


This particular threat actor group is woefully underinformed, and based on their ransomware assumptions, is likely not from the US.
US school districts may appear to some have large budgets, but almost all of those budgets are committed to ongoing expenses that are deeply and contractually committed. There’s little to no discretionary budget, and even core resources are underfunded. Not all that long ago, my public school textbooks were covered in years’ worth of markings from other
.....Read More
The Accellion file transfer product used by Sintel is 20 years old, and continues to be used by many organizations in the financial, governmental and commercial sector to transfer large files, despite Accellion’s offering of newer and more secure file sharing solutions. That’s problematic – it’s the kind of decision that puts companies at sharply increased risk. The fact is that breaches are going to happen, and possibly through a 3rd party.
The takeaway is that when a company pushes out
.....Read More
These statistics paint a useful picture of the crisis we’re in, but they also show that too many organizations are still running ad hoc and expanding the problem because they don’t know in a timely way when breaches happen. There are four simple steps that every organization should take. The first is passwords – company and customer account passwords should never have less than 20 characters because they’re just too easy to crack. Companies need to enforce stricter password policies,
.....Read More
The thing we need to understand is that you don’t have to be a highly skilled attacker to be able to successfully breach a system like this. Although alarms would’ve been triggered before any dangerous water reached anyone’s taps, this plant was very lucky that the worker noticed his mouse moving and was able to address it quickly. Water plants are not known for their security resources, and between budget cuts and COVID keeping people working remotely, they’re even more vulnerable.
.....Read More
I love that they actually got the statistic – 768% increase in remote desktop attacks. That’s definitely a number we need to be paying attention to. And 29B attempted attacks for the year is a reminder that the bad guys never take a break. A few things everyone should remember:
- Password security is crucial. Make them long, make them different, make them strong. Have a password manager. Use 2FA (or MFA) to help add that extra layer of security. And please, don’t click on anything without

mHealth apps – even before the pandemic – have had real problems with security. Unfortunately, many of these types of apps don’t have strong security – they don’t allow MFA, they only require short passwords, and of course, the API-related issues this researcher has underscored. As stated in the report, we’re seeing people using healthcare apps even more now as a necessity driven by the pandemic.
Another area of vulnerability is how the apps are put together. Are they using OS software? If
.....Read More
This is a case study in why every government needs to step in and enforce some fundamental data privacy protection legislation with penalties. Not too long ago, attackers deleted this company’s customer data base – but they had backups and were back in business.
Now, because of a failure to practice fundamental encryption to protect their customers’ data, some 400 million peoples’ financial, location, national identity cards and personal data has been exposed, and their lives are likely
.....Read More
There are many layers to data privacy, but one of them centers around a fundamental need for governments to re-think and more aggressively protect our rights as citizens to own our own data if we so choose.
Major Tech has benefited and profited from the trust that consumers unknowingly placed in them to protect our data and hold it private, rather than commoditizing it.
We’ve inherently accepted that they are allowed to collect our data for their purposes, without disclosing how that data
.....Read More
I find it really fascinating that in the U.S., we have the cheapest fullz at about $8/record. We know that in the countries that are the highest – Japan, UAE and Europe – they’re taking extra steps to make sure all companies are adhering to some sort of data privacy and protection. In the U.S., we don’t put it as high up on the priority list as they do, and this research clearly shows that.
Companies – and consumers – need to do better at privacy. Better passwords, having password
.....Read More
It’s interesting that they are targeting construction – that’s an industry that hasn’t received as much attention from attackers as other sectors. Usually, attackers are focused on healthcare, finance, energy, and retail – but those industries have certainly increased their investments in cybersecurity training over the last two years, so these attackers cleverly shifted to construction, where every initiative involves tens of millions or often hundreds of millions of dollars, and
.....Read More