PCI DSS 3.2: Get With the Program

pexels-photo-67094

When last we left the PCI Data Security Standard in version 3.1, it told SSL to hit the road. In the latest DSS, version 3.2 released last month, the PCI folks backed down a little. Existing implementations instead have until June 2018 to remove SSL and early TLS (1.0). So SSL laggards have more time […]

Continue Reading →

How has Ransomware Impacted the US Government?

sunset-flag-america-fields

Ransomware crimes have been soaring this year. It has stalled the operations of not only hospitals and businesses, but also the US government – federal, state and local governments, law enforcement agencies and even schools. How has the government reacted to this rising threat? It’s been a challenge. Protecting a government’s digital assets has been time-consuming as […]

Continue Reading →

Meanwhile Back at the SEC: Cybersecurity and World Financial Stability

market news

What’s the biggest risk facing the banking system? If you answered regulating the complex financial derivatives that torpedoed the world financial system in 2008, you’d be wrong! According to the Chair of the Securities and Exchange Commission, Mary Jo White, cybersecurity is really the greatest danger to the world financial system. She made this startling […]

Continue Reading →

Brian Krebs at Secure360:  Breaches Will Get Worse.

startup-photos

.This blog’s favorite data security reporter, Brian Krebs, delivered a keynote address yesterday at the Secure360 conference being held in St Paul this week. Unfortunately, I wasn’t there to hear him. But thanks to some reporting by a local paper and the crowdsourcing power of Twitter, I was able to piece together a few of […]

Continue Reading →

Varonis’ Barbara Abboud in CRN’s 2016 “Women of the Channel”

channel-women-crn

We’re pleased to report that our Director of North American Channel, Barbara Abboud has been recognized, for a second year in a row, as CRN’s Power 100: Women of the Channel. This list honors outstanding female executives across vendor channel organizations, distributors, solution providers and other women prominently involved in the IT channel ecosystem for […]

Continue Reading →

Ransomware That Deletes Your Files

SONY DSC

Organizations with legal obligations to prevent data from improper alteration or destruction—I’m talking to you healthcare orgs that fall under HIPAA– really need to pay close attention to a new ransomware variant. For the past month, the ransomware Jigsaw has been making good on their threat to delete  files of their victims every hour. After […]

Continue Reading →

Vintage Anti-Virus Software: It Can’t Hurt to Keep It on!

vintage-typewriter

In the pre-internet days, when the security industry had a technical edge and hackers couldn’t easily share information among themselves, you probably could sleep easier when a virus scan returned a clean bill of health.

Nowadays, it’s not really a secret that malware scanning is not very effective in detecting and blocking threats.

Continue Reading →

Preparing for the EU General Data Protection Regulation

pen-calendar-to-do-checklist

When the trilogue discussions ended in December, the EU General Data Protection Regulation (GDPR) reached its final form. But in the never ending GDPR saga, there was always still one more hurdle to be completed. Last month, the EU Parliament approved the final text worked out in the discussions. So now the clock starts ticking, […]

Continue Reading →

Introduction to Ransomware Course

ransomware_red

“Know Your Enemy” is pretty good advice – and while day to day it might seem like your arch-nemesis is that stupid switch in the farthest networking closet that you’ve replaced twice and still seems a little flaky – it pales in comparison to the threat that is ransomware. Ransomware is frightening not just because […]

Continue Reading →

CyptMix Ransomware Claims to Donate Your Ransom Payment to Charity

love-heart-hand-romantic-large

Unlike traditional ransomware notes that rely on fear-based tactics, a new ransomware strain called CyptMix preys on your generosity. Part of the ransom note reads: “Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical […]

Continue Reading →

Lessons From the Goldcorp Extortion

paddle-wheel-bucket-wheel-excavators-brown-coal-open-pit-mining

Unfortunately, another breach has made the headlines and it’s déjà vu all over again. The narrative surrounding the Goldcorp breach is similar to other doxing attacks:

Continue Reading →