Author: Ed Gardner

  1. Home
  2. Ed Gardner
  3. Page 42

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

March 15, 2022 Ed Gardner 0

This will be law soon:

Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.

[…]

The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours…

New England Safety Partners works with ChaosSearch®, Inc on SOC2 audit

March 11, 2022 Ed Gardner 0

For Immediate Release 11 March 2022 New England Safety Partners works with ChaosSearch®, Inc on SOC2 certification ChaosSearch receives a SOC 2 Type 2 Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped […]

What is HITRUST and why should I care?

January 21, 2022 Ed Gardner 0

HITRUST is the go-to security framework for healthcare organizations. Certification is required in order to receive favorable treatment from regulators, and compliance with HITRUST standards has become one of the best ways to protect sensitive data. But what exactly does it mean? And how can your organization achieve certification? These are questions that many IT […]

ShardSecure O365 Data Security

November 12, 2021 Ed Gardner 0

Greetings Friends! I want to invite you all to a webinar hosted by my friends at ShardSecure, on their novel approach to securing data at rest inside Microsoft Office 365, I hope you can attend! Register below and join us to learn how companies use our native Microsoft 365 integration to protect their most sensitive […]

New England Safety Partners collaborates with Alyce on SOC2 audit

November 11, 2021 Ed Gardner 0

For Immediate Release 11 November 2021 Alyce achieves critical information security milestone Newton, MA – New England Safety Partners (NESP), an Information Security Consulting firm specializing in compliance frameworks, cloud security, and business process analysis and implementation today announced that it has helped its client, Alyce, inc., successfully complete the Service Organization Control (SOC) 2 […]

Using Fake Student Accounts to Shill Brands

November 3, 2021 Ed Gardner 0

It turns out that it’s surprisingly easy to create a fake Harvard student and get a harvard.edu email account. Scammers are using that prestigious domain name to shill brands:

Basically, it appears that anyone with $300 to spare can ­– or could, depending on whether Harvard successfully shuts down the practice — advertise nearly anything they wanted on Harvard.edu, in posts that borrow the university’s domain and prestige while making no mention of the fact that it in reality they constitute paid advertising….

A Harvard spokesperson said that the university is working to crack down on the fake students and other scammers that have gained access to its site. They also said that the scammers were creating the fake accounts by signing up for online classes and then using the email address that process provided to infiltrate the university’s various blogging platforms…

More Russian SVR Supply-Chain Attacks

October 28, 2021 Ed Gardner 0

Microsoft is reporting that the same attacker that was behind the SolarWinds breach — the Russian SVR, which Microsoft is calling Nobelium — is continuing with similar supply-chain attacks:

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers. We began observing this latest campaign in May 2021 and have been notifying impacted partners and customers while also developing new technical assistance and guidance for the reseller community. Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium. We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised. Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful…

Problems with Multifactor Authentication

October 21, 2021 Ed Gardner 0

Roger Grimes on why multifactor authentication isn’t a panacea:

The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in. It turns out that the VP had approved over 10 different push-based messages for logins that he was not involved in. When the VP was asked why he approved logins for logins he was not actually doing, his response was, “They (IT) told me that I needed to click on Approve when the message appeared!”…

Textbook Rental Scam

October 20, 2021 Ed Gardner 0

Here’s a story of someone who, with three compatriots, rented textbooks from Amazon and then sold them instead of returning them. They used gift cards and prepaid credit cards to buy the books, so there was no available balance when Amazon tried to charge them the buyout price for non-returned books. They also used various aliases and other tricks to bypass Amazon’s fifteen-book limit. In all, they stole 14,000 textbooks worth over $1.5 million.

The article doesn’t link to the indictment, so I don’t know how they were discovered.