|Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack|
|Fri, 16 Nov 2018 12:23:59 +0000|
Malaysia’s largest media company allegedly suffered a ransomware attack that affected its ability to use its in-house email system. Anonymous sources told The Edge Financial Daily that ransomware attackers struck Media Prima Berhad, a media giant which operates businesses in television, print, radio, out-of-home advertising, content and digital media. According to those unnamed individuals, bad […]… Read More
The post Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack appeared first on The State of Security.
|The Art and Science of Secure Coding: Key Practices that Stand Out|
|Fri, 16 Nov 2018 04:00:27 +0000|
Flaws in code lines, file system and data input methods make up the core security vulnerability of any application. This is what we address through secure coding practices. Secure coding guidelines stand out as the last battling army before the enemy line of security risks and threats. Basically, secure coding practices will make developers more […]… Read More
The post The Art and Science of Secure Coding: Key Practices that Stand Out appeared first on The State of Security.
|20% of MageCart-compromised merchants get reinfected within days|
|Thu, 15 Nov 2018 15:03:49 +0000|
MageCart, the notorious malware that has been haunting online stores by stealing payment card details from online shoppers at checkout, is reinfecting the same websites time and time again.
The post 20% of MageCart-compromised merchants get reinfected within days appeared first on The State of Security.
|14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday|
|Thu, 15 Nov 2018 12:09:56 +0000|
Researchers discovered 14 malware families targeting dozens of e-commerce brands just over one week before Black Friday. Kaspersky Lab observed the threats targeting 67 e-commerce brands including 33 consumer apparel sites, eight consumer electronic outlets and three online retail platforms. Banking trojans made up more than half of the malware tracked by Kaspersky. They included […]… Read More
The post 14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday appeared first on The State of Security.
|Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware|
|Thu, 15 Nov 2018 04:01:43 +0000|
November 2, 2018, marked the 30-year anniversary of the Morris Worm. It seems the more things change, the more things stay the same. It’s a bit ironic that as more and more devices get connected to the Internet (~20 billion+ today versus ~60,000 in 1988), we are still susceptible to malware. What we probably didn’t […]… Read More
The post Carpet (IT) to Concrete (OT) – The Evolution of Internet-Based Malware appeared first on The State of Security.
|Is Your Vulnerability Management Program Efficient and Successful?|
|Thu, 15 Nov 2018 04:00:43 +0000|
Be organized and efficient. It’s a simple rule of life that makes things run a whole lot smoother. This is something especially important when running your vulnerability management program. There are only so many hours in a day, rather, there are only so many hours in a down cycle where the business will let you […]… Read More
The post Is Your Vulnerability Management Program Efficient and Successful? appeared first on The State of Security.
|VERT Threat Alert: November 2018 Patch Tuesday Analysis|
|Wed, 14 Nov 2018 08:31:25 +0000|
Today’s VERT Alert addresses Microsoft’s November 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-805 on Wednesday, November 14th. In-The-Wild & Disclosed CVEs CVE-2018-8589 This vulnerability was reported to Microsoft by Kaspersky Labs, who discovered it being exploited by multiple threat actors. The target, at this point, […]… Read More
The post VERT Threat Alert: November 2018 Patch Tuesday Analysis appeared first on The State of Security.
|The Right to Repair Your Electronics Just Got Stronger|
|Wed, 14 Nov 2018 04:01:49 +0000|
In 1998, Congress unanimously passed the Digital Millennium Copyright Act (“DMCA”) to implement two international copyright treaties. Among other provisions, the DMCA addresses the use of technical measures (digital rights management or DRM) that control access to copyrighted works. The new provisions impose fines and criminal penalties for: circumventing DRM (Sec. 1201(a)(1)(A)), whether or not […]… Read More
The post The Right to Repair Your Electronics Just Got Stronger appeared first on The State of Security.
|Strategising for the New Year: What Will IT Security Teams Face in 2019|
|Wed, 14 Nov 2018 04:00:49 +0000|
As the stores start to stock Christmas-related goods, the radio stations slowly introduce festive music and social media is awash with countdown memes, it can mean only one thing. It is time for those 2019 IT security trend prediction articles, blogs and reports. Who are we to buck a tradition? Infinigate UK has had a […]… Read More
The post Strategising for the New Year: What Will IT Security Teams Face in 2019 appeared first on The State of Security.
|Nordstrom Reveals Data Breach, Sensitive Employee Information Exposed|
|Tue, 13 Nov 2018 17:07:57 +0000|
A data breach involving luxury retailer Nordstrom has potentially exposed the personal information of thousands of its employees. The Seattle-based company said the compromised data included employee names, Social Security numbers, dates of birth, checking account and routing numbers, salaries, and more. According to reports, employees received an email notification this week informing them of […]… Read More
The post Nordstrom Reveals Data Breach, Sensitive Employee Information Exposed appeared first on The State of Security.
|Women in Information Security: Chrissy Morgan|
|Tue, 13 Nov 2018 04:00:55 +0000|
Last time, I had the opportunity to talk with software tester Claire Reckless. Testing an application’s security and functionality is a vital cybersecurity role that people often don’t think about. This time, I had the honor of speaking with Chrissy Morgan. Chrissy is a protector of the protectors by day and a crazy scientist by […]… Read More
|Achieve CIS Compliance in Cloud, Container and DevOps Environments|
|Tue, 13 Nov 2018 04:00:37 +0000|
If you are embracing DevOps, cloud and containers, you may be at risk if you’re not keeping your security methodologies up to date with these new technologies. New security techniques are required in order to keep up with current technology trends, and the Center for Internet Security (CIS) provides free cybersecurity best practices for many […]… Read More
The post Achieve CIS Compliance in Cloud, Container and DevOps Environments appeared first on The State of Security.
|How UK Public Sector Organizations Can Craft an Effective Cyber Security Strategy|
|Mon, 12 Nov 2018 11:34:16 +0000|
Organizations in the United Kingdom’s public sector face several challenges in terms of their digital security. Today, these companies must meet an increasing number of regulatory compliance obligations. GDPR likely sits near the top of UK public sector organizations’ list of responsibilities given the penalties they could incur should they fail to adequately protect EU […]… Read More
The post How UK Public Sector Organizations Can Craft an Effective Cyber Security Strategy appeared first on The State of Security.
|Hash Hunting: Why File Hashes are Still Important|
|Mon, 12 Nov 2018 04:01:41 +0000|
According to Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable intelligence. When security research teams or government agencies release threat intelligence reports, some of the more tactical actionable intelligence is in the indicators. These indicators include (but are not limited to) IP addresses, domain names, file names or file hashes. […]… Read More
|Unearthing Ransomware Characteristics Using Classification Taxonomy|
|Mon, 12 Nov 2018 04:00:42 +0000|
We are familiar with the problem of ransomware – malicious software that seeks to encrypt user data and demand a ransom in return for the decryption key. There are several defensive measures that help work against crypto-malware. Backups work, in theory, but are not always available or are partial. We need to realize that ransomware […]… Read More
The post Unearthing Ransomware Characteristics Using Classification Taxonomy appeared first on The State of Security.
|Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype|
|Fri, 09 Nov 2018 16:28:24 +0000|
Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs. From my perspective, some […]… Read More
The post Infosec Problems For 2019 and Beyond: Patching, Bug Bounties and Hype appeared first on The State of Security.
|Canada Post Leaked Personal Data of 4,500 Cannabis Customers|
|Thu, 08 Nov 2018 19:41:43 +0000|
The Ontario Cannabis Store (OCS) is warning that approximately 4,500 customers had their personal information exposed following a privacy breach involving Canada Post. In a statement on Twitter, the OCS announced on Wednesday that an unauthorized individual was able to access order records for roughly two percent of its customer base using the mail carrier’s […]… Read More
The post Canada Post Leaked Personal Data of 4,500 Cannabis Customers appeared first on The State of Security.
|Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw|
|Thu, 08 Nov 2018 13:47:41 +0000|
Security researchers are warning that in the last couple of months a botnet has been on the rise, exploiting a five-year-old vulnerability to hijack home routers.
The post Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw appeared first on The State of Security.
|Software Monitoring for NERC CIP Compliance: Part 2|
|Thu, 08 Nov 2018 11:00:55 +0000|
In Part 1 of this series, I walked through the background of the NERC CIP version 5 controls and outlined what needs to be monitored for NERC CIP software requirements. In this second half of the series, we’ll take what we’ve learned and explore approaches for meeting the requirements while considering security value. NERC CIP […]… Read More
The post Software Monitoring for NERC CIP Compliance: Part 2 appeared first on The State of Security.
|Don’t Mix the Two Up: What Is the Difference Between Privacy & Security?|
|Thu, 08 Nov 2018 04:01:51 +0000|
Knowing that a tomato is a fruit is knowledge – not adding it to a fruit salad is wisdom. Similarly, having knowledge about privacy and security is good, but true wisdom is knowing that they are vastly different from each other. While both, to some extent, revolve around the protection of your personal, public and […]… Read More
The post Don’t Mix the Two Up: What Is the Difference Between Privacy & Security? appeared first on The State of Security.