The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients' medical data. No doubt there are also countless other healthcare organizations that have yet to detect an...

MailChimp has plugged a privacy issue that leaked users' email addresses when they responded to websites' newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an "annoying privacy violation" while viewing the referral logs for his website. Those logs help document "Referer Headers" (misspelling intended),...

Internet users are doomed. I don't mean you or me; the fact that we're reading this article on Tripwire's The State of Security blog means we at least have a passing interest in protecting ourselves online. No, I mean those folks who, like us, use the internet but don't take the steps necessary to put in place the most rudimentary defenses to...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...

The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid...

There’s a Russian proverb “overyai, no proveryai.” (Trust, but verify.) You trust your IT department to keep your systems up and running and configured in a secure manner. But, do you verify those configurations? Often, in the rush to get things done quickly, some things slip through the cracks. And most often, security seems to be what ends up...

A Mega Millions lottery jackpot winner's "giving back" campaign on Twitter looks and sounds an awful lot like a scam. Numerous Twitter profiles have been popping up claiming to be operated by Shane Missler, a 20-year-old resident of Florida who won the $451 million Mega Millions lottery jackpot in January. Many of those new accounts use their...

The 2017 Ponemon Institute Cost of a Data Breach Study found that “the cost of a data breach is going down, but the size of a data breach is going up.” Additional key findings included the following: The average total cost of a data breach decreased from $4.00 to $3.62 million. The average cost for each lost or stolen record containing sensitive...

As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place. That's not all that integrity driven by foundational controls can accomplish. Here are two more benefits...

A JavaScript-based cryptocurrency miner earned the top spot in a list of the "most wanted" malware for December 2017. For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves back in October 2017 when it...

In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year. With the rise of malware as a service, insiders are now more than capable of sabotaging a company's operations or stealing data to sell on the darknet. Without the right support...

You can’t turn around today without running into a story about blockchain technology and smart contracts. In fact, one creative beverage company saw their stock climb 289 percent when they added the term "Blockchain" to their company name even though they have nothing to do with blockchain technology. Blockchain technology is one form of a secure,...

A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59: Hancock Regional Hospital has been the victim of a criminal act by an unknown party that...

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations' futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and...

AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google's Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google's Play...

WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group...

The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years. Phillip R. Durachinsky (Source: Cleveland Scene) An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts...

There are several technical methods of stealing passwords via malware or software vulnerabilities, and one of the most difficult to defend against occurs when users disclose their credentials unknowingly. Yes, I am referring to phishing. Specifically, phishing that tricks users into accessing a fake website and entering their credentials. We often...