February 28, 2016

Data Breach Story: Hospital pays $17,000 in ransom to recover patient data

The Hollywood Presbyterian Medical Center ended up deciding to pay $17,000 in ransom after network computers with their Electronic Medical Records were hit by a ransomware attack. It's a little unnerving that the hospital did not seem to have any backups, and that 10 days elapsed from the time the data was locked up.
April 1, 2016

Hospital ransomware attacks are just a stepping stone to your industry

This week, hospital chain Medstar Health in Washington, D.C. was hit with a crippling ransomware attack that encrypted file systems on computers throughout the organization’s network. […]
April 1, 2016

Data Breach Stats: 70-90 percent of malware attacks on businesses are unique to the organization

If you're wondering why malware is still such a problem for security software companies to detect, it seems to be because attackers literally change the signature for almost every organization they target with malicious code. It doesn't mean they have to build it from scratch, though. They only have to change it enough to make it look different to the scanning software. Here are a couple of other interesting things about the state of enterprise data breaches that I learned from the 2015 Verizon Data Breach Investigations Report.
April 1, 2016

The security fairy isn't going to close your open vulnerabilities

If you have a feeling you should one day do some kind of check to see if you have anything from your network exposed on the Internet, you’re probably right. In fact, nobody else – including the security fairy – is going to do it for you. This goes for both home networks and businesses, although it’s probably a little more likely that employees of businesses may have installed things with severe vulnerabilities that management or the IT group doesn’t know about than people at home. But it does happen everywhere. In a recently documented case, the simple exposure of printer ports to the Internet led to a white supremacist being able to send racist messages to be printed on thousands of exposed printers over the Internet.
April 29, 2016

Don't be too quick to pay extortion fees based on the threat of an attack

If you or your employer receives a threatening email saying that your website will be targeted with a Denial of Service Attack, don't be too quick to pay them to preempt the attack. A recent report by security firm CloudFlare disclosed that targeted victims appear to have paid as much as $100,000 USD based only on an email threat that was not credible, upon close analysis. It can be scary to receive such an email, but there are some clues that could help you determine if the threat is real or not.
April 30, 2016

WhatsApp helps you prove you may not have done it

While many people just think of WhatsApp as a convenient way to send messages from mobile devices, the company has taken serious steps to respond to recent concerns over global tracking and surveillance of mobile messages. In fact, WhatsApp now supports something called repudiation, which means that you could deny being the person who sent a particular message. Why would you want to do deny sending a message, and why would WhatsApp want to let you do that?
April 30, 2016

Sorry, we're turning your connected device into a brick now

It seems unbelievable, but we are starting to see real incidents of connected products that are being abandoned by their manufacturers well before their end of life, leaving buyers with unusable hardware. The case of the Revolv hub sets an ominous precedent that should give us all pause for thought when buying any new hardware devices in the future. Essentially, they've decided to turn the products that people bought from them into bricks. Anything we might buy in the future, from light bulbs to cars, can (and probably will be) connected to the Internet. This fact, in itself, presents some risks that many security experts are trying to understand and communicate to people. But a more fundamental risk we all need to start considering is what happens if the manufacturer or vendor goes out of business, gets purchased by another company, or just decides to stop supporting the devices? You could be stuck with a brick, or at least a less useful version of what you thought you were buying. It might even cause more serious impacts.
May 1, 2016

Data Breach Story: Law firms hacked for insider information

As you can imagine, there are a multitude of reasons why businesses get hacked. Often, its for personal information in support of identity theft. But while […]
May 30, 2016

Beware the ghosts of smart device owners – past and future

I haven’t been able to find a reliable source for this story, other than that it was recounted by Leo Laporte on the Security Now podcast episode #561. However, the scenario illustrates a couple of interesting risks from using Smart devices, where the devices may have been returned by an original purchaser, and then purchased by somebody else.
May 30, 2016

LinkedIn: Oops. Did we say you weren’t affected by that breach back in 2012?

If this sounds like old news, it actually is, but with a slight twist that you should think about. In 2012, LinkedIn was hacked, and password data for millions of the social network’s users was exposed. At the time, LinkedIn assessed the situation and made a public disclosure, as well as forcing millions of affected users to reset their passwords. However, they seem to have made an error in determining which accounts were actually at risk.