Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.

Staying Safe when Shopping this Holiday Season: Bricks and Clicks Edition

The shopping season is upon us, and like it or not there are lots of individuals who would love to replace your happiness with their sadness. Thus, at this festive time of the year, it is imperative to give some thought and prep time to you and your family’s shopping habits and the security that surrounds those habits. If you’re like most people, you will NOT be using cash for all your holiday purchases.

PSA: Beware of Exposing Ports in Docker

Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology, one must know how to be secure when using it.

Verizon's 2019 Payment Security Report - Not Just for PCI

If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals.

Universal Network-level Call Blocking: What You Need to Know

Many of the current telephone scams use caller ID spoofing to mask the identity of the caller. A few of those telephone scams spoof caller IDs that don’t match the North American standard for legitimate numbers. These blatantly obvious spoofed caller IDs are the target of the Canadian Radio-television and Telecommunications Commission (CRTC).

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2

The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Start by documenting what is in place now and what objections the organization is trying to reach. The stakeholders should come from multiple departments within the organization. For example, you will need buy-in from:

Five "W's" for Vulnerability Management

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems.

Security for Cloud Services: IaaS Deep Dive

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS.

The Future of Cybersecurity Insurance

Cybersecurity incidents and data breaches have become a normal part of the news cycle. It feels like every day you hear about a big corporation or organization suffering an attack that has put customer or user data in jeopardy. Sometimes this is because a security strategy was lacking; sometimes, the criminal’s attack was simply too powerful. Regardless of how or why a cyberattack begins, the fallout can be devastating for all those involved.

Facebook and Twitter warn some users' private data was accessed via third-party app SDK

Facebook and Twitter have announced that personal data related to hundreds of users may have been improperly accessed after users logged into third-party Android apps with their social media accounts. According to a report by CNBC, users of Android apps that made use of a software development kit (SDK) named oneAudience may have unwittingly shared information such as their email addresses, usernames and recent tweets.