Cyber Risk Archive
Third-party attack on cryptocurrency exchange

Third-Party Attack on Cryptocurrency Exchange Gate.io

One of the largest cryptocurrency exchange, gate.io, was targeted by a third-party, aka supply-chain attack. The attackers inserted a malicious code to a Web Analytics tool, called StatCounter, to steal bitcoins from gate.io. A sophisticated attack with one goal; BTC theft As the latest ESET research reveals thedetails on the attack, we see that it […]
Cyber Exposure

Reduce Your Cyber Exposure to Mitigate Your Cyber Risk

Today many companies invest in digital platforms, cloud services, Internet-of-Things (IoT) systems, Software-as-a-Service (Saas) systems, web-based applications, mobile applications, and advanced automation systems for digital transformation. With the increase in digital transformation, despite its great advantage to ease business and development processes, the cyber risk increases with the expanding cyber exposure. The bring-your-own-device (BYOD) policies […]
ssl tsl secure connection

How Strong is Your SSL/TLS? 6 Simple Steps to Make it Stronger

Secure Sockets Layer (SSL) protocol and its successor Transport Layer Security (TLS) protocol secure connections between web servers and browsers. If a company’s website requests sensitive data such as credit card information, then SSL/TLS certificate is a must. Especially, e-commerce websites use SSL/TLS to encrypt such information. Do I need an SSL/TLS? SSL/TLS has become […]
thirdy-party risks

2018 Guide to Select 3rd Party Cyber-Risk Assessment Tool

A recent survey conducted by Ponemon Institute reveals that 56% of companies have experienced a 3rd-party breach in 2017, which is an increase of 7% compared to previous year. Another survey conducted by Deloitte in 2016 was more depressive, reporting that 87% of organizations have experienced a disruptive incident with third-parties in the last 2-3 […]
supply chain hacker attacks

Are You Ready for Hackers Incoming Supply-Chain Attacks?

Are you ready for hackers’ incoming supply-chain attacks? A recent report released by 401TRG (the Threat Research & Analysis Team at ProtectWise) reveals that Chinese hackers, who have abundant experience on APTs, are now getting prepared for software supply-chain attacks. Are your ready? What is software supply-chain attack? Hackers usually insert a backdoor to a […]
normshield supply chain

Supply Chain Cyber Risk are Finally Part of the NIST Cybersecurity Framework!

Recently, National Institute of Standards and Technology (NIST) released new version of its Cybersecurity Framework (v. 1.1), which includes several additions such as cyber risk originated from supply chains. The version 1.1 is a risk-based framework to improve cybersecurity of critical infrastructure in the US. However, it is used by many companies as a guideline […]