Healthcare is simply not keeping pace with cybersecurity
[Credits: Photo by rawpixel.com from Pexels] With the internet, things are moving at an alarmingly fast pace. This equates to increased attack surface and phenomenal increase in the number of vulnerabilities out there. Industries are trying to keep up. Evidently one industry which is struggling to keep the pace is Healthcare. In the healthcare industry, the […]
Will you be the next Equifax?
United States Senate Permanent Subcommittee on Investigations recently published a report titled “How Equifax neglected cybersecurity and suffered a devastating data breach“. It details out what aspects contributed to the data breach at Equifax and how Equifax’s competitors (TransUnion and Experian) were able to successfully mitigate the threat. The report is around 71 pages long and […]
Cybersecurity in the Health Care Industry
If you are in the health care industry, you might be aware of the voluntary cybersecurity guidance issued by Department of Health and Human Services (HHS) for health care industry. This guidance is aptly titled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (aka HICP), as the key to “protecting patients and their data” […]
Releasing ThreatWatch OpenAPI package for python – pytw
It is our pleasure to announce public release and availability of python package for ThreatWatch OpenAPI – pytw. pytw is an open source initiative from ThreatWatch provides a comprehensive and solid python interface for integrating with ThreatWatch in an seamless manner. pytw provides capabilities to manage and work with “core objects/entities” in ThreatWatch (like […]
Shields down at warp speeds…spells disaster
All businesses leverage digitalization to increase revenue, cut down costs and more. Increased digitization implies larger reliance on digital assets for business success. Most businesses need to be agile in today’s era and hence they are quick to adopt new software solutions (on-premise or cloud-based) in their digitalization journey. As the digital footprint of a […]
Vulnerabilities – Are you looking at all the right places ?
The National Vulnerability Database (NVD) is considered to be the single source of truth for all software / hardware vulnerabilities that are in the public domain. However a few things get overlooked which makes it far less desirable to be relied upon when it comes to designing your vulnerability management program. Lets look at them. […]
Vulnerability Management for Cloud Deployments
Overview: As organizations move to greater cloud adoption via traditional cloud app environments or serverless architectures for edge and IoT, they depend heavily on cloud providers to ensure the operating environment remains secure. That doesn’t always happen at a cadence that is desired and even when it does, verification remains an important aspect to ensure […]
Post Mortem of a Breach – The Panama Papers
Summary: In May of 2016 , a massive security breach resulted due to the hack of servers at Mossack Fonseca, a major law firm involving emails, pdf files, photo files and excerpts of an internal database. It was around 2.6 TB of data that spanned a period of more than 40 years. This is the […]
The Vulnerability Lifecycle
In some ways software vulnerabilites have close resemblance with a living organism. It goes through much the same stages of lifecycle from being born ( discovered ) to information getting added , exploits getting published , patches made available by vendors / reserachers and systems and services eventually getting patched and newer things getting discovered […]