A reported 90% of all data breaches affect small businesses, and these breaches can be quite costly. Cyber insurance is one way to help protect your organization.
It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users. The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords. Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.
The rising threat of ransomware gives evidence to the fact that vulnerability assessments are important to overall cybersecurity protection. Is your organization at risk?
The cloud-storage site has confirmed that 68 million users’ passwords have been compromised. While the hack was in 2012, new information has just recently confirmed that passwords were included in the breached data.
Over 900 million Android devices are at risk of compromise due to a dangerous grouping of vulnerabilities recently discovered. The vulnerabilities have folded directly into the Android operating system developed for each original equipment manufacturer (OEM) that uses the affected chipsets within their devices, including Samsung, HTC, Motorola and LG.
Kaspersky Lab and Intel Security worked with officials around the world to help develop decryption tools for popular ransomware variants. Ransomware victims in Europe and the United States have also been given the tools notify authorities of infections in an effort to better track and combat ransomware.
More information on the DNC breach shows us that no organization is too big to follow the most basic cybersecurity practices. The most glaring issues identified include the transfer of personally identifiable information and passwords via unencrypted email.
A new congressional report indicates the Chinese government was likely responsible for hacks at the FDIC in 2010, 2011 and 2013. A total of 12 workstations were compromised and 10 servers were penetrated and infected with a virus.
In short, yes. Guests of short-term rentals, like the popular Airbnb, can reset home routers and gain full control of network traffic. What’s more, the potential hacker needs only one thing: a paper clip.
The FDIC has updated their IT Examination procedures. On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions. The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place. Contine reading
The $150 million experimental investment fund known as Decentralized Autonomous Organization has been hacked, resulting in a loss of $55 million in digital currency. The June 17th hack resulted in a loss of 3.6 million ethereum coins as attackers created an identical fund and moved the money into it.
TeamViewer, which provides remote support and access, has announced that it is strengthening security controls after a rise in corporate account takeovers. A company spokesman noted that many consumer accounts used “the same account credentials across multiple internet accounts.”
Ransomware is another type of malware, but this one carries a bit of a sting. Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s. Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box. Ransomware has been the headline for 2016. If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading
A statement by Tien Phong Commercial Joint Stock Bank indicates the bank thwarted an attempt to transfer $1.36 million via a malware attack. The fraudsters attempted to transfer the funds via the interbank SWIFT messaging system, which is used by 11,000 banks worldwide.
A Turkish hacking group is likely responsible for the release of 10GB of UAE-based Invest Bank files. The archive is said to contain internal files and sensitive financial documents, including customer data.
The hacktivist group is waging a “a 30-day campaign against central bank sites across the world,” according to a new video posted on the group’s YouTube page. The Target List includes the U.S. Federal Reserve, as well as Fed banks in Atlanta, Boston, Chicago, Dallas, Minneapolis, New York, Philadelphia, Richmond and St. Louis.
The FFIEC recently updated the IT Examination HandBook – Retail Payment Systems. The new information can be found in Appendix E “Mobile Financial Services”. Mobile financial services are growing in popularity and are radically changing how consumers pay for goods and services. Convenience is key; however, that means new threats and risks are introduced into a consumer’s life. Contine reading
It’s that time of the year again!
Verizon released its Data Breach Investigations Report for 2016. For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches. The current report analyzes over 100,000 incidents that occurred in 2015. It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading
A Bangladesh Bank was a victim of a malware attack that allowed hackers into the bank’s SWIFT software to transfer money and even hide their tracks in the process. $81 million were stolen.
The 11.5 million leaked documents reveal alleged money laundering, tax avoidance and sanctions dodging by heads of state, politicians, celebrities and other fraudsters.
Big or small, every organization is at risk. Here I discuss ways to protect yourself and your clients.
Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.” Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.
21st Century Oncology was notified by the FBI in November 2015 that a third party may have gained access to a 21st Century database. A forensic firm confirmed what the FBI suspected, noting that a possible 2.2 million patients’ names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information was obtained.
Hollywood Presbyterian Medical Center is in the midst of what is is describing as an ‘internal emergency.’ Staff have been locked out of computer systems for over a week now as hackers demand 9,000 bitcoin. The FBI, the LAPD and a cyber forensic team are investigating the ransomware attack.
A zero-day flaw has been found in the Linux kernel that runs millions of servers, desktops and mobile devices that use the Android operating system. At least 66 percent of all Android mobile devices and tens of millions of Linux PCs and servers are expected to be affected.
Security firm FireEye has released a report indicating the mobile banking trojan, SlemBunk, is becoming more and more sophisticated as the number of mobile banking users rises. The malware is designed to attack Android devices and steals mobile banking credentials. The original report identified at least 30 mobile banking applications that were affected, including those in North America, Europe and Asia Pacific. An update to the report indicates the attack is even larger than originally identified.