Other Archive

Misconfigured Server by the Third Party Vendor Exposed 2.8 Million Customer Records

A security incident accidentally exposed 2.8 million customer information of CenturyLink due to a misconfigured MongoDB database affiliated with a third-party vendor. The name of the third-party vendor is not disclosed but it is a notification platform used by CenturyLink. The exposed data may include possibly including names, addresses, phone numbers, email addresses, and CenturyLink […]

Open Banking and Cyber Security in 10 Questions

1.  What is Open Banking? Open Banking is a system that shares financial institutions’ data, capabilities and/or processes to ensure the secure accession and availability of financial information to the users via third parties including fintech firms, technology providers, and other institutions by using Application Programming Interfaces (APIs). Your financial information is yours, and if […]
Health Institutions Suffer Third-Party Data Breaches Exposing Millions of Patient Records: How Can You Protect Against Another Breach?

Health Institutions Suffer Third-Party Data Breaches Exposing Millions of Patient Records: How Can You Protect Against Another Breach?

The data breach experienced by American Medical Collection Agency (AMCA), a third-party bill-collection vendor for the health institutions, affected 17 health institutions including the United States’ biggest lab testing companies, Quest and LabCorps. The incident came to light in early June. Hackers exploited a vulnerability in AMCA’s web payment portal, the company’s database filled with […]
Rapid Cyber Risk Scorecard

NormShield Launches Industry-First Rapid Cyber Risk Scorecard

New Offering Generates Report-Card Style, Third-Party Cyber Risk Analytics in 60 Seconds Mclean, Va., April 01, 2019 – NormShield, provider of on-demand cyber risk scorecards for enterprises, has launched its industry-first Rapid Cyber Risk Scorecard, the only risk assessment solution that delivers detailed, accurate data on any company’s security vulnerabilities in 60 seconds or less. […]
Popular Video-Sharing Platform Hit by Credential-Stuffing Attack

Popular Video-Sharing Platform Hit by Credential-Stuffing Attack

The popular video-sharing platform, DailyMotion, released an announcement on January 25 about a persistent attack on their system. It is an ongoing attack where attackers use previously compromised username/password combinations. The press release read: “The attack consists in “guessing” the passwords of some dailymotion accounts by automatically trying a large number of combinations, or by […]
The 10 Most Promising Cybersecurity Solution

Normshield Recognized on The 10 Most Promising Cybersecurity Solution Providers List

Normshield Recognized by CIOReview Magazine on 10 Most Promising Cybersecurity Solution Providers List of 2018. “CIOReview has shortlisted the most cutting-edge solutions that offer tailor-made and efficient solutions for cybersecurity”. The annual list consists of 10 companies at the forefront of providing cybersecurity solutions and impacting the industry. CIO Review featured Normshield’s unique capability of […]
iso 27001

Do You Monitor Your Suppliers? ISO/IEC 27001 Regulations Say You Should

Suppliers, in general third parties, have become one of the weaker links in the system. Recent TicketMaster data breach show how third parties may carry too much risk to your organization. Thus, they should be constantly monitored as ISO 27001 standard suggests. What is ISO/IEC 27001? ISO/IEC 27001 (some only write ISO 27001) is an […]
supply chain hacker attacks

Are You Ready for Hackers Incoming Supply-Chain Attacks?

Are you ready for hackers’ incoming supply-chain attacks? A recent report released by 401TRG (the Threat Research & Analysis Team at ProtectWise) reveals that Chinese hackers, who have abundant experience on APTs, are now getting prepared for software supply-chain attacks. Are your ready? What is software supply-chain attack? Hackers usually insert a backdoor to a […]
normshield supply chain

Supply Chain Cyber Risk are Finally Part of the NIST Cybersecurity Framework!

Recently, National Institute of Standards and Technology (NIST) released new version of its Cybersecurity Framework (v. 1.1), which includes several additions such as cyber risk originated from supply chains. The version 1.1 is a risk-based framework to improve cybersecurity of critical infrastructure in the US. However, it is used by many companies as a guideline […]