A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]
North Korean government-backed APT group caught using a fake pen-testing company sock puppet Twitter and LinkedIn accounts in an escalation of a hacking campaign targeting security research professionals. [Read More]
CompuCom shares information on the cost of recovering from a cybersecurity incident, including loss of revenue and major service disruptions. [Read More]
Reuters is reporting that a draft executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies. [Read More]
Researchers flag a critical security hole in the official Facebook for WordPress plugin and warn it could be abused for remote code execution attacks. [Read More]
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. [Read More]
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
While a credit freeze can protect against the opening of fraudulent credit accounts, it is not an inoculation against identity theft. What can be done to help protect identities and the attributes associated with them?
In addition to basic credit monitoring, breached companies need to get ahead of the attacks and start providing security solutions that actually protect the victims before they are victimized again.
While effective at curbing “petty crimes” such as credit skimming / cloning, EMV does not address more sophisticated cyber-attacks that target backend systems which contain card holders’ most sensitive information.
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
They always say in the investment world that cash is king. We are now seeing that in terms of cyber as well. Stealing cash, it’s even better than stealing money.
When it comes to cybercrime, the police really can’t and aren’t going to protect residents of your town. The same goes for all towns and cities. Unless you’re talking a high six-figure theft, it's unlikely an officer will be assigned to your case.
The holiday season is a time of giving. But savvy security and technology professionals such as yourselves know, both during the holidays and year-round, that not all giving is good.