Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking

A February 2022 attack knocked the giant tire maker's North American operations offline for several days. [TechWeb]( Follow Dark Reading: [RSS]( May 24, 2023 LATEST SECURITY NEWS & COMMENTARY [Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking]( A February 2022 attack knocked the giant tire maker's North American operations offline for several days. [Microsoft: BEC Attackers Evade 'Impossible Travel' Flags With Residential IP Addresses]( Threat actors are circumventing geo-location-based security detections, using a combination of cybercrime-as-a-service platforms and the purchasing of local IP addresses. [SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft]( Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally. [FBI: Human Trafficking Rings Force Job Seekers Into Cryptojacking Schemes]( Victims of the cybercrime schemes are coerced to participate through violence and having their belongings taken away. [Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans]( Shorter certificate lifespans are beneficial, but they require a rethink of how to properly manage them. [A New Look for Risk in Awareness Training]( Changes in the way risk is viewed are leading to changes in the way training is conducted. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [3 Common Initial Attack Vectors Account for Most Ransomware Campaigns]( The data shows how most cyberattacks start, so basic steps can help organizations avoid becoming the latest statistic. [Cyber Warfare Lessons From the Russia-Ukraine Conflict]( Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale. [Name That Toon: One by One]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [10 Types of AI Attacks CISOs Should Track]( Risk from artificial intelligence vectors presents a growing concern among security professionals in 2023. [MORE]( EDITORS' CHOICE [PyPI Shuts Down Over the Weekend, Says Incident Was Overblown]( The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one. LATEST FROM DR GLOBAL [Houthi-Backed Spyware Effort Targets Yemen Aid Workers]( Pro-Houthi OilAlpha uses spoofed Android apps to monitor victims across the Arab peninsula working to bring stability to Yemen. LATEST FROM THE EDGE [What Security Professionals Need to Know About Aggregate Cyber-Risk]( Widespread cyber incidents will happen, but unlike natural disasters, specific security controls can help prevent a catastrophe. LATEST FROM DR TECHNOLOGY [Google Adds Guardrails to Keep AI in Check]( Companies are starting to address the misuse of artificial intelligence (AI). At Google I/O, for example, executives promised its AI has safety measures. WEBINARS - [Mastering Endpoint Security: The Power of Least Privilege]( Join us at one of our upcoming live and interactive events we will explore the critical role of least privilege in endpoint security, how it helps to systematically strengthen organization's security posture, and provides a solid foundation for endpoint security ... - [Here's What Zero Trust Really Means]( Credential theft, lateral movement and other cyberattack tricks have foiled perimeter security again and again. We know that the old philosophy of trusting everything and everyone inside a network is no longer sound. The zero-trust model - trust nothing, verify ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( - [Invicti AppSec Indicator: Tuning Out the AppSec Noise is All About DAST]( - [Every Minute Matters: Real-World Incident Response Timelines In Action]( - [The Cloud Security Workflow Handbook]( - [2023 Cloud Threat Report]( - [Rediscovering Your Identity]( [View More White Papers >>]( FEATURED REPORTS - [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( The enterprise attack surface is constantly expanding. Enterprises have to think beyond zero day vulnerabilities. It's imperative security teams start looking at vulnerabilities in 5G, firmware, edge, and ICS/OT, among others. Managing system vulnerabilities is one of the old ... - [Shoring Up the Software Supply Chain Across Enterprise Applications]( Supply chain security attacks are growing at an alarming pace, and things are going to keep getting worse until DevSecOps teams get on the same page. A little help from the feds could also be welcome Modern-day software development depends ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [CommonMagic APT Campaign Broadens Target Scope to Central and Western Ukraine]( [AppSec Teams Stuck in Catch-Up Cycle Due to Massive Cloud-Native Enablement Gap]( [Satori Augments Its Data Security Platform With Posture Management and Data Store Discovery Capabilities]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)