Something that I really thought I wouldn’t be hearing by now is “I bought a Mac because Macs don’t get viruses”. Unfortunately, I’m still hearing it and, unfortunately, it’s still not true. That said, a recently discovered piece of malware targeting the Apple / Mac platform offers a good opportunity to highlight a few important […]
Author: sainate
Attackers are leveraging legitimate file sharing sites to increase phishing effectiveness
We are seeing a new variation of phishing attack that’s leveraging a users trust of legitimate file sharing services (Dropbox and Egnyte specifically) to increase the effectiveness of their phishing campaigns. We have included similar techniques in a number of recent phishing engagements for clients and have seen a significant increase in the number of […]
Let’s De-Mystify PCI Compliance
If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance? What is the SAQ (Self Assessment Questionnaire) […]
Almost 20 million records exposed in breach affecting Quest and LabCorp
Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]
Is your organization meeting the PCI DSS v3.2 requirements for quarterly and annual testing?
What is PCI DSS? PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you. Are there consequences for failing to maintain PCI Compliance? The short answer is […]
How attackers are using Shodan.io and Hydra to spread ransomware for fun and profit
Ransomware is essentially malware that encrypts data and holds the key for ransom. Organizations that find themselves victims of ransomware are required to either pay the ransom (typically several thousands of dollars in the form of cryptocurrency, which can present it’s own challenges) lose their data or restore from backup (if they have one). For […]
The rise of personalized scams further underscores the importance of security awareness training
Does it seem like you’re receiving more really targeted scam telephone calls and emails lately? If so, it’s not your imagination and you’re not alone. As we lead more and more connected lives, posting more and more data to social media sites, organizations that we do business with and having our information traded by and […]
Security researcher finds millions of bank loan documents exposed on unprotected server
According to a TechCrunch article, an independent security researcher found a database exposed to the Internet with no password protection containing millions of banking and financial documents including mortgage and tax documents. The article does an excellent job of detailing the findings and the sources but there are a few important things that we can […]
Beware of redundant, state based “cyber crime” legislation
In Georgia, State Bill 315 was introduced in 2018 to criminalize unauthorized computer access. In addition to the two page bill being overly vague and open to interpretation, unauthorized access was already criminalized by the Computer Fraud and Abuse Act (CFAA), a federal law. The bill was quickly passed by the House and Senate and, […]
Your data is already stolen, now what?
I read an interesting article from Bruce Schnier today that was basically a commentary on an equally interesting article from Brian Krebs about the recently disclosed Marriott breach. I’ve linked both articles below but wanted to highlight a couple of key points. Accept that you are vulnerable (your data has been, and will continue to […]