On January 9th, 2005, the Donttrip malware infection hit Northwest Hospital,1 a large medical facility in Seattle that served thousands of people. The malware clogged up the hospital’s network systems with surges of exploit network scanning. Medical operations ground to a halt as laboratory diagnostic systems couldn’t transfer data, Intensive Care Unit terminals went offline,…
Read MoreWe also analyzed the primary root causes of the breaches, how that varied in breach remediation costs by industry, and the impact of these breaches on each data type breached on the global scale. The purpose of our analysis was to identify where organizations are most likely to be attacked in a way that…
Read MoreOn Dec 8, 2017, 4iQ reported the discovery of a database on the dark web containing 1.4 billion credentials—in clear text.1 The fine writers of the aforementioned article note that they’ve “tested a subset of these passwords and most of them have been verified to be true.” 1.4 billion. A standard calculator (like the one…
Read MoreStrong security starts with understanding exactly what you need to protect and where it resides within your organization. Source link lol
Read MoreF5 threat researchers have discovered a new Apache Struts campaign. This new campaign is a sophisticated multi-staged attack targeting internal networks with the NSA-attributed EternalBlue and EternalSynergy exploits. We have dubbed the campaign “Zealot” based on the name of the zip file containing the python scripts with the NSA-attributed exploits. As we continue to research…
Read MoreFor years I wondered why business groups would move forward with technology initiatives before fully understanding their risk exposure. Focused on the business outcome, teams always wanted to implement first and figure out the risks later. Problem is, risks are intrinsic to business outcomes. A solution is only as valuable as the information flowing through…
Read MoreIt is against business priority enablers that we align the following causation models required to present our high-level protection strategy. Causal Model 1 — Threat Landscape We captured the business priorities in the business model’s value proposition. ECS’s desire is to “offer certified and compliant cloud computing services secured with the leading security standards.”…
Read MoreEighty-six percent of Internet hosts prefer forward secrecy; all modern browsers do, too. The Bleichenbacher attack only affects RSA sessions not protected with the ephemeral keys offered by forward secrecy. All modern browsers and mobile clients have preferred ephemeral keys for several years. Google has been preferring them with their servers and software since 2012.6…
Read MoreInternet of Things (IoT) devices gained infamy almost overnight for their lack of security. This led to their participation in a Thingbot (a botnet built out of IoT devices) named Mirai1 that launched massive distributed denial-of-service (DDoS) attacks against a handful of victims, including Dyn, OVH, KrebsOnSecurity, and Rutgers University2 in late 2016. As a result of…
Read MoreAnything we put online must swim in a sea of enemies. The F5 Labs report, Lessons Learned from a Decade of Data Breaches, revealed that an average breach leaked 35 million records. Nearly 90% of the US population’s social security numbers have been breached to cyber criminals. When confronted by staggering statistics like these, it is…
Read More