23 matches found
Supply Chain Cybersecurity Risk Management Guide
Your organization's security is only as strong as its weakest vendor. A single compromised supplier, an unpatched software dependency, or a breached managed service provider can give attackers a direct path into your environment, bypassing every control you have built internally. The SolarWinds...
From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains
Introduction Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these...
The Impact of Supply Chain Attacks on the Global Landscape
Background From the Silk Road’s ancient trade routes to today’s global networks, supply chains have shaped empires, fueled revolutions, and driven economies. Now, in an age of digital transformation, they’ve evolved from logistical backbones into dynamic, tech-driven ecosystems. Powered by digita...
Support for XenApp in Virtualized Environments
This article provides information on support for XenApp in virtualized environments. Virtual servers provide mainframe-class virtual machines on Intel and AMD architecture servers, and are ideally suited for consolidating and partitioning systems in high-performance environments. Citrix supports...
Financial services company OneMain fined $4.25 million for security lapses
A series of security errors and mishaps has cost personal loan provider OneMain $4.25m in penalties, issued by the New York State department of financial services. The fines, coming at the end of a detailed investigation into how security practices at the company were determined to be below-par,...
Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack
Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned...
Navigating Vendor Risk Management as IT Professionals
One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service...
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update...
A new skimmer uses WebSockets and a fake credit card form to steal sensitive data
A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. Attackers are exploiting an expanding in-browser attack surface and continually evolving...
Securing the MSP: best practices for vetting cybersecurity vendors
Ironically, to keep costs low for their enterprise and mid-market clients, managed service providers MSPs are some of the most reliant on third-party vendors—including those providing security. While this is generally not an indication of dysfunction or vulnerability, the responsible MSP will be...
Echobot IoT Botnet Casts a Wide Net with Raft of Exploit Additions
A variant of the Mirai Internet of Things IoT botnet known as “Echobot” has added 13 more vulnerability exploits to its bag of infiltration tricks, according to researchers. These target a range of devices, including routers, firewalls, IP cameras, server management utilities, a programmable logi...
Birth Certificate Data Laid Bare on the Web in Multiple States
A third-party government supplier has exposed hundreds of thousands of applications containing birth-certificate data. The trove of information is owned by a company that provides an online platform to state governments – including California, New York and Texas – that allows residents to request...
Nebraska Medicine Breached By Rogue Employee
Hospital network Nebraska Medicine has disclosed a data breach after a former employee accessed sensitive patient data – including medical records and Social Security numbers. The Nebraska Medicine network encompasses Nebraska’s largest hospital, Nebraska Medical Center, as well as other location...
The Modern-Day Heist: IP Theft Techniques That Enable Attackers
The Great Train Robbery of 1963 in Buckinghamshire, U.K., was orchestrated by a gang of 15 robbers that devised and executed a well-laid-out plan over the course of several months. Fast-forward 56 years and we’re still seeing gangs of modern-day robbers orchestrating elaborate plans – only in 201...
NIST’s privacy framework lets privacy tell its own story
Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...
Naming & Shaming Web Polluters: Xiongmai
What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai -- a Chinese maker of electronic parts th...
GDPR Compliance: Manage Procedural Risk Assessments with New GDPR Templates
The EU’s General Data Protection Regulation GDPR goes into effect today, imposing strict security requirements on any company worldwide that handles the personal data of EU residents. Qualys Security Assessment Questionnaire SAQ – a Qualys app that helps you with this type of procedural risk...
Supply chain security issues in reproduction: a medicines management system How will A 1 4 0 0 a vulnerability-vulnerability warning-the black bar safety net
! Industrial control systems network Emergency Response Team, ICS-CERT on Tuesday issued a notice to appear, a widely used medication management system in the presence of more than 1 4 0 0 a vulnerability. Security researchers independently of the road Pyxis SupplyStation are United by CareFusion...
Cybersecurity Vulnerabilities Identified in Banking Vendors
In hopes of bolstering security, banks in New York over the next several weeks want to enact new regulations for any third party vendors they do business with. A report released last week pointed out that one in three N.Y. banks don’t require their vendors to notify them in the event they...
Verizon DBIR Analysis: Opportunistic Attacks Crushing Certain Industries
Regardless of the market or industry, the majority of attacks are financially motivated. Even in data-rich environments such as health care, attackers are still after profits and exploit the same weaknesses and transaction processing systems that are vulnerable in other industries such as hotels...