SolarWinds breach compels SEC probe
In the continued aftermath of the 2019 SolarWinds breach, new developments see the U.S. Securities and Exchange Commission (SEC) asking hundreds of firms to hand over information dating back to October 2019 that pertains to “any other” breach or ransomware incident in which any SolarWinds network software updates were downloaded. This totaled over 18,000 SolarWinds… Read More
Data breaches at JPMorgan Chase and T-Mobile
A couple of big name breaches have made the news recently, from both JPMorgan Chase and T-Mobile. In the former, the bank warned that a number of customers had their personal information accessible to others via the mobile app or website. Among the information were potentially account numbers, balances and transactions. As of yet, no… Read More
Is your location safe from cyber threats?
One vulnerable area of concern, amid the expanding Internet of Things (IoT) and its use of smart devices, remains the security of buildings which themselves exploit enough of the IoT to cross the threshold of becoming smart. According to Industrial Defender, the majority of new buildings with over 100,000 square feet qualify as such, and… Read More
Amazon’s GDPR Penalty
Amazon has had a rough go of it this past week, as punitive measures came down from Luxembourg’s National Commission for Data Protection for an alleged violation of GDPR. A major case, the fine imposed is around $887 million, setting the high mark of fines so far under the European data security regulation. Amazon is… Read More
Scraping data from LinkedIn and an oil company’s breach
What does or does not constitute a data breach can sometimes be a little ambiguous. Data scraping qualifies as such to some, as it utilizes applications to gather, or ‘scrape’, publicly available data from websites. Is this a legitimate activity, or does it allow for more data than is publicly accessible to be taken? No… Read More
The gig economy has put corporate data at risk
Compounding the complexity of remote working, a recent rise in the gig economy is spreading enterprise data security issues even wider, as workers are brought in on a brief timeframe to fill specific roles and tasks. Unfortunately, this fleeting arrangement further increases the attack surface whereby hackers can breach the network, spreading workers outside the… Read More
New paradigm of gig workers creates new data security risks
By now, we have seen fairly frequently the numerous risks inherent in the new remote work paradigm. But cousin to this state of affairs is how a new “gig economy” work pattern is also creating risks and forcing companies to reshape data protection strategies. As an ad-hoc kind of policy, organizations are increasing the threat… Read More
When the Dark Side took down a pipeline with ransomware
Generally when you see “Darkside” trending on social media, it’s about something Star Wars related. Such was not the case recently, but rather a hacking group based in Russia that took down the Colonial Pipeline, one of the largest pipelines in the US, by compromising its management equipment. By now, the incident seems to have… Read More
Regulatory attention to data security
Effective regulatory attention to data security at the national level continues to elude us after all these years. For as long as a patchwork of state level and local standards has existed, industry experts have been calling for drastic improvement. According to Dark Reading, the aftermath of the SolarWinds hack may provide the best opportunity… Read More
Apple AirDrop security and best practices
A recent Apple event showcased the new AirDrop file sharing service, but a notable security flaw is drawing concern. With only a good Wi-Fi connection and two nearby Apple devices, AirDrop’s functionality can be exploited to allow access to the personal information of potentially 1.5 billion users. Email addresses and phone numbers at minimum are… Read More