To illustrate just how creative phishing campaigns have become, on January 30, 2019, it was reported by multiple credit unions that Bank Secrecy Act officers at credit unions around the country received emails that appeared to be from Bank Secrecy Officers at other credit unions. The emails were addressed to the actual Bank Secrecy officers … Continue Reading
The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) recently issued an advisory outlining three vulnerabilities of Drager Infinity Delta patient monitoring devices. The vulnerabilities affect all versions of the Drager models—Delta, Delta XL, Kappa, and infinity Explorer C700—patient monitoring devices. According to the alert, the three security flaws include: Exposure … Continue Reading
I was a speaker at a recent conference of municipalities in a state last week, and during my presentation, I mentioned the various cyber-attacks that have affected cities, towns and educational departments in the U.S. (Atlanta, GA; Farmington, CT; West Haven, CT; Leeds, AL; Yarrow Point, WA; and Leominster, MA to name a few). Little … Continue Reading
We previously commended the Girl Scouts of the United States for encouraging girls to get involved in STEM, including cybersecurity by issuing a cybersecurity patch. The Girl Scouts announced that it has partnered with the Hewlett Packard Enterprise (HPE) to develop a new patch that girl scouts will be able to obtain if they successfully … Continue Reading
In its C-Suite Challenge 2019, The Conference Board surveyed more than 800 CEOs and some 600 other C-Suite executives around the globe, drawing primarily from the U.S., Asia, and Europe. An interesting finding from the press release about the survey is that U.S. CEOs rank cybersecurity and cyber threats as their #1 external concern for … Continue Reading
Cybercriminals have launched a new campaign that not only requires the victim to pay a ransom to have their data decrypted, but when the victim is directed to a PayPal account to pay the ransom to get the decryption key to unlock the data, the PayPal account page is fake and when the victim lands … Continue Reading
Marriott International Inc. has released new numbers relating to its Starwood Hotel’s reservation database by stating that 5 million passport numbers were stolen in the database. After further investigation, Marriott states that the information for fewer than 383 million guests (as opposed to 500 million) were exposed. The data that was compromised of these guests … Continue Reading
Just before the new year, the Department of Health and Human Resources (HHS) released voluntary cybersecurity practices for health care organizations, which consists of a main document, two technical volumes, and resources and templates that were compiled by more than 150 cybersecurity and health care experts. The publication, Health Industry Cybersecurity Practices: Managing Threats and … Continue Reading
Clearwater Compliance’s newest CyberIntelligence Insight Bulletin concludes that the top three cybersecurity risks for the health care industry, which accounts for 36.8% of reported critical risk incidents include: 1) user authentication deficiencies, including storing passwords in obvious places where others can find them such as on the computer monitor or under the keyboard, using generic … Continue Reading
Dataresolution.net, a cloud hosting provider that reportedly supports over 30,000 businesses worldwide appears to be another recent victim of the Ryuk ransomware and is reportedly responding to the attack which occurred on Christmas Eve. It is being reported that the attack is from North Korea. The attack appeared to allow the attackers to gain control … Continue Reading
Late last week, several major news organizations were hit with a ransomware attack believed to involve Ryuk ransomware that affected several Tribune newspapers around the country and two newspapers formerly owned by Tribune. Ransomware cyber-attacks typically attempt to disable systems and infrastructure and block access until ransom is paid as opposed to attempting to steal … Continue Reading
New Year’s is a time to look back on the happenings of the year and focus on the lessons and reminders those events have provided. As our last set of bulk posts for the year, we’d like to share with you our top 10 most read posts in 2018. Bezop Cryptocurrency Investors’ Personal Information Exposed … Continue Reading
For data security buffs like me, the recent McAfee® Labs Threats Report, December 2018 is, or should be, a top pick on the list. Well, maybe not for the holiday reading list, and we need to be careful not to bring up the results during holiday parties. I warn you that it is not an … Continue Reading
Experian’s Data Breach Resolution group has released its Data Breach Industry Forecast 2019 Report, which provides predictions for data breaches in 2019, and outlines staggering statistics of data breaches that occurred in 2018. One statistic is that the “number of records compromised in the first half of the year had already surpassed the total number … Continue Reading
A report released by cybersecurity firm Agari has come to a conclusion that we have experienced all year—that a hacking group in Nigeria, dubbed “London Blue,” is targeting CFOs and Controllers in small businesses to multinational corporations to trick them into sending funds through wire transfers. We have seen too many of them, and the … Continue Reading
The Commodity Futures Trading Commission’s LabCFTC recently released “A CFTC Primer on Smart Contracts” as part of LabCFTC’s effort to engage with innovators and market participants on a range of financial technology (FinTech) topics. The Primer offers a clear and concise explanation of “smart contracts” and their potential impact on the CFTC’s mission to foster … Continue Reading
Darkreading.com has issued a survey entitled: Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web which states that malicious insiders are responsible for 27 percent of all cybercrime. This statistic confirms that cyber criminals are increasingly recruiting insiders by using the dark web as a recruiting tool. So not only do businesses … Continue Reading
With more companies hiring, online recruiting scams have re-emerged to prey on job seekers and employers. The Better Business Bureau tracked more than 3,000 recruiting scams in the first 10 months of 2018 with losses in the million dollars. The online recruiting scam works this way: the scammer fraudulently uses a company’s name and logo, … Continue Reading
Some analysts have predicted that by 2020, there will be 20 billion Internet of Things (IoT) connected devices worldwide, which could grow to over 80 billion by 2025. Sales of IoT devices were $80 billion in 2017, and are predicted to grow to $1.4 trillion by 2021. With the exponential growth of IoT devices, experts … Continue Reading
On November 12, the Financial Stability Board (FSB) published a Cyber Lexicon, designed to help financial institutions around the globe address “financial sector cyber resilience.” The Cyber Lexicon sets forth definitions for 54 “core terms related to cybersecurity and cyber resilience in the financial sector.” “Cyber Resilience,” one of the 54 definitions, is defined as … Continue Reading
The “security principle” under the General Data Protection Regulation (GDPR) requires that organizations process personal data securely by means of “appropriate” technical and organizational measures. This month, the United Kingdom’s Information Commissioner’s Office (ICO) issued new guidance focused on two specific measures the ICO recommends that companies consider in complying with the GDPR security requirements: … Continue Reading
Mozilla recently announced that it is adding a new security feature to its Firefox Quantum web browser that will alert users when they visit a website that has reported a data breach in the last 12 months. Although consumers can visit Have I Been Pwned [view related post] to determine if their email has been … Continue Reading
According to a new report by Datto, Inc. (its third annual Global State of the Channel Ransomware Report), ransomware continues to be the top cyber-attack experienced by small- and medium-sized companies. Some managed service providers were surveyed in Singapore, the Asia-Pacific region and across the globe. Fifty-five percent of them said their clients had experienced … Continue Reading
Non-profit organizations collect, use and disclose personal information just like any other for-profit industry. However, non-profit organizations often don’t have the same resources to devote to data security as their for-profit counterparts. The risk is the same, but the ability to defend and respond is more challenging due to more limited resources that can be … Continue Reading
