CyberSecure Specialist

The 15 biggest data breaches of the 21st century

In today’s data-driven world, data breaches can affect hundreds of millions or even billions of people at a time. Digital transformation has increased the supply of data moving, and data breaches have scaled up with it as attackers exploit the data-dependencies of daily life. How large cyberattacks of the future might become remains speculation, but as this list of the biggest data breaches of the 21st Century indicates, they have already reached enormous magnitudes. […

Read More

Hacktivist Use of DDoS Activity Causes Minor Impacts

DDoS attacks are of varying lengths of time and can be identified by:• Unusually slow network performance (opening files or accessing websites).• Unavailability of a particular website or the inability to access any website.To mitigate a DDoS attack:• Enroll in a Denial-of-Service protection service that detects abnormal traffic flows and redirects traffic away from the network.• Create a partnership with the local internet service provider (ISP) prior to an event and work with the ISP…

Read More

Boeing Subsidiary Jeppesen Suffers Cyberattack

To minimize the effect of ransomware attacks, organizations should regularly back up their data and keep secure copies offline. It is also important to keep systems up to date with patches and anti-virus software. A 24/7 monitoring solution like the one that is offered by Binary Defense and the Security Operations Center should be considered when determining a defense solution as well. Monitoring for network intrusions and reporting suspicious activity can greatly reduce the effects…

Read More

Experts Say Security Scanner Leaks Sensitive Data

The investigation also discovered that misconfigured security products submit every link they receive via emails to urlscan.io as a public scan. A malicious actor may use the scan results to launch password reset links for the compromised email addresses, capture the URLs, and use those links to take control of the accounts. The adversary can look up the specific services registered using the target email addresses on data breach reporting websites, like Have I Been…

Read More

Medibank refuses pay ransom after 9.7m customers’ details stolen

Australian health insurance company Medibank has said that it will not be paying a ransom to the hacker that accessed the personal details for 9.7m current and former customers.  The data breach took place after a hacker gained unauthorized access to Medibank’s internal servers on October 13. Originally, Medibank believed that no customer information had been stolen during the hack, however the company was then contacted on October 16 by the supposed hacker, who threatened…

Read More

Black Hat USA 2022: Burnout, a significant issue

The digital skills gap, especially in cybersecurity, is not a new phenomenon, with the problem now further exacerbated by the prevalence of burnout Discussion of the resourcing issues within the cybersecurity sector is not a new phenomenon; according to Cybersecurity Ventures, the number of unfilled cybersecurity positions worldwide grew 350% between 2013 and 2021, from 1 million to 3.5 million. The article breaks this number down further, estimating that there are 1 million cybersecurity workers in…

Read More

Cybersecurity M&A Roundup: 39 Deals Announced in October 2022

Thirty-nine cybersecurity-related merger and acquisition (M&A) deals were announced in October 2022. An analysis conducted by SecurityWeek showed that more than 230 mergers and acquisitions were announced in the first half of 2022. October 1-15 11:11 Systems acquires Sungard Availability Services’ Recovery Services business  Managed infrastructure solutions provider 11:11 Systems has acquired the Recovery Services business of Sungard Availability Services. Earlier this year, 11:11 announced the acquisition of Sungard’s Cloud and Managed Services business. 11:11…

Read More

How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready

Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2,…

Read More

Black Hat – Windows isn’t the only mass casualty platform anymore

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars In years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars. Windows is no longer alone at the front of the pack, hackwise – it has company. It makes sense. If…

Read More

How a spoofed email passed the SPF check and landed in my inbox

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain Twenty years ago, Paul Vixie published a Request for Comments on Repudiating MAIL FROM that helped spur the internet community to develop a new way of fighting spam with the Sender Policy Framework (SPF). The issue then, as now, was that the Simple Mail Transfer Protocol (SMTP), which is used to send email…

Read More