Third Party Risk – You Can Ignore it, But It Won’t Ignore You DataBreaches.net is reporting that a hacker claimed to have hacked an HVAC vendor and remotely accessed systems at the vendor’s customers. One of those customers is reported to be Boston Children’s Hospital. The HVAC vendor is reported to be ENE Systems in […]
Continue reading → [DISPLAY_ACURAX_ICONS]Many Cyberspace Solarium Commission Recommendations Likely to Become Law The Cyberspace Solarium Commission was a blue ribbon commission that made recommendations to Congress earlier this year on improving government cybersecurity. It appears that many of their recommendations are being added to the National Defense Authorization Act, which is “must pass” bill to fund the military. […]
Continue reading → [DISPLAY_ACURAX_ICONS]A couple of weeks ago it was a Managed Service Provider in Denver. A few weeks before that, it was one in Wisconsin. This week it is Irvine, CA based Synoptek with more than 1,100 customers including state and local governments, financial services and healthcare. Their web site says that they did more than $100 […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is What Spies Do It has come out that western (read one or more of the five eyes countries) inserted malware into Yandex (Russia’s equivalent of Google) in order to steal administrative credentials. The purpose was, apparently, to read emails of interest to the western spies. We need to understand that we do it […]
Continue reading → [DISPLAY_ACURAX_ICONS]This time the attack is against an eCommerce platform, PrismWeb, that is used by College bookstores. The attack is similar to other attacks, in the the hackers somehow got into the company’s system and inserted a tiny bit of Javascript that steals credit card data – very similar to Magecart that is affecting sites from […]
Continue reading → [DISPLAY_ACURAX_ICONS]Oklahoma Government Data Left Unprotected The Oklahoma Department of Securities left data going back to at least 1999 unprotected online. Data exposed included state agency passwords and login information, data on FBI investigations, information on thousands of securities brokers and other information. The state says it was unprotected for “a limited duration”. They are investigating. […]
Continue reading → [DISPLAY_ACURAX_ICONS]