July 2016 Blog Posts (20)

Wendy’s Data Breach: What Does it Mean for You?

The words “data breach” are often met by a clamor whenever they make headlines. Home Depot, Target, Ashley Madison, Heartland, Citibank, the list goes on and on. These breaches spent time in the limelight because of their magnitude; they affected hundreds of thousands – in some cases millions – of cardholders.

But the reality is data breaches are far more…


Added by Steven Minsky on July 28, 2016 at 10:00pm — No Comments

Phishing attacks Two-Factor Authentication

Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail.

How a hacker circumvents two-factor authentication:

  • First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile.
  • Or sends a preliminary phishing e-mail tricking the recipient into revealing login…

Added by Robert Siciliano on July 28, 2016 at 4:28pm — No Comments

Don’t just be a colour-ineror

When I was a wee kid working on a group project, we would always ask “Who is going to be the colour-ineror?  Well just last week a friend of mine reminded me of the term when I was listing support functions that sometimes struggle to make a difference to the business. 

I was listing finance, HR, IT, risk, compliance, audit and then said, “Even people in sexier functions like in marketing.” …  BANG, she pounced.  “You mean the colouring-in department!”  In her experience working on…


Added by Bryan Whitefield on July 28, 2016 at 3:40am — No Comments

Social Engineering: How to steal Brand New iPhones from Apple

Looks like there’s some worms in Apple.

Not too long ago, dozens and dozens of iPhones were stolen from two Apple stores. How could this happen, what with Apple’s security? Simple: The thieves wore clothes similar to Apple store employees and obviously knew the innards of the stores.

They sauntered over to the drawers that held the new phones, acting nonchalant to avoid attracting attention. In…


Added by Robert Siciliano on July 26, 2016 at 4:07pm — No Comments

Your Ransomware Response: Prepare for the Worst

A ransomware attack is when your computer gets locked down or your files become inaccessible, and you are informed that in order to regain use of your computer or to receive a cyber key to unlock your files, you must pay a ransom. Typically, cybercriminals request you pay them in bitcoins.

The attack begins when you’re lured, by a cybercriminal, into clicking a malicious link that downloads malware, such as CDT-Locker. Hackers are skilled at getting potential victims…


Added by Robert Siciliano on July 22, 2016 at 4:18pm — No Comments

32 Million Twitter Pass for sale Add two-factor NOW

The Dark Web, according to LeakedSource, got ahold of 33 million Twitter account details and put them up for sale. Twitter thus locked the accounts for millions of users.

Twitter, however, doesn’t believe its servers were directly attacked. So what happened? The bad guys may have created a composite of data from other breached sources. Or, they could have used malware to steal passwords off of devices.

Nevertheless, the end result meant that for many Twitter…


Added by Robert Siciliano on July 21, 2016 at 4:20pm — 1 Comment

Sustaining Risk Integration through Governance Oversight

Interview with Marsha Hopwood, Director, Operational Risk Management and Risk Governance, Allianz Life


New rules and regulations have proliferated across the financial sector, with no end seemingly in sight. Along with fast-paced technology, stirring more competitive pressures than ever; it is essential for banks and financial institutions to instill sound management to properly oversee and control heightened risks.


Marsha Hopwood, Director, Operational…


Added by marcus evans N.A. Conferences on July 20, 2016 at 3:40pm — No Comments

Plan and Maintain Your Vendor Risk Management Framework

Interview with Erin Straits, Senior Vice President, Director, Vendor Risk Management, Fifth Third Bank


Third party risk management continues to grow as an area of increasing concern for institutions, as the increased digital environment and several high profile incidents highlight the importance of strong third party risk practices.  Despite strong advances in this area, institutions still need to further enhance their third party programs to ensure they add value to…


Added by marcus evans N.A. Conferences on July 20, 2016 at 3:36pm — No Comments

Facebook CEO Password dadada hacked

If you’ve heard this once, you need to hear it again—and again: Never use the same password and username for more than one account!

If this got Mark Zuckerberg’s (Facebook’s chief executive). Twitter account hacked, it can get just about anybody hacked.

A report at nytimes.com says that the OurMine hacking group takes credit for busting into Zuckerberg’s accounts including LinkedIn and Pinterest. It’s possible that this breach was cultivated by a repeated…


Added by Robert Siciliano on July 19, 2016 at 4:06pm — No Comments

Phone Account of FTC Chief Technologist hijacked

An impostor posed as Lorrie Cranor at a mobile phone store (in Ohio, nowhere near Cranor’s home) and obtained her number. She is the Federal Trade Commission’s chief technologist. Her impostor’s con netted two new iPhones (the priciest models—and the charges went to Cranor) with her number.

In a blog post, Cranor writes: “My phones immediately stopped receiving calls.” She was stiffed with “a large bill and the anxiety and fear of financial injury.”

Cranor was…


Added by Robert Siciliano on July 14, 2016 at 4:37pm — No Comments

Cybersecurity Is Still A Boy’s Club

Cyberweapons are a constant and evolving threat to society. They have the potential to shut down entire electric power grids and bring companies to their knees. Securing networks against the threat is possibly the most pressing priority, and the cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020 as a result.

One of most pressing priorities for companies in ensuring cybersecurity is what seems to amount to a massive talent shortfall. Current…


Added by Lauren Ravary on July 14, 2016 at 12:57pm — No Comments

Don’t blame them – they are not the problem

I recently had one of the most cathartic conversations of my career. It was with a senior internal advisor who is now in audit but has held all kinds of roles in the organisation so he gets what support functions do, why they do it and, much to his chagrin, how they do it.

The organisation in question is doing something that many organisations do, changing from A to B after they changed from B to A say five years ago after changing five years before from A to B, you get the picture.…


Added by Bryan Whitefield on July 13, 2016 at 1:50am — 7 Comments

Viruses as Cyberweapons for sale

It’s all about code—the building blocks of the Internet. Software code is full of unintentional defects. Governments are paying heavy prices to skilled hackers who can unearth these vulnerabilities, says an article at nytimes.com.

In fact, the FBI director, James B. Comey, recommended that the FBI pay hackers a whopping $1.3 million to figure out how to circumvent Apple’s iPhone security.

So driven is this “bug-and-exploit trade market,” that a bug-and-exploit…


Added by Robert Siciliano on July 12, 2016 at 4:22pm — No Comments

The Ins and Outs of Negotiating in Academia

The Ins and Outs of Negotiating in Academia




Added by Enrique Raul Suarez on July 10, 2016 at 4:37pm — No Comments

TeamViewer Clients Victims of other Hack Attacks

Get an account with TeamViewer, and you will have a software package that enables remote control, online meetings, desktop sharing and other functions between computers.

But recently, customers of TeamViewer have reported remote takedowns of their computers that resulted in different forms of monetary theft, such as bank accounts being cleaned out.

The cyber thieves controlled the victims’ computers via their TeamViewer accounts. Customers would witness their…


Added by Robert Siciliano on July 8, 2016 at 4:09pm — No Comments

Microservices Essentials for Executives: The Key to High Velocity Software Development

Building for Success


Microservices Essentials for Executives: The Key to High Velocity Software Development



Added by Enrique Raul Suarez on July 5, 2016 at 10:54pm — No Comments

Man is the Center of the Risk Universe

RCA and Risk

Root cause analysis (RCA) is the process of finding the event or condition that leads straight to an occurrence (another event). It is a systematic procedure used to identify the principal possible cause of risk. In risk-based management, root cause…


Added by RUFRAN C. FRAGO on July 1, 2016 at 9:14pm — No Comments

Do You Know Who you Are? Key Questions to Answer

Do You Know Who you Are? Key Questions to Answer



Added by Enrique Raul Suarez on July 1, 2016 at 5:50pm — No Comments

Identity Theft getting even worse

In 2015, depending on the kind and type of identity theft we are talking about, identity thieves impacted 1.5 million people or more, says the Javelin Strategy & Research report. That’s more than double than for 2014.

The move from stripe cards to chip cards has motivated crooks to fasten their seatbelts and really take off with an accelerated mode of operation. For them, your Social Security Number is the pot of gold at the end of the rainbow. Thieves will use…


Added by Robert Siciliano on July 1, 2016 at 4:36pm — No Comments

Imagine a New European Community and a New World

Post-Brexit: Imagine a New European Community and a New World


"Imagine a new European community and eventually planetary community will develop, replacing the centralized power systems with an alliance of interconnected…


Added by Enrique Raul Suarez on July 1, 2016 at 3:02am — No Comments

Monthly Archives













Our Sponsors

Would you like to reach over 90,000 + Risk Professionals? 



Current Partners Include:





Join GRC Inner Circle - Get Top Risk Resources, Member Support PLUS become our patron

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.


Our Knowledge Partners

Request our MEDIA KIT

Our Twitter feed

© 2020   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service