Nikkei Inc. recently fell victim to a business email compromise (BEC) scam that cost the Japanese media conglomerate $29 million. In a statement released on October 30, the company revealed that an employee at Nikkei America based in New York City fell for a BEC scam. The worker transferred $29...

So earlier this year, I wrote a piece about how we as humans are so quick to give away personal information to various companies in the quest for discounts or free stuff. As I gave it further thought, I realized that sometimes we give away our personal information in search of something even more abstract: likes. We post pictures of our food, our...

Officials revealed that the IT system owned and operated by the government of Nunavut fell victim to a ransomware attack. Joe Savikataaq, premier of the most northerly region of Canada, disclosed the security incident in a tweet on November 2 and revealed that recovery efforts were ongoing. https://twitter.com/JSavikataaq/status/1190727062690115586...

The Case for Privacy Risk Management Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online that's in line with the rise of advanced technologies like artificial intelligence. Concerned by an increasing rate of incidents that range from the 2017 Equifax hack to the...

Digital fraudsters have launched a new phishing campaign that uses a salary increase scam to trick employees into handing over their credentials. Spotted by the Cofense Phishing Defense Center, the campaign used spoofing techniques to trick recipients into thinking that the attack emails came from their HR department. Those emails claimed that the...

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data. Twenty-six-year-old Brandon Charles Glover and Vasile Meacre, 23, entered guilty pleas this week at a federal court in San Jose, California in...

Tripwire's October 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First on the patch priority list this month are vulnerabilities that have been recently add to Metasploit. CVE-2019-13272 is a Linux kernel vulnerability; proof-of-concept code...

A man has pleaded guilty to participating in an identity theft and fraud scheme that targeted U.S. servicemembers and veterans. On October 29, Fredrick Brown, 38, of Las Vegas, Nevada pleaded guilty to one count of conspiracy to commit wire fraud and one count of conspiracy to commit money laundering...

One of the greatest misconceptions about online safety is that home networks are somehow private. Unfortunately, this hasn’t been true since around the turn of the century when we started filling our home networks with Internet-connected boxes serving local web pages. The problem is that web browsers typically make little distinction between web...

The traditional career path for a chief information security officer (CISO) is fairly straightforward. An individual begins their career in IT but ultimately moves to security after demonstrating a security mindset. Once established within the ranks of information security, the professional receives promotion after promotion until they attain the...

Trend analysis is an important topic within threat intelligence. It lets us forecast where things are headed; whether they’re getting better, worse or different; and where we should be focusing our precious budgets. The UK’s National Cyber Security Centre (NCSC) recently released the Incident trends report (October 2018 – April 2019). This highlights...

A ransomware incident at TrialWorks forced at least two law firms to request deadline extensions for some of their court cases. JML Law, APLC requested an extension of 18 days to submit documents pertaining to one of its cases. According to court files, the Woodland Hills-based law firm attributed its request to a "hosting outage" at TrialWorks, its...

Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, the session ended before we got the chance to answer the questions that the audience had submitted. The silver lining is that we had the chance to write...

A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an...

A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court and then using it to send two million phishing emails. Thirty-three-year-old Oriyomi Sadiq Aloba, of Katy, Texas, received a 145 month federal prison sentence for an attack which ultimately saw...

Jackson Health System (JHS) paid a civil money penalty of $2.15 million after having violated some of HIPAA's provisions. The case dates back to August 2013 when JHS submitted a breach report to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. In its report, the...

Reports from the U.S. Government Accountability Office (GAO) and Siemens highlight both the increasing cyber threats faced by the electric utility companies and the lack of adequate readiness to respond to these threats. According to these reports, a cyber-attack on the electric grid could cause “severe” damage. The electric grid delivers the...

Kalispell Regional Healthcare (KPH) revealed that a phishing attack might have exposed patients' personally identifiable information (PII). Over the summer of 2019, KPH learned that several employees unknowingly handed their business email account credentials over to malicious actors after falling...