Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Apple has chosen to temporarily disable a key feature of the Apple Watch after a critical vulnerability was discovered that could allow someone to eavesdrop on another person without their knowledge. The Apple Watch feature at the heart of the problem is Apple’s Walkie-Talkie app which allows users to “push to talk” with other Apple Watch owners via a real-time voice message, rather than having to make a call or laboriously type a text message.

The New York State Legislature recently passed a bill that aims to protect New York residents, regardless of the location of the business. The law, known as the Stop Hacks and Improve Electronic Data Security (SHIELD) Act is designed to address unauthorized access of data. The bill expands the definition of “Breach of the security of the system” by adding the wording “access to” data. The original regulation contemplated the acquisition of data.

There are Red Sox, White Sox, and Fox in Socks. At the turn of the century, a new SOX entered our lexicon: The Sarbanes-Oxley Act of 2002. This financial regulation was a response to large corporate misdeeds at the time, most notably Enron misleading its board through poor accounting practices and insufficient financial oversight. The regulation seeks to ensure accurate and reliable financial reporting for public companies in the United States.

“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had a real subject matter expert who cared about the end goal: students educated in math.

Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all attacks rely on vulnerabilities, while others still are under the false impression that all software patches will work without a hitch.

European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 million) stolen from users of cryptocurrency exchange. In a press release, Europol described how five men and one woman were simultaneously arrested on Tuesday morning at the homes of the suspects in Charlcombe, Lower Weston and Staverton (UK) and Amsterdam and Rotterdam (the Netherlands).

In the attacker’s world, all vulnerabilities and potential exploits work toward the hacker’s advantage — not yours, not mine. This includes WordPress hacks. While living back east (over a decade ago), I was friends with several small business owners. One weekend morning, the owner of the local photography studio called me at 7 am and said: “I think I’ve been hacked.” I could hear the soft clicking of a keyboard in the background.

We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services, but this time we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) is growing at an impressive 83 percent year over year, but generally receives less focus than AWS and Azure. We can use some of our best practice cloud security knowledge to outline some fundamental steps for keeping Google Cloud Platform secure.

Normally, when you hear about stocks dropping, it’s due to some scandal or crisis. Market watchers will tell you that a range of elements can affect the value of a publicly traded company and cause stock prices to rise or fall. Consumer confidence is a major factor that influences a company’s reputation and perceived value. What does that have to do with data breaches? A lot more than you might think.

The recent Vectra 2019 Spotlight Report on Healthcare indicates that the proliferation of healthcare internet-of-things (IoT) devices, along with a lack of network segmentation, insufficient access controls and reliance on legacy systems, has created an increasing attack surface that can be exploited by cyber criminals determined to steal personally identifiable information (PII) and protected health information (PHI) in addition to disrupt healthcare delivery processes.