|Magecart hits hundreds of websites via ad supply chain hijack|
|Thu, 17 Jan 2019 12:58:42 +0000|
A criminal Magecart gang successfully compromised hundreds of ecommerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online.
The post Magecart hits hundreds of websites via ad supply chain hijack appeared first on The State of Security.
|Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach|
|Thu, 17 Jan 2019 12:17:51 +0000|
A data breach known as “Collection #1” exposed approximately 800 million email addresses as well as tens of millions of passwords. In the beginning of January, multiple people reached out to Australian web security expert Troy Hunt about a sizable collection of files hosted on cloud service MEGA. This collection, which is no longer available […]… Read More
The post Nearly 800 Million Email Addresses Exposed in “Collection #1” Data Breach appeared first on The State of Security.
|Triton, BlackEnergy, WannaCry – Has Your Behavior Changed?|
|Thu, 17 Jan 2019 04:00:33 +0000|
Hopefully the title of this blog has gotten your attention. In one of my prior blogs, ICS Cybersecurity: Visibility, Protective Controls, Continuous Monitoring – Wash, Rinse, Repeat, we talked about how the malicious threat landscape for industrial controls systems is constantly evolving and getting more sophisticated, thereby raising the need to have visibility, implement protective […]… Read More
The post Triton, BlackEnergy, WannaCry – Has Your Behavior Changed? appeared first on The State of Security.
|Two Ukrainians Charged with Plot to Hack into SEC and Commit Fraud|
|Wed, 16 Jan 2019 12:15:43 +0000|
The U.S. Department of Justice (DOJ) has charged two Ukrainians with participating in a plot to hack into computers systems at the U.S. Securities and Exchange Commission (SEC) and use the information they stole to commit fraud. On 15 January, the U.S. Attorney’s Office for the District of New Jersey announced a 16-count indictment charging […]… Read More
The post Two Ukrainians Charged with Plot to Hack into SEC and Commit Fraud appeared first on The State of Security.
|Cybersecurity Is Every Leader’s Job|
|Wed, 16 Jan 2019 04:00:01 +0000|
Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry sectors, the titles associated with these roles may vary greatly from CEO to Managing Director to Owner-Operator and beyond, but they share […]… Read More
|Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack|
|Tue, 15 Jan 2019 12:15:18 +0000|
Officials in the City of Del Rio have disabled the internet connection for all departments at City Hall following a ransomware attack. The City of Del Rio, which is located 152 miles west of San Antonio in Val Verde County, Texas, posted a statement to its website disclosing the attack. Its statement mainly offers insight […]… Read More
The post Del Rio City Hall Disables Internet Connection for All Departments after Ransomware Attack appeared first on The State of Security.
|Addressing The Elephant in the Room: Cybersecurity’s Increasing Talent Shortage|
|Tue, 15 Jan 2019 04:01:30 +0000|
The cybersecurity space is in dire straits. Hackers are getting smarter and more sophisticated…and the availability of skilled men and women to combat them has never been lower. It’s an issue that’s been slowly growing worse year over year, yet there’s no clear solution in sight. What’s a business leader to do? The good news […]… Read More
The post Addressing The Elephant in the Room: Cybersecurity’s Increasing Talent Shortage appeared first on The State of Security.
|The FCC and Call Authentication|
|Tue, 15 Jan 2019 04:00:31 +0000|
On a daily basis, many people receive automated machine calls, and importantly, more people are getting annoyed. The Federal Communications Commission (FCC) in the United States must have received and no doubt continues to receive many complaints about automated calls and caller ID spoofing. Apparently, these complaints forced the FCC to come up with a […]… Read More
|Mozilla Announces It Will Disable Support for Flash Plugin in Firefox 69|
|Mon, 14 Jan 2019 12:21:09 +0000|
Mozilla has announced that it will disable support for the Adobe Flash Player plugin by default in version 69 of its Firefox web browser. On 11 January, Mozilla senior software engineer Jim Mathies opened a Bugzilla ticket announcing his employer’s plan to “disable Flash by default in Nightly 69 and let that roll out.” That’s […]… Read More
The post Mozilla Announces It Will Disable Support for Flash Plugin in Firefox 69 appeared first on The State of Security.
|What You Need to Know About Secure Mobile Messaging in Healthcare|
|Mon, 14 Jan 2019 04:00:00 +0000|
With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags. Anyone with a […]… Read More
The post What You Need to Know About Secure Mobile Messaging in Healthcare appeared first on The State of Security.
|Free Decryption Tool Created for PyLocky Ransomware Family|
|Fri, 11 Jan 2019 12:07:24 +0000|
A researcher has created a free decryption tool which victims of the PyLocky ransomware family can use to recover their affected files. Mike Bautista, a security researcher at the Cisco Talos Intelligence Group, is responsible for developing the tool. Cisco Talos has made this utility freely available for download on GitHub. First reported on by […]… Read More
The post Free Decryption Tool Created for PyLocky Ransomware Family appeared first on The State of Security.
|The Top 5 Vendor-Neutral Cloud Security Certifications of 2019|
|Fri, 11 Jan 2019 04:00:16 +0000|
Many organizations migrate to the cloud because of increased efficiency, data space, scalability, speed and other benefits. But cloud computing comes with its own security threats. To address these challenges, companies should create a hybrid cloud environment, confirm that their cloud security solution offers 24/7 monitoring and multi-layered defenses as well as implement security measures […]… Read More
The post The Top 5 Vendor-Neutral Cloud Security Certifications of 2019 appeared first on The State of Security.
|Reddit users locked out of accounts after “security concern”|
|Thu, 10 Jan 2019 14:15:15 +0000|
A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a "security concern."
The lockout has occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing attack.
The post Reddit users locked out of accounts after “security concern” appeared first on The State of Security.
|Neiman Marcus to Pay $1.5 Million under Data Breach Settlement|
|Thu, 10 Jan 2019 12:22:13 +0000|
Neiman Marcus Group, Inc. has agreed to pay $1.5 million as part of a settlement for an earlier data breach that exposed customers’ information. Ken Paxton, Attorney General of Texas, announced on 8 January that he and his fellow Attorneys General from 42 other states will enter into the $1.5 million settlement with Neiman Marcus. […]… Read More
The post Neiman Marcus to Pay $1.5 Million under Data Breach Settlement appeared first on The State of Security.
|How Cybercriminals Are Getting Initial Access into Your System|
|Thu, 10 Jan 2019 04:00:47 +0000|
This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit some malicious code […]… Read More
The post How Cybercriminals Are Getting Initial Access into Your System appeared first on The State of Security.
|Humana Informs Customers of Third-Party Security Incident|
|Wed, 09 Jan 2019 12:30:03 +0000|
Humana has notified customers of a third-party security incident that might have exposed some of their personal information. According to a breach notification letter obtained by DataBreaches.net, the for-profit American health insurance company learned on 25 October 2018 that bad actors had gained access to the system credentials of some employees at Bankers Life, one […]… Read More
The post Humana Informs Customers of Third-Party Security Incident appeared first on The State of Security.
|Opinion: Back to the Start for 2FA Adoption?|
|Wed, 09 Jan 2019 04:00:06 +0000|
In a previous post, Tripwire asked contributors what their most memorable event of 2018 was. As a follow-up, guest author Bob Covello expands on his thoughts about two-factor authentication (2FA). We in the infosec community have made enormous progress towards getting multi-factor authentication the recognition it deserves. All the respected folks in the community have […]… Read More
|VERT Threat Alert: January 2019 Patch Tuesday Analysis|
|Tue, 08 Jan 2019 20:47:30 +0000|
Today’s VERT Alert addresses Microsoft’s January 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-812 on Wednesday, January 9th. In-The-Wild & Disclosed CVEs CVE-2019-0579 The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to open a malicious file, […]… Read More
The post VERT Threat Alert: January 2019 Patch Tuesday Analysis appeared first on The State of Security.
|Kitchen Utensil Manufacturer Discloses Data Breach of E-commerce Site|
|Tue, 08 Jan 2019 14:34:12 +0000|
A manufacturer of kitchen utensils, office supplies and housewares disclosed a data breach of customer information submitted to its e-commerce website. OXO International Ltd confirmed on 17 December 2018 that digital attackers might have compromised the data submitted by customers to its e-commerce website. The manufacturer believes that those responsible for the security incident might […]… Read More
The post Kitchen Utensil Manufacturer Discloses Data Breach of E-commerce Site appeared first on The State of Security.
|What Keeps You Up At Night?|
|Tue, 08 Jan 2019 04:00:50 +0000|
Maybe you have nightmares about accidentally posting AWS console credentials on Github? Some CISOs undoubtedly have dreams where they must explain to the board that the company has just set the record for the world’s largest data breach. As a developer of security products, I spend many early mornings thinking about how hacking and data […]… Read More