Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Detectify year in review: 2019 has been quite a journey so far with expansion to the US and doubling our size. Join us for a proverbial toast to the year as we share a recap of our highlights.

The largest hospital system in New Jersey said it paid an extortion fee to hackers who had disrupted medical facilities with a ransomware attack. A spokesperson for Hackensack Meridian Health, based in Edison, New Jersey said it was working to restore its computer systems following a Dec. 2 ransomware attack that forced administrators to cancel roughly 100 elective medical procedures.

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise because no one really knows how they work. It’s like security through obscurity.

With so many acronyms in cyber security, it isn’t always easy to distinguish between the many product and service offerings available. This can create significant confusion for IT and security personnel that need to make quick purchase decisions to address holes in their security coverage.

Spyware is unwanted software, a type of malicious software or malware, designed to expose sensitive information, steal internet usage data, gain access to or damage your computing device. Any software downloaded to a user's device without authorization can be classified as spyware. Even spyware programs installed for innocuous reasons often violate end user privacy agreements and have the potential for abuse.

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested background checks to our clients rather than providing detailed background reports or having the client run a background check on our employees.

After spending several decades in this industry, I have seen growth in many different security products and in many different areas. All the while, I’ve questioned whether specific technologies were offering real value or were just over-marketed to create more revenue opportunities for investors. As we have seen repeatedly, categories of security products blossom in many different ways. So many vendors, so much technology. Where do we go from here?

This holiday season kicked off a couple weeks ago, with Black Friday and Cyber Monday showing a 14% increase in early holiday purchases from the same period during 2018, according to a report by Bank of America Merrill Lynch Global Research. With holiday sales projections showing similar numbers until the end of the year, there has never been a more vital time to ensure that consumer transactions are completing as expected.

SQL injection is a popular method amongst hackers that can cause major problems within an organization. Through SQL injection, an attacker can easily bypass various security measures like authentication. In this article, we will take a closer look at how you can prevent it. What is SQL injection attack? Even though they have been around for a while, SQL injections still pose a serious danger to web applications.

UPDATE: In a “ripped from the headlines” moment, we have real world confirmation of the growing risk discussed in this article. Breaking news over the weekend revealed that both the city of New Orleans and New Jersey's largest hospital network are in the midst of dealing with serious ransomware attacks. When you hear about data breaches and cyberattacks in the news, it's usually in connection with a large company and has affected users across the globe.