Category: Uncategorized

Some ISPs have been fixing via firmware updates but more need to follow. Read full article here.

Excellent summary on the top issues and expected advancement of AI and machine learning solutions to improve cyber protection, identification and remediation. Read full article here.

Congratulations to the Armis Team!!! Game changing products drive fantastic multiples validated by smart Investors and successful customer deployments. Cheers!!!! Read full article here

After an Iranian general was killed in a U.S. drone strike in Baghdad late Thursday night, security experts and the Department of Homeland Security warned of possible retaliatory cyber strikes from Iran that could target critical infrastructure, government agencies as well as private businesses. No doubt, tension in Middle East will spark more attacks and[…]

Cloud, Cyber and Kube spending will continue to increase in 2020, consistent feedback from our customer base. Full article here…

Cyber security budgets continue to increase and money keeps pouring into Cyber Innovation companies. Peer discussions regarding deployment value critical in purchasing or investing in the early stage companies.  Read full article here

Cyber Insurance a must have investment, contract language critical to who pays or not. Expect much tighter language in the future. Read full article here…

Third Party risk, what happens when your vendors cant pay? Business impact? Risk? Disruption? Read full article here…

Patients Whose HIV Test Results Were Exposed Will Get $75. Read full article here.

Real impact on business bottom line! Investment in cyber protection will continue to increase. Read full article here.

More access to PII data, passwordless authentication can’t come fast enough for Words with Friends game users. For the time being, it is smart to change passwords on other services too. See full article here. 

Good to see press on this issue/pain, the public is clueless about the amount $$$ being paid to Ransomware daily…we know about every $1,000, etc…stolen from banks in our area yet little on real $$$ cyber losses/payments… See full article here.

Congratulation to the HYPR Team! Getting rid of passwords and shared secrets will be a huge time saver for many along with a much easier authentication experience. Read full article here.

Iranian fraudsters targeting intellectual property, critical to identify and protect crown jewel IP and applications. Full read article here…

This law is going to drive major spend in Data Protection in 2020. The British Airways GDPR fine of 230MM and Marriott fine of 124MM tip of the iceberg. Read full article here…

The breach occurred via a spear phish e-mail attack on an employee. E-Mail remains the #1 method fraudsters penetrate organizations. Read full article here.

Major problems for those exposed with low IT budgets. Read full article here…

This is not a surprise, Capital One is one of the most  Cloud forward financial firms in the world. Unfortunately, not a fun position per the risk for Security professional’s personal name, reputation and trust. Core reason many Global Banks remain cloud careful on the journey to the cloud. Full Article Here…

Correct and understanding your cloud workload inventory, data exposure. Data Protection is a top security initiative for my customers. Full Article Here….

Discovering and monitoring/managing unmanaged IoT devices hot topic per potential impact/damage to Labs, Manufacturing Plants, Corporate networks, etc. Read full article here…

This has driven many meetings this week with my customers to assess current state risk. Former Amazon employee/insider and lost Capital One PII, this will be a hot topic on Capitol Hill. Read full article here…

Most Cloud forward FS company got breached per a misconfigured AWS server, former AWS employee was the perpetrator who went public about the stolen PII data. Read full article here…

Consistent issue, we must do a better job attracting BS & BA students into Cyber through offering intro classes with different options per the multiple roles/requirements needed. Read full article here…

Turning on two factor authentication would stop this invasion of privacy and accessing user accounts. Read full article here…

The Police got hit with Ransomware and Water Power Authority Business E-Mail Compromise-2.3MM loss. BEC is a major problem, my customers are moving this up the Cyber Innovation priority list. Read full article here…

BA is hit hard for losing personal data. This is 367x higher than the previous Facebook 500k fine. The UK law mirrors the GDPR law, this fine will drive more focus on data protection and compliance.  Read full article here…

Congratulations to the TrapX Team! See full article here…

Insider threat remains top priority. Many underestimate human factors. Read full article here…

More PII exposed=new business opportunity in the Dark Web! Companies will start creating new data retention policies which decrease the time stored. Read full article here…

Congratulations to the SecurityScorecard Team!!! Read full article here…

Natural progression after millions of personal documents are exposed on the internet. Read full article here…

Third party partnership exposes Quest Read Full Article Here…

Yikes, major exposure!   About 885 million documents, including bank account numbers, mortgage records, Social Security numbers, drivers’ license images and tax records, have been leaked by First American Financial Corp.’s website. Anyone with a web browser and a URL for a legitimate document could access the real estate title company’s records. Full article here…

This has delayed home sales and halted water Bill’s for 2 weeks. The city will not pay the ransom and working around system outages. Read full article here…

Account takeover and spear phish  e-mails targeting third parties who have relationships with the targeted companies will continue to increase in 2019. Read full article here…

Congratulations to Yevgeny and Team! My early adopters have confirmed the deployment value of Armis. READ FULL ARTICLE HERE

Account takeover emails are difficult to stop, another example of the potential damage. Read full article here…

Wow, scary… Full article here…

Disclosing breaches faster per the pressure of data privacy regulation will continue to be a hot topic. View full article here…

Ransomware takes down production lines in one of the world largest aluminum manufacturers. No ransom was requested, they just took down the lines. I expect increased security investment in Manufacturing and Lab environments to improve cyber resiliency and visibility. Full article link here

Hottest product in the Insurance Market. The Cyber losses will continue to significantly increase. Read full article here…

Great week at the RSA conference this week. This article summarizes hot topics. The key metric remains successful enterprise deployments to determine potential impact and  value. Read full article here

Aerospace giant Airbus says it suffered a hack attack leading to a data breach. Click here to read the full article…

Interesting article about PII exposure and the complexity of managing primary and secondary 3rd party relationships. Read full article here

Creative 20 year old shows how he can create havoc for German Politicians with weak passwords and poor hygiene. Hundreds of members of the German parliament, Chancellor Angela Merkel as well as numerous local celebrities have had their personal details and other sensitive information leaked online. Read full article here

From the first revelation that the Marriott’s computer systems had been breached, there was widespread suspicion that the hacking was part of a broad spy campaign to amass Americans’ personal data. Read full article here

Another major breach, notice the alignment of business-share price dropped by 6% and expect further drops today and risk. 500 million guests PII exposed….Brand, reputation and trust exposed… Read full article here…

NYC stepping up yet long way to go…. Read full article here

Improving authentication controls with next generation tools leveraging passwordless, bio metrics and AI critical to stopping the bad guys. Read full article here

The growth of Cloud computing will continue to increase. The Giants have a great view into forecasts and pipeline thus the massive investment. Huge opportunity for innovative cyber security companies who address the gaps.     Even though there are indications that overall cloud data center spend may be slowing down, the biggest cloud providers continue[…]

There will continue be penalties for improperly gathering and misusing personal data. This time 89mm users and big fine.   Facebook has finally been slapped with its first fine of £500,000 for allowing political consultancy firm Cambridge Analytica to improperly gather and misuse data of 87 million users.

Another example why Healthcare companies must invest in unconventional controls to protect their members and patients. This is not a simple check box process, the bad guys continue to change tactics and build game plans how to beat existing products and known controls. Brand, reputation, trust at stake. Read full article here

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Interesting implications in Europe   The 50 million compromised accounts are the first major test of the GDPR On Friday, a massive breach opened up a new front in the war on Facebook. According the the company, more than 50 million accounts were taken over by a kind of login worm, which used a series of unpublished[…]

More issues with exposed credentials On Friday, Facebook announced that it had discovered evidence of a security breach affecting almost 50 million accounts. The company’s investigation is in its early stages, so there are still many unknowns about the cyberattack. Here’s a rundown of what we know so far based on the details that Facebook has released[…]

Industry group UK Finance said £145m of that was due to authorised push payment (APP) scams, in which people are conned into sending money to another account. But £358m was lost to unauthorised fraud, which includes transactions made without account holders’ knowledge. Unauthorised fraud victims are usually refunded by their banks, but most victims of[…]

A new report says hackers have used a leaked US government software tool to step up illicit mining of cryptocurrencies like bitcoin and monero.  

British Airways has been threatened with a £500 million ($650 million) class-action lawsuit in U.K. court following its warning last week that a hacker had stolen payment card data associated with 380,000 transactions, one of the worst breaches to ever come to light in the country.

This is the hottest product in the Insurance industry…no surprise given current state….big market opportunity to price/assess customers fairly and pay for compromise… All companies are potential victims of cyber attacks, and buying insurance is one way many are trying to manage that risk. Why it matters: Companies hit by attacks are exposed to incredible costs[…]

This trend will continue as Global companies strive to improve PII data protection on prem and in the cloud.   Three months after the EU’s General Data Protection Regulation went into full effect, the U.K.’s data privacy watchdog says that the number of complaints it has received under GDPR has nearly doubled (see Europe’s Strong GDPR Privacy Rules[…]

The inbound phishing attacks will continue to get more creative, e-mail remains the #1 approach to penetrating security organizations. Criminal indictments against three alleged high-level members of a prolific cybercrime gang called FIN7, unsealed last week, reveal the low-tech attack tactics that had high levels of success.

The cost of the city of Atlanta’s mitigation and subsequent IT overhaul following a massive SamSam ransomware infection earlier this year could reach $17 million. Continue Reading…

Taiwan Semiconductor Manufacturing Co., the world’s largest chip manufacturer, says a WannaCry infection hit unpatched Windows 7 systems in its fabrication facilities, leaving multiple factories crippled. The chipmaker traced the infection to a new software tool that it failed to scan for malware before installation, and says the outbreak could cost it $170 million.

https://www.databreachtoday.com/hackers-grab-15-million-patients-details-in-singapore-a-11228   Prime Minister was the target, now 25% of the Singapore medical records exposed.

Article Link   The database houses approximately 340 million records. Security researcher, Vinny Troia, said that there were roughly 230 million consumer records exposed, and 110 million business contacts. That represents essentially every adult in the United States.

Article Link Digital coins will continue to be a priority target for the good guys.

Article Link Current and former disgruntled employees are driving the need for better analytics/detail on normal/abnormal behavior.

Article Link More Insurance and Health records exposed, yikes….These articles are helping the general public understand the magnitude of the risk and impact on business, brand and reputation.  

Article Link   The Canadian banks have reported being contacted by external ‘fraudsters’ claiming to have accessed information on an estimated 90,000 customers.

https://threatpost.com/banco-de-chile-wiper-attack-just-a-cover-for-10m-swift-heist/132796/   Gaining better visibility into application dependency mapping with a specific focus on SWIFT is a high priority for my Global Banks. Last year there were 8 reported SWIFT breaches driving more investment in better visibility and micro segmentation.

Unfortunately, companies are making business decisions when paying the hackers. The public does not understand the magnitude of the daily global payments.https://www.databreachtoday.com/hackers-demand-770000-ransom-from-canadian-banks-a-11050

Hoping to thwart a sophisticated malware system linked to Russia that has infected hundreds of thousands of internet routers, the F.B.I. has made an urgent request to anybody with one of the devices: Turn it off, and then turn it back on. Source: F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia-Linked Malware – The[…]

A revolution in how companies handle your personal information is happening.The General Data Protection Regulation (GDPR) comes into effect across the European Union on May 25, introducing much tougher rules on data privacy. Source: GDPR: The simple guide to Europe’s new data privacy law

New research released by two security companies paints an unsettling picture for the health-care industry: Hackers are stepping up their attacks on hospitals and other health organizations that may be ill prepared to defend against the wave of malicious activity. Source: The Cybersecurity 202: Why cybersecurity experts are so concerned about the health-care industry –[…]