One of the most powerful pieces of malware began with the efforts of three American teens who were motivated by playing “Minecraft” in 2014. Called Mirai, it would go on to crash Germany’s largest internet provider, knock Dyn’s Domain Name System servers offline and disrupt all of Liberia’s internet connections.

In my post for SiliconANGLE today, I discuss how Mirai exposed the soft underbelly of IoT security, which often has hard-coded default passwords that make them easy to compromise and subsequently control in a DDoS attack. It is a hard problem to enumerate all of these devices, update them and change their default passwords where that’s even possible.

The class of malware called infostealers continues to evolve into a more lethal threat. These threats are software that can steal sensitive data from a victim’s computer, typically login details, browser cookies, saved credit cards and other financial information. Unfortunately, criminals continue to enhance this malware genre, and two new reports released this week document their latest efforts. I describe what is new and how to recognize this attack method in my latest post for SiliconANGLE.

Whether companies are repatriating their cloud workloads back on-premises or to colocated servers, they still need to protect them, and the market for that protection is suddenly undergoing some major changes. Until the past year or so, cloud-native application protection platforms, or CNAPPs for short, were all the rage. Last year, I reviewed several of them for CSOonline here. But securing cloud assets will require a multi-pronged approach and careful analysis of the organization’s cloud infrastructure and data collections. Yes, different tools and tactics will be required. But the lessons learned from on-premises security resources will point the way toward what to do in the cloud. More of my analysis can be found in this piece for SiliconANGLE.

We seem to be in a trust deficit these days. Breaches – especially amongst security tech companies – continue apace. Ransomware attacks now have spread to data hostage events. The dark web is getting larger and darker, with enormous tranches of new private data readily for sale and criminal abuse. We have social media to thank for fueling the fires of outrage, and now we can self-select the worldview of our social graph based on our own opinions.

In this story for SiliconANGLE, I discuss the decline of digital trust and tie it to a new ISACA survey and a new effort by the Linux Foundation to try to document and improve things.

The Securities and Exchange Commission proposed some new guidelines last year to promote better cybersecurity governance among public companies, and one of them tries to track the cybersecurity expertise of the boards of directors of these companies. Judging from a new study conducted by MIT Sloan cybersecurity researchers and recently published in the Harvard Business Review, it might work — though it also might backfire. In this analysis for SiliconANGLE, I discuss the pros and cons of these regs.

The shopping cart malware known as Magecart is still one of the most popular tools in the attacker’s toolkit — and despite efforts to mitigate and eradicate its presence, it’s the unwanted gift that just keeps on giving.

In this post for SiliconANGLE, I describe the latest rounds of attacks and ways that you can try to stop them.

Earlier this year, the Biden White House released its National Cybersecurity Strategy policy paper. Although it has some very positive goals, such as encouraging longer-term investments in cybersecurity, it falls short in several key areas. And compared with what is happening in Europe, once again the U.S. is falling behind and failing to get the job done.

The paper does a great job outlining the state of cybersecurity and its many challenges. What it doesn’t do is set out specific tasks or how to fund them. I analyze the situation for SiliconANGLE here.