Author: HackWatchit

This webcast originally aired on January 23, 2025. In this video, Ralph May discusses Orbit, a tool he developed for enhanced vulnerability scanning and continuous pen testing. The video delves into the origins of the tool, its integration with Nuclei for high-performance scanning, and its application in ANTISOC for Black Hills Information Security. Ralph also provides a detailed demo of Orbit, showcasing its features, capabilities, and the benefits of open-sourcing the tool for the cybersecurity community. Ralph May’s tool, Orbit, is designed to run nuclei scanning at scale, offering a solution for continuous pen testing with customizable and scalable features.…

This article was originally published in the SOC Issue of our PROMPT# zine, which you can read for free HERE. The information was adapted from the 2018 webcast “John Strand’s 5 Year Plan Into InfoSec, Part 2” which is linked to at the end of this blog. Phase 1 Learn your core operating systems. Build a lab. Get started with a language. Learn basic security fundamentals. Start your education with the soft skills. Understand the technology: how are these machines used in business? What are people doing with them? You can be as technical as anyone, but if you don’t…

Speaker: John Strand This webcast was originally aired on January 30, 2025. In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities. He highlights the importance of addressing legacy applications and the buildup of obsolete systems within organizations, which often lead to security oversights. Additionally, the discussion covers the need for compensating controls to manage exceptions and vulnerabilities that are difficult to fix, while also touching on the role of cloud services and how they relate to legacy systems. Penetration testing should focus on areas beyond automated…

The tenure of a chief information security officer for state governments has seen a significant drop. A recent survey by the National Association of State CIOs and Deloitte found state CISOs, on average, stayed in their job 23 months, down from 30 months in 2022. This reduced tenure has long-term effects on the organization from hiring to understanding the state’s culture to staying around long enough to complete projects. Meredith Ward, the deputy executive director of the National Association of State CIOs (NASCIO), said while each CISO leaves for a different reason, there are some trends including the increased workload…

Getting from point A to point B is the name of the game for the vehicle transportation space. Ironically, however, that journey can be one frequently bogged down by inefficiencies and disconnects. For years, the industry has struggled with fragmentation, outdated logistics systems, and opaque pricing structures that have made moving vehicles a slow and expensive process. The traditional model has relied heavily on middlemen who coordinate transport but add layers of cost and complexity without necessarily improving efficiency. “Middlemen are a necessary evil… when you’re in that arena, you’re constantly negotiating against supply and demand,” Auto Hauler Exchange CEO…

Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization of the cloud has only exacerbated this challenge. Companies are rapidly increasing the number of cloud-based services they rely upon, often without fully understanding how they connect to their broader network. How regulations are piling on supply chain pressure To help strengthen cyber resilience, the EU has introduced regulations such as DORA and NIS2. Both focus more on securing supply chains…

Last year, a media investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States military and intelligence personnel overseas. At the time, the origin of that data was unknown.Now, a letter sent to US senator Ron Wyden’s office that was obtained by an international collective of media outlets—including WIRED and 404 Media—reveals that the ultimate source of that data was Eskimi, a little-known Lithuanian ad-tech company.Eskimi’s role highlights the opaque and interconnected nature of the location data industry: A Lithuanian company provided data on US military personnel in Germany to a…

Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.   Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.  Specific to this big game, you can count on several types of scams…

We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer. …