Do you allow your employees to check their personal email while at work? Are they permitted to use their work email addresses for shipping notifications from online retailers?

It's undeniable that cloud computing and outsourcing have resulted in better margins and higher profits for businesses over the past 10 years. However, data breaches have continued to plague companies around the globe with no end in immediate sight. This begs the obvious question: Could there be some relation between the two?

Most companies freely acknowledge that a data breach event would cause significant impact to their business. If a company processes, stores and accesses sensitive customer information (i.e. medical records, credit cards, social security numbers, etc.), it would also acknowledge that it already knows what types of data the criminals mostly like want to steal … or hold hostage.

During our internal penetration test engagements, we regularly come into contact with multifunction printers that are still using the default administrative login credentials. Obviously, using default credentials is never a good idea and I'd like to show how we can often pivot from these seemingly innocent multifunction devices and ultimately obtain total compromise of an environment.

There's another threat in town for the Healthcare sector - newly identified hacker group Orangeworm is on the lurk. Orangeworm is deploying the Kwampirs backdoor in a targeted attack campaign against healthcare and related industries. Kwampirs is a backdoor trojan used to gain remote access to compromised computers.