

The attack on medical institutions for health care identity data has reached crisis proportions. The information is coveted by hackers because of the valuable PII (personal identification information) that can be used to create lines of credit and other valuable financial instruments.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that enforces federal civil rights laws has been issuing substantial fines for not adhering the practice and procedures
.....Read More
The alert warns a "HUGE" amount of data was exfiltrated from Kia Motors America. This is usually a sign the hackers were in the system for a long time, e.g. the hackers had a long "dwell-time." (Dwell-time is the amount of time during which an attack goes undetected.) According to one report from Booz Allen Hamilton, cybersecurity dwell times may last between 200-250 days before discovery.
Hackers are going to use some mechanism to enter or systems, be it phishing, social engineering, weak
.....Read More
It's important to note that the malware that is being implanted into these browsers can also contain multiple payloads. That is the payload may not just be confined to malvertising material - but can also contain more traditional enterprise attacking payloads where corporate and other credentials are collected and directed back to the command and control center. These traditional credential collectors can be used to attack BOTH individuals and enterprises.
This is why enterprises need to
.....Read More
The key here is to note that hackers are usually INSIDE the enterprise, undetected for a long time. F5 reported in 2021 the average time it takes to discover a ":credential spill" is 327 days.
By this time, we have to assume that an attacker is going to penetrate our network, servers, applications in some form or another. Billions of scans are running daily - looking for known, published vulnerabilities. Chances are one of our systems is not fully patched or even SHIPPED w/ a vulnerability
.....Read More
The report states: ‘Organizations are also poor at detecting breach attempts: median time to discovering a credential spill between 2018 and 2020 was 120 days, while the average time to discovery was 327 days.’
I think this is the key point. Hackers are going to find a vulnerability somehow, someway - we are all being scanned. And once that flaw is found, e.g. an unpatched server, a weak password, an open network device - the hacker will be on our systems. From there, we MUST be able
.....Read More