Third-Party Security Archives

Sodin ransomware spreads through MSPs

Frank Crast
July 6, 2019
Cybersecurity Attacks / Malware / Third-Party Security

Cyber criminals are targeting vulnerable software and gaps in managed service providers' (MSP) security systems to distribute Sodin ransomware.

Quest Diagnostics data breach impacts 11.9 million patients

Quest Diagnostics has confirmed an unauthorized user gained access to a third party billing service system to potentially access personal data on nearly 12 million patients.

Office 365 third-party risks and configuration guidance

Frank Crast
May 21, 2019
Cloud Security / Configuration Management / Third-Party Security / Vulnerabilities & Exploits

More organizations are relying on third-party companies to help them move to the cloud, such as Microsoft's popular Office 365 (O365) email services. A new report highlights some of the risks when moving to the cloud and potential configuration vulnerabilities.

Magecart skimming attack targets online campus stores

Frank Crast
May 3, 2019
Application Security / Cybercrime / Cybersecurity Attacks / Data Breach / Fraud / Third-Party Security

Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.

Wipro data breach

Frank Crast
April 16, 2019
Cybersecurity Attacks / Data Breach / Third-Party Security

Cybercrime investigative journalist Brian Krebs reports the Indian IT outsourcing and consulting company Wipro has been hacked. Multiple sources had informed Krebs that attackers breached Wipro's internal IT systems and then used those systems to then launch attacks against Wipro's customers.

FEMA leaks personal data records on 2.3M disaster victims

Frank Crast
March 23, 2019
Data Breach / Data Privacy / Third-Party Security

A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor's personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.

Critical Drupal security update

Frank Crast
January 18, 2019
Security Updates & Patches / Third-Party Security / Vulnerabilities & Exploits
0 Comments

Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

Frank Crast
December 20, 2018
Application Security / Server Security / Standards & Guidelines / Third-Party Security

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy."

Single account blamed for Clarksons breach

Frank Crast
July 31, 2018
Data Breach / Identity & Access Management / Third-Party Security
0 Comments

Clarkson PLC ("Clarksons"), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.

Malicious MDM targets mobile phones in India

Frank Crast
July 16, 2018
Cybersecurity Attacks / Mobile Security / Third-Party Security
0 Comments

An attacker has used an open-source mobile device management (MDM) system to target iPhones in India.