Macy’s is notifying customers of a data breach involving unauthorized access to their payment card data and personal information. In a notice sent to affected customers, Macy’s said it first detected suspicious login activity from certain Macys.com accounts on June 11, 2018. “Based on our investigation, we believe that an unauthorized third-party –...

Today’s VERT Alert addresses Microsoft’s July 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-786 on Wednesday, July 11th. In-The-Wild & Disclosed CVEs CVE-2018-8278 Microsoft Edge is vulnerable to a spoofing vulnerability that could allow an attacker to design a malicious fake...

A security researcher discovered an online credential stuffing list containing 111 million records that attackers could abuse to prey upon unsuspecting users. Troy Hunt, an Australian web security expert and creator of the second version of Pwned Passwords, learned about the list from several supporters of his Have I Been Pwned service. They...

Last time, I had the pleasure of speaking with Rebecca Herold. She’s a long time cybersecurity industry veteran and the founder of SIMBUS, LLC. This time, I got to talk with Roxy Dee. As a professional in vulnerability management, she knows that it takes a lot more work than just patching. She also has a habit of giving away cybersecurity-related...

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial information. Second, it protects system integrity to make sure applications, endpoints and networks...

Fraud is a major problem in modern-day businesses. It significantly hampers the progression of business and leads to loss of revenue. According to PriceWaterhouseCoopers’ evaluation reports, over half of all businesses today have in one way or another suffered fraud. In particular, 88 percent of companies within the United States have suffered fraud...

Financial regulators have ordered British banks and other financial services firms to provide a detailed plan for responding to IT outages and cyber-attacks. The Bank of England (BoE) and the Financial Conduct Authority (FCA) published a joint discussion paper on Thursday, asking firms to report on their exposure to risk and incident response...

So, you recognize that insider threats are a considerable risk inside your company? Just imagine how serious those threats are for a business that designs mobile spyware for helping law enforcement and intelligence agencies spy on "people of interest." NSO Group is a firm that, in its own words, provides "authorized governments with technology that...

A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients' personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County officials wrote that they first learned of the attack on 24 April. Upon discovery of the event, they instructed...

Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer...

Insider threats top the list of the most dangerous cyber risks for organizations worldwide. It doesn’t take much effort for insiders to steal your sensitive data, while such activities are hard to discover and impossible to prevent. Unfortunately, lack of visibility into user behavior is one of the key reasons why companies suffer from data breaches...

Facebook announced it is notifying more than 800,000 affected users after a bug temporarily reset certain account privacy settings. The social media giant said the bug allowed users who had been previously blocked on both Facebook and Messenger to become unblocked. In a statement, the company said the bug was live for about a week – between May 29...

As we all know by now, the human factor is crucial to enterprise security. Cyber attacks routinely exploit vulnerable human behaviors to gain entry, since organizations must trust their own people—or at least some of them—with access to critical systems. Humans make decisions on risk tradeoffs, funding for security programs, adherence to policies,...

Last time, I had the pleasure of speaking with Susan Ballestero. She taught me a lot about what it’s like to work in a security operations center. This time, I got the opportunity to speak with Rebecca Herold. She’s been in the cybersecurity field for quite a long time now. She founded SIMBUS, LLC, a thriving information security, privacy and...

On June 28, California passed a sweeping data privacy law after only one week of work. Unless AB 375 (the California Consumer Privacy Act of 2018) is amended before its January 1, 2020, effective date, the law will be the strictest data privacy law in the United States, and will require data privacy protections and requirements similar to or broader...

Bitcoin whales are considered to be people who have thousands of coins in their crypto-wallets. As it turned out, there are very few of them. Chainalysis studied the network of the first cryptocurrency and found that only 1600 addresses contain more than 1000 BTC. Probably, several of them belong to Satoshi Nakamoto, a man everyone knows about but...

Several companies have made online productivity solutions like G Suite from Google the preferred option for business computing. It’s incredibly convenient and usually inexpensive for anyone from solo operations through large enterprises to replace physical machines and all the maintenance that comes with the territory with options like Gmail and...

Earlier this month, the Wi-Fi Alliance issued a press release announcing the availability of WPA3. Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by...

Multinational apparel design and manufacturing corporation Adidas alerted customers of an incident that possibly affected the security of their data. On 28 June, Adidas' headquarters located in Herzogenaurach, Germany posted a statement about the incident to its website. The notice revealed that Adidas first learned about the issue two days earlier...