Yahoo Admits Half a Billion Users’ Info Hacked

Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users.  The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords.  Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.

FDIC IT Exam Update

The FDIC has updated their IT Examination procedures.  On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions.  The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place.   Contine reading

Ransomware: Malware in its cruelest form

Ransomware is another type of malware, but this one carries a bit of a sting.  Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s.  Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box.  Ransomware has been the headline for 2016.  If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading

Verizon Data Breach Investigations Report 2016

It’s that time of the year again!

Verizon released its Data Breach Investigations Report for 2016.  For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches.  The current report analyzes over 100,000 incidents that occurred in 2015.  It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading

Verizon Confirms Breach Affecting Business Customers

Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal.  Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”  Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.