15 Feb 2021

US Court system demands massive changes to court documents after SolarWinds hack

The House Homeland Security Committee has demanded more transparency on what court officials know about the SolarWinds hackers’ access to sensitive filings. The effects of the massive espionage operation could make accessing documents harder for lawyers, the lawmakers say. The Senators are seeking more information about the attackers’ infiltration of

Read More
27 Jan 2021

More Cybersecurity Firms Confirm Being Hit by SolarWinds Hack

Two more companies, Mimecast and Qualys, have emerged in the SolarWinds breach, claiming that they were targeted by the same threat actor that breached the IT management solutions provider SolarWinds. The attack was a sophisticated supply chain hack that eventually went on to install backdoors in US agencies’ systems. Fidelis

Read More
22 Jan 2021

Einstein Healthcare Network Announces August Breach

Einstein Health Network is a Pennsylvania based health care company offering services such as medical rehab, outpatient and primary care centers. The organization recently announced a breach in which an authorized person was able to gain access to sensitive information and emails. Einstein has known about the breach since August

Read More
20 Jan 2021

The aftermath of the SolarWinds breach: Organizations need to be more vigilant

In the wake of the SolarWinds breach in which several key US agencies were hacked in an espionage campaign likely perpetrated by Russian actors, security experts are voicing concerns regarding how organizations manage and implement cybersecurity best practices. It may be necessary for entities to change how they vet vendors

Read More
20 Mar 2020

Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records

An open Elasticsearch incident has reportedly exposed more than 5 billion records from 2012 to March 16, when the breach was discovered. The data in two of the collections is information on data breaches collected by a UK research firm over the course of the same time period. The data

Read More
06 Mar 2020

3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival

This week, a series of enterprise data breached were disclosed, effecting the companies T-Mobile, J.Crew, and Carnival Corp. The high toll this week underscored how cybercriminals have been targeting companies recently. J.Crew stated that its customers’ information was compromised, and email addresses and passwords were obtained by an unauthorized third

Read More
21 Jan 2020

GDPR: 160,000 data breaches reported already, so expect the big fines to follow

Since the implementation of Europe’s new digital privacy regulations, over 160,000 data breaches have been reported to authorities. An analyst at the law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into effect, the first eight months saw an average of 247 breach notifications per

Read More
29 Dec 2019

Wyze Database Leak Exposes 2.4 Million Smart Device Users

A small security mishap within the Wyze database has lead to the exposure of 40 million individual records, according to IPVM. Wyze offers relatively inexpensive security cameras and smart home devices. The misconfigured database held the information of over 2.4 million customers, and the database was left vulnerable for over

Read More
17 Dec 2019

Iran Banks Burned, Then Customer Accounts Were Exposed Online

Last month as anti-government protests raged throughout Iran, authorities addressed the destruction of numerous banks across the country. However, a new threat has been introduced, a security breach exposed the information of millions of Iranian customer accounts. On Tuesday, the details of 15 million bank debit cards were posted on

Read More
23 Aug 2019

The (Dis)illusion of Control: Context on the concept of increasing cost to adversaries

Conventional wisdom is telling us that “assumption of breach” is the new normal. Some well-respected names in computer security would have you believe that the appropriate response to such conditions is to increase the cost to the attackers. If you’re too expensive to breach – so the logic goes – the bad guys will go looking for someone else. Maybe someday, when everyone makes hacking too expensive, it will stop.

Read More