SS-News-098: New CyberInsurance Requirements, Frameworks for Supply Chain Security

Episode 98 February 13, 2023 00:38:28
SS-News-098: New CyberInsurance Requirements, Frameworks for Supply Chain Security
Security Serengeti
SS-News-098: New CyberInsurance Requirements, Frameworks for Supply Chain Security

Feb 13 2023 | 00:38:28

/

Show Notes

In this episode, we discuss Ransomware affecting ships and 3rd party service organizations, new cyberinsurance requirements around MFA and service account, supply chain woes, and finally, attackers getting fancy with MS Verified Publisher status!

Article 1 - Ransomware severs 1,000 ships from on-shore servers
Supporting Articles:
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
Testing Autonomous Remote Control of Ships in Singapore

Article 2 - Tackling the New Cyber Insurance Requirements: Can Your Organization Comply?

Article 3 - Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears
Supporting Articles:
Open Software Supply Chain Attack Reference (OSC&R)
OpenVEX Specification

Article 4 - Attackers abuse Microsoft’s 'verified publisher' status to steal data
Supporting Articles:
How to defend against OAuth-enabled cloud-based attacks
Protect against consent phishing
Audit apps and consented permissions

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Other Episodes

Episode 41

December 26, 2021 00:36:51
Episode Cover

SS-SUBJ-41: SANS Classes and Certs

In this episode we take a deeper dive into SANS Courses and related Certifications (technically from GIAC).  We've both taken course from them, and...

Listen

Episode 133

January 01, 2024 01:08:03
Episode Cover

SS-DISC-133: Modern SOC

This week David and Matthew sit down to discuss Modern SOC, as defined by Netflix, Facebook, Meta (and more!), and described by Anton Chuvakin.  ...

Listen

Episode 87

November 21, 2022 00:31:34
Episode Cover

SS-NEWS-087: Interplanetary File System serving Malware from Mars

The Interplanetary File System serving malware from the stars!  Also included are some bonus discussions around automatically exfiltrating information from your own organization using...

Listen