False Claims Act, Google Cloud PQC, Salt Typhoon, AI in SOC, Ivanti Flaws, ICS, DeFi – SWN #453

If you claim to be certified, and you're not? Bad things can happen. Ignoring auditors, scans, and pentesters may be a bad idea?

Google has unveiled a new version of their Cloud key management system that supports post quantum cryptography. How important is this? Good question. We'll discuss.

IAM is the new perimeter. Why? Tenable calls this a “Toxic Cloud Trilogy,” which describes the dangerous combination of publicly exposed, critically vulnerable, and highly privileged cloud workloads. This is fascinating!!

This article is frankly a bit of hype, but I like the topic, so sure, let's discuss. Is AI important in a SOC environment, and getting more so? Absolutely! Is it magic, like this article seems to suggest? Absolutely not. AI is pretty darn good at collation and correlation. It's even not bad at automation (what we in earlier years called scripting). But it's not magic.

4 critical flaws have had exploit code released. PATCH!!!

7 ICS vulns, with critical severity, risking patient and customer data, released by CISA. OT For the win!!

Salt typhoon is using custom malware to access telephone conversations. And they keep on rolling with it.

How many containers do you manage? How well designed is the access control for your data, processes, and systems?

It's not easy.

I feel weird saying this, but Kudos to the ZKlend platform. They had a security incident, and have been open, honest, and transparent. Cryptocurrency is still a bit out there, but some of the players are starting to mature. Congratulations!!

OpenSBK is a new group coming together at Marshall University's CyberCon. We're going to define the terms in Security and Compliance from an open source, community based perspective.