Podcast: Massive Myspace Hack, Cryptoworm Warnings and Breach Lawsuits Continue

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 72: Massive Myspace Hack, Cryptoworm Warnings and Breach Lawsuits Continue: This week saw more news about password breaches as 427 million Myspace passwords and 65 million Tumblr passwords were put up for sale on the dark web. Scrum.org announced a potential data… Read More

Intentional or Not, Insider Threats Remain a Huge Risk to Businesses

Insiders are one of the most dangerous threats all organizations face, as the players involved in these attacks usually have easy access to an organization’s resources. Taking a look at the recent $81 million bank heist from the Central Bank of Bangladesh, the FBI suspects that this attack was an inside job, with several people… Read More

Vulnerability Management: False Confidence, the Remediation Gap and Other Challenges

Organizations believe their vulnerability management programs are more mature than they really are, and the time it takes to remediate vulnerabilities remains an issue for many businesses, according to several reports. A SANS whitepaper, What Are Their Vulnerabilities?: A SANS Survey on Continuous Monitoring, concluded that security practitioners are overconfident in their current state of… Read More

Podcast: Big Names Get Breached, Malware Evolves and Court Questions Data Sharing

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 71: Big Names Get Breached, Malware Evolves and Court Questions Data Sharing: This week’s trending cybercrime events include breaches at the NBA’s Milwaukee Bucks and the furry site “Fur Affinity,” a two-year cyber-espionage campaign against Swiss military contractor Ruag, payment card skimmers… Read More

Anonymous Ops Trending, Where are the Other Hacktivists?

Not long ago, several hacktivist groups like the Syrian Electronic Army and Lizard Squad were making headlines on a weekly basis with new hacktivism campaigns and random attacks. While Anonymous has always been the primary source of hacktivism throughout the world, it is interesting to see how these other prominent hacktivist groups’ activity has essentially… Read More

Top Dark Web Markets: AlphaBay and Stolen Credentials

Dark web markets are constantly changing. The last major shakeup to occur was the disappearance of the Nucleus Market, which has been offline for nearly a month and a half. Since then, the site’s users have flocked to other markets in search of an alternative. Many of those users have transitioned to AlphaBay, the current king of… Read More

Credential Theft and the Problem of Non-Breach ‘Breaches’

Earlier this month, news outlets across the country reported on the latest mammoth list of stolen credentials — 272 million in total. “It is one of the biggest stashes of stolen credentials to be uncovered since cyber attacks hit major U.S. banks and retailers two years ago,” Reuters reported. Turns out, the total number of actual accounts affected… Read More

Podcast: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court

A new episode of the SurfWatch Cyber Risk Roundup has been posted, Episode 70: Hackers Get Hacked, SWIFT Attacks and a Ruling from the Supreme Court: The hacker forum Nulled.io was breached and the sensitive information of its members was made publicly available. SWIFT warned of more attacks against banks at the same time the… Read More

Ransomware Is Not the Top Cybersecurity Threat Facing the Healthcare Sector

Ransomware is making all the headlines so far in 2016. This threat has become so mainstream it has caused both the FBI and US-CERT to issue ransomware alerts, with the healthcare sector being mentioned in both. On March 31, 2016, the United States Computer Emergency Readiness Team (US-CERT) issued a ransomware warning concerning the Locky… Read More