Office 365 third-party risks and configuration guidance

Post published:May 21, 2019
Post category:Cloud Security Configuration Management Cybersecurity Articles Third-Party Security Vulnerabilities & Exploits

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.

Magecart skimming attack targets online campus stores

Post published:May 3, 2019
Post category:Application Security Cybercrime Cybersecurity Attacks Data Breach Fraud Third-Party Security

Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.

Wipro data breach

Post published:April 16, 2019
Post category:Cybersecurity Attacks Data Breach Third-Party Security

Cybercrime investigative journalist Brian Krebs reports the Indian IT outsourcing and consulting company Wipro has been hacked. Multiple sources had informed Krebs that attackers breached Wipro's internal IT systems and then used those systems to then launch attacks against Wipro's customers.

Operation ShadowHammer hijacks ASUS Live Update to install backdoor

Post published:March 25, 2019
Post category:Application Security Cybersecurity Attacks Third-Party Security

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

FEMA leaks personal data records on 2.3M disaster victims

Post published:March 23, 2019
Post category:Data Breach Data Privacy Third-Party Security

A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor's personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.

Critical Drupal security update

Post published:January 18, 2019
Post category:Security Updates & Patches Third-Party Security Vulnerabilities & Exploits

Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

Post published:December 20, 2018
Post category:Application Security Server Security Standards & Guidelines Third-Party Security

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: "Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy."

Single account blamed for Clarksons breach

Post published:July 31, 2018
Post category:Data Breach Identity & Access Management Third-Party Security
Post comments:0 Comments

Clarkson PLC ("Clarksons"), a British shipping company, recently revealed a single and isolated user account compromise was the cause of a data breach and theft of confidential information last year.

Malicious MDM targets mobile phones in India

Post published:July 16, 2018
Post category:Cybersecurity Attacks Mobile Security Third-Party Security

An attacker has used an open-source mobile device management (MDM) system to target iPhones in India.

Third-party breach leads to Delta and Sears customer payment card data exposure

Post published:April 6, 2018
Post category:Data Breach Third-Party Security
Post comments:0 Comments

A data breach of third-party [24]7.ai has exposed customer payment card data of Delta and Sears.