Cyber Security Archive
Third-party attack on cryptocurrency exchange

Third-Party Attack on Cryptocurrency Exchange Gate.io

One of the largest cryptocurrency exchange, gate.io, was targeted by a third-party, aka supply-chain attack. The attackers inserted a malicious code to a Web Analytics tool, called StatCounter, to steal bitcoins from gate.io. A sophisticated attack with one goal; BTC theft As the latest ESET research reveals thedetails on the attack, we see that it […]
Many major companies including Amazon, Apple, etc

Major third-party breaches revealed in October 2018

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Data breaches caused by third parties cost millions of dollars to large companies. Third-parties include broad range of companies a company directly worked with such as […]
Cyber Exposure

Reduce Your Cyber Exposure to Mitigate Your Cyber Risk

Today many companies invest in digital platforms, cloud services, Internet-of-Things (IoT) systems, Software-as-a-Service (Saas) systems, web-based applications, mobile applications, and advanced automation systems for digital transformation. With the increase in digital transformation, despite its great advantage to ease business and development processes, the cyber risk increases with the expanding cyber exposure. The bring-your-own-device (BYOD) policies […]
Misconfigured cloud servers top 10

Open Invitation to Hackers: Misconfigured Cloud Servers

Many companies use cloud servers to store their data. Despite their great advantage, misconfigured servers may expose sensitive data, a mistake which is an open invitation to hackers to dump and use a company’s data for their malicious activities. How is it possible? 4th party service providers, such as cloud storage providers, improve their cyber […]
normshield ip blacklist service

Check Whether Your IP Assets Are Blacklisted Or Not For Free

Employees may download applications that compromise computers and network. As a result, IP address can become part of a hacker’s network and hosting malware. Hackers can leverage IP addresses for Advanced Persistent Attacks, a situation that can compromise the company’s brand reputation and lead to a breach. IP Reputation tells something about your company NormShield […]
thirdy party problem

Are Your Third-Parties PCI-Compliant?

Payment Card Industry (PCI) Security Standard Council releases Data Security Standard to explain requirements and security assessment procedures. The latest version (v 3.2) was released on April 2016 and starting February 2018 it became effective as requirements. But what PCI says about third-party cyber risk management? What is PCI Data Security Standards? PCI is an […]
GDPR Compliance Checker

Free GDPR Compliance Checker

The Europe Union (EU) General Data Protection Regulation (GDPR) proposed by Europe Commission became active after May 25, 2018. GDPR has very strict rules about collecting, storing, and processing data. Gathering even very small piece of information about an EU citizen requires consent from customer/visitor and very high responsibility for the companies. The fines are […]
iso 27001

Do You Monitor Your Suppliers? ISO/IEC 27001 Regulations Say You Should

Suppliers, in general third parties, have become one of the weaker links in the system. Recent TicketMaster data breach show how third parties may carry too much risk to your organization. Thus, they should be constantly monitored as ISO 27001 standard suggests. What is ISO/IEC 27001? ISO/IEC 27001 (some only write ISO 27001) is an […]
cobit organization

Third-Party Risk Management from COBIT’s perspective

Since its release in 2012, COBIT 5 has become a good-practice framework for IT management and governance for enterprises. By following certain checkpoints in the framework, a company can create a good IT risk management. It’s not surprising that COBIT emphasize third party risk management considering major cause of recent data breaches are third parties. […]