Doug Olenick SC Media

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

WordPress plugin zero day exploited in the wild

By

Hackers are continuing to abuse the recently patched zero day vulnerability in the WordPress plugin Easy WP SMTP that if exploited can give attackers administrative control of a site. The zero day was first exploited in the wild for version 1.3.9 on March 15 and WordPress issued an update to pushing out version 1.3.9.0 on…

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

Medtronic defibrillators vulnerable to attack

By

The Department of Homeland Security is warning users of Medtronic defibrillators of two vulnerabilities that could lead to an attacker accessing and altering the device. The warning, which was issued through the DHS Cybersecurity and Infrastructure Security Agency, covers two vulnerabilities, CVE-2019-6538 and CVE-2019-6540. A complete list of the models affected can be found here.…

Top five application security pitfalls to avoid

What are the common perils and pitfalls CISOs should consider when investing in corporate application security and Application Security Testing (AST)? Spending without holistic application inventory Shadow and legacy web-based systems, abandoned web services and APIs, expired SSL certificates, and unprotected cloud storage (e.g. AWS S3 buckets) adversely affect even the vast majority of FT 500…

Google, Facebook fraudster pleads guilty to stealing $123 million in BEC scams

By

A Lithuanian man plead guilty in the U.S. District Court Southern District of New York earlier this week for using an advanced business email compromise campaign to defraud Google and Facebook out of an estimated $123 million. Evaldas Rimasauskas was indicted in December 2016 then arrested in Lithuania in March 2017 and extradited to the…

The death of the VPN – It’s time to say goodbye

Virtual private networks, VPNs, have often been referred to as the “backbone of the enterprise network.”  This is a bold statement to make about a technology that essentially hasn’t changed in almost over two decades.  And yet, a VPN’s ability to offer employees, third parties and even customers “secure” remote access into enterprise applications and…

NetflixRat

Amex, Netflix customers targeted in phishing campaign

By

Windows Defender Security Intelligence’s Office 365 Threat Research team has uncovered a phishing campaign targeting Netflix and American Express that attempt to steal payment card information. The campaign was detected on the weekend of March 16 and is still active, according to the Windows Defender Security Intelligence Twitter feed. In each case the phishing emails…

Rutland Regional Medical Center, Zoll reveal data breaches

By

Two healthcare organizations suffered data breaches due to their email service resulting in more than 72,000 records being exposed. Rutland Regional Medical Center in Vermont reported several employee email accounts have been compromised, while the medical products firm Zoll had data possibly exposed when an email server migration went awry. In both cases the patient…

RiskSec Preview: Mark Eggleston, Health Partners Plans

By

Enlisting FUD (fear, uncertainty and doubt) to argue for security budgets was commonly practiced by many security pros back in the day. It’s not a useful tactic nowadays, although more widespread hype about cybersecurity threats is common in mainstream coverage and some marketing collateral directed at executives less knowledgeable about industry happenings. At RiskSec 2019…

Next post in Opinion