What are the Experts saying about PyRoMine?

Article appeared in Brilliance Security Magazine, April 25, 2018.

BSM-PyRoMine

Read article

Recently, a new python-based cryptocurrency mining malware that uses the ETERNALROMANCE exploit was uncovered and dubbed “PyRoMine.” This malware is particularly malicious and those Windows machines that have not installed the patch from Microsoft remain vulnerable to this attack and similar attacks.

Alex Calic, Chief Strategy and Revenue Officer of The Media Trust explains, “Cryptomining is a profitable business, and its perpetrators are accelerating in numbers and innovation thanks to a growing number of weaponized exploits in their arsenals. What makes this incident unique and alarming are (1) the exploit’s ability to spread fast around the world, (2) the malware’s ability to disable a machine’s security features for future attacks, and (3) the malware authors’ intent to test a campaign before a multi-phased, full-scale launch. Such a campaign will pave the way for harvesting CPU power and personal data from millions of Windows users. Now is the time for enterprise IT to fortify their defenses by identifying who is executing on their sites and flagging suspect executables that indicate unauthorized activity may be afoot. Otherwise, enterprises may find themselves running afoul of GDPR, a European privacy protection regulation that goes into force on May 25th and is poised to fine infringing parties up to four percent of their annual global revenue.”

Continue Reading

Data is Power: Wield it Wisely

This article originally appeared in Corporate Compliance Insights on April 16, 2018.

Read article 

CCI-Data is Power

The digital age breeds constant change – none more powerful than the availability of data and, more specifically, the ease of collecting and using personal data. For industry, this data has the power to both accelerate new opportunities for growth and act as an anchor to drag down momentum. In an era where businesses prize data and guard against its misappropriation, its troubling that this discernment doesn’t carry over to the digital environment, where countless third parties and partners on enterprise websites and mobile apps have access to personal user data, often without a company’s knowledge.

Continue reading

 

5 Reasons to Swing by The Media Trust Booth at RSA 2018

RSA 2018 Booth

While it might be the biggest cybersecurity event of the year, RSA 2018 can be overwhelming. The crowds, lectures, sparkly gadgets, and more can confuse the senses and make you forget about your top security priorities. Don’t worry, The Media Trust is there to answer your questions about digital security and compliance. No matter what your industry (banking, ecommerce, media, government, hospitality, etc.), your corporate mobile apps and websites have the potential to be your greatest business assets or largest source of security, revenue, and reputational risks. Learn how we close the gaps in your security and compliance posture that traditional web appsec tools don’t.

Here are five reasons to swing by our booth next week:

  1. Identify and Remedy your Digital Shadow IT
    Many industry experts will caution you against shadow IT, only a handful will tell you where to look for it. We not only expose the shadow IT on your enterprise mobile apps and websites but also detect concealed threats like malicious code injection, unauthorized data collection, latency issues, as well as help remediate these issues via our Digital Vendor Risk Management platform.

2. GDPR Compliance – we walk the talk
Your mobile apps and websites are out of control – no, this isn’t a hyperbolic statement. With third parties contributing anywhere between 50-75% (sometimes as high as 95%) of your code base, controlling data collection activity that violates the GDPR directive isn’t straightforward. Speak to us about how to regain control of your digital assets.

Catch our session, GDPR Compliance–You forgot your digital environment, on Thursday, April 19, between 1:45 pm – 2:30 pm at Moscone West 2018. Session ID: GRC-R12.

3. Attack intel (not the just threat intel)
Our Malware Attack Data enables you to block active attacks targeting your endpoints through frequently whitelisted, premium websites – news, travel, social networks, and more. Let’s talk about how our attack data can augment your AVs, firewalls, web filters, and blocking solutions.

4. Free website audits
Want a sneak peek into your mobile app and website shadow IT? Get a free website audit and discover the surprising number of domains and cookies (including user identifying cookies) operating outside the perimeter of your IT and security tools

5. Coffee, martinis, and comfy couches
If you don’t want to talk security and compliance, and are just curious about The Media Trust or are badly in need of caffeine, drop by and say hi! Here are our Coffee and Martini Bar hours – 
Coffee Bar: 10:00 am – 1:00 pm, April 17-18, 2018
Martini Bar: 4:00 pm – 6:00 pm, April 18, 2018

We’ll be there at Booth #2507, South Hall, Moscone Convention Center, San Francisco. Enter the South Hall, turn right, and follow the inquisitive masses.

Top 10 Mistakes Companies Make in GDPR Preparation

GDPR

This article appeared in the March 14, 2018 issue of ITBusinessEdge 

Read

With the EU’s General Data Protection Regulation (GDPR) only less than three months away from enforcement, organizations are (hopefully) pulling together their GDPR strategy. However, the nuances of GDPR are something most of us are still trying to understand – and we probably won’t grasp until the regulation is in effect and tested. In the rush to meet the compliance standards, errors will likely be made. I talked to security experts, and here are some of the more common GDPR prep mistakes.

“When it comes to GDPR compliance, the primary focus for most enterprises is on determining customer, partner, and employee-held data elements by the organization. Unfortunately, most have overlooked the significant amount of data collection activities occurring via the organization’s websites and mobile apps,” explained Chris Olson, CEO of The Media Trust. “This is a critical oversight since there are anywhere between tens to hundreds of unknown vendors not only executing code but also collecting personally identifiable information on website visitors. In fact, enterprises tend to find two to three times more vendor-contributed code on their websites than expected.”

Continue Reading

Cryptomining: the new lottery for cybercriminals

This article by Chris Olson, CEO at The Media Trust, was originally published on CSO, March 14, 2018

cryptojacking_hacking_breach_security-100747295-large

Read

Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous, but legitimate online businesses, cryptomining is quickly becoming a major concern for enterprise IT who frequently don’t know their digital assets have been compromised.

With stringent privacy laws coming online in 2018, it is imperative that organizations know all partners that execute code on the website. This information is critical for not only identifying the rogue source but also communicating expectations and enforcing compliance—key mitigating factors when it comes to regulatory penalties.

Continue Reading

The Battle to Secure the Digital Environment

This article by Chris Olson, CEO at The Media Trust, was published in “CSO Online” on January 12, 2018.

CSO-2018-0112-100732873-large

Read article

There’s no escaping it: costs to recover from a cyber incident continue to mount, projected to reach $8 Trillion by 2022 according to Juniper Research. Enterprises can’t keep pace with the increasing sophistication and cadence of internet-attacks, which are orchestrated by leveraging the components involved in everyday website functionality.

Information security is a growing, multibillion dollar business. Yet, the hits keep coming, with numerous high-profile breaches in 2017 generating unwanted front-page news for Equifax, Dun & Bradstreet, U.S. Securities and Exchange Commission (SEC), Deloitte, Whole Foods Market, Hyatt Hotels, Uber, and Anthem, among others. While there are many facets to the security problem, the digital environment proves to be the most elusive. In fact, the past 12 months bore witness to countless man-in-the-middle attacks, vendor compromises and bots to harm to consumers and employees alike, grabbing credit card data, enslaving system resources, and so much more.

Something is wrong. Could it be that security providers don’t have solutions to address today’s malware problems?

Continue reading

 

Websites: The Code for Cyberattacks

This article by Alex Calic, Chief Revenue Officer at The Media Trust, was first published in “Home Business Journal” on December 26, 2017.

HomeBizJournal-photo_59386

Read article

Hacktivists, cybercriminals, disgruntled employees and even students deface websites as a satisfying pastime. Much like spraying graffiti across a storefront or government building, cyber attackers deliver in-your-face messages to not only your market but also the internet at large. What’s worse is that you might not even know about it until customer complaints begin to roll in. Clearly, these are high stakes for a small or medium-sized business that relies on the internet as a revenue channel and brand ambassador.

Continue reading