GDPR has been in effect since May 25th, 2018. The purpose of the regulation is twofold: to enhance the privacy of an EU citizen’s related information and to strengthen the powers of the data protection institutions and regulators to act against any organization breaches the new rules. But is GDPR alone the panacea for fighting cybercrime and data...

Chilean bank and financial services company Banco de Chile said that a virus infiltrated its computer systems and stole $10 million. On 9 June, Banco de Chile's general manager Eduardo Ebensperger provided some insight about the attack to La Tercera. A translation by Google is provided below: We found some strange transactions in the SWIFT system ...

Phishing attacks continue to threaten organizations' digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it's useful to examine the granular...

The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients' medical data. No doubt there are also countless other healthcare organizations that have yet to detect an...

There’s a Russian proverb “overyai, no proveryai.” (Trust, but verify.) You trust your IT department to keep your systems up and running and configured in a secure manner. But, do you verify those configurations? Often, in the rush to get things done quickly, some things slip through the cracks. And most often, security seems to be what ends up...

A Mega Millions lottery jackpot winner's "giving back" campaign on Twitter looks and sounds an awful lot like a scam. Numerous Twitter profiles have been popping up claiming to be operated by Shane Missler, a 20-year-old resident of Florida who won the $451 million Mega Millions lottery jackpot in January. Many of those new accounts use their...

As I noted in my previous article, companies should use foundational controls to assure integrity of their software and critical data – doing so can help prevent many data breaches and security incidents from occurring in the first place. That's not all that integrity driven by foundational controls can accomplish. Here are two more benefits...

The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years. Phillip R. Durachinsky (Source: Cleveland Scene) An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts...

VTech Electronics Limited has agreed to pay $650,000 as part of a settlement agreement with the Federal Trade Commission (FTC) for a 2015 breach that exposed millions of parents' and children's data. On 8 January, the United States District Court in the Northern District of Illinois (Eastern Division...

A school district in North Carolina intends to spend $314,000 on rebuilding more than a dozen servers affected by a malware attack. On 27 December 2017, the board for Rockingham County School District held an emergency meeting and voted 7-1 to approve a 12-month, $314,000 service contract with Georgia-based technology solutions provider ProLogic ITS...

Among organizations today, there's not enough focus on where digital security matters, that is, setting up the challenge/risk. Let’s come right out and say it: if you haven’t been hacked yet, you soon will be. This is not a surprise to you. You know this. We know this. Other companies know this. And yet, we saw WannaCry spread to hundreds of thousands...

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...

In early August, I will be leading a couple of sessions at the Community College Cyber Summit about cyber security fundamentals. I've also been spending time working with my amazing colleagues thinking about DevOps. Spending so much time going back and forth from "back to basics" and "the future of development" had me thinking that securing DevOps...

When concepts like DevOps and Cloud computing come together, this powerful combination propels organizational growth at a rapid speed. Some trends in today’s industry have helped bring about the collaboration of these two most important change agents. Let’s take a look at them here: The world is witnessing an industry-wide shift wherein we are...

Compliance with version 3.2 of the Payment Card Industry Data Security Standard (PCI DSS) is a must for organizations that handle, process, transmit and store payment card data. But compliance isn’t always easy to establish or maintain. Indeed, there are certain challenges along the way that can make organizations’ compliance with PCI DSS 3.2...

Tripwire's July 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer, Edge and Scripting Engine. These patches resolve 22 vulnerabilities, including fixes for security feature bypass, information disclosure, and...

Reddit said that a digital attacker infiltrated some of its systems and accessed user data during a recent security incident. On 1 August, the social news aggregation website revealed that an attacker had compromised a few of its employees' accounts with its cloud and source code hosting providers...

If you haven't been targeted already, you might have at least heard about the latest "sextortion scam" that surfaced a couple weeks ago. I've been seeing the email scam making its rounds since then, and sure enough, it's now hit my own inbox. Seeing this nefarious message firsthand, I wanted to share some things to watch out for with scams like this...