A county in Wisconsin revealed that a phishing attack was most likely to blame for a data breach of some service recipients' personal information. On 22 June, Manitowoc County posted a statement about the incident to its website. County officials wrote that they first learned of the attack on 24 April. Upon discovery of the event, they instructed...

Tripwire's June 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These Adobe Flash patches address type confusion, integer overflow, out-of-bounds read and stack-based buffer...

Insider threats top the list of the most dangerous cyber risks for organizations worldwide. It doesn’t take much effort for insiders to steal your sensitive data, while such activities are hard to discover and impossible to prevent. Unfortunately, lack of visibility into user behavior is one of the key reasons why companies suffer from data breaches...

Facebook announced it is notifying more than 800,000 affected users after a bug temporarily reset certain account privacy settings. The social media giant said the bug allowed users who had been previously blocked on both Facebook and Messenger to become unblocked. In a statement, the company said the bug was live for about a week – between May 29...

As we all know by now, the human factor is crucial to enterprise security. Cyber attacks routinely exploit vulnerable human behaviors to gain entry, since organizations must trust their own people—or at least some of them—with access to critical systems. Humans make decisions on risk tradeoffs, funding for security programs, adherence to policies,...

Last time, I had the pleasure of speaking with Susan Ballestero. She taught me a lot about what it’s like to work in a security operations center. This time, I got the opportunity to speak with Rebecca Herold. She’s been in the cybersecurity field for quite a long time now. She founded SIMBUS, LLC, a thriving information security, privacy and...

On June 28, California passed a sweeping data privacy law after only one week of work. Unless AB 375 (the California Consumer Privacy Act of 2018) is amended before its January 1, 2020, effective date, the law will be the strictest data privacy law in the United States, and will require data privacy protections and requirements similar to or broader...

Bitcoin whales are considered to be people who have thousands of coins in their crypto-wallets. As it turned out, there are very few of them. Chainalysis studied the network of the first cryptocurrency and found that only 1600 addresses contain more than 1000 BTC. Probably, several of them belong to Satoshi Nakamoto, a man everyone knows about but...

Several companies have made online productivity solutions like G Suite from Google the preferred option for business computing. It’s incredibly convenient and usually inexpensive for anyone from solo operations through large enterprises to replace physical machines and all the maintenance that comes with the territory with options like Gmail and...

Earlier this month, the Wi-Fi Alliance issued a press release announcing the availability of WPA3. Built on top of several existing but not widely deployed technologies, WPA3 makes several vast improvements over the security provided by WPA2. Most notably, WPA3 should close the door on offline dictionary-based password cracking attempts by...

Multinational apparel design and manufacturing corporation Adidas alerted customers of an incident that possibly affected the security of their data. On 28 June, Adidas' headquarters located in Herzogenaurach, Germany posted a statement about the incident to its website. The notice revealed that Adidas first learned about the issue two days earlier...

It's been discovered that a marketing company left almost two terabytes of sensitive data exposed on the internet for anybody to access. And what was inside that massive haul of data? The detailed personal information of 230 million consumers and 110 million business contacts - including phone numbers, addresses, dates of birth, estimated income,...

An American restaurant chain revealed it suffered a data breach affecting customers' payment card details at most of its locations. On 22 June, PDQ issued a statement explaining that a malicious attacker obtained unauthorized access to its computer system and acquired the names, credit card numbers,...

A recent report from the office of the U.S. Department of the Interior’s Inspector General indicates that several hydropower dams are vulnerable to internal threats. Specifically, an evaluation was conducted of five hydropower dams operated by the U.S. Bureau of Reclamation (USBR) and categorized as “critical infrastructure.” The USBR is the second...

A Japanese hotel chain company notified approximately 125,000 guests about a data breach that affected one of its software providers. On 26 June, Prince Hotels & Resorts published a statement on its website explaining that its reservations system in English, Simplified Chinese, Traditional Chinese...

Many organizations choose to filter web content in order to boost their employees’ productivity and protect themselves against security threats. But this practice begs two questions. First, to what online services/web sites do organizations commonly restrict access and why? Second, how effective is this practice in defending organizations against...

Healthcare organizations continue to face relentless cyberattacks owing to the immense value placed on patient health information on the dark web. Patient records have almost everything the attacker needs to carry out sophisticated insurance fraud schemes, purchase medical supplies or drugs, or commit other types of fraud including outright identity...

The Office of the Australian Information Commissioner (OAIC) received instructions to investigate HealthEngine's practice of sharing clients' personal information with lawyers. According to the Australian Broadcasting Corporation (ABC), a spokesperson for Australia's health minister Gregory Andrew Hunt confirmed that that OAIC and the Australian...

As I noted in a previous article, the build environment is a key area on which organizations should focus their container security efforts. Companies don’t usually think of the build environment when it comes to securing their containers. But it’s critical that they do. Attackers can exploit development practices like Continuous Integration (CI) and...

Computer security experts have discovered an unusual attack targeting users of Android devices. As researchers Yonathan Klijnsma and Aaron Inness explain on the RIskIQ blog, the attack starts with a relatively pedestrian fake warning message that popped-up on some Android users' devices as they browsed the web. The warning message is customized to...