2017 in Breaches: Equifax and More

This question was recently answered, as Equifax announced, “We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638.” What’s so bad about this disclosure? Well, as it turns out, the patch for this vulnerability had already been made available — months before the breach occurred. This brings with it […]

Spear Phishing: How to Avoid the Newest Tax-Based Scam

In a past blog post, we discussed how cyber criminals will often use tax season as a cover to attack unsuspecting organizations. Usually this is done via a phishing method where the attacker poses as a member of a particular organization’s C-Suite and requests sensitive information be sent their way – like W2 forms, for […]

Zero-Day Vulnerabilities: Rooting Out Hidden Threats

In 2015, ransomware and malware related attacks cost businesses around the world $325 million. This was considered to be a relatively acceptable figure. Rumors spread throughout the cybersecurity industry that a future dominated by cybercrimes was something we might be able to dodge. While a high amount, the $325 million value just didn’t meet the […]

Looking Back: WannaCry and How You Can Prevent Ransomware Infection

Last month, a ransomware virus known as “WannaCry” made international headlines by infecting devices in more than 150 countries. In total, over 300,000 Windows-operating computers fell victim to this attack, forced to seek remediation by either being forced to pay a ransom to retrieve their data or relying on their previously backed-up data. This was a […]

Windows Vulnerability

Oftentimes, cyber attackers are able to infiltrate the networks of organizations through holes in older programs which have not been updated. Recently, a malware known as “DoublePulsar” has been found targeting un-patched Windows systems, inserting itself within networks and laying seeds for future ransomware attacks. Here’s what’s currently known about this threat and what steps […]

Employee Training is the Only Way to Prevent Social Engineering

Social engineering is currently one of the hottest topics within the IT security world – for good reason. The use of this attack method is only increasing, as phishing attempts grew by a whopping 250% between October 2015 and March 2016, and to make matters worse, combatting this threat poses a very unique challenge. While phishing […]

Minimizing the Effects of a Breach: ABCD Pediatrics

Oftentimes, a prominent cyber-attack leaves us wondering why the targeted organization didn’t do more to protect themselves. And sometimes this is a correct response, like in the case of the infamous Yahoo breaches, where so many things could have been done differently to prevent the massive fallout that company has experienced as a result of […]

Anonymous FTP: Crippling Healthcare Organizations

If you’ve ever had to share a large number of files with people working remotely, odds are you’ve used a file transfer protocol (FTP) server to accomplish this. It’s an easy way that you and others can access and upload information with a username and password, without taking up your own valuable internal storage space. […]

In Plain Sight: Zero-Day Vulnerabilities

Zero-day vulnerability is a futuristic sounding term – you can almost picture it as the name of a science fiction novel – but it presents a great threat to organizations across all industries. These vulnerabilities are holes in software which lack a patch or fix, meaning they can be exploited by clever cyber criminals to […]