DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up an array of emotions ranging from concern to happiness, and with the changes that come with this … [Read more...]
November 26, 2019
November 26, 2019
July 18, 2019
No man’s land: How a Magecart group is running a web skimming operation from a war zone
Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code (skimmers) typically injected into compromised e-commerce websites to steal data typed by unaware shoppers as they make their purchase. During the course of an … [Read more...]
May 22, 2019
May 21, 2019
Skimmer acts as payment service provider via rogue iframe
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a payment service provider (PSP) for various reasons, including peace of mind that transactions will be … [Read more...]
May 15, 2019
Microsoft pushes patch to prevent ‘WannaCry’ level vulnerability
This month marks the two-year anniversary since the infamous WannaCry attack. As an anniversary present to the world, Microsoft has pushed out patches to secure a newly-identified Remote Desktop Protocol (RDP) vulnerability found in certain Windows operating systems. The potential damage of the newly-discovered RDP vulnerability matches the same dangers we experienced with the WannaCry … [Read more...]
May 14, 2019
WhatsApp fix goes live after targeted attack on human rights lawyer
If you use WhatsApp, you’ll want to update both app and device as soon as possible due to a freshly-discovered exploit. The vulnerability was found in Google Android, Apple iOS, and Microsoft Windows Phone builds of the app. Unlike many mobile attacks, potential victims aren’t required to install or click on anything—they may not even be aware something malicious has taken place. This attack came … [Read more...]
May 13, 2019
What is business continuity and why is it so important?
The ever-present threat of cyber crime and organisations’ increasing reliance on technology means that business disruptions are inevitable these days. Any day now, your systems could be breached or your physical premises disrupted by criminals, inattentive employees or damaged infrastructure. When that day comes, you can’t afford to be caught … [Read more...]
May 2, 2019
Cryptojacking in the post-Coinhive era
September 2017 is widely recognized as the month in which the phenomenon that became cryptojacking began. The idea that website owners could monetize their traffic by having visitors mine for cryptocurrencies in their browser was not new, but this time around it became mainstream, thanks to an entity known as Coinhive. The mining service became a household name overnight, and quickly drew ire … [Read more...]
May 1, 2019
Mysterious database exposed personal information of 80 million US households
Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen recently, many organisations aren’t taking steps to secure their customer data and every so often one … [Read more...]
