Weekly Cyber Risk Roundup: Yahoo One of Many New Data Breaches

The past week has been full of various data breach announcements that have flown mostly under the radar. One exception is the breach at the World Anti-Doping Agency (WADA). New batches of information on Olympic athletes continue to be leaked, and the Entertainment sector’s cyber risk score has steadily risen to reflect those leaks. Another… Read More

Closing the C-Suite Knowledge Gap with Cyber Threat Intelligence

I spend my work days digging through SurfWatch Labs’ cybercrime data and writing blogs and reports on the latest cyber threat intelligence trends, so it should come as no surprise that among my friends and family, I’ve become the “cybersecurity guy.” In fact, many of those same people in my personal life would be happy to shove… Read More

Weekly Cyber Risk Roundup: Ransomware Ups the Ante and Other Headlines

Three of this week’s top four trending industry targets centered around DDoS attacks. Linode, which made last week’s roundup over reported DDoS attacks, was targeted once again. The cloud hosting company has seen DDoS attacks throughout the month, with the latest attack coming on September 13, according to company logs. Additionally, Brian Krebs’ website was hit… Read More

Short Selling Vulnerabilities Latest in String of Stock Market Manipulation

Medical device company St. Jude filed a lawsuit yesterday against Muddy Waters and MedSec Holdings over a “false” report about cybersecurity issues in St. Jude’s cardiac devices. The August report caused the company’s stock to drop more than ten percent on the heels of those allegations and raised questions around a pending $25 billion deal to be acquired by Abbott Laboratories.… Read More

POS Breaches: Bankrupting Small Businesses and Impacting the Supply Chain

There’s a popular cybercrime statistic that has been vexing me for years, and if you read cybersecurity news regularly, I’m sure you’ve seen it cited a few dozen times as well: 60% of small businesses close their doors within six months of a cyber-attack. I’ve always been skeptical of that bold statistic. As Mark Twain wrote in his autobiography,… Read More

Banner Health Data Breach Leads to Series of Class Action Lawsuits

Earlier this month, Banner Health announced a data breach affecting approximately 3.7 million people. Since then, a series of class action lawsuits have been filed against the healthcare provider. The breach involved two separate attacks, Banner Health said. The first targeted payment cards used at food and beverage outlets across some Banner Health locations. The second targeted patient, insurance, and provider information. The… Read More

After Slow Start in 2016, Point-of-Sale Breaches Surging

Last week Eddie Bauer became the latest in a growing string of companies to announce a major point-of-sale-related breach. All 350 North American stores were affected by malware that may have siphoned off customers’ payment card information between January and July of this year. Not all cardholder transactions were impacted, the company said, and the breach does not include any… Read More

Does Your Cyber Threat Intelligence Tell a Story?

I began at SurfWatch Labs several years ago with one primary directive: be a story teller. Cybercrime impacts everyone, I was told, yet many business owners, executives and employees know next to nothing about cybersecurity.  For the most part those people were either unaware, assumed their business would never be a targeted by hackers, or… Read More

Typosquatting: Easy Attack Vector That Produces Results

Every week here at SurfWatch Labs our team of threat analysts write about new vulnerabilities, malware developments and cyber-attacks.  One attack vector that is not mentioned very frequently but can be a significant threat for organizations and consumers alike is a technique called typosquatting. Typosquatting is an attempt to trick users into thinking they have landed on their desired website,… Read More

IcyEagle: A Look at the Arrest of an Alleged Dark Web Vendor

Last month Aaron James Glende, 35, was arraigned in U.S. District Court in Atlanta on charges related to selling stolen bank account information on the Dark Web market AlphaBay. According to the indictment, Glende operated under the alias “IcyEagle” and began advertising his criminal services in late 2015. Although the exact picture of how law… Read More