Search Results for: washburn

Trickbot and Emotet Financial Malware Now Attacking the Healthcare Industry

In a recent Cybercrime Tactics and Techniques Report focusing on the health care industry, cybersecurity company Malwarebytes discovered a significant 82% spike in Trojan malware attacks on health care organizations in Q3 2019. Emotet and TrickBot, two especially sophisticated and dangerous forms of malware, were mostly responsible for this surge. Used primarily as ’banking Trojans” … Continue Reading

Cyber Risk Update for Construction Companies

By Tamara Boeck and Jon Washburn on November 11, 2019 Posted in Cyber Attack, Cyber Crime, Data Breach, Fraud, Privacy

Scammers are always seeking new ways to target victims for Business Email Compromise (BEC) scams, where they leverage email to try to convince you to give them credentials, send them confidential information like W2s, send them money by changing things like direct deposit instructions, or give any other data that can help them profit from … Continue Reading

Is your organization ready for global privacy regulations?

By Jon Washburn on September 18, 2019 Posted in ePrivacy, Privacy

The Internet Society’s Online Trust Alliance (OTA) released a report this week that measured 1200 U.S.-based organizations’ readiness for three major global privacy regulations: the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States that goes into effect January 1, 2020, and the Personal Information … Continue Reading

New tool released that may allow bad actors with almost any skill set to bypass many implementations of Two-Factor Authentication (2FA)

By Jon Washburn on January 9, 2019 Posted in Cyber Attack, Cyber Crime, Phishing, Security, Software

Until recently, hackers have had limited success stealing Two-Factor Authentication (2FA) PIN and token information. Unfortunately, a tool has been released that will now make it much easier for practically any bad actor to bypass many implementations of 2FA: https://www.zdnet.com/article/new-tool-automates-phishing-attacks-that-bypass-2fa/ This does not mean we should stop using Two-Factor Authentication (2FA). We should still use … Continue Reading

Yahoo! Breach Class Action Poised to Settle

By Jon Washburn on October 29, 2018 Posted in Data Breach, Privacy, Security, Uncategorized

The Yahoo! class action over the 2013-2014 hacks, affecting 1 billion (later updated to 3 billion) accounts, is poised to settle for $85 million – and the provision of free credit monitoring services for 200 million account holders for 2 years. While $85 million may seem like a relative bargain compared to the $350 million Verizon … Continue Reading

The Senate Commerce Committee held a second hearing on consumer data privacy, this time with privacy advocates

By Jon Washburn on October 12, 2018 Posted in ePrivacy, Events, Privacy

This past Wednesday, the Senate Commerce Committee held another hearing on consumer data privacy, this time giving voice to prominent privacy advocates. Previous testimony in September from leading technology businesses focused on concerns with the complexity of having to comply with a patchwork of different state privacy regulations, broad definitions of “personal information” in the … Continue Reading

NIST announces project to develop new Privacy Framework

By Jon Washburn on September 17, 2018 Posted in Announcements, ePrivacy

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced recently that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk. According to NIST Director Walter G. Copan, “The development of a privacy framework through an open process of stakeholder engagement is intended to … Continue Reading

When was the last time you looked at RDP access?

By Jon Washburn on August 15, 2018 Posted in Cyber Attack, Cyber Crime, Data Breach, Security

A presentation at Black Hat recently revealed that the creators of the “SamSam” ransomware have netted over $6M to date, attacking mostly medium-to-large public and private sector organizations. And they’re showing no signs of slowing down. In the most recent SamSam attacks, the attackers concentrated their efforts on brute-force hacking of weak passwords on devices accessible … Continue Reading

New threat targeting old medical imaging equipment

By Jon Washburn on April 30, 2018 Posted in Cyber Attack, Cyber Crime, HIPAA, Industrial Control Systems, Security

Health care providers and suppliers should be wary of the “Orangeworm” threat, an implementation of malware out in the wild that’s gathering information off of compromised medical equipment, especially old systems where file shares and Windows XP are still in use: https://www.zdnet.com/article/mysterious-cyber-worm-targets-medical-systems-found-on-x-ray-machines-and-mri-scanners/ While this group seems to be limiting their actions to reconnaissance and compromising … Continue Reading

List of Pending 2018 Breach Legislation

By Jon Washburn on March 19, 2018 Posted in Data Breach, Law/Regulation Update

While we have yet to see much in the way of major changes (or punishment) following the massive Equifax data breach last year, there are many changes being introduced at the state level with regard to breach notification, penalties, whether or not credit reporting agencies can charge you for freezing your credit, and consumer rights … Continue Reading