Third-Party Security

Sodin ransomware spreads through MSPs

• Frank Crast
• July 6, 2019
• Cybersecurity Attacks / Malware / Third-Party Security

Cyber criminals are targeting vulnerable software and gaps in managed service providers' (MSP) security systems to distribute Sodin ransomware.

Continue Reading

Quest Diagnostics data breach impacts 11.9 million patients

• Frank Crast
• June 4, 2019
• Data Breach / Third-Party Security

Quest Diagnostics has confirmed an unauthorized user gained access to a third party billing service system to potentially access personal data on nearly 12 million patients.

Continue Reading

Office 365 third-party risks and configuration guidance

• Frank Crast
• May 21, 2019
• Cloud Security / Configuration Management / Third-Party Security / Vulnerabilities & Exploits

More organizations are relying on third-party companies to help them move to the cloud, such as Microsoft's popular Office 365 (O365) email services. A new report highlights some of the risks when moving to the cloud and potential configuration vulnerabilities.

Continue Reading

Magecart skimming attack targets online campus stores

• Frank Crast
• May 3, 2019
• Application Security / Cybercrime / Cybersecurity Attacks / Data Breach / Fraud / Third-Party Security

Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.

Continue Reading

Wipro data breach

• Frank Crast
• April 16, 2019
• Cybersecurity Attacks / Data Breach / Third-Party Security

Cybercrime investigative journalist Brian Krebs reports the Indian IT outsourcing and consulting company Wipro has been hacked. Multiple sources had informed Krebs that attackers breached Wipro's internal IT systems and then used those systems to then launch attacks against Wipro's customers.

Continue Reading

FEMA leaks personal data records on 2.3M disaster victims

• Frank Crast
• March 23, 2019
• Data Breach / Data Privacy / Third-Party Security

A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor's personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.

Continue Reading

Critical Drupal security update

• Frank Crast
• January 18, 2019
• Security Updates & Patches / Third-Party Security / Vulnerabilities & Exploits
• 0 Comments

Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.

Continue Reading

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

• Frank Crast
• December 20, 2018
• Application Security / Server Security / Standards & Guidelines / Third-Party Security

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy."

Continue Reading

Single account blamed for Clarksons breach

• Frank Crast
• July 31, 2018
• Data Breach / Identity & Access Management / Third-Party Security
• 0 Comments

Clarkson PLC ("Clarksons"), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.

Continue Reading

Malicious MDM targets mobile phones in India

• Frank Crast
• July 16, 2018
• Cybersecurity Attacks / Mobile Security / Third-Party Security

An attacker has used an open-source mobile device management (MDM) system to target iPhones in India.

Continue Reading