We are seeing a new variation of phishing attack that’s leveraging a users trust of legitimate file sharing services (Dropbox and Egnyte specifically) to increase the effectiveness of their phishing campaigns. We have included similar techniques in a number of recent phishing engagements for clients and have seen a significant increase in the number of […]
These days, it’s not hard to find news stories about personal, private and / or sensitive data being leaked or exposed in massive data breaches. An attacker found a way to get from an untrusted network into the POS system (Target, Home Depot). An attacker found a vulnerability in a website and downloaded a treasure […]
If your business accepts credit cards, you’ve probably heard the term PCI or PCI DSS and whoever does the credit card processing for you (your merchant provider) probably has you fill out a form regularly to verify your compliance with PCI DSS. So, what is PCI DSS Compliance? What is the SAQ (Self Assessment Questionnaire) […]
Executive Summary Financial, healthcare and other personal / private information is a treasure trove for criminals and the proliferation of online records (payment, healthcare, etc.) and data sharing between entities (e.g., web portals for accessing healthcare records, payment portals for both B2B and B2C payment processing, etc.) gives these criminals countless opportunities to find data […]
What is PCI DSS? PCI DSS is the Payment Card Industry Data Security Standard. It is used to establish a security baseline for merchants who process, store or transmit payment card data. If you accept credit cards, PCI DSS applies to you. Are there consequences for failing to maintain PCI Compliance? The short answer is […]
Ransomware is essentially malware that encrypts data and holds the key for ransom. Organizations that find themselves victims of ransomware are required to either pay the ransom (typically several thousands of dollars in the form of cryptocurrency, which can present it’s own challenges) lose their data or restore from backup (if they have one). For […]
Does it seem like you’re receiving more really targeted scam telephone calls and emails lately? If so, it’s not your imagination and you’re not alone. As we lead more and more connected lives, posting more and more data to social media sites, organizations that we do business with and having our information traded by and […]
According to a TechCrunch article, an independent security researcher found a database exposed to the Internet with no password protection containing millions of banking and financial documents including mortgage and tax documents. The article does an excellent job of detailing the findings and the sources but there are a few important things that we can […]
In Georgia, State Bill 315 was introduced in 2018 to criminalize unauthorized computer access. In addition to the two page bill being overly vague and open to interpretation, unauthorized access was already criminalized by the Computer Fraud and Abuse Act (CFAA), a federal law. The bill was quickly passed by the House and Senate and, […]
I read an interesting article from Bruce Schnier today that was basically a commentary on an equally interesting article from Brian Krebs about the recently disclosed Marriott breach. I’ve linked both articles below but wanted to highlight a couple of key points. Accept that you are vulnerable (your data has been, and will continue to […]