Chuck Davis

If your vulnerability program is driven entirely by CVSS scores, you are probably missing real risk. This post outlines a high-level approach to prioritizing remediation based on exposure, KEV data, and attacker behavior.
Link 👇
betweenthehacks.com/...
#VulnerabilityManagement

Venmo makes your payments public by default.
Who you paid. When. And why.
This is a privacy problem with an easy, 30 second fix!
🔗 betweenthehacks.com/...
#Venmo #PrivacyMatters #CyberSecurity #VenmoPrivacy #AppSecurity #DataProtection #DigitalSafety #FixItFast

Did you know National Internet Safety Month started in 2005?
It began as a campaign to protect kids online—now it’s a reminder for everyone to tighten up digital hygiene.

Read the history: bth.news/safety
#Cybersecurity #InternetSafety #Infosec

Need a quick win this weekend?

Check out my 10-minute security checklist: updates, MFA, router tweaks, password scan, and more.

No fluff, no fear—just real-world security tips anyone can follow. 🔗 betweenthehacks.com/...

#cybersecurity #weekendproject #infosec

If “The Spy Who Applied to Code” grabbed your attention, check out @smashingsecurity.com Ep. 407. It covers human trafficking behind tech scams in Myanmar. Dark stuff—important to know. www.smashingsecurity.com/407-hps-hold... #Cybersecurity #HumanRights

North Korean Hackers Are Applying for Remote Jobs: How to Spot the Fakes — Between The Hacks A North Korean operative posing as a remote software engineer nearly infiltrated a U.S. company. Here’s what happened—and how to avoid falling for these increasingly sophisticated scams.

He said he liked food.
He couldn’t name a restaurant.
He claimed to live in Houston.
He didn’t know what Halloween was.
Turns out, he was a North Korean spy.
Here’s what happened when Kraken interviewed him:
👉 www.betweenthehacks.com/blog/the-spy...

A fake resume. A fake location. A real threat.

Kraken’s hiring team spotted the red flags—and uncovered a North Korean spy posing as a dev.

Here’s how it unfolded:
👉 betweenthehacks.com/...

#Cybersecurity #RemoteWork #Infosec

It’s World Password Day!
Still clinging to qwerty and your dog’s birthday? No judgment—just backup and fix it.
New on Between The Hacks:
betweenthehacks.com/...
#Passwords #WorldPasswordDay #CyberSecurity

Your laptop is your command center. Don’t make it an easy target.
Here are 10 smart, simple ways to lock it down in 2025. 🔒
👉 betweenthehacks.com/...

New post on Between The Hacks:
Quishing: Phishing Got a Glow-Up
QR codes are sneaky little traps. This post explains how attackers use them to phish for creds, how it works, and how to stay safe.
bth.news/quishing
#quishing #cybersecurity #infosec

DEF CON 33 talk submitted:
What SBOMs Forgot About the Network

NetBOM defines where devices should connect, then helps your firewall block the rest.

It’s time to stop trusting by default.
netbom.net
#NetBOM #Cybersecurity #DEFCON33

Just when we thought cyber security wasn’t difficult enough

My thermostat wouldn’t work without full Internet access.
I tried to restrict it. Support said: “Put it in the DMZ.”
Nope. I built NetBOM instead.
It’s like SBOM—but for network behavior.
Read the blog: betweenthehacks.com/...
White Paper: netbom.net
#NetBOM #Cybersecurity #IoTSecurity

Ransomware is no joke—but the time ransom notes started printing on lobby printers? Still kind of hilarious.
New on Between The Hacks: what it is, how it works, and how to stay protected.
👉 betweenthehacks.com/...
#Ransomware #InfosecHumor

Hey friends, we’ve updated our main URL! The new default is betweenthehacks.com. Same content, just a new domain. Check it out: betweenthehacks.com/...

🔐 Passwords are dead.
Passkeys are here—and they’re everything passwords wish they were.

✅ Can’t be guessed
✅ Can’t be phished
✅ Seamless login with Face ID, Touch ID, or security key

Full breakdown: betweenthehacks.com/passkeys

#Passkeys #Cybersecurity #WebAuthn #DigitalSecurity

I’ve been talking about network segmentation for years.

This week, I took action.

✂️ Cut the Ethernet cable
📡 Rotated the SSID every 60 seconds
🧊 Put the printer in the freezer

Welcome to Physical Zero Trust™

www.ckd3.com/blog/cut-eth...
(fixed link)
#infosechumor #cybersecurity #iot

A flat network means any device, like a smart plug, light bulb, or fridge, can reach the Internet and your other devices.

In my latest post, I explain how segmentation helps, but visibility is the next frontier.

🧠 www.ckd3.com/blog/everyth...

#infosec #homeiot #security

Even Cybersecurity Experts Fall for Phishing | What Troy Hunt’s Story Teaches Us — Between The Hacks Cybersecurity expert Troy Hunt fell for a phishing attack. Learn what happened, how phishing tactics have evolved, and how to protect yourself in 2025.

Troy Hunt—yes, that Troy Hunt—clicked a phishing link.

It’s a reminder that even the best in security are human.

I broke down what happened and how to protect yourself (or your team):

www.ckd3.com/blog/troy-hu...

#infosec #phishing #cybersecurity

The plane is this old

FBI seizes major cybercrime forums in coordinated domain takedown The Federal Bureau of Investigation, along with several other law enforcement departments, has seized control of several cybercriminal forms.

FBI seizes major cybercrime forums in coordinated domain takedown cyberscoop.com/fbi-seized-c...

US blood donation giant warns of disruption after ransomware attack | TechCrunch New York Blood Center said it does not have a "specific timetable for system restoration" following the attack, which has led to canceled appointments and delays

New York Blood Center (NYBC), one of the largest nonprofit blood centers in the United States, says it is experiencing service disruptions after being hit by a ransomware attack techcrunch.com/2025/01/30/u...

A salty phish attack!

Charles Davis on LinkedIn: ISE 2025: The World-Renowned Tech Show | Feb 4-7 Barcelona Thrilled to announce that I’ll be joining the Tribunal for the ISE Hackathon 2025 in Barcelona next week! 🎉 A big thank you to Integrated Systems Europe…

Thrilled to announce that I’ll be joining the Tribunal for the ISE Cybersecurity Hackathon 2025 in Barcelona next week! 🎉 www.linkedin.com/posts/chuckd...

Industries in the Intelligent Age White Paper Series The Industries in the Intelligent Age White Paper Series examines AI’s transformative role across diverse sectors, offering insights into challenges, opportunities and strategies for responsible innov...

The WEF & Oxford University have put out a new report on AI & Cybersecurity.

"The use of AI is creating an expanded attack surface that
might be exploited by threat actors. Existing methods need to be extended to address new vulnerabilities that are inherent in AI"

www.weforum.org/publications...

Cloudflare incident on November 14, 2024, resulting in lost logs On November 14, 2024, Cloudflare experienced a Cloudflare Logs outage, impacting the majority of customers using these products. During the ~3.5 hours that these services were impacted, about 55% of t...

After Microsoft, now Cloudflare discloses an incident where it lost customer logs... for Microsoft this was weeks of logs... for Cloudflare only 3.5 hours

blog.cloudflare.com/cloudflare-i...

CISA debuts new cybersecurity training platform The new "CISA Learning" system will offer the same training to both internal staff and tens of thousands of external users.

CISA launched last month a new cybersecurity training platform named CISA Learning

federalnewsnetwork.com/cybersecurit...

niccs.cisa.gov/education-tr...

Allie K. Miller on LinkedIn: Here’s how to opt out of AI data settings across popular… | 10 comments Here’s how to opt out of AI data settings across popular platforms: ChatGPT - profile photo > settings > data control > improve the model > off Google Gemini… | 10 comments on LinkedIn

An important step depending how you’re using #AI tools today. www.linkedin.com/posts/alliek...

Ouch!