New + Now

Subscribe to New + Now

Phishing, Smishing, Vishing, and QRishing. All of these schemes continue to pose risk to organizations that needs to be assessed and addressed.

Vishing made a strong debut during the pandemic [view related post], and continues to be a scheme that is surprisingly successful.

This week, Morgan Stanley Wealth Management (in the wake of another

The National Institute of Standards and Technology (NIST) recently released a Request for Information (RFI) that seeks to gather information to help evaluate and improve cybersecurity resources for the cybersecurity framework and cybersecurity supply chain risk management.

NIST indicated in its FAQs about the RFI that it is seeking feedback on the following objectives:

  • Evaluate

Do you use 123456 as a password? We hope not, as it was the number one most common leaked password on the dark web according to a recent article from cnbc.com. Other common passwords were 111111, ABC123, and, of course, Password. The list of 20 common passwords was identified by the company, Lookout, from passwords

Threat actors don’t wait for a convenient time to attack your company. They attack when it suits them, and when they can find any small opening. Being prepared for different types of attacks helps companies prepare for their response before the attack happens. 

More and more companies are testing their incident response plans by conducting

As if health care entities don’t have enough to worry about  during this chaotic and difficult time in the pandemic, a new report released by Cynerio, entitled “The State of IoMT Device Security 2022,” provides a list of medical devices that are considered Internet of Things, and therefore dubbed Internet of Medical Things (IoMT) that

EyeMed Vision Care, LLC, was the victim of a hacking incident in 2020 that compromised the personal information of 2.1 million consumers, including their names, addresses, Social Security numbers, member numbers of health and vision insurance accounts, diagnoses, and treatment information. According to the New York Attorney General’s office, 98,632 of those individuals were state

The Cybersecurity & Infrastructure Security Agency (CISA), in tandem with the FBI and National Security Agency, issued a Cybersecurity Advisory on January 22, 2022, to warn organizations, and especially critical infrastructure operators, to be on heightened alert that Russian state-sponsored cyber operations may again use the tensions with the U.S. to attack U.S. companies.

The

The Department of Homeland Security (DHS) announced a “bug bounty” program on December 14, 2021,  called “Hack DHS.” Yes, you read that right. DHS is actually going to invite select cybersecurity “hackers” to try to hack into its systems. DHS created the program to “identify potential cybersecurity vulnerabilities within certain DHS systems and increase the

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued guidance on protecting the security of organizations’ social media accounts to reduce the risk of unauthorized access to those accounts.

The guidance, entitled The Capacity Enhancement Guide (CEG): Social Media Account Protection, provides tips for organizations to protect social media accounts from malicious cyber actors. CISA