Throughout the year, we have conducted hundreds of penetration tests. 20% of all tests contained a critical to high flaw. We define a critical issue as a flaw which poses an immediate and direct risk to a business. Having a critical flaw in an app or network will leave you vulnerable to a costly, reputation damaging data breach. Among these, default or poor passwords, as well as access control issues make up a large portion with outdated software being the worst offender.

Detectify year in review: 2019 has been quite a journey so far with expansion to the US and doubling our size. Join us for a proverbial toast to the year as we share a recap of our highlights.

The largest hospital system in New Jersey said it paid an extortion fee to hackers who had disrupted medical facilities with a ransomware attack. A spokesperson for Hackensack Meridian Health, based in Edison, New Jersey said it was working to restore its computer systems following a Dec. 2 ransomware attack that forced administrators to cancel roughly 100 elective medical procedures.

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise because no one really knows how they work. It’s like security through obscurity.

At Bearer, we use GraphQL to allow our Dashboard application to communicate with our database. Recently we gave this GraphQL API a re-design. Here are a couple of lessons we learned during the process.

At Bearer, we use GraphQL to allow our Dashboard application to communicate with our database. Recently we gave this GraphQL API a re-design. Here are a couple of lessons we learned during the process.

With so many acronyms in cyber security, it isn’t always easy to distinguish between the many product and service offerings available. This can create significant confusion for IT and security personnel that need to make quick purchase decisions to address holes in their security coverage.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law before the rollout of major social media sites such as Facebook, Twitter, and Instagram. And as such, there are no specific HIPAA rules for social media. However, some HIPAA laws and standards apply to the use of social media by health care organizations and their workers. Because of that, each health care organization must implement a HIPAA social media policy to decrease the risk of HIPAA violations.

Spyware is unwanted software, a type of malicious software or malware, designed to expose sensitive information, steal internet usage data, gain access to or damage your computing device. Any software downloaded to a user's device without authorization can be classified as spyware. Even spyware programs installed for innocuous reasons often violate end user privacy agreements and have the potential for abuse.

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested background checks to our clients rather than providing detailed background reports or having the client run a background check on our employees.