Vulnerability Management: False Confidence, the Remediation Gap and Other Challenges

Organizations believe their vulnerability management programs are more mature than they really are, and the time it takes to remediate vulnerabilities remains an issue for many businesses, according to several reports. A SANS whitepaper, What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring, concluded that security practitioners are overconfident in their current state of… Read More

Podcast: Big Names Get Breached, Malware Evolves and Court Questions Data Sharing

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 71: Big Names Get Breached, Malware Evolves and Court Questions Data Sharing: This week’s trending cybercrime events include breaches at the NBA’s Milwaukee Bucks and the furry site “Fur Affinity,” a two-year cyber-espionage campaign against Swiss military contractor Ruag, payment card skimmers… Read More

Anonymous Ops Trending, Where are the Other Hacktivists?

Not long ago, several hacktivist groups like the Syrian Electronic Army and Lizard Squad were making headlines on a weekly basis with new hacktivism campaigns and random attacks. While Anonymous has always been the primary source of hacktivism throughout the world, it is interesting to see how these other prominent hacktivist groups’ activity has essentially… Read More

Top Dark Web Markets: AlphaBay and Stolen Credentials

Dark web markets are constantly changing. The last major shakeup to occur was the disappearance of the Nucleus Market, which has been offline for nearly a month and a half. Since then, the site’s users have flocked to other markets in search of an alternative. Many of those users have transitioned to AlphaBay, the current king of… Read More

Credential Theft and the Problem of Non-Breach ‘Breaches’

Earlier this month, news outlets across the country reported on the latest mammoth list of stolen credentials — 272 million in total. “It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago,” Reuters reported. Turns out, the total number of actual accounts affected… Read More

Podcast: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 70: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court: The hacker forum Nulled.io was breached and the sensitive information of its members was made publicly available. SWIFT warned of more attacks against banks at the same time the… Read More

Ransomware Is Not the Top Cybersecurity Threat Facing the Healthcare Sector

Ransomware is making all the headlines so far in 2016. This threat has become so mainstream it has caused both the FBI and US-CERT to issue ransomware alerts, with the healthcare sector being mentioned in both. On March 31, 2016, the United States Computer Emergency Readiness Team (US-CERT) issued a ransomware warning concerning the Locky… Read More

What Can We Learn About Social Engineering From Impersonation?

With organizations losing billions of dollars due to business email compromise scams and thousands of employees having their W-2 information sent to criminals each week, it can be easy to think, “How can people be so dumb and keep falling for these same tricks?” When it comes to socially engineering an employee, most people think of email phishing — and… Read More

Will Your Internal Sharing of Data Cause a Breach?

On May 4 the United Kingdom’s Information Commissioner’s Office (ICO) announced a £185,000 fine against a health trust for inadvertently publishing the personal details of 6,574 staff members on its website. Blackpool Teaching Hospitals NHS Foundation Trust is required to post annual equality and diversity metrics. Unfortunately, the published spreadsheets contained “hidden data.” Simply double clicking on… Read More