What you need to know about IoT hacking and medical devices

Some pretty frightening news has come out of the healthcare industry in recent months related to cyberattacks and medical devices. A legal case is now underway questioning the safety of cardiac implants used by a large U.S. hospital. A lawsuit claims the devices are vulnerable to potentially life-threatening cyberattacks. The OneTouch Ping insulin pump has […]

The good (and bad) news behind the Dyn DNS DDoS attacks

Cybersecurity malware cryptolocker

After a massive distributed denial-of-service attack targeted at Dyn DNS, companies are starting to respond and more details are being made public. As I covered in The Dyn DNS attacks: What we know now, the massive attack knocked offline big-name websites, including Amazon services, Tumblr, Twitter, Reddit, Spotify, Netflix, among others. For those not familiar, Dyn […]

Hacking insulin pumps? There’s no excuse anymore

Cybersecurity breaches CSC Blogs

Despite warning after warning – the bad news regarding the security of medical devices keeps rolling in. Late last week, news broke that a researcher from Rapid7 had identified ways to remotely exploit an insulin pump through Radio Frequency (RF) communication. While the risk is low that such attacks would be widespread, the risk is […]

Enterprise security still overlooking this weak link

web application security CSC Blogs

Every year, Web-based attacks are among the most popular attack vector against enterprise data. Of course, the layer of the technology stack where attackers focus their attention changes over time. When viruses and malware were spread by disk, exploitation was primarily aimed at the operating system layers. That changed as systems became connected, and enterprises […]

About that Twitter password ‘breach’

Retail data regulation CSC Blogs

Twitter recently put millions of users on notice to reset their passwords after the company learned that passwords were, somehow, available on the Dark Web. But Twitter contends — and it’s very plausible — that these passwords were not pilfered from Twitter’s servers. According to this Twitter blog post, the “purported Twitter @names and passwords may have […]

LastPass mitigates phishing flaw in its password management software

Cybersecurity threats CSC Blogs

Even as many online services and enterprises have come to embrace stronger authentication, the password still remains the primary key to most online kingdoms. With that in mind, it’s unfortunate that an all-too easy phishing attack made it possible to crack  the widely used password manager LastPass. Prior to publicly disclosing the flaw, Sean Cassidy, the […]