The Community Health Systems Breach

Was Heartbleed at the Heart of This Health Care Breach?

Joseph (JB) Blankenship

August 22, 2014 - Posted by Joseph (JB) Blankenship to Security Insight

Healthcare Data Security

Community Health Systems (CHS), a publically-held company operating 206 hospitals in 29 states, recently announced in an 8-K filing that it has become one of the latest victims of a major data breach. The filing revealed that the attack most likely occurred in April and June of 2014, compromising approximately 4.5 million records. This number surpasses the previous health care data breach record of 1.3 million records at the Montana Department of Public Health in May 2014.

While no credit card information was revealed, the attackers did gain access to non-medical personal health information (PHI) that included “patient names, addresses, birthdates, telephone... read more >

DEF CON 22 and Social Engineering

Understanding Social Engineering Tools, Tactics and Techniques

Tim Roberts

August 21, 2014 - Posted by Tim Roberts to Security Insight

Hacker Using Computer

This blog was co-written by Solutionary Offensive Security Consultants Tim Roberts and Brent White.

Attendees stood shoulder to shoulder, many carrying with bags with antennas that bumped into mini-drones flying overhead. Eyeballs were poked by mohawks. Laptop lights illuminated the hordes of people marching down the hall of the Rio Hotel and Casino in Las Vegas, NV.

Consultants, cyber-punks, script kiddies, old oracles and government agents all mingled together, blurring the line of who is who. Some of the most talented, professional, ambitious and mischievous hackers gathered in the desert for a long weekend of exploits, lectures, networking, lock picking, hardware modifications, competitions and the sharing of war stories.

This was DEF CON 22.

A plethora of subjects were presented this year. In addition to the... read more >

Balancing Risk, Reward and Cost

Assessing and Balancing Risk in Life as well as Information Security

Joseph (JB) Blankenship

August 19, 2014 - Posted by Joseph (JB) Blankenship to Security Insight

Beach Shark Risk

My wife and I went to Destin, FL this past weekend. Both of us are beach lovers. We were even married on the beach back in May. This beach trip, however, was a little different for us. For the first time ever, we were worried about the risk involved with both going in the water and enjoying raw oysters (one of our favorite treats).

You may be thinking that we were worried about going in the water because of the Discovery Channel’s Shark Week (which was last week) or the recent surge in shark sightings. You may be thinking that we were concerned with eating raw oysters because they are “icky.”

Neither of those are true.

In fact, we were concerned about the risk associated with the water and the oysters because of the tiniest of threats, a bacterium known as... read more >

Preparing for an Information Security Assessment

Top 10 Questions to Ask Before a Security Assessment

Jon-Louis Heimerl

August 14, 2014 - Posted by Jon-Louis Heimerl to Security Insight

Top 10 Security Assessment Questions

Companies need information security assessments (such as penetration testing, application security assessments, architectural assessments, etc.). Among other reasons, they need assessments to check their current security state, verify their practices are sound, identify and fix issues and check for regulatory compliance.

Before doing anything else, a company should understand exactly why they are having a security assessment completed. Most companies considering assessments probably have questions for which they want answers. What are some of those questions?

Here is my top 10 list of questions a client company may want to address when preparing to hire an outside firm to conduct an information security assessment:

  1. How much is it going to...
read more >

Securing the Cyberattack Surface for the Internet of Things

A Top 10 List for Securing the Internet of Things

Erik Barnett

August 12, 2014 - Posted by Erik Barnett to Security Insight

Digital Technology

The “Internet of Things” or "IoT" is a phrase that describes all possible devices that will interact with one another via digital communications. When you think of possible devices, consider all that have become digital, and not just the obvious choices.

Automobiles are now using computerized components, allowing for better diagnostics and performance. Medical facilities have transitioned from basic pacemakers to digital pacemakers with monitoring capabilities. Technology has also revolutionized the housing market with remote access features that can regulate thermostats, turn lights on or off and lock doors from mobile devices.

A Gartner Report predicts that by 2020, 26 billion... read more >

Balancing Business and IT Risk

The Day the Business no Longer Owns The Data

Chris Gida

August 07, 2014 - Posted by Chris Gida to Security Insight

data security

Working as an information security assessor provides me with opportunities to interact with a variety of Information Technology (IT) executives and understand the core risks to organizations.

As a result, I have identified a recurring theme across many of these organizations: risks remain unaddressed due to IT blindly serving the business. Similar to the insurance and Payment Card Industry Data Security Standard (PCI DSS) models, key IT decisions result in the transference of risk instead of taking ownership of the risk.

To ensure higher profits, IT departments are driven to cut costs and remain lean. IT seems to run as if the business is responsible for all key decisions, especially when it is convenient to neglect the organization's environment.  This mantra leads to the logic “the business owns the data, so this is a business decision.”

From an information... read more >

Hackers Amass 4.5 Billion Account Records

Russian Cybercrime Gang

Jon-Louis Heimerl

August 06, 2014 - Posted by Jon-Louis Heimerl to Threat Intelligence

Password Breach

Russian hackers, over a period of several years, have bought or compromised websites to amass 4.5 billion account records (usernames, passwords and email addresses), according to a recent report released from Hold Security. This is a total of about 1.2 billion unique entries. When you consider that there are something on the order of 3 billion total Internet users in the world, that means as many as 40% of all world-wide Internet users are directly affected by this compromise.

From available information, it appears that the Russian hackers bought or traded for site and account information, then built a prolonged process to locate and compromise websites that they could include in their botnet. Part of their process was to compromise website databases and steal any account credentials they could... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.

Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)