Cyber Security Archive
ticketmaster

Lesson from TicketMaster Breach: CDN Security of third-party suppliers

UK-based company TicketMaster, a ticket sales and distribution company, experienced a major breach as they announced on June 27. Upto 40,000 UK citizens might have been affected while their customer information are compromised. Many reports confirmed that TicketMaster was not directly breached or compromised, but a third-party supplier for their website was the one that […]
Outsmart Your Hackers

Outsmart Your Hackers

The simple truth: you are being targeted right now by a range of hackers from young-age script kiddies to sophisticated state-sponsored agents. They all have one thing in common, they are looking for a way to disrupt your business. When hackers identify their targets, they first conduct cyber reconnaissance. they quietly scan and map your […]

3.8 Billion Stolen Credentials are out there! How about yours?

According to the 4iQ Identity Breach Report, 8.7 billion (detected and verified) raw identity-record data are on the surface, deep, and dark web in 2017, that is 182% increase compared to previous year. 44% of this data (around 3.8 billion) are usernames, passwords, and other credential information. You may hack through credential stuffing Credential stuffing […]
Artificial Intelligence

Artificial Intelligence for Cyber Security

Every organization and every company need to be protected against cyber attacks. The risk increases year by year as a result of developing technology whereas the potential attacks can be detected a lot easier using technology (again). So, technology works for both parties – those who hack and are hacked. Artificial intelligence for cyber security […]
patch management

Have you patched your holes? 6 Simple Things for Patch Management

A vulnerability is a hole or a weakness in an application. It can be a design flaw or a bug. Attackers exploit vulnerabilities to harm the application owner, application users, and other entities that rely on the application. Patch management is the process of software updates to eliminate vulnerabilities or mitigate cyber risk caused by […]
patch management

What is Patch Management?

What is Patch Management? Patch management is a strategy for systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system. This intervention enables systems to stay updated on existing patches, and helps also IT teams determine which patches are the appropriate ones. As a part of change management, […]
thirdy-party risks

2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 […]
supply chain hacker attacks

Are You Ready for Hackers Incoming Supply-Chain Attacks?

Are you ready for hackers’ incoming supply-chain attacks? A recent report released by 401TRG (the Threat Research & Analysis Team at ProtectWise) reveals that Chinese hackers, who have abundant experience on APTs, are now getting prepared for software supply-chain attacks. Are your ready? What is software supply-chain attack? Hackers usually insert a backdoor to a […]
normshield supply chain

Supply Chain Cyber Risk are Finally Part of the NIST Cybersecurity Framework!

Recently, National Institute of Standards and Technology (NIST) released new version of its Cybersecurity Framework (v. 1.1), which includes several additions such as cyber risk originated from supply chains. The version 1.1 is a risk-based framework to improve cybersecurity of critical infrastructure in the US. However, it is used by many companies as a guideline […]
iot devices security

Add Your IoT Devices to your Third-Party Cyber Risk Assessments

Internet of Things (IoT) is a new concept surrounding us every day. But security of IoT devices is defined by S in the abbreviation of the term. You may say “but there is no S in IoT”. Well, that is exactly my point. In April, a casino was hacked through a thermometer, an IoT device […]