

James Carder
Chief Information Security Officer & Vice Presidentfeature_status*/ ?>
LogRhythm Labs
Comments Dotted :
18
May 22, 2020
It is evident that Home Chef lacked stringent security strategies.
Home Chef is one of the key players in the multi-billion-dollar meal kit delivery industry and is owned by one of the biggest supermarket retailers, Kroger. A company of this size must take responsibility for ensuring that sufficient security measures are in place to protect customer data and rapidly respond to cyberthreats. This is especially true now, as demand for deliver services continues to grow amid the coronavirus crisis. All companies in this sector must not falsely assume that there.....Read More

May 11, 2020
When a breach of this scale occurs, it reminds us of the necessity for businesses to have a strong security posture.
Dating apps require users to disclose, detailed and often sensitive, personal information, a relative gold mine for various types of attacks and threat actors. In the case of MobiFriends, mobile numbers, dates of birth, gender, usernames, passwords, user interests and their activity for over 3.6 million users were breached and posted on the dark web. This information could be used in delivering more targeted attacks against individual users but the breach also disclosed the corporate email.....Read More

May 06, 2020
Strong SSH key management is critical in protecting internet accessible SSH.
It is astonishing that GoDaddy was unable to detect unauthorized access to SSH account credentials for about eight months. With this particular incident, there are further unknowns such as whether sensitive files were exfiltrated from the accounts, and exactly how many accounts from GoDaddy’s hosting environment were compromised.
The GoDaddy data breach showcases how so many large enterprises still lack a comprehensive approach to detecting and combating threats. It is easy to assume that.....Read More

April 30, 2020
Organizations must take a proactive approach to protecting data.
Far too often the disclosure of a significant breach is in the news. Unfortunately, Chegg has made headlines again for a data breach. Organizations must take a proactive approach to protecting data. This should include mapping organizational capabilities and security controls to measure their preparedness to detect, prevent and respond to threats.
This incident is similar to Chegg’s previous incidents as an unauthorized party was able to gain access to sensitive information. This time.....Read More

April 20, 2020
This unfortunate instance is another case of bad IT practice with lax security controls without monitoring and alerting.
Clearview AI’s cloud data buckets were left vulnerable, and unfortunately, these oversights caused their facial recognition apps and private data to be left open on the internet for anyone to access. Additionally, thousands of videos from a residential building were left open on the server, a violation of privacy and potential danger to those on camera.
For companies like Clearview AI, that store and manage facial recognition software and data, it is crucial to implement necessary.....Read More

April 08, 2020
Email.it’s claim that no financial information was stored on the hacked server isn’t completely accurate.
This is an unfortunate incident all around. We have a provider of email services that not only has access to all of their customers’ personally identifiable information (PII), including usernames and passwords, but also of their emails and the content within those emails. As anybody who has been in the industry long enough knows, people still send sensitive information through email all the time — whether it’s a good practice or not.
Email.it’s claim that no financial information was.....Read More

March 23, 2020
Norwegian (and others) can implement to minimize further damage and prevent this from happening in the future.
Norwegian Cruise Line experienced a credential dump, and while on the one hand, we unfortunately see credential dumps occurring on practically a weekly basis, it does also mean that we are well aware of many best practices that Norwegian (and others) can implement to minimize further damage and prevent this from happening in the future.
The first step — which Norwegian has already recommended — is for all of its agents to change their portal passwords, as well as any other passwords.....Read More

March 18, 2020
In 2020, businesses are increasingly moving information to the cloud for cost efficiency.
This is another unfortunate instance of an AWS bucket left open without any security protocols, leaving extremely sensitive legal and financial documents unprotected online — accessible to anyone worldwide. In 2020, businesses are increasingly moving information to the cloud for cost efficiency, increased flexibility, and improved accessibility; however, it is important to understand the gravity of what it means to move this type of information to the cloud and be prepared to use everything.....Read More

February 14, 2020
In addition, establishing formalized processes or systems used to manage the process of exchanging money can be helpful as well.
Unfortunately, this is one of the most common scams in the industry today. It takes advantage of unsuspecting individuals with great intentions, who are simply looking to follow through accordingly with what seems to be a legitimate request for action.
To help prevent incidents like this moving forward, security awareness programs are a great help — especially programs that focus specifically on phishing awareness. Ensuring employees are comfortable with analyzing subject lines, sender.....Read More

February 11, 2020
First and foremost, anyone creating these technologies should employ secure software development and application security best practices.
It is worrisome that an app developed specifically for elections did not have advanced security measures in place — especially when millions of voter records were contained within it. Unfortunately, in this Elector incident, personally identifiable information including names, addresses and phone numbers for over six million voters was left exposed. This data can now be weaponized in future attacks, and it leaves those impacted vulnerable to future fraud.
On top of that, these types of.....Read More
