Reduce Risk and Make Office 365 More Secure
I’ve noticed a disturbing trend lately. Specifically for Office 365, I’ve seen too many organizations use Global Administrator accounts as their service accounts. This is a bad idea. We should not use...
View ArticleEight P(s) of Enterprise Information Security and Compliance
Forward Often, we hear security professionals talk about the application of “People, Process, and Products” as being the critical tenets of a good security program. While this overall statement is...
View ArticlePart 1: IoT, When my Home Thermostat Becomes a Weapon
This will be a multi-segment series that takes a look at security surrounding the Internet of Things (IoT), where we’ll explore existing threats and delve into a few new ones. Of course, we’ll close...
View ArticlePart 2: IoT, When my Home Thermostat Becomes a Weapon
In the first segment (Part 1), I shared some viewpoints on Internet of Things (IoT) devices, namely using the home thermostat as an example. In this, Part 2, let us take a look at some of the various...
View ArticlePart 3: IoT, When my Home Thermostat Becomes a Weapon
In this, Part 3 of the series, let us continue to look at few more nasty security risks associated with insecure IoT devices. Let’s continue… So, enough with the home thermostat, what about the “real”...
View ArticleArticle 0
I recently read an interesting article written by Paul Mazzucco, CTO at TierPoint, on Radware’s blog entitled, “See Through the DDOS Smoke-Screen to Protect Sensitive Data“. The article raises an...
View ArticleClik here to view.
Integrated Apps Ransomware Potential Exploit
I saw this exploit on LinkedIn and its fairly troubling. Essentially if a user accepts a Third Party Add In to Outlook and grants it the right permissions, the hacker can encrypt their email and hold...
View ArticleGeneral Data Protection Regulation (GDPR) – Stuff you may or may not realize
The General Data Protection Regulation (GDPR) is a data privacy law in the EU (made law in April 2016) which has received a lot of recent attention in the United States, notably because the now...
View ArticleAh… the ol’ Deceptive Distributed Denial of Service
Preface: This blog is a recast of an article that I wrote and posted on Linked-in in January 2017. I recall an interesting and informative article written by Paul Mazzucco, CTO at TierPoint, on...
View ArticleLost Productivity as a Result of an Outage
Much attention is given to the calculated costs associated with a security breach, where the business may experience both downtime (an outage) as well as external costs as you’ll see below. We often...
View ArticleClik here to view.
Health Data (PHI) Breaches – The last 8 Years
Did you know that in the United States, the HITECH Act requires the Secretary of Health & Human Services to post a list of breaches of unsecured Protected Health Information affecting 500 or more...
View ArticleClik here to view.
memcached and massive Denial of Service attack (amplification attack), how to...
Two of the largest distributed denial-of-service attacks in the history of the “World Wide Webs” were launched this past week. This particular attack (called a reflection and amplification attack)...
View ArticleJust Wow! Facebook “shares/sells” 50 million user’s PII without their...
As Facebook continues to explain their inexplicable actions in the Cambridge Analytica scandal, it is clear that the Facebook probably can’t be trusted to regulate itself. Mark Zuckerberg Facebook CEO...
View ArticleUnder Armour Hacked… MyFitnessPal No Longer My Pal
It’s getting difficult for me to determine which security incidents to blog about… First up, Facebook‘s unauthorized sharing/selling of 50 million persons’ private information, a definite FTC violation...
View ArticleFacebook’s big reveal… All 2.2 billion users’ personal data likely misused.
In my recent post about the Facebook and Cambridge Analytica debacle, I shared that 50 million Facebook users’ personal data was sold to Cambridge Analytica without the consent of the user. Well…...
View ArticleGDPR – Can you handle the 72-hour breach notification requirement?
Nearly every security professional knows that the European Union has unleashed a stringent new law called the General Data Protection Regulation (GDPR). Standing out among many complex mandates within...
View ArticleSecurity tools overload? Security-as-a-Service will help
Catapult’s Spyglass security team sees this a lot, and that is, prospective clients with too few resources just trying to keep up: managing many disparate security and monitoring tools, trying to...
View ArticleMayDay: questions and concerns from last-minute GDPR compliance seekers….
It’s been a very long week ushering in the infamous and inevitable May 25th GDPR enforcement go-live date. I’ve been calling this day “MayDay”. May 25th 2018 is going to feel like a Y2K moment to me,...
View ArticleGDPR: Immediate Fallout
The Y2K Event of this decade? GDPR’s hype looked a lot like the millennium cyber-clock meltdown, according to some. But here’s a key difference: GDPR has actually spurred immediate, tangible changes to...
View ArticleClik here to view.
Azure RMS Super Users
Azure RMS and Azure Information Protection offer excellent tools to protect information in your organization. Using them it is easy for end users to encrypt sensitive information so that no matter...
View Article