Michael Newborn, CISSP, CCISO

You might be feeling frustrated by the endless struggle of getting Sigma detection rules to work seamlessly in your open-source SIEM stack. It probably feels like every new rule demands manual conversions, special configs, and a ton of guesswork. It can be exhausting--and I’ve definitely been there. In this walkthrough I introduce how we can incorporate Velociraptor DFIR to solve our Sigma challenge. I share how I set up automated scans, tackled noisy detections, and fed alerts into my incident-response workflow (CoPilot). https://lnkd.in/gX5-X_mN

89

3 Comments

Vulnerability Assessments CIP-010-r3 Requires paper or active vulnerability assessment 95% doing paper assessments because of fragility of control system networks Introducing a network based Digital Twin as a way to do vulnerability scanning Including an AI reasoning agent as an adversary simulation Purely offline. -Brian Proctor Frenos Brian Proctor EnergySec

55

Self-Healing IAM Systems - A Business Centric Framework 🚀"The Identity Navigator" Podcast - New Episode Alert🚀   A self-healing IAM system enhances enterprise security by automating identity governance, mitigating operational risks, and ensuring adaptive security resilience.  By leveraging this framework organizations can create dynamic, self-correcting identity frameworks that reduce administrative overhead and improve security posture. Self-healing mechanisms ensure robust access management by automatically detecting and mitigating disruptions, policy misconfigurations, or security anomalies.   https://lnkd.in/ecm7Bz8V   Tune in now and let's check them out together 🎧🔍   #TheIdentityNavigator #IAM #Podcast #TechTalk #IdentityAndAccessManagement #IAM

36

2 Comments

Interlock Ransomware: Critical Enterprise Threat Alert Executive Summary CISA and Federal Bureau of Investigation (FBI)'s July 22, 2025 joint advisory highlights Interlock ransomware as an emerging critical threat. Active since September 2024, this group targets North American and European organizations using sophisticated double extortion tactics, particularly focusing on healthcare, education, and critical infrastructure sectors. Key Attack Characteristics Interlock distinguishes itself through unconventional attack vectors. The group gains initial access via fake browser updates from compromised legitimate websites—an atypical method among ransomware operators. They also leverage "ClickFix" social engineering, tricking users into executing malicious PowerShell commands through fake CAPTCHA prompts. Technical Profile The ransomware operates cross-platform, targeting both Windows and Linux systems with particular focus on virtual machines. Using AES-CBC encryption, Interlock simultaneously locks systems and exfiltrates data through Azure AZCopy and Cloudflare tunnels. Cisco Talos reports an average 17-day dwell time before detection, during which operators conduct lateral movement via RDP and establish persistence through legitimate tools like AnyDesk. Defense Recommendations Organizations should implement multi-layered defenses including network segmentation, privileged access management, and enhanced #EDR capabilities. DNS filtering to block trycloudflare.com domains can disrupt #C2 communications. SOC teams must strengthen behavioral analysis capabilities as traditional signature-based detection proves insufficient against Interlock's evasion techniques. Threat Outlook The group's increased activity volume in June 2025 and adoption of new techniques like #FileFix indicate growing operational maturity. Organizations should update incident response plans, test backup procedures, and enhance VM infrastructure monitoring to address this evolving threat. Based on https://lnkd.in/dv9RdF8q #CyberSecurity #ThreatIntelligence #Ransomware #CISA #InfoSec

41

I haven't seen any announcement about this, but the PCI Security Standards Council has published an update in the last few days to the "Guidance for PCI DSS Requirements 6.4.3 and 11.6.1" Information Supplement. In the original version, it said "Note that PCI DSS Requirements 6.4.3 and 11.6.1 do not apply to merchants with webpages that redirect to a TPSP’s page (for example, via an HTTP 30x redirect, a meta redirect tag, or a JavaScript redirect)." That's been removed, and in its place it now says "Note that, where scripts are used as part of a redirection mechanism, PCI DSS Requirements 6.4.3 and 11.6.1 will apply to those scripts." The thing is, by fully-redirecting to a PCI DSS-compliant payment service provider or processor to take payments, the merchant doesn't have a payment page - and it's only the payment page (or parent page when iframes are used) that these requirements apply to. While I think protecting all JavaScript on a website is a really good security best practice - whether that's using CSP+SRI, Jscrambler's Webpage Integrity product, or something else, I'm currently scratching my head as to how this change to the guidance - which "does not replace or supersede requirements in any PCI SSC Standard" - currently applies. I'm curious to hear what others think...

54

17 Comments

2024 set in motion major changes for certificate lifespans and DCV. In this Root Causes Podcast lookback episode Jason Soroko and I discuss the Apple 47-day proposal, stepping down certificate term, public versus private CA use cases, DCV reuse periods, MPIC, WHOIS, and other topics. Audio: https://lnkd.in/gH3Z-adY Video: https://lnkd.in/gN_VpVPy #pki #security

29

Are CMMC-style cybersecurity requirements coming to 𝐚𝐥𝐥 𝐅𝐞𝐝𝐞𝐫𝐚𝐥 𝐜𝐨𝐧𝐭𝐫𝐚𝐜𝐭𝐨𝐫𝐬? This new proposed rule is expected to be added to all federal contracts within a year. As currently written, it will require primes and their subcontractors to implement the cybersecurity requirements of NIST SP 800-171 to protect Controlled Unclassified Information (CUI). The proposed rule is similar to the DFARS 252.204-7012 clause, which defense contractors have had in their contracts since 2017. The rule requires protection of CUI, including data that might be CUI but isn't labeled properly. It also requires rapid reporting of any potential security incidents affecting CUI. This is in addition to the 110 security requirements in NIST SP 800-171 that are causing so much strife with defense contractors and the CMMC program. If you are responsible for IT or compliance for a federal contractor, you need to be watching this rule's progress. ✍🏻Which version of NIST SP 800-171 is required? 🗓When will the rule start rolling out to all Federal contracts? 👮‍♂️Will it be enforced, CMMC style, with assessment required before award? Kieri Solutions - Authorized C3PAO hosted this webinar to review the 𝐅𝐀𝐑 proposed rule for cybersecurity and what it means to federal contractors. Please enjoy! #CMMC #CUI #nistsp800171 #federalcontracts https://lnkd.in/dgZ5EU6G

63

1 Comment

The Changing Era of DevOps to DevSecOps: Shifting Left with Security in Mind Introduction The DevOps revolution reshaped how we build and deploy software—speed, automation, and agility became the norm. But speed without security is a recipe for disaster. As attack surfaces grow and threats evolve, a new shift is underway: DevOps is transforming into DevSecOps, embedding security at every stage of the software development lifecycle. This shift isn’t just about tools—it’s about mindset, collaboration, and responsibility. ⸻ Why DevSecOps? Why Now? Traditional DevOps prioritized CI/CD efficiency, but security often came as an afterthought—leading to breaches, misconfigurations, and technical debt. DevSecOps addresses this gap by: • Integrating security early in the development pipeline (“shift left” approach) • Automating security checks through tools like SAST, DAST, SCA, and container scanning • Fostering collaboration between development, operations, and security teams The result? Software that’s not only fast to market but also resilient, secure, and compliant. ⸻ Key Pillars of DevSecOps 1. Security as Code Infrastructure and security policies are codified, versioned, and auditable—just like application code. 2. Automation First Automated testing, scanning, policy enforcement, and remediation make security seamless and scalable. 3. Continuous Monitoring & Feedback Loops Security doesn’t end at deployment. Runtime monitoring, threat detection, and logging ensure constant vigilance. 4. Developer Empowerment Equip developers with the tools and knowledge to write secure code from day one—security isn’t a blocker, it’s a shared responsibility. ⸻ Cultural Shift: Security Is Everyone’s Job DevSecOps isn’t just a toolchain—it’s a culture change. It breaks down silos and encourages cross-functional collaboration. Security teams evolve from gatekeepers to enablers, working alongside developers and ops to make secure development the default. If you wish to learn further you can connect with https://lnkd.in/ddtpvUuk If you wish to use devsecops tool directly DM me. We have our own tool that works as a one stop solution for all your devsecops needs. #devsecops #devops #sdlc #cloudcomputing #securebydesign

25

2 Comments

Stop whining about how much CMMC costs; It pales in comparison to the costs of not adequately defending your networks, and not just for you but all the taxpayers funding it. CMMC is about compliance and real security. While nation-state espionage represents a significant threat to the Defense Industrial Base, cybercrime presents the most immediate and operationally disruptive risk to your organization's daily operations and long-term viability. Cybercrimes occur every 39 seconds—translating to 2,244 incidents per minute and 3.2 million attacks daily. In 2022, 49% of US internet users experienced cybercrime. Global cybercrime damages are projected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015—making cybercrime the world's third-largest economy, trailing only the United States and China. Data theft for extortion has become nearly ubiquitous in modern cybercrime operations. Any Department of Defense data you have failed to properly identify, classify, and protect walks right out the door with along with all your other data. Whether the threat actor is China, Russia, or a financially motivated cybercriminal group, the result is the same: you have lost control of data critical to national security; and you will have to report it to the DoD along with your other stakeholders. Additionally, inaccurate Self-Assessment reporting to the DoD carries serious consequences and it is time we started treating it as such. When you sign a DFARS clause, you are making a commitment to the government and fellow taxpayers that you will maintain adequate cybersecurity controls. Achieving CMMC Compliance is not just a regulatory requirement but critical to safeguarding national security data. Knowingly or unknowingly providing false information about your cybersecurity posture can be considered breach of contract and potentially a charge under the False Claims Act. One of the most pressing challenges facing defense contractors is identifying and securing Controlled Unclassified Information (CUI) within their environments. Many organizations struggle with culling through millions of files to locate and properly protect all CUI they have been entrusted to safeguard. The first question is whether you have CUI in your environment, the second question is whether you know where it is and how to protect it before it's too late. P.S. If you are not completely confident on where you really are in compliance and actual security, we are happy to help with any or all of it. #capeendeavors #teramis #cmmc #cybersecurity #cyberthreats

34

1 Comment

The Days of Cybersecurity "Box Checking" Are Over.... CMMC is no longer optional. A new Pentagon directive from Secretary Pete Hegseth made it crystal clear that cybersecurity is now the price of admission to the $320B defense market. He named United States Department of Defense CIO and CMMC architect Katie Arrington to help lead the charge. The message is loud and clear. The Department of Defense submitted the final CMMC rule for review on July 22. Once it is published, CMMC requirements will begin showing up in new contracts quickly. Most new defense contracts will include CMMC by October 1, 2025. By October 31, 2026, if you are not certified, you will not be eligible to win new work. This is the biggest change in federal contracting in years. It impacts primes, subs, and every company in the Defense Industrial Base. I break it all down in my latest Forbes column. What is changing. Why it matters. How to prepare now. 📖 Read it here: https://lnkd.in/giST7utQ 🔁 Please repost and follow my column for updates #CMMC #Cybersecurity #DefenseContracting #FederalAcquisition #GovCon #NIST800171 #Compliance #NationalSecurity #Leadership #Forbes

33

6 Comments

Recorded Future investigates how Russia’s intelligence services maintain controlled impunity over cybercriminal groups, identifying direct links, indirect affiliations, and tacit agreements that provide plausible deniability while supporting state objectives. Blog: https://lnkd.in/eAdzpAUZ PDF: https://lnkd.in/eFTDTvbB #RecordedFuture #cyber #threatintelligence #infosec #CTI #Russia #cybercrime #espionage #DarkCovenant

62

1 Comment

What does the government shutdown mean to CMMC? Nothing. There is no affect on the Cyber-AB, C3PAOs, and RPOs due to the shutdown. Formal assessment will continue and organizations preparing for CMMC should stay the path. There were 96 additional organizations issued a Final CMMC status in September 2025 and 75 already queued up for October. So the number of certified companies continues to grow at an exponential pace.

18

4 Comments