Blog

Blog

A Breakdown of the Second Largest HIPAA Fine to Date – $5.5 Million

For the first time, the Office of Civil Rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. In the scope of the investigation, it was discovered that more than 100,000 individuals had their electronic Protected Heath Information (“ePhi”) records impermissibly...
Blog

Student Expelled from University for Hacking Professors' Emails

A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades. Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews: “We are taking this case very seriously, as it is very...
Blog

Level up Your Security Training Through Engagement

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time? The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with...
Blog

FIM: A Proactive and Reactive Defense against Security Breaches

No matter how well-designed it is, a security program will never prevent every digital attack. But an assault need not escalate into a data breach. Organizations can reduce the likelihood of a major incident by investing in key security controls. One such fundamental security component is FIM. Short for "file integrity monitoring," FIM helps...
Blog

Google's CAPTCHA Service Now Goes Invisible for Human Users

Google's CAPTCHA service now allows human users to pass through and access a website without seeing the "I'm not a robot" checkbox. The CAPTCHA provider, known as No CAPTCHA reCAPTCHA, uses an "advanced risk analysis engine" to separate users from bots. The service has developed numerous challenges since it first launched. But it all started with a...
Blog

Payment Solutions Firm Verifone Investigates Security Breach

Payment solutions provider Verifone is reportedly investigating a breach of its internal computer networks dating back to mid-2016 that may have affected a number of businesses running its point-of-sale (POS) terminals. According to a report by investigative journalist Brian Krebs, the payments giant said the extent of the breach is limited to its...
Blog

February 2017: The Month in Ransomware

The shortest month of 2017 was relatively slow in terms of ransomware activity, but it gave rise to several disconcerting tendencies in the cybercrime ecosystem. Crypto infections that steal sensitive information along the way, top-notch Android ransomware utilizing dropper techniques, low-cost Ransomware-as-a-Service platforms – all of these took...
Blog

Android Trojan Infects Facebook Lite Version to Steal Users' Information

An Android trojan has infected a version of Facebook Lite so that it can try to secretly steal users' device information. Facebook Lite is a version of the popular social messaging Android app that uses less data than the regular version. It's also designed for 2G networks, which helps the app work on networks with slow or unstable web connections....
Blog

Deception as a {Free} Post-Breach Detection Tool

The Clifford Stoll’s interesting story of stalking the wily hacker back in the 80s was probably the first time deception was used for catching a hacker. Since then, the technology has changed a lot, but the concept of honeypots and deception in general has remained the same. Despite the undeniable and important role that honeypots have in proactive...
Blog

4 Innovation Enablers for Every Organization's Digital Security Strategy

The digital landscape is beset with challenges that threaten businesses and individual users alike. Even so, most organizations aren't prepared to face them. For example, 70 percent of IT professionals told Tripwire at Black Hat USA 2016 they lack confidence in their organization's ability to address security risks associated with the Internet of...
Blog

And You Thought You Have Seen It All . . . and Why the IoT Needs Us

One might think that the security industry is beefing up its message with profanity and far-fetched stories, and you may regard all of it – to an extent – as scare mongering. The latest attack on the smart "HUE Light Bulbs" by Philips puts this views to rest, I hope. Apparently, modern smart light bulbs are equipped with secure communication...