22 Sep 2021

Disaster Response Applications: New Lessons From The Fall of Kabul and Severe Weather Events

If you have been through a severe weather event or a political catastrophe complete with infrastructure disruption and violence, you learn very quickly that it is not the precipitating event, but the success or failure of the disaster response (the aftermath) that is the real source of issues related to personal safety. 

We are entering an era when on-the-ground conditions and real-time disaster-level information flows grow in their value in the aftermath of more frequent and mounting disaster conditions.

Is there a wave of democratization of access to tools and/or product commercialization ahead in this space?  It is to be seen if necessity is the mother of invention in the creation of an innovative disaster safety marketplace. For now, the following are some current signals and use cases from recent events.

Read More
21 Sep 2021

HackerOne expands Internet Bug Bounty project to tackle open source bugs

HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education

Read More
20 Sep 2021

US Set to Sanction Cryptocurrency Firms Involved in Ransomware

The US government is announcing new measures that seek to deter cryptocurrency businesses from getting involved in laundering and facilitating ransomware payments. The Treasury may roll out the new sanctions as early as this coming week and will reportedly target cryptocurrency exchanges and traders who enable cybercrime transactions, whether it

Read More
20 Sep 2021

Payment API Vulnerabilities Exposed “Millions” of Users

According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized

Read More
16 Sep 2021

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

Bitdefender collaborated with law enforcement to create a key that would release data encrypted in ransomware attacks before the REvil ransomware gang disappeared from the internet on July 13. The universal decryption key will be free for victims of REvil ransomware attacks. The firm announced that it will be passing

Read More
16 Sep 2021

New Go malware Capoae targets WordPress installs, Linux systems

A new strain of malware called Capoae was publicized earlier this week by security research firm Akamai. The firm stated that the new malware is written in the Golang programming language, which is becoming increasingly popular among threat actors due to its cross-platform capabilities. The malware spreads through known vulnerabilities

Read More
15 Sep 2021

Microsoft Patches Actively Exploited Windows Zero-Day Bug

In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in

Read More
14 Sep 2021

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A new security vulnerability in the WooCommerce Multi-Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular plugin for WordPress websites whereas the Multi-Currency plugin from Envato allows e-tailers to use WooCommerce to set pricing for international shoppers. The plugin is

Read More
13 Sep 2021

Zero Trust Will Yield Zero Results Without A Risk Analysis

Over the past four years there has been an avalanche of new Zero Trust products. However during the same period there has been no measurable reduction in cyber breaches. To the contrary, ransomware, data exfiltration and lateral moving malware attacks seem to be increasing. If the emergence of Zero Trust was supposed to make us safer, it hasn’t happened. One of the common mistakes we see enterprises IT leaders and many cybersecurity experts make is to think of Zero Trust as a product. it is not.  Zero Trust is a concept where an organization has Zero Trust in a specific individual, supplier or technology that is the source of their cyber risk. One needs to have Zero Trust in something and then act to neutralize that risk. Thus buying a Zero Trust product makes no sense unless it is deployed as a countermeasure to specific cyber risk. Buying products should be the last step taken not the first.

To help enterprises benefit from Zero Trust concepts here is a modified OODA loop type process to guide your strategy development and execution.

Read More
10 Sep 2021

Healthcare orgs in California, Arizona send out breach letters for nearly 150,000 after SSNs accessed during ransomware attacks

Two healthcare organizations have begun distributing breach notification letters after both revealed that sensitive information had been compromised as a result of recent cyberattacks. The data accessed by cybercriminals includes Social Security numbers, treatment information, and diagnosis data. Those who were impacted by the attack are located in California and

Read More