If, like me, you travel a lot, listen up—the Los Angeles District Attorney’s Office has issued an advisory as part of its fraud education campaign warning travelers not to use free USB charging stations offered in airports,...more
11/22/2019
/ Airports ,
Cell Phones ,
Charging Stations ,
Fraud Alerts ,
Hackers ,
Hotels ,
Malware ,
Mobile Devices ,
Scams ,
Travel ,
Vulnerability Assessments ,
Wireless Technology
Security researchers Intezer and IBM X-Force have identified a new ransomware that is seriously vicious. It’s PureLocker—named because it is programmed in PureBasic language, which is apparently unusual.
...more
11/15/2019
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Management ,
DNA ,
Facial Recognition Technology ,
Fingerprints ,
Genetic Materials ,
Genetic Testing ,
Hackers ,
Microsoft ,
Personal Data ,
Ransomware ,
Vulnerability Assessments
Security researchers Intezer and IBM X-Force have identified a new ransomware that is seriously vicious. It’s PureLocker—named because it is programmed in PureBasic language, which is apparently unusual....more
11/14/2019
/ Cryptocurrency ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
IBM ,
Information Technology ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Vulnerability Assessments
Energy Sector’s Reliance on IoT Increases Cyber Vulnerabilities -
CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of...more
11/4/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Energy Sector ,
FBI ,
Internet of Things ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Ransomware ,
Veterans ,
Vulnerability Assessments ,
Vulnerable Victims
CyberX recently released its 2020 Global IoT/ICS Risk Report (Report), which compiles survey questions and answers from 1,821 production networks of electric utilities, and oil and gas companies. ...more
For those of you that have websites that process online payments (such as retail, hospitality, health care, entertainment and utilities), the Federal Bureau of Investigation (FBI) recently issued a warning about e-skimming...more
The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information...more
10/31/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Veterans Affairs ,
Federal Trade Commission (FTC) ,
Hackers ,
Identity Theft ,
Information Security ,
Personally Identifiable Information ,
Security Audits ,
Veterans ,
Vulnerability Assessments ,
Vulnerable Victims ,
Whistleblowers
Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to...more
10/25/2019
/ Amazon Marketplace ,
Connected Items ,
Cyber Attacks ,
Cyber-Stalking ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Eavesdropping ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Google ,
Hackers ,
Information Security ,
Information Technology ,
Mobile Apps ,
OCR ,
PHI ,
Phishing Scams ,
Popular ,
Risk Management ,
Smart Devices ,
Vulnerability Assessments
Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities to be able to listen to users’ every word...more
10/25/2019
/ Amazon Marketplace ,
Connected Items ,
Cyber Attacks ,
Data Privacy ,
Eavesdropping ,
Google ,
Hackers ,
Information Security ,
Information Technology ,
Phishing Scams ,
Popular ,
Risk Management ,
Smart Devices ,
Vulnerability Assessments
A reporter from the Philadelphia Inquirer discovered that sensitive data of hepatitis patients were accessible online through a Philadelphia Department of Public Health (DPH) website tool without the need for a password. The...more
10/25/2019
/ Data Breach ,
Data Protection ,
Government Entities ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Online Platforms ,
Personally Identifiable Information ,
PHI ,
Public Health ,
Vulnerability Assessments ,
Websites
A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks.
...more
10/18/2019
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
National Security Agency (NSA) ,
Network Security ,
Personal Data ,
Personally Identifiable Information ,
Virtual Private Networks ,
Vulnerability Assessments
The National Security Agency issued an advisory last week to warn companies and users that nation-state actors are actively exploiting vulnerabilities in several virtual private network (VPN) service applications to obtain...more
10/18/2019
/ Advisory Opinions ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Security ,
Information Technology ,
National Security Agency (NSA) ,
Virtual Private Networks ,
Vulnerability Assessments
A recent Ponemon Institute study finds that small and mid-sized businesses continue to be targeted by cybercriminals, and are struggling to direct an appropriate amount of resources to combat the attacks....more
10/17/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Vulnerability Assessments
The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry....more
10/14/2019
/ Americans with Disabilities Act (ADA) ,
California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Dentists ,
Department of Defense (DOD) ,
Drones ,
FBI ,
Federal Aviation Administration (FAA) ,
Federal Contractors ,
Hackers ,
Health Care Providers ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
PHI ,
Popular ,
Ransomware ,
SCOTUS ,
Title III ,
Unmanned Aircraft Systems ,
UPS ,
Vulnerability Assessments ,
Websites ,
WhatsApp
The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry....more
10/14/2019
/ Business Interruption ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
FBI ,
Hackers ,
Incident Response Plans ,
Information Technology ,
Internet ,
Mobile Apps ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
WhatsApp has announced that it has patched a vulnerability that would have allowed hackers to access with malware the chat history of users. Android 8.1 and 9 could have been susceptible to the attack. However, WhatsApp is...more
I am not a big fan of putting all of one’s passwords in one place, but many people use password managers. If you use Last Pass (see previous blog posts about Last Pass here and here), be aware that it was recently advised by...more
9/20/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Google ,
Multi-Factor Authentication ,
Online Platforms ,
Passwords ,
Risk Management ,
Search Engines ,
Vulnerability Assessments ,
Websites
It’s a busy time for colleges and universities as the fall semester starts and campuses are bustling with activity. It’s also the perfect time for cyber criminals to create mayhem for institutions of higher education with a...more
8/30/2019
/ Colleges ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Debit and Credit Card Transactions ,
Drones ,
Educational Institutions ,
Federal Aviation Administration (FAA) ,
Marketing ,
Personally Identifiable Information ,
Popular ,
Robocalling ,
Universities ,
Unmanned Aircraft Systems ,
Vulnerability Assessments
Although the number of security vulnerabilities reported in the first half of 2019 have reported dropped a bit from last year, a new report by Risk Based Security states that 34 percent of the 11,092 vulnerabilities...more
It was reported this week by The Guardian and Forbes that security researchers from Vpnmentor have discovered and published a report that Suprema, a company that collects and monitors biometric information such as...more
It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school....more
It is being reported that Vitagene, a company that provides DNA testing to provide customers with specific wellness plans through personalized diet and exercise plans based on their biological traits, left more than 3,000...more
The Internet Society’s Online Trust Alliance just released its "2018 Cyber Incident & Breach Trends Report," which says “2018–Some Better, Some Worse, All Bad.” That’s our experience, too. Here are the highlights from the...more
7/12/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Drones ,
Hackers ,
Identity Theft ,
Income Taxes ,
Microsoft ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Budgets ,
Tax Fraud ,
Tax Preparers ,
Uniform Law Commission (ULC) ,
Vulnerability Assessments
Hackers are targeting U.S. government networks, according to U.S. Cyber Command, which says there is a vulnerability of CVE-2017-1174, which is a two year old flaw in Microsoft Outlook that is being used by attackers to...more
7/12/2019
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Information Technology ,
Malware ,
Microsoft ,
Network Security ,
Personally Identifiable Information ,
Risk Management ,
Security Standards ,
US-CERT ,
Vulnerability Assessments
In my 25 years in the data privacy and cybersecurity profession, this is the first time that I believe a medical device has been recalled because of a cybersecurity risk. This week, Medtronic recalled its 508 Insulin pumps...more