Blog

Blog

2.2 Million Email Addresses Exposed in Wishbone Data Breach

A popular social media app known as Wishbone has suffered a data breach that exposed 2.2 million email addresses along with 287,000 cell numbers. In the middle of March 2017, security researcher Troy Hunt received a MongoDB database that belongs to Wishbone. The app, first founded in 2015, allows users to vote on two-choice polls. Over the past two...
Blog

Is Security Ready for the Next 20 Years of Technology?

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that...
Blog

Third-Party Twitter Service Hacked to Push Out Nazi-Themed Tweets

Attackers hacked a third-party service and used their unauthorized access to push out Nazi-themed tweets from high-profile Twitter accounts. On 14 March, prominent companies, publishers, and personalities tweeted out messages containing swastikas and the hashtags #NaziGermany and #NaziHollan written in Turkish. It's thought that supporters of Turkey...
Blog

The Subversive Six – Hidden Risk Points in Your ICS

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs. It was a...
Blog

Is Fileless Malware Really Fileless?

Over the past few weeks I have been seeing quite a few news articles around fileless malware infecting companies around the world. The article from Ars Technica specifically states that the goal of fileless malware is to reside in memory in order to remain nearly invisible. Besides residing in memory, the second aspect of fileless malware is the...
Blog

4 Best Practices for Improving Your Organization's Supply Chain Security

Digital attackers have many different strategies for infiltrating a target organization. That even goes for companies with robust perimeter defenses. Bad actors simply need to find a soft target they can exploit. Oftentimes, they find what they're looking for along a target's supply chain. We can best understand the supply chain as a network of...
Blog

A Breakdown of the Second Largest HIPAA Fine to Date – $5.5 Million

For the first time, the Office of Civil Rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. In the scope of the investigation, it was discovered that more than 100,000 individuals had their electronic Protected Heath Information (“ePhi”) records impermissibly...
Blog

Student Expelled from University for Hacking Professors' Emails

A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades. Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews: “We are taking this case very seriously, as it is very...
Blog

Level up Your Security Training Through Engagement

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time? The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with...
Blog

FIM: A Proactive and Reactive Defense against Security Breaches

No matter how well-designed it is, a security program will never prevent every digital attack. But an assault need not escalate into a data breach. Organizations can reduce the likelihood of a major incident by investing in key security controls. One such fundamental security component is FIM. Short for "file integrity monitoring," FIM helps...
Blog

Google's CAPTCHA Service Now Goes Invisible for Human Users

Google's CAPTCHA service now allows human users to pass through and access a website without seeing the "I'm not a robot" checkbox. The CAPTCHA provider, known as No CAPTCHA reCAPTCHA, uses an "advanced risk analysis engine" to separate users from bots. The service has developed numerous challenges since it first launched. But it all started with a...