When Tom August joined John Muir Health in 2015, the health system lacked a structured approach to cybersecurity. August led the development of a risk-based program that focuses on threats and risks impacting the organization. To gain visibility into the network, August implemented TrapX, a deception technology that acts as an intelligent honeypot. This allowed John Muir Health to quickly identify and address suspicious activity on the network. August advises other CISOs to engage with vendors, be clear on the problems they are trying to solve, and consider innovative solutions from newer players in the market.

Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells
The Lazarus group has launched sophisticated attacks on South Korean web servers, deploying ASP-based web shells as first-stage Command and Control (C2) servers. These attacks,