Category: Uncategorized

June 15, 2017

OneLogin – When Password Storing Goes Wrong

OneLogin, a company that provides single sign-on capabilities to safely store passwords of over 23 million users including 2,000 businesses, has suffered a compromise that included the ability to decrypt customer data. In a recent blog, the company revealed that an attack occurred May 31st at 2 am and was identified by a staff member around 9 am. Through that attack, sensitive information such as user information: passwords and emails, various keys from companies and login credentials for a slew of cloud applications were potentially compromised. In the OneLogin blog post, it was stated that they “…cannot rule out the possibility that the threat actor also obtained the ability to decrypt data.” And according to the email sent out after the breach, customers were instructed on steps they should take to proactively prepare themselves. They were advised to force a OneLogin Directory Password Reset for end users, update credentials on 3rd party apps for provisioning and to do numerous other things. The email also included further updates and information.

Read More
June 12, 2017

The Ransomware Assault on Healthcare

Hospital networks can unfortunately become a goldmine for attackers that use ransomware worms as their weapon. If deployed, lives may be endangered, hospitals usually must pay the ransom, or pay to get files retrieved and its reputation could be damaged. Because these attacks are increasing due to lucrative benefits, teaching and reminding hospital staff to use valuable cyber hygiene is imperative.

Read More
June 08, 2017

Why Managed Service Providers Must Monitor for Compromised Credentials

If your customers are like most organizations, 75% of their employees recycle or use a variation of the same password across most of the systems and websites they access – both on and off their employer’s network. And this practice is becoming increasingly dangerous.

Read More
June 05, 2017

Cyber Criminals, College Credentials, and the Dark Web

Today, Digital Citizens Alliance published a report that focuses on how exposed Universities and Colleges’ populations are on the dark web. Specifically, they looked at the levels of compromised credentials associated with .edu’s on the dark web. ID agent provided data to support the report.

Read More
June 01, 2017

How to Detect if Your Organization’s Email Credentials Have Been Stolen & How to Prevent Phishing.

Stolen email credentials are an often exploited vulnerability for government and corporate networks. In fact, Verizon announced in a recent study that 91% of phishing attacks specifically targeted email credentials.

Read More
May 29, 2017

IRS Announces Pre-Breach Identity Protection Services Are Non-Taxable

On December 30th, 2015, the IRS officially announced that employers are not required to include the value of pre-breach identity protection services in employee gross income. This adds to a previous announcement where the IRS stated in August 2015,with announcement 2015-22, that post-breach identity protection benefits would have preferential tax treatment.

Read More
May 25, 2017

Dark Web ID Tracks and Identifies DHS and FBI “Data Dumps” Immediately After Release

Last weekend, more than 9,300 Department of Homeland Security (DHS) employees’ personal information was leaked online, all stemming from an apparent data breach to the DHS networks. Not only were those identities exposed, but the Twitter user that publicized the information immediately followed suit by exposing an additional 22,000 Federal Bureau of Investigation (FBI) employees’ information.

Read More
May 22, 2017

Five Steps to Protect Your C-Suite from Corporate Identity Theft

Since 2003, the FBI has tracked more than $740 million dollars lost to business email compromise (BEC) fraud in the United States. Who’s the main target? None other than the C-Suite. Led by organized online criminal groups, BEC is one of the fastest growing types of financial fraud.

Read More
May 18, 2017

Three Types of Business E-Mail Compromise Scams You Need to Recognize

The internet has changed the way businesses operate around the world. Having access to a tool of this caliber is essential to the way corporations function today, but it also has its downfalls. In this case, we’re referring to the incredibly dangerous threat most business owners are either unaware of or hardly ever think about – cybercrimes like Business Email Compromises (BEC).

Read More
May 15, 2017

Why Employee Data May Pose Biggest Cyber Risk

Cyber risk is no longer a potential threat to put on the back burner for later review. The reality is that cyber risk is a threat right now. Many organizations are taking precautions to protect themselves and their people. However, despite the plethora of major companies and brands experiencing the repercussions of not instilling pre-breach precautions, the question remains: is it necessary to encrypt employee information?

Read More

Please fill in the form below to subscribe to our blog