Patching the Iron Tail Is Easier Said than Done

By | 2017-10-13T23:45:53+00:00 October 12th, 2017|Expert Analysis on Hacks & Attacks, Virsec in the News|

Cyber Defense, October 10, 2017; Willy Leichter contributes article to eMagazine While Patching Is Best Practices Approach, Some Organizations Have Complex Reasons for Delaying In our new reality of a new hack every week, if not every day, it’s easy to want to find someone to blame. An easy place to point a finger is [...]

Alive and Kickin’

By | 2017-10-11T05:20:23+00:00 October 11th, 2017|Virsec in the News|

SC Magazine, October 2, 2017; Satya Gupta comments on ransomware and fileless attacks. Fileless ransomware attacks threaten SQL databases, IoT devices, while escaping notice of traditional defense systems Ransomware is not only alive and kickin’ – but its evil authors are continually morphing and developing new ways to torture our networks and ruin plenty of [...]

Yahoo data breach found to affect all 3 billion users

By | 2017-10-11T05:21:17+00:00 October 9th, 2017|Virsec in the News|

Search Security Tech Target, October 9, 2017; Willy Leichter comments on recent breach impact. Mass amounts of Yahoo account data stolen but not discovered or reported for years The number three billion, as in 3 billion users affected in a data breach, is getting close to half the entire world population (measured at 7.4 billion [...]

Here’s a way to make companies with large databases keep our info safe

By | 2017-10-07T00:52:25+00:00 September 29th, 2017|Virsec in the News|

LA Times, September 29, 2017 When we as consumers and customers hear yet again that our personally identifiable information (PII) has been stolen by hackers, it’s frustrating and concerning. It would be even if the company who held our data had done everything possible to protect that information and was still compromised. But when we [...]

Deloitte Cyber Attack

By | 2017-10-10T19:53:50+00:00 September 29th, 2017|Virsec in the News|

Willy Leichter comments on the Deloitte cyber attack: “Cyberattacks are part of everyday life for most organizations. The key question is not whether you get hacked, or even whether you have vulnerabilities. What’s critical is to react quickly and close the window of opportunity to limit damage. If Deloitte had setup a security system for a client [...]

Mobile apps cited in Deloitte trophy breach

By | 2017-10-06T14:57:32+00:00 September 29th, 2017|Expert Analysis on Hacks & Attacks, Virsec in the News|

The Green Sheet, September 29, 2017 Deloitte’s recent breach resulted in customer emails and other personal info being stolen. Deloitte ended up on the hot seat for that and for not knowing until recently the breach had been going on since late 2016. It appears that the attackers got in at least in part through [...]

Hack of SEC files opens door to illegal insider trading

By | 2017-10-09T04:40:06+00:00 September 29th, 2017|Virsec in the News|

Atiq Raza comments on the SEC data breach: “This attack is especially alarming because of the clear path to monetize this data through illicit trading. We’re also seeing continued erosion of the trust that organizations like the SEC, as well as credit bureaus, financial institutions, health care providers, and government agencies need to operate. It’s critical [...]

Researchers find 7 percent of all Amazon S3 servers exposed

By | 2017-10-07T04:42:03+00:00 September 28th, 2017|Virsec in the News|

SC Magazine, September 28, 2017 One possible explanation for so many recent exposures of data could be in part due to the discovery that 7 percent of Amazon S3 servers have been open and accessible online. Meaning, the private information they house from all manner of companies and their customers, including personally identifiable information (PII), [...]

Iranian APT33 Hackers Launch Phishing Attacks on Aviation, Energy Industries

By | 2017-10-05T17:58:15+00:00 September 28th, 2017|Virsec in the News|

eSecurity Planet, September 28, 2017 Over a period of more than six months, an Iranian government-sponsored hacking group called APT33 successfully launched phishing attacks against companies in the US, Saudi Arabia and South Korea. Their cyber espionage efforts successfully gained access to a US organization in the energy sector and went after an oil refinery [...]

What is a fileless attack? How hackers invade systems without installing software

By | 2017-10-06T18:10:11+00:00 September 21st, 2017|Equifax, Expert Analysis on Hacks & Attacks, Virsec in the News|

CSO Online, September 21, 2017 Fileless attacks operate in a computer’s RAM memory rather than on hard drives and this gives hackers a stealthier way to invade networks and applications. Because no (or very little) malware or foreign code is placed inside the victim’s system, such attacks are called “zero footprint, macro or non-malware” attacks. [...]