LightNews LightNews
@owendylan.bsky.social
56 followers 240 following 120 posts
CISO @Nightwing soccer fanatic. Views/opinions are my own
Posts Replies Media Videos
The top security leadership role is often misunderstood by executives, board members, and even cyber teams in ways that significantly impacts organizational sec…

www.csoonline.com/article/3846...
7 misconceptions about the CISO role
The top security leadership role is often misunderstood by executives, board members, and even cyber teams in ways that significantly impacts organizational security and risk.
www.csoonline.com
March 23, 2025 at 11:37 PM
therecord.media/volt-typhoon...
Volt Typhoon hackers were in Massachusetts utility’s systems for 10 months
The Littleton Electric Light & Water Department was one of a range of critical infrastructure organizations targeted by the Chinese nation-state hackers.
therecord.media
March 14, 2025 at 12:41 AM
www.wired.com/story/inside...
‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge
Employees at the Cybersecurity and Infrastructure Security Agency tell WIRED they’re struggling to protect the US while the administration dismisses their colleagues and poisons their partnerships.
www.wired.com
March 13, 2025 at 10:40 PM
Google’s Firebase platform also hosted configuration settings used by the apps.

arstechnica.com/security/202...
Android apps laced with North Korean spyware found in Google Play
Google’s Firebase platform also hosted configuration settings used by the apps.
arstechnica.com
March 13, 2025 at 1:25 AM
blogs.infoblox.com/threat-intel...
Dangling participles and dangling DNS records are both bad...
How actors abuse dangling DNS records
Discover how poor DNS hygiene led to a cybersecurity breach involving the U.S. CDC and the English Premier League. Learn how threat actors exploited dangling CNAME records to distribute malware and ot...
blogs.infoblox.com
March 10, 2025 at 10:56 PM
Reposted
tarah.org
Brilliant and brave take from @rgblights.bsky.social explaining the outsized impact of firing probationary employees in the cybersecurity talent pipeline. breakingdefense.com/2025/03/ex-n...
Ex-NSA cyber chief warns of 'devastating impact' of potential DOGE-inspired firings - Breaking Defense
"Eliminating probationary employees will destroy a pipeline of top talent essential for hunting and eradicating [People's Republic of China] threats,” Rob Joyce, former director of cybersecurity at th...
breakingdefense.com
March 6, 2025 at 12:40 AM
medium.com/@Sniffler/te...
Interesting read
Terms of What?
tl;dr
medium.com
March 6, 2025 at 1:15 AM
North Korean hackers took just two minutes to make off with $1.5bn (£1.2bn) in cryptocurrency, cyber security researchers believe, in the single biggest heist i…

www.yahoo.com/news/north-k...
North Korean hackers ‘took just two minutes’ to pull off record $1.5bn heist
North Korean hackers took just two minutes to make off with $1.5bn (£1.2bn) in cryptocurrency, cyber security researchers believe, in the single biggest heist in history.
www.yahoo.com
March 1, 2025 at 1:39 AM
therecord.media/hegseth-orde...
Shameful...
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
The secretary of Defense has ordered U.S. Cyber Command to stand down from all planning against Russia, including offensive digital actions, sources tell Recorded Future News.
therecord.media
February 28, 2025 at 10:46 PM
krebsonsecurity.com/2025/02/trum...
Trump 2.0 Brings Cuts to Cyber, Consumer Protections
One month into his second term, President Trump's actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consu...
krebsonsecurity.com
February 24, 2025 at 8:03 PM
www.theatlantic.com/politics/arc...
This Is What Happens When the DOGE Guys Take Over
Inside the federal agencies where Elon Musk’s people have seized control, fear and uncertainty reign.
www.theatlantic.com
February 21, 2025 at 1:43 AM
www.inversecos.com/2025/02/an-i...
They have a name for us!!😂 😂 😂
An inside look at NSA (Equation Group) TTPs from China’s lense
www.inversecos.com
February 21, 2025 at 12:35 AM
krebsonsecurity.com/2025/02/how-...
How Phished Data Turns into Apple & Google Wallets
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-b...
krebsonsecurity.com
February 18, 2025 at 10:18 PM
www.wired.com/story/russia...
A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
A team Microsoft calls BadPilot is acting as Sandworm's “initial access operation,” the company says. And over the last year it's trained its sights on the US, the UK, Canada, and Australia.
www.wired.com
February 13, 2025 at 12:12 AM
www.newsweek.com/chinese-spy-...
Exclusive - Chinese spy balloon was packed with American tech
The Chinese spy balloon that crossed the United States carried American technology that could have enabled it to spy on Americans.
www.newsweek.com
February 12, 2025 at 10:09 PM
foreignpolicy.com/2025/02/11/d...

This is a good read.
DOGE Is Hacking America
The U.S. government has experienced what may be the most consequential security breach in its history.
foreignpolicy.com
February 12, 2025 at 9:35 PM
www.cybersecuritydive.com/news/trump-n...
I guess there wasn't an experienced cyber person available??
Trump to nominate Sean Cairncross as national cyber director
The president will tap the former RNC insider to lead the White House office that oversees nation’s cybersecurity strategy.
www.cybersecuritydive.com
February 12, 2025 at 7:40 PM
www.eff.org/deeplinks/20...
EFF Sues DOGE and the Office of Personnel Management to Halt Ransacking of Federal Data
EFF and a coalition of privacy defenders have filed a lawsuit today asking a federal court to block Elon Musk’s Department of Government Efficiency (DOGE) from accessing the private information of mil...
www.eff.org
February 12, 2025 at 3:18 AM
www.justice.gov/opa/pr/justi...
Justice Department Announces Seizure of Cybercrime Websites Selling Hacking Tools to Transnational Organized Crime Groups
The Justice Department today announced the coordinated seizure of 39 domains and their associated servers in an international disruption of a Pakistan-based network of online marketplaces selling hack...
www.justice.gov
February 10, 2025 at 2:31 AM
Trusted PDFs turn toxic as smaller screens face bigger risk

www.techradar.com/pro/security...
Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes - how to stay safe
Trusted PDFs turn toxic as smaller screens face bigger risk
www.techradar.com
February 5, 2025 at 4:52 AM
February 3, 2025 at 1:07 AM
labs.jumpsec.com/tokensmith-b...
TokenSmith - Bypassing Intune Compliant Device Conditional Access | JUMPSEC LABS
Conditional Access Policies (CAPs) are the core of Entra ID’s perimeter defense for the vast majority of Enterprise Microsoft 365 (M365) and Azure environments. The core ideas of conditional access ar...
labs.jumpsec.com
February 3, 2025 at 12:33 AM
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, inclu…

www.bleepingcomputer.com/news/securit...
Backdoor found in two healthcare patient monitors, linked to IP in China
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient...
www.bleepingcomputer.com
January 31, 2025 at 2:54 AM
www.theverge.com/2025/1/24/24...
Elon Musk email to X staff: ‘we’re barely breaking even’
User growth is ‘stagnant’ on the platform formerly known as Twitter.
www.theverge.com
January 27, 2025 at 2:57 PM
Reposted
nathanmcnulty.com
I think the most common misunderstanding of Conditional Access is its relationship to authentication, and this results in not understanding how the rest of the controls actually work

Conditional Access performs authorization by evaluating tokens from the authentication service
January 24, 2025 at 11:12 PM