NormShield Blog

Health Institutions Suffer Third-Party Data Breaches Exposing Millions of Patient Records: How Can You Protect Against Another Breach?

Health Institutions Suffer Third-Party Data Breaches Exposing Millions of Patient Records: How Can You Protect Against Another Breach?

The data breach experienced by American Medical Collection Agency (AMCA), a third-party bill-collection vendor for the health institutions, affected 17 health institutions including the United States’ biggest lab testing companies, Quest and LabCorps. The incident came to light in early June. Hackers exploited a vulnerability in AMCA’s web payment portal, the company’s database filled with […]

Steps to Mitigate What Happened in The Capital One Data Breach

Steps to Mitigate What Happened in The Capital One Data Breach

Capital One Bank announced [1] that on July 19, 2019, they determined an intrusion to their system that has affected approximately 100 million individuals in the United States and approximately 6 million in Canada. The stolen data includes “personal information Capital One routinely collects at the time it receives credit card applications, including names, addresses, […]

Major Third-party Breaches Revealed in June 2019

Major Third-party Breaches Revealed in June 2019

A recent survey conducted by Ponemon Institute reveals that 59% of companies have experienced a third-party breach in 2018, which is an increase of 3% compared to the previous year. Data breaches caused by third parties cost millions of dollars to large companies. Third-parties include a broad range of companies a company directly worked with […]

GitHub Account of Canonical (Ubuntu Maker) Hacked; Cyber Risk & Third-Party Code-Sharing Sites

GitHub Account of Canonical (Ubuntu Maker) Hacked; Cyber Risk & Third-Party Code-Sharing Sites

A third-party code sharing site was part of the latest breach. On July 6, the GitHub account of Canonical Ltd was hacked. Canonical is well-known for developing the famous Ubuntu Linux Distribution. The accounts on third-party code-sharing sites like GitHub may reveal critical information to adversaries when they are hacked. In a public announcement, Ubuntu […]

Worst Passwords of 2018

It’s Time To Change Your Password – Worst Passwords of 2018

By Joshua Belk, NormShield Security Team Every year these lists are published and for good reason. Many people don’t take the time to update the default settings or simply reuse the same password for everything. These are the Top 25 Worst Passwords from 2018 based on over 5 million leaked passwords.[1] Avoid them and protect […]

Major Third-party Breaches Revealed in May 2019

A recent survey conducted by Ponemon Institute reveals that 59% of companies have experienced a third-party breach in 2018, which is an increase of 3% compared to the previous year. Data breaches caused by third parties cost millions of dollars to large companies. Third-parties include broad range of companies a company directly worked with such […]

How To Measure What Hackers Know About You

Companies invest in cyber security to protect themselves against cyber attacks. They get cyber security products/solutions from SIEM solutions, SOC services to Firewalls, IPS/IDS devices, etc. to detect and remediate cyber incidents. With all these security measures, how safe are you? Is there a way to measure it? Or in other words, is it possible […]

Major third-party breaches revealed

Major Third-party Breaches Revealed in January 2019

A recent survey conducted by Ponemon Institute reveals that 59% of companies have experienced a third-party breach in 2018, which is an increase of 3% compared to previous year. Data breaches caused by third parties cost millions of dollars to large companies. Third-parties include broad range of entities a company directly worked with, such as […]

Popular Video-Sharing Platform Hit by Credential-Stuffing Attack

Popular Video-Sharing Platform Hit by Credential-Stuffing Attack

The popular video-sharing platform, DailyMotion, released an announcement on January 25 about a persistent attack on their system. It is an ongoing attack where attackers use previously compromised username/password combinations. The press release read: “The attack consists in “guessing” the passwords of some dailymotion accounts by automatically trying a large number of combinations, or by […]

Magecart attackers

An Attack on 3rd-Party Advertising Company Increased Cyber Risk of European E-Commerce Sites

A malicious code injected to a third-party Javascript of an advertising agency targets credit card information of online shoppers at European-based e-commerce sites. Many websites leverage Javascripts to track their visitors, collect analytics, etc. So, use of a Javascript library of an advertising agency is not uncommon. External Javascripts that run at your website pose […]