Blog

Blog

NIST's New Framework to Mitigate Privacy Risks

The Case for Privacy Risk Management Over the past few years, there has been a massive cultural and legal shift in the way consumers view and secure their personal data online that's in line with the rise of advanced technologies like artificial intelligence. Concerned by an increasing rate of incidents that range from the 2017 Equifax hack to the...
Blog

Lacking Direction to Address your ICS Cybersecurity Issues? Here’s What You Can Do

With more and more automation systems and industrial devices being connected to networks, raw data from every device can be transformed into a treasure chest of valuable information. Granted, this data can help to optimize the process, but with connectivity comes new ICS cybersecurity concerns. Connectivity opens previously air-gapped or physically isolated control networks to the world of cyber...
Blog

Fraudsters Use Salary Increase Scam to Steal Employees' Credentials

Digital fraudsters have launched a new phishing campaign that uses a salary increase scam to trick employees into handing over their credentials. Spotted by the Cofense Phishing Defense Center, the campaign used spoofing techniques to trick recipients into thinking that the attack emails came from their HR department. Those emails claimed that the...
Blog

Men paid $100K by Uber to hush up hack plead guilty to extortion scheme

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data. Twenty-six-year-old Brandon Charles Glover and Vasile Meacre, 23, entered guilty pleas this week at a federal court in San Jose, California in...
Blog

Tripwire Patch Priority Index for October 2019

Tripwire's October 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First on the patch priority list this month are vulnerabilities that have been recently add to Metasploit. CVE-2019-13272 is a Linux kernel vulnerability; proof-of-concept code...
Blog

DNS Rebinding: A Frightening Attack Vector with Spooky Security Impacts

One of the greatest misconceptions about online safety is that home networks are somehow private. Unfortunately, this hasn’t been true since around the turn of the century when we started filling our home networks with Internet-connected boxes serving local web pages. The problem is that web browsers typically make little distinction between web...
Blog

Leadership Through Security: The Changing Role of the CISO

The traditional career path for a chief information security officer (CISO) is fairly straightforward. An individual begins their career in IT but ultimately moves to security after demonstrating a security mindset. Once established within the ranks of information security, the professional receives promotion after promotion until they attain the...
Blog

Court Cases Affected by TrialWorks Ransomware Incident

A ransomware incident at TrialWorks forced at least two law firms to request deadline extensions for some of their court cases. JML Law, APLC requested an extension of 18 days to submit documents pertaining to one of its cases. According to court files, the Woodland Hills-based law firm attributed its request to a "hosting outage" at TrialWorks, its...
Blog

Modern Skills for Modern CISOs: Your Questions Answered

Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, the session ended before we got the chance to answer the questions that the audience had submitted. The silver lining is that we had the chance to write...
Blog

Scammer Stole $500K from Ocala, FL in Spear Phishing Attack

A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an...
Blog

Jackson Health System Fined $2.15M for HIPAA Violations

Jackson Health System (JHS) paid a civil money penalty of $2.15 million after having violated some of HIPAA's provisions. The case dates back to August 2013 when JHS submitted a breach report to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. In its report, the...
Blog

Is the Electric Grid Ready to Respond to Increased Cyber Threats?

Reports from the U.S. Government Accountability Office (GAO) and Siemens highlight both the increasing cyber threats faced by the electric utility companies and the lack of adequate readiness to respond to these threats. According to these reports, a cyber-attack on the electric grid could cause “severe” damage. The electric grid delivers the...
Blog

Cyber Attack Risk Climbs in Latest WEF Regional Risk Report

Unsurprisingly, cyber attacks are growing in the business sector and not just in the United States but world-wide. Cyber-attacks represent the greatest risk in six out of ten of the top economies in the world. The report presented by the World Economic Forum discusses formjacking, cryptojacking, ransomware like LockerGoga and other cyber-attacks of...
Blog

Guide to Container Security – Everything You Need to Know

Ah, the wonders of technology. In the innovation-rich Information Age, we are the beneficiaries of a nonstop wave of new advancements, each offering the ability to execute vital tasks faster and more efficiently than ever before. However, along with each breakthrough comes potential security vulnerabilities. Such is the case with containerization....
Blog

Malspam Campaign Targeted German Organizations with Buran Ransomware

Researchers spotted a malspam campaign that targeted German organizations with samples of the Buran crypto-ransomware family. In early October, Bromium observed a malspam campaign whose emails impersonated online fax service eFax. The emails contained hyperlinks to a PHP page that served up malicious Word documents. This technique helped the Word...