Hackers are continuing to abuse the recently patched zero day vulnerability in the WordPress plugin Easy WP SMTP that if exploited can give attackers administrative control of a site. The zero day was first exploited in the wild for version 1.3.9 on March 15 and WordPress issued an update to pushing out version 1.3.9.0 on…
The Department of Homeland Security is warning users of Medtronic defibrillators of two vulnerabilities that could lead to an attacker accessing and altering the device. The warning, which was issued through the DHS Cybersecurity and Infrastructure Security Agency, covers two vulnerabilities, CVE-2019-6538 and CVE-2019-6540. A complete list of the models affected can be found here.…
What are the common perils and pitfalls CISOs should consider when investing in corporate application security and Application Security Testing (AST)? Spending without holistic application inventory Shadow and legacy web-based systems, abandoned web services and APIs, expired SSL certificates, and unprotected cloud storage (e.g. AWS S3 buckets) adversely affect even the vast majority of FT 500…
A Lithuanian man plead guilty in the U.S. District Court Southern District of New York earlier this week for using an advanced business email compromise campaign to defraud Google and Facebook out of an estimated $123 million. Evaldas Rimasauskas was indicted in December 2016 then arrested in Lithuania in March 2017 and extradited to the…
For the second time in one week security advisories were issued for a line of Cisco IP phones. On March 20 the company addressed vulnerabilities in its Series 7800 and 8800 phones, this follows a pair of advisories that were issued on March 14 covering its SPA514G IP phones. All the warnings are rated high.…
Virtual private networks, VPNs, have often been referred to as the “backbone of the enterprise network.” This is a bold statement to make about a technology that essentially hasn’t changed in almost over two decades. And yet, a VPN’s ability to offer employees, third parties and even customers “secure” remote access into enterprise applications and…
Windows Defender Security Intelligence’s Office 365 Threat Research team has uncovered a phishing campaign targeting Netflix and American Express that attempt to steal payment card information. The campaign was detected on the weekend of March 16 and is still active, according to the Windows Defender Security Intelligence Twitter feed. In each case the phishing emails…
Two healthcare organizations suffered data breaches due to their email service resulting in more than 72,000 records being exposed. Rutland Regional Medical Center in Vermont reported several employee email accounts have been compromised, while the medical products firm Zoll had data possibly exposed when an email server migration went awry. In both cases the patient…
Enlisting FUD (fear, uncertainty and doubt) to argue for security budgets was commonly practiced by many security pros back in the day. It’s not a useful tactic nowadays, although more widespread hype about cybersecurity threats is common in mainstream coverage and some marketing collateral directed at executives less knowledgeable about industry happenings. At RiskSec 2019…
About a year ago, we raised our seed round of investment. By that time, we already had a promising sales funnel and our potential customers saw great value in the product. And yet, as we continued filling our pipeline with potential clients, it didn’t take long for us to realize security was going to be…
