Earlier this month, we learned that the SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1*, released between March 2020 and June 2020, were compromised by an advanced persistent threat actor (or APT). The perpetrators of this sophisticated attack implanted a Trojan into a legitimate update to the Orion Platform
Training
When proactive measures fail, the kill chain may still help recapture miswired funds
The “kill chain” is a phrase that refers to the FBI’s ability to interrupt or kill the miswiring and loss of funds.
This is an extremely powerful resource given that cyber criminals have been targeting entities that use Microsoft Office 365 and Google G Suite to perpetuate business email compromise (BEC) scams. The “phish kits”…
Not in California? Here’s Why the CCPA Should Still Be on Your Radar
Even if your business is based on the East Coast, you are likely to feel the effects of the California Consumer Privacy Act (“CCPA”), which will be effective January 1, 2020.
CCPA applies to for-profit businesses that:
- Do business in the state of California; collect, or contract with a vendor for the collection of, personal information of “consumers[1]”; and determine the means or purpose of processing the data and…
- Have annual gross revenues in excess of $25,000,000 OR
- Buy, receive, sell or share information about 50,000 or more consumers, households or devices for commercial purposes OR
- Derive more than half of their revenue from selling consumers’ personal information.
So… if you are not doing business in California, or you do not fall into one of the sub-categories enumerated above, why do you need to worry about CCPA?
Continue Reading Not in California? Here’s Why the CCPA Should Still Be on Your Radar
Wipro Breach: What to do now
Wipro, one of the world’s largest outsourcing companies, has confirmed that it was the subject of a cyberattack and that its attackers used – and may be continuing to use – access to Wipro’s systems to launch phishing campaigns against the company’s customers.
The investigation is ongoing, but if you or your clients use Wipro,…
Ten tips for cyber mindfulness and data security (even on a limited budget)
One of the most common misconceptions surrounding cybersecurity and data protection measures is that they are too expensive to deploy and maintain – so much so that they become prohibitive for small and middle market businesses. Another one I hear often is that the implementation process can seem daunting for business owners who may be…
Ask First!
One of my husband’s goodhearted employees nearly fell victim to a scam that has been rampant throughout the country. The employee received an email from a senior staff member (or so it seemed) asking if he was in the office. It was early on a Friday morning, before many people had arrived. The employee, never…
From victim to accomplice: When liability shifts in cases involving corporate data breaches
As the target of a corporate cyber breach, are you a victim – along with your customers and personnel – or are you a “willing” accomplice to the crime?
This week, a U.K. bank was fined in excess of $21 million dollars for failing to protect its systems and customers against a “foreseeable” cyber-attack that…
Quick Cash = Quick Breach
Many businesses and individuals dispose of aging equipment, laptops, desktops, servers and more by monetizing those items. Disposal may be by sale at auction or donation to charity. Some companies now lease equipment, and turn over such items at lease end. However, many businesses and individuals forget – or do not realize – that their…
Making the Case for Continuous Employee Cybersecurity Training
The American Bar Association’s recent cybersecurity webinar reminded us all that the largest source of cyber loss is still people. And for businesses, it is their employees who continue to click on suspicious links and respond to phishing and other scams.
If you think this does not apply to you or your business, think back…