HIRING: Deputy Director, Physical & Cyber Security / San Jose, California
USD 208K+

https://isecjobs.com/J882697/

Flock on over to the BoF webpage for #FIRSTCON25 to submit yours today! Deadline is April 30th https://go.first.org/8PmGl #annualconference #incidentresponse #secconf

#FIRSTCON25 is almost here! Have your registered? The Standard registration rate will expire on 25 April 25. After that, late registration rates will apply. Be sure to snag your seat before prices increase. We hope to see you there! #Copenhagen #IncidentResponse #FIRSTCON

Thailand: Ubakong, Technology Company, Exposes Its Backups in Google Storage.

https://medium.com/@newschu.substack.com/thailand-ubakong-technology-company-exposes-its-backups-in-google-storage-31b329830c64

Key takeaways from yesterday’s web3 security communications drill:

Technical transparency alone doesn't cut it

Layer explanations for different knowledge levels

Translate governance into everyday impacts

Establish consistent terminology across teams

Disclose proactively before questions arise

Build trust through regular security updates

Join next week's bug bounty comms drill!

Remember: All scenario briefings & postmortems are available to subscribers in our Slack.

#SecurityCommunications #IncidentResponse

https://discernibleinc.com/drills

#Datadog combined structured metadata from its incident management app with #Slack messages to create an LLM-driven functionality assisting engineers in composing incident postmortems.

Datadog believes LLMs won't fully replace human insight (yet!).

Learn more via #InfoQ https://bit.ly/4jvpqBK

We are accepting BoF submissions for #FIRSTCON25 until April 30th. If you've been procrastinating, here's your sign to submit today! https://go.first.org/8PmGl #annualconference #incidentresponse #secconf

"Trust Chain Turmoil" incident communications drill - tomorrow April 16!

When your Web3 protocol faces a social media smear campaign based on technical misunderstandings, how do you respond?

Our simulation puts security practitioners in the hot seat to practice:

Explaining complex issues to executives

Crafting clear security messaging for internal peers

Defending protocol integrity without jargon

Join our weekly drills subscription to participate!

Subscribe at DiscernibleInc.com/drills

"We spend so much time preparing for breaches, but almost no time practicing nuanced privacy communication scenarios that happen far more frequently."

This observation from a participant in our recent privacy incident communications drill captures why these exercises matter.

Effective privacy communications isn't about having all the answers — it's about asking the right questions across departments before it's too late.

#PrivacyCommunication #InfoSec #IncidentResponse

https://discernibleinc.com/blog/privacy-incident-drills

UnitedHealth's Change Healthcare got a ton of what some might consider well-deserved bad press last year after a ransomware attack by AlphV/BlackCat.

Now they're getting more bad press.

UnitedHealth is demanding that some struggling doctors immediately repay loans issued after last year’s cyberattack. That wasn't the way the providers were told repayment would work in terms of when and how.

#CNBC has the story:

https://www.cnbc.com/2025/04/11/unitedhealth-makes-doctors-repay-loans-issued-after-change-cyberattack.html

Your logs are lying to you - metrics are meaner and better.

Everyone loves logs… until the incident postmortem reads like bad fan fiction.
Most teams start with expensive log aggregation, full-text searching their way into oblivion. So much noise. So little signal. And still, no clue what actually happened. Why? Because writing meaningful logs is a lost art.
Logs are like candles, nice for mood lighting, useless in a house fire.

If you need traces to understand your system, congratulations: you're already in hell.

Let me introduce my favourite method: real-time, metric-driven user simulation aka "Overwatch".

Here's how you do it:

Set up a service that runs real end-to-end user workflows 24/7. Use Cypress, Playwright, Selenium… your poison of choice.
Every action creates a timed metric tagged with the user workflow and action.
Now you know exactly what a user did before everything went up in flames.

Use Grafana + InfluxDB (or other tools you already use) to build dashboards that actually tell stories:

* How fast are user workflows?
* Which steps are breaking, and how often?
* What's slower today than yesterday?
* Who's affected, and where?

Alerts now mean something.
Incidents become surgical strikes, not scavenger hunts.
Bonus: run the same system on every test environment and detect regressions before deployment. And if you made it reusable, you can even run the service to do load tests.

No need to buy overpriced tools. Just build a small service like you already do, except this one might save your soul.

And yes, transform logs into metrics where possible. Just hash your PII data and move on.

Stop guessing. Start observing.
Metrics > Logs. Always.

Let’s get your #BoF submission in for #FIRSTCON25, submissions run until April 30th, so hurry on over! https://go.first.org/8PmGl #annualconference #incidentresponse #secconf

Oracle finally admits to a major data breach—after being sued for hiding it.

Just days after being hit with a class-action lawsuit for allegedly covering up a major data breach, Oracle has begun privately notifying some customers of a security incident that compromised login credentials—including data from as recently as 2024.

Key highlights:
・ Hacker accessed usernames, passkeys, and encrypted passwords
・ Extortion attempt reported
・ Lawsuit claims Oracle failed to notify victims within 60 days
・ Plaintiffs demand better security & transparency

Despite Oracle calling it an outdated system, the lawsuit points to risks that are very current. This is a critical moment for cloud providers to re-evaluate incident response protocols.

Full story: https://www.csoonline.com/article/3953644/oracle-quietly-admits-data-breach-days-after-lawsuit-accused-it-of-cover-up.html

A Fan Favorite...The One Where FIRSTCON25's Agenda is Released https://go.first.org/LV4lq #incidentresponse #secconf #FIRSTCON25 #annualconference

We hope you are as excited as we are for the release of FIRSTCON25's agendaTake a glance here https://go.first.org/LV4lq #incidentresponse #secconf #FIRSTCON25 #agendaoutnow

Evolution of an #Oracle security incident public communications.

1. Deny any incident occurred.

Evidence is leaked

2. Ok, maybe an incident occurred but if it did, it was an old server and the data is very old.

More evidence is leaked

3. Ok, a hack happened and the data is recent but it is not sensitive.

Sensitive evidence is leaked <<TBD>>

4. Ok, it is sensitive but not for current customers.

Shows list of current customers in leak. <<TBD>>

5. It is irresponsible for reporting this and we will sue you for talking about it.

<<TBD>>

Drum Roll! Join us for the 37th Annual FIRST Conference from June 22-27, 2025 in Denmark, Copenhagen. Save the date for your favorite annual conference #annualconference #incidentresponse #secconf #savethedate https://go.first.org/Nz2u9

Atlassian is consolidating its IT Operations strategy! #Opsgenie 's capabilities are being integrated into JIRA Service Management and Compass!

Get all the details on #InfoQ https://bit.ly/4l8MDLA

New Open-Source Tool Spotlight

TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse

Project link on #GitHub https://github.com/TheHive-Project/TheHive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

A cyber security incident response professional on day 1; and the same professional one year later. The coffee is still hot.

Silly fun with AI image generation.