Matthew Dechant is the founder of MD3 Consulting, providing virtual CISO services to small and medium sized businesses. He is a seasoned executive building, operating, and scaling comprehensive information security programs that address business risk and adapt to emerging threats without affecting the speed of business.

LockBit targets MacOS,China exploits Android bug, urgent Chrome update, LinkedIn ID verification, and Juice Jacking back in the news,but why. Plus today’s lists – we have two – top 5 cybersecurity risks every business should know and 4 things you should never do while chatting with ChatGPT, an extended version of the “So you want to be an infosec consultant” presentation at BSides Nashville and SE cyber summit dropping this afternoon, the 2023 recipient of the vCISO Services scholarship, and today’s shout out.

https://securityaffairs.com/144879/cyber-crime/lockbit-encryptor-targets-macos.html

https://www.bleepingcomputer.com/news/security/cisa-warns-of-android-bug-exploited-by-chinese-app-to-spy-on-users/

https://thehackernews.com/2023/04/google-releases-urgent-chrome-update-to.html

https://www.scmagazine.com/news/identity-and-access/linkedin-deploys-new-secure-identity-verification-for-all-members

https://krebsonsecurity.com/2023/04/why-is-juice-jacking-suddenly-back-in-the-news/

https://physicochemics.com/what-are-cybersecurity-risks-their-management/

https://bgr.com/tech/4-things-you-should-never-do-while-chatting-with-chatgpt/

https://www.linkedin.com/in/ereny-nagib-07a3a01b7/

https://youtube.com/@vciso

https://www.linkedin.com/in/markwdebry/

Iowa Medicaid breach, KFC-Pizza Hut breach, tax firms malware

https://www.infosecurity-magazine.com/news/20000-iowa-medicaid-members-data/

https://cybersecuritynews.com/kfc-pizza-hut-breach/

https://news.sophos.com/en-us/2023/04/13/tax-firms-targeted-by-precision-malware-attacks/

https://www.infosecurity-magazine.com/news/ethical-hackers-chatgpt/

https://www.helpnetsecurity.com/2023/04/12/hybrid-work-environments-stressing-cisos/

https://www.bleepingcomputer.com/news/security/five-arrested-after-33-000-victims-lose-98m-to-online-investment-fraud/

https://securityintelligence.com/posts/four-ways-to-harden-your-network-perimeter/

https://www.darkreading.com/attacks-breaches/7-things-ransomware-response-playbooks-missing

https://www.linkedin.com/in/kevincecil/

From November 8, 2022 - Jake Williams is a cybersecurity manager and aspiring CISO, currently pursuing his MBA. He is also well-versed in CMMC, and we dive into some elements of this somewhat confusing standard/requirement.

Davy Cox is the founder of Brainframe.com, an all in one ISMS/GRC/DMS/QMS that can help SMBs and vCISOs manage their information security programs.

Leaked NATO docs possibly altered, repeating to trick, new Apple zero days, five active exploits added to CISO KEV,  1 million WordPress sites infected, five cybersecurity myths, and today’s shout out featuring a cyber security pro looking for the next opportunity.

https://www.scmagazine.com/news/policy/us-nato-ukraine-docs-altered

https://www.helpnetsecurity.com/2023/04/10/simple-trick-disclose-personal-data/

https://www.bankinfosecurity.com/apple-issues-emergency-fix-for-spyware-style-zero-days-a-21652

https://heimdalsecurity.com/blog/five-new-actively-exploited-vulnerabilities-added-by-cisa-to-its-kev-catalog/

https://thehackernews.com/2023/04/over-1-million-wordpress-sites-infected.html

https://www.forbes.com/sites/forbesbusinesscouncil/2023/04/06/dispelling-the-myths-around-cybersecurity-for-small-businesses/?sh=358f76d81f63

https://www.linkedin.com/in/brianmartinliticode/

A third of organizations cover up data breaches, Uber data exposed, crackdown on malicious Colbalt Strike servers, ChatGPT Samsung data leak, using ChatGPT as a risk and compliance enabler, and four steps to avoid a ransomware attack. Plus our first shout out for helping cybersecurity pros land their next great opportunity.

https://venturebeat.com/security/a-third-of-organizations-admit-to-covering-up-data-breaches/

https://www.infosecurity-magazine.com/news/uber-data-exposed-law-firm-breach/

https://www.bleepingcomputer.com/news/security/microsoft-and-fortra-crack-down-on-malicious-cobalt-strike-servers/

https://cybernews.com/news/chatgpt-samsung-data-leak/

https://securityintelligence.com/posts/using-chatgpt-as-an-enabler-for-risk-and-compliance/

https://www.eschoolnews.com/it-leadership/2023/03/30/4-steps-to-avoid-a-ransomware-attack/

https://www.linkedin.com/in/colemic/

From November 2, 2022 - Dan Bradley, CIPP/E, CIPP/US, CIPM, is the Senior Associate General Counsel at Global Payments, Inc. and a former Federal Prosecutor. We discuss privacy regulations both for financial institutions and SMBs, including the importance of frameworks. Recorded at RETR3AT Cyber Conference Montreat College September 23, 2022.

In a special Wednesday episode, Don Colliver joins us to discuss how to be successful making technical presentations. He is an Enterprise Communications Consultant and Technology Evangelist and the author of "Wink: Transforming Public Speaking With Clown Presence" available in paperback, eBook, hardcover, and audiobook through Amazon and all major retailers. He empowers leaders and enterprise organizations to connect more effectively through their messaging with new-school authenticity, spontaneous fun, and transformative results. For more information, check out:

https://www.winktechtalks.com

https://www.doncolliver.com/engage

Ryan Spellman is the Managing Director, Cyber Risk Managing Director, Cyber Risk at K logix. There are many vCISO and other cyber security consultants who offer third-party risk services but have minimal exposure to the issues associated with third-party risk, which are markedly different than enterprise risk. Learn what a vTPCISO is, why it matters, and what questions to ask of your vCISO when they suggest adding third party risk service to their offerings.