Third-Party Security - Page 3 of 4

NSA: Guidance to mitigate cloud vulnerabilities

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security / By Frank Crast / February 10, 2020 February 15, 2020

The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.

Sodin ransomware spreads through MSPs

Cybersecurity Attacks, Malware, Third-Party Security / By Frank Crast / July 6, 2019 July 6, 2019

Cyber criminals are targeting vulnerable software and gaps in managed service providers’ (MSP) security systems to distribute Sodin ransomware.

Quest Diagnostics data breach impacts 11.9 million patients

Data Breach, Third-Party Security / By Frank Crast / June 4, 2019 June 4, 2019

Quest Diagnostics has confirmed an unauthorized user gained access to a third party billing service system to potentially access personal data on nearly 12 million patients.

Office 365 third-party risks and configuration guidance

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / May 21, 2019 February 1, 2020

A new security report highlights some of the risks organizations face when moving to the cloud and potential configuration vulnerabilities.

Magecart skimming attack targets online campus stores

Application Security, Cybercrime, Cybersecurity Attacks, Data Breach, Fraud, Third-Party Security / By Frank Crast / May 3, 2019 February 1, 2020

Security researchers from Trend Micro have uncovered a Magecart skimming attack that targeted 201 online campus stores in the United States and Canada.

Wipro data breach

Cybersecurity Attacks, Data Breach, Third-Party Security / By Frank Crast / April 16, 2019 June 2, 2019

Cybercrime investigative journalist Brian Krebs reports the Indian IT outsourcing and consulting company Wipro has been hacked. Multiple sources had informed Krebs that attackers breached Wipro’s internal IT systems and then used those systems to then launch attacks against Wipro’s customers.

Operation ShadowHammer hijacks ASUS Live Update to install backdoor

Application Security, Cybersecurity Attacks, Third-Party Security / By Frank Crast / March 25, 2019 February 9, 2020

Cyber attackers have hijacked ASUS Live Update and downloaded a back-doored version to thousands of ASUS PCs last year. The utility is pre-installed on most ASUS computers and is used to keep ASUS PCs up-to-date with latest firmware, drivers and applications.

FEMA leaks personal data records on 2.3M disaster victims

Data Breach, Data Privacy, Third-Party Security / By Frank Crast / March 23, 2019 June 2, 2019

A government report revealed that the Federal Emergency Management Agency (FEMA) did not safeguard disaster survivor’s personal data on up to 2.3 million people. FEMA shared the sensitive personally identifiable information (SPII) with a third party.

Critical Drupal security update

Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / By Frank Crast / January 18, 2019 December 26, 2021

Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

Application Security, Server Security, Standards & Guidelines, Third-Party Security / By Frank Crast / December 20, 2018 April 18, 2020

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”