Ask healthcare IT professionals where the sensitive data resides, and most will inevitably direct your attention to a hardened server or database with large amounts of protected health information (PHI). Fortunately, there is likely nothing wrong with the data at that point in its lifetime. But how did those bits and bytes of healthcare data get to...

In today’s rapid technological evolution, information from particular sources can be easily accessed, copied and shared out to a larger audience. If an organization fails to complete its basic role of being a guardian of the confidential business information within the company, it could convey unfavorable effects for business’ stability and...

A new variant of the BankBot malware family is exclusively targeting Google Play in a bid to steal Android users' credit card details. Infection begins when an unsuspecting user downloads Jewels Star Classic, a mobile game created by a developer named "GameDevTony." Upon successful installation, the app's malicious functionality waits 20 minutes...

Last week, I spoke with Candy Alexander. An attack by the famous Kevin Mitnick started her cybersecurity career! This time, I had the pleasure of interviewing Kim Wong. She recently started in a cybersecurity role in the UK's financial services industry. Kim Crawley: Tell me a bit about what you do. Kim Wong: I’m a security analyst in the cyber...

The Security Exchange Commission (SEC) announced on Wednesday that its EDGAR database was compromised in 2016. This database stores non-public information on businesses, such as quarterly earnings, and statements on merger and acquisition dealings. According to the agency, the compromise was due to a software vulnerability being exploited on its...

A threat actor known as APT33 is actively targeting organizations in the aerospace and energy sectors with spear phishing campaigns. Between mid-2016 and early 2017, the suspected Iranian digital espionage group attacked a U.S. organization in the aerospace sector, a Saudi Arabian conglomerate with aviation holdings, and a South Korean company known...

While false detections should be eliminated as much as possible, these are an inherent part of any vulnerability assessment tool. Possible reasons for false detections include rapid changes in vendor-specific patches/updates, zero-day vulnerabilities, access restrictions, and network glitches. The goal is to have the fewest vulnerabilities detected in...

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information. The most recent warning of Android malware relates to a new banking trojan called Red Alert 2.0 that has managed to infiltrate a number of third-party app...

UPDATED 19/9/17 to correct the fact that US Info Search never sold any data to Ngo Equifax made headlines on September 7, 2017, when it announced its discovery of a data breach earlier in the year. In the security incident, computer criminals leveraged a "U.S. website application vulnerability" to view some of the consumer credit reporting agency's...

"Cloud computing" is not a buzz phrase anymore, but it is essential for most businesses looking to achieve sound business continuity alternatives combined with a comprehensive security model. Cloud Computing What is cloud computing, and what does it do? Very simply, for the end-user, a cloud computing experience is no different than using a...

The new EU General Data Protection Regulation (GDPR) is the biggest shake-up in privacy legislation and data management approach for many years. It will impact any organisation throughout the world that processes personal data relating to EU citizens. Organisations that breach the regulation can be fined up to four percent of their annual global...

If you have contracts with the United States Department of Defense (DoD) or are a subcontractor to a prime contractor with DoD contracts, your organization has until December 31, 2017, to implement NIST SP 800-171. This is a requirement that is stipulated in the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. In the context...

As I write this blog post, it’s nine months to the day until the General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. The title of this article works if you know the pop single “Murder on the Dance Floor”! It struck me as surprising when earlier this month, a hard working diligent European (mainland) colleague who...

Keeping up with advances in technology is like being a hamster on a wheel: the race never ends. But that drive is ultimately what yields innovative advances in IT – for both hackers and cyber professionals alike. We need to understand that we cannot control this evolution – neither its speed nor progress – but we can implement standards and best...

Nearly half of organizations that store, process or transmit card data are still failing to maintain PCI DSS compliance from year to year, reveal new statistics. According to the 2017 Verizon Payment Security Report, the number of enterprises becoming fully compliant is on an upward trend—growing almost five-fold since 2012. Last year, 55.4 percent...

10 years ago, people used to enter a bank physically to complete any kind of transaction. The situation has changed a lot today. With the introduction of online banking, people are able to make all types of transactions with the click or touch of a button. Last year, a survey from Bank of America revealed that 62 percent of Americans now utilize...

The damage wrought by the WannaCry and NotPetya malware outbreaks highlights the importance of organizations taking steps to strengthen their digital security defenses. But in the shadow of such high-profile attacks, the state of organizations' security postures remains unclear. Do most companies understand the importance of their information and...

Cyber security is a relatively new concern to the healthcare sector. Most organizations began looking into it in just the past five years. Given this still-nascent focus, there have been some real lows for healthcare and highs for cyber attackers. Good News to Start There's some good news to share with respect to healthcare providers (acute and...

Your cyber security department has some big hurdles when it comes to hiring. In IT, 10 percent of all job postings are in cyber, and the growth rate is 2x faster than other IT jobs. There will be 1.5-2 million unfilled cyber jobs by 2019. Currently, cyber job postings take 24 percent longer to fill than other IT jobs and 35 percent longer to fill...

Have you heard about the European Union's Network and Information Security (NIS) Directive, which is scheduled to enter into member state law in 2018? Maybe not. Both the world’s attention and appetite for IT security legislation has been overfed with all things General Data Protection Regulation (GDPR) over the past two years, leaving little...