #ElevateWICS
Learn more: mandiant.com/elevate
“In terms of having a seat at the table, we are on our own journey wrestling with whether we belong in the room. Someone had the confidence to put you there. … You have to go with it," says @karenkaukol CMO @entrust_corp #ElevateWICS
Read 9 tweets
Having spent an hour or so walking the floor of @RSAConference, it's rather clear that #RSAC's not about security learning, but rather about selling security in a box. As @mattstratton famously said in a talk once, "you can't buy DevOps but I sure would like to sell it to you."
Here @SentinelOne teaches us that the tree of security must be refreshed from time to time with the logo of @hashicorp. #RSAC
Here we see that Angry Twitter is making its presence known at #RSAC.
Read 24 tweets
Great turn out for today’s #RSAC keynote presentation from Mandiant’s @JumpforJoyce and @DAlperovitch, titled “Global Threat Brief: Hacks and Adversaries Unveiled”
This session will be an unveiling of the most novel attacks in the current global threat landscape, diving into specific, real-time examples of threat actor activity from both nation-states and criminal groups, along with strategic advice for countering them. #RSAC
They’ll begin with a deep dive on the Ukraine cyberwarfare front, covering the top cyber defender takeaways to date. Stay tuned to find out “Resiliency is Key” #RSAC
Read 21 tweets
And now I go to #RSAC2022 in the hopes that someone, anyone, will be able to sell me a firewall.
To be a diamond sponsor of @rsaconference you must be a company whose best days are clearly behind it.
Or be the RSA conference, as an additional qualifier .
Read 7 tweets
🧵on stealing TeamViewer credentials

Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam #blueteam #purpleteam #ThreatThursday 1/10
I started looking deeper into TeamViewer when @snlyngaas reported that a Florida water facility had been breached. A malicious actor used TeamViewer to login and change the levels of sodium hydroxide. The plant operator say this and no damage was done cyberscoop.com/florida-water-… 2/10
For those that speak @MITREattack we are talking about T1078 Valid Accounts: attack.mitre.org/techniques/T10…
But how were these credentials obtained? We don't know but @brysonbort spoke with #RSAC about it if you want more on the Florida water plant breach: 3/10
Read 10 tweets
And now, my #rsac / #RSAConference expo hall observations in thread form.
If you pay retail price for @SentinelOne, negotiate better please. They clearly have far too much money.
It's unclear whether the @TheJusticeDept is posting a bunch of white-collar criminal wanted posts because they think the perps will show up or as a cautionary tale, but I finally found a place I don't want my photo.
Read 58 tweets
The first three months of 2019 are not even over yet, and we have already added so many important enhancements to Microsoft Threat Protection. The journey to providing organizations seamless, integrated, and comprehensive security continues. microsoft.com/security/blog/… Image
At #RSAC, we announced the launch of Microsoft Azure Sentinel, which adds the benefits of next-gen SIEM to Microsoft Threat Protection. Azure Sentinel is a cloud-native solution, providing intelligent security analytics for the entire organization. azure.microsoft.com/en-us/blog/int…
We also announced Microsoft Threat Experts, a new managed threat hunting service in Windows Defender ATP that provides proactive hunting, prioritization, and context-rich intelligence and data-driven insights to augment customers’ SOC capabilities. microsoft.com/security/blog/…
Read 8 tweets
I presented a Learning Lab at #RSAC 2019 on "#MentalHealth in #Cybersecurity: Preventing Burnout, Building Resilience" 🛡🧠💪. @RSAConference @MosconeCenter. Here are the slides:
Read 38 tweets
Our San Francisco bureau chief, @martingiles, spent several months working on a story about Triton, the world’s most murderous malware. Here’s why this malicious code is so terrifying. technologyreview.com/s/613054/cyber…
Previous “cyber-physical” malware like Stuxnet, which destroyed centrifuges at an Iranian nuke plant in 2010, targeted industrial equipment.
.
.
.
Triton is the first time we’ve seen software deliberately created by hackers to put people’s lives in danger.
The malware is capable of disabling safety instrumented systems, which are the last line of safety defense in everything from petrochemical plants to public transport systems to nuclear power plants.
Read 14 tweets
"Our cyber defenders are outnumbered. We must empower these defenders." -- @ajohnsocyber at #RSAC keynote #PowerOfPeople Image
"Bridging the cybersecurity skills gap requires an industry-wide effort to recruit, train, and retain a diverse bench of talent." -- @ajohnsocyber #PowerOfPeople
"We know diverse teams make better and quicker decisions 87% of the time." - @ajohnsocyber #PowerOfPeople #RSAC
Read 4 tweets
Top DHS cyber official Chris Krebs: Russian interference in 2016 election was galvanizing moment for defense like Sputnik launch in 1957, bigger than destructive WannaCry and NotPetya. #RSAC
Krebs priories: 5G/China; federal networks; critical infrastructure cyber attacks; election protection.
On election machines (despite lack of legislation requiring this): “Auditability is going to be a key or primary focus going forward.”
Read 5 tweets
I'm seeing some say this highlights the talent shortage, while others (typically not hiring managers) continue to argue there is no shortage. There absolutely is a talent shortage, but as usual, there's more to the story than that. 1/n
threatpost.com/isaca-unfilled…
The global multi-million dollar infosec training industry confirms there's a talent shortage. Either that or the companies you want to work for are all idiots just urinating money away. Pretty sure it's the former. 2/n
Okay, there's a talent shortage. But wait, how can that be?! You know *super talented people* who are looking for a job. Maybe you are too. You conclude there can't be a talent shortage.

This my friends is an anecdotal fallacy (and possibly even an availability bias). 3/n
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!