If you have been through a severe weather event or a political catastrophe complete with infrastructure disruption and violence, you learn very quickly that it is not the precipitating event, but the success or failure of the disaster response (the aftermath) that is the real source of issues related to personal safety.
We are entering an era when on-the-ground conditions and real-time disaster-level information flows grow in their value in the aftermath of more frequent and mounting disaster conditions.
Is there a wave of democratization of access to tools and/or product commercialization ahead in this space? It is to be seen if necessity is the mother of invention in the creation of an innovative disaster safety marketplace. For now, the following are some current signals and use cases from recent events.
HackerOne will be expanding its Bug Bounty program, seeking to increase overall open source security. Open source projects are relied upon by enterprise players and SMBs alike and can represent some significant security risks as open-source components are stored and shared publicly. They range from full operating systems to education
The US government is announcing new measures that seek to deter cryptocurrency businesses from getting involved in laundering and facilitating ransomware payments. The Treasury may roll out the new sanctions as early as this coming week and will reportedly target cryptocurrency exchanges and traders who enable cybercrime transactions, whether it
According to new information uncovered by CloudSEK, millions of customers may have unknowingly exposed their personal and payment information after researchers discovered API security vulnerabilities that affect multiple different apps. CloudSEK found that of the 13,000 apps uploaded to its security search engine BeVigil for mobile applications, roughly 250 utilized
Bitdefender collaborated with law enforcement to create a key that would release data encrypted in ransomware attacks before the REvil ransomware gang disappeared from the internet on July 13. The universal decryption key will be free for victims of REvil ransomware attacks. The firm announced that it will be passing
A new strain of malware called Capoae was publicized earlier this week by security research firm Akamai. The firm stated that the new malware is written in the Golang programming language, which is becoming increasingly popular among threat actors due to its cross-platform capabilities. The malware spreads through known vulnerabilities
In the most recent Patch Tuesday, Microsoft released fixes 66 CVEs, including an RCE bug under active attack. Three of the bugs that were patched in the update were rated critical. One of which has been under active attack for nearly two weeks. One of the other bugs included in
A new security vulnerability in the WooCommerce Multi-Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular plugin for WordPress websites whereas the Multi-Currency plugin from Envato allows e-tailers to use WooCommerce to set pricing for international shoppers. The plugin is
Over the past four years there has been an avalanche of new Zero Trust products. However during the same period there has been no measurable reduction in cyber breaches. To the contrary, ransomware, data exfiltration and lateral moving malware attacks seem to be increasing. If the emergence of Zero Trust was supposed to make us safer, it hasn’t happened. One of the common mistakes we see enterprises IT leaders and many cybersecurity experts make is to think of Zero Trust as a product. it is not. Zero Trust is a concept where an organization has Zero Trust in a specific individual, supplier or technology that is the source of their cyber risk. One needs to have Zero Trust in something and then act to neutralize that risk. Thus buying a Zero Trust product makes no sense unless it is deployed as a countermeasure to specific cyber risk. Buying products should be the last step taken not the first.
To help enterprises benefit from Zero Trust concepts here is a modified OODA loop type process to guide your strategy development and execution.
Healthcare orgs in California, Arizona send out breach letters for nearly 150,000 after SSNs accessed during ransomware attacks
Two healthcare organizations have begun distributing breach notification letters after both revealed that sensitive information had been compromised as a result of recent cyberattacks. The data accessed by cybercriminals includes Social Security numbers, treatment information, and diagnosis data. Those who were impacted by the attack are located in California and