Jackson Health System (JHS) paid a civil money penalty of $2.15 million after having violated some of HIPAA's provisions. The case dates back to August 2013 when JHS submitted a breach report to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. In its report, the...

Reports from the U.S. Government Accountability Office (GAO) and Siemens highlight both the increasing cyber threats faced by the electric utility companies and the lack of adequate readiness to respond to these threats. According to these reports, a cyber-attack on the electric grid could cause “severe” damage. The electric grid delivers the...

Ah, the wonders of technology. In the innovation-rich Information Age, we are the beneficiaries of a nonstop wave of new advancements, each offering the ability to execute vital tasks faster and more efficiently than ever before. However, along with each breakthrough comes potential security vulnerabilities. Such is the case with containerization....

To protect the integrity and safety of their business-critical assets, cybersecurity must be a top priority for the oil and gas industry. Although they operate some of the nation’s most critical systems, securing these complex infrastructures can be a huge challenge. In recent years, the oil and gas industry has undergone a complete digital overhaul...

Over the course of the past 10 years, traditional application development methodology (waterfall) has given way in favor of the more agile DevOps-centric methodologies focused on continuous delivery and continuous deployment. This trend was turbocharged in 2013 when Docker containers came onto the scene and ushered in the proverbial crossing of the...

Most organizations with industrial control systems (ICS) fall into one of two categories: regulated and non-regulated. For those subject to government imposed regulatory requirements, the selection of a cybersecurity framework is obviously compelling. Such is the case with the nuclear energy industry and NEI 08-09. The nuclear energy industry is one...

As a system administrator during the early days of the “cloud revolution” I found the “cloud” metaphor an interesting choice to frame the technology stack. Clouds, in my mind, were “woolly” and hard to pin down as opposed to the omnipresent, always-available things that IT marketers were suggesting cloud services would be. But whilst I wasn’t a fan...

In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms and...

A malvertising actor known as "eGobbler" used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser's pop-up blocker built into...

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web...

GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected. The Authorities View Although...

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive...

TechCrunch reports that a security researcher stumbled across an exposed server on the internet containing databases with a total of more than 419 million records related to Facebook users. According to TechCrunch's reporting, each database record contains a user's unique Facebook account ID (from which it's possible to determine a user name) and...

Containers have become a popular technology for enterprises that need to create agile, scalable and reliable applications. As they’re moving containerized workloads into production, many are adopting Kubernetes for container orchestration. While containerization enables DevOps to deploy software fast and efficiently, it also creates new security...

Payment services that operate electronically should adopt technologies that guarantees the safe authentication of the user and reduces, to the maximum extent possible, the risk of fraud. In order to achieve this, the European Union in 2007 passed the Payment Services Directive (PSD). The aim of this legislation is to regulate payment services and...

For the 14th consecutive year, IBM Security released its annual Data Breach Report that examines the financial impact of data breaches on organizations. According to the report, the cost of a data breach has risen 12% over the past 5 years to $3.92 million per incident on average. These rising expenses are representative of the multi-year financial...

Headlines continue to suggest that organizations’ cloud environments make for tantalizing targets for digital attackers. Illustrating this point, the 2019 SANS State of Cloud Security survey found "a significant increase in unauthorized access by outsiders into cloud environments or to cloud assets" between 2017 (12 percent) and 2018 (19 percent)....

Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking database or maybe your...

Even though the healthcare industry has been slower to adopt Internet of Things technologies than other industries, the Internet of Medical Things (IoMT) is destined to transform how we keep people safe and healthy, especially as the demand for lowering healthcare costs increases. The Internet of Medical Things refers to the connected system of...