Four healthcare IT companies warned that a primary health organization (PHO) put up to 800,000 patients' medical data at risk. On 17 July, New Zealand and Australian healthcare companies HealthLink, Medtech Global, myPractice and Best Practice Software New Zealand sent a letter to New Zealand's...

Last time, I had the pleasure of speaking with Roxy Dee. Her expertise is in vulnerability management, and she also loves to pay it forward by giving away books to her lucky Twitter followers. This time I got to speak with Jessica Hebenstreit. She’s worn an awful lot of hats in the cybersecurity field, and now she’s a senior security consultant. She...

1. Is ransomware as big a threat as the media claims it is? Ransomware is a variant of malware that we are seeing as the next wave of quick compromise attacks. What that means is quick entry and quick exit. No longer do the bad guys need to hover around on networked devices and perform complicated breaches only to get sensitive information or data....

Organizations can reap huge rewards by switching to a DevOps software development model. Some enterprises don't know how to make the change. Recognizing that fact, I've spent the past few weeks discussing the benefits of a DevOps model, outlining how organizations can plan their transition, identifying common problems that companies commonly...

Ukrainian law enforcement personnel thwarted a digital attack that targeted equipment owned and operated by a chlorine station. The Security Service of Ukraine According to Interfax, the Security Service of Ukraine (SUB) detected an attempt to attack the LLC Aulska chlorine station. Located in the...

Data breaches are getting more expensive. That's one of the findings of a new global study by the Ponemon Institute that examines the financial impact of a corporate data breach. So what is the actual cost of a data breach? Well, obviously it varies depending on the nature of the organisation that has lost control of its data, the nature of data...

The competition is fierce; each team looking to find the best talent and get the most from every member. Sometimes, to fill a position you have to go to your bench, but this is a battle, and you are in it to win it. No, it isn't the national team looking to grab top honors at the World Cup, it's your cyber security team working to defend the...

Controls—SOC 2 is all about controls. It's right there in the name: Service Organization Controls, S-O-C. A SOC 2 report is a de facto requirement for any organization that wants to store any customer data in the cloud, which means most SaaS or cloud service providers. Unlike PCI DSS, which is prescriptive and very technical, the American Institute...

Macy’s is notifying customers of a data breach involving unauthorized access to their payment card data and personal information. In a notice sent to affected customers, Macy’s said it first detected suspicious login activity from certain Macys.com accounts on June 11, 2018. “Based on our investigation, we believe that an unauthorized third-party –...

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th. In-The-Wild & Disclosed CVEs CVE-2018-8278 Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake...

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They...

Last time, I had the pleasure of speaking with Rebecca Herold. She’s a long time cybersecurity industry veteran and the founder of SIMBUS, LLC. This time, I got to talk with Roxy Dee. As a professional in vulnerability management, she knows that it takes a lot more work than just patching. She also has a habit of giving away cybersecurity-related...

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks...

Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud...

Financial regulators have ordered British banks and other financial services firms to provide a detailed plan for responding to IT outages and cyber-attacks. The Bank of England (BoE) and the Financial Conduct Authority (FCA) published a joint discussion paper on Thursday, asking firms to report on their exposure to risk and incident response...

So, you recognize that insider threats are a considerable risk inside your company? Just imagine how serious those threats are for a business that designs mobile spyware for helping law enforcement and intelligence agencies spy on "people of interest." NSO Group is a firm that, in its own words, provides "authorized governments with technology that...

A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients' personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County officials wrote that they first learned of the attack on 24 April. Upon discovery of the event, they instructed...

Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer...