John Leyden

@[email protected]
249 Followers
12 Following
16 Posts
Infosec journalist
John LeydenAug 23, 2023
My latest blog post for isms_online looks at how the recently agreed EU-US Data Privacy Framework reduces privacy-realted red tape for European businesses. https://www.isms.online/data-protection/newly-agreed-eu-us-data-privacy-framework-lifts-privacy-red-tape/
Newly Agreed EU-US Data Privacy Framework Lifts Privacy Red Tape

Experts have welcomed the agreement of new privacy-focused rules on how personal data can be transferred between US and EU companies. The EU-US Data Privacy Framework was developed to replace the Privacy Shield, which was invalidated through a decision by the European Court of Justice in 2020. The court acted over concerns over a lack of adequate safeguards in both Privacy Shield (and an earlier safe harbour agreement) which meant that personal data leaving EU borders might become subject to sweeping US government surveillance. Cleared To Transmit The EU-US Data Privacy Framework, put forward by the US government last year,

ISMS.online
John LeydenAug 22, 2023
ICYMI my latest blog post for Evalian looks at the impact of the #SolarWinds Sunburst #supplychain attack and lessons that can be learned from the landmark data breach. https://evalian.co.uk/solarwinds-supply-chain-attack-continues-to-cast-a-shadow-across-tech-industry/
SolarWinds supply chain attack continues to cast a shadow across Tech industry

We take a deeper dive into the SolarWinds supply chain attack and how the effects of the incident are still being felt three years on.

Evalian®
John LeydenJul 12, 2023
A short history on #supplychain attacks and tips on their mitigation https://evalian.co.uk/supply-chain-attacks/ <-- My first blog post for Evalian
Supply chain attacks

Supply chain attacks remain a growing concern for organisations worldwide. We discuss some of the most notable attacks in the last decade.

Evalian®
John LeydenJul 12, 2023
Cyberattacks against Ukraine have surged, linked to attacks on the ground, but their effectiveness has been blunted https://www.csoonline.com/article/645556/ukraines-ground-counteroffensive-ushers-in-a-new-phase-of-the-conflict-in-cyberspace.html <-- My first feature for @csoonline
Ukraine’s ground counteroffensive ushers in a new phase of the conflict in cyberspace

Cyberattacks against Ukraine have surged, linked to attacks on the ground, but their effectiveness has been blunted, according to observers including the deputy chairman of Ukraine’s cyber warfare service.

CSO Online
John LeydenJul 12, 2023
My latest blog post for ISMS.online on the NCSC's #supplychain mapping advice and how it aligns with ISO 27001 as a framework to build cybersecurity resilience https://www.isms.online/information-security-management-system-isms/mapping-the-risks-ncscs-guidance-on-supply-chain-security/ <-- feat. expert comment from Piers Wilson of @ciisechq
Mapping the Risks: NCSC's Guidance on Supply Chain Security

Cyber attacks affecting an organisation's supply chain – rather than the organisation directly – are becoming increasingly commonplace. If your supplier is breached, an organisation's assets are at risk. Mindful of this, attackers have adopted the tactic of deploying attacks through the software supply chain. As previously reported, a form of attack that first came to prominence with the NotPetya ransomware attack of 2017 and the SolarWinds breach of 2020 is becoming a scourge of corporate security. The exploitation of a vulnerability in the MOVEit file transfer software to steal data and attempt to extort payment from users of the technology illustrates how

ISMS.online
John LeydenJun 14, 2023
A look into the relative merits of bug bounty and pen testing programs https://assured.co.uk/2023/bug-bounty-programme-or-penetration-testing-which-is-right-for-you/ <-- My first piece for Assured Intelligence
Bug Bounty Programme or Penetration Testing: Which is Right For You? • Assured

Organisations use penetration testing and bug bounty programmes to identify cybersecurity vulnerabilities and strengthen tech resilience. But which method works better? John Leyden considers the pros and cons of each

Assured
John LeydenJun 8, 2023
Is your organisation prepared for the Digital Operational Resilience Act (#DORA)? https://www.isms.online/cyber-security/get-ready-for-the-digital-operational-resilience-act/ <-- My first blog post for isms.online
Get Ready for the Digital Operational Resilience Act

Financial service organisations will be challenged to improve their operational resilience with an incoming set of regulations whose impact will expand far beyond the sector. The Digital Operational Resilience Act (DORA) consolidates and extends existing cybersecurity and operational resiliency rules for financial services firms operating in the European Union. More specifically, DORA introduces specific and prescriptive requirements on Information and Communications Technology (ICT) risk management and incident reporting. The regulations were approved by the EU Council in January 2023, starting the clock on a 24-month implementation period. Both financial sector firms and their ICT technology suppliers (such as cloud platforms

ISMS.online
John LeydenMay 17, 2023
Legitimate domains turned into conduits for phishing campaigns by crooks exploiting open redirect vulnerabilities https://silentpush.com/blog/open-redirect-vulnerability-abused-in-o365-phishing-campaigns-led-from-legitimate-domains <-- My first blog post with Silent Push researchers
Open Redirect Vulnerability Abused in O365 phishing campaigns — Silent Push Threat Intelligence

We've tracked a new run of open redirect attacks abusing legitimate domains like citi[.]com and Microsoft Office phsishing content.

Silent Push Threat Intelligence
John LeydenMay 12, 2023
Smashing Security podcastMay 11, 2023

Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack, and how might hackers target Eurovision?

All this and more is discussed in the latest edition of the "Smashing Security" #podcast by me, Carole Theriault, joined this week by @hac_overflow.

Find "Smashing Security" in all good podcast apps...

https://grahamcluley.com/smashing-security-podcast-321/

#cybersecurity #podcast #eurovision #ransomware #Twitter #privacy

Smashing Security podcast #321: Eurovision, acts of war, and Twitter circles

Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack…

Graham Cluley
John LeydenMay 11, 2023
Graham CluleyMay 11, 2023

A new "Smashing Security" podcast! With special guest @hac_overflow

Eurovision, acts of war, and Twitter circles.

Check it out: https://grahamcluley.com/smashing-security-podcast-321/

Smashing Security podcast #321: Eurovision, acts of war, and Twitter circles

Twitter shares explicit photos without users' permission, one US company can look forward to a $1.4 billion payout seven years after an infamous cyberattack…

Graham Cluley