|When Is a Data Breach a Data Breach?|
|Thu, 21 Mar 2019 10:30:28 +0000|
A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is […]… Read More
|Is the Private or Public Cloud Right for Your Business?|
|Wed, 20 Mar 2019 11:06:10 +0000|
It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of its infrastructure. But if […]… Read More
The post Is the Private or Public Cloud Right for Your Business? appeared first on The State of Security.
|‘Bad Tidings’ Phishing Campaign Targeting Saudi Government Agencies|
|Wed, 20 Mar 2019 10:56:57 +0000|
An ongoing phishing campaign code-named “Bad Tidings” has been targeting several Kingdom of Saudi Arabia government agencies for years. Researchers at Anomali Labs first detected the Bad Tidings campaign back in November 2016. Since then, the operation has targeted four government agencies in Saudi Arabia: the Ministry of Labor and Social Development, the Ministry of […]… Read More
The post ‘Bad Tidings’ Phishing Campaign Targeting Saudi Government Agencies appeared first on The State of Security.
|New Sextortion Scam Tries to Scare Users with Fake CIA Investigation|
|Tue, 19 Mar 2019 11:36:10 +0000|
Extortionists have launched a new sextortion scam campaign that leverages a fake Central Intelligence Agency (CIA) investigation to try to scare users. In an email I obtained from a wary user, the scammers pose as a fake CIA technical collection officer named Roxana Mackay. This character claims in the email that she’s found the user’s […]… Read More
The post New Sextortion Scam Tries to Scare Users with Fake CIA Investigation appeared first on The State of Security.
|Cybersecurity ROI: An Oxymoron?|
|Tue, 19 Mar 2019 11:35:03 +0000|
Return on investment: is it worth the money? That is the central question in deciding on any procurement. Demonstrating ROI on cybersecurity products is notoriously difficult and is one of the underlying reasons for the poor state of our nation’s cybersecurity posture. Ah, but here’s the rub: showing tangible ROI on cybersecurity products is difficult […]… Read More
|Smarter Vendor Security Assessments: Tips to Improve Response Rates|
|Tue, 19 Mar 2019 11:17:10 +0000|
I have been on the receiving end of many vendor security assessments from customers and prospects. Here are some tips to increase the likelihood that you’ll get a timely, usable response to the next vendor security assessment that you send out. Understand what data you will be providing One size doesn’t fit all. The level […]… Read More
The post Smarter Vendor Security Assessments: Tips to Improve Response Rates appeared first on The State of Security.
|The Greatest of Rewards – Working with Integrity|
|Mon, 18 Mar 2019 13:15:52 +0000|
There are many rewards to being a world class cybersecurity solutions provider at a time when demand for effective solutions is exponentially greater than the existing supply – and getting greater by the minute. But, perhaps the greatest reward is to be asked to model best practices and product capabilities for the greater good of […]… Read More
|Like Football, Your Cybersecurity Defense Needs a Strong Offense|
|Mon, 18 Mar 2019 13:00:19 +0000|
“The best defense is a good offense.” History credits Revolutionary War hero George Washington with being among the first to vocalize this concept, later famously echoed by heavyweight boxing champ Jack Dempsey and football god Vince Lombardi. And it’s easy to see what they mean. The idea is that being proactive—going on the offense instead […]… Read More
The post Like Football, Your Cybersecurity Defense Needs a Strong Offense appeared first on The State of Security.
|Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware|
|Mon, 18 Mar 2019 10:58:49 +0000|
A spam campaign is using two recent crashes involving Boeing 737 Max aircraft to distribute malware to unsuspecting users. Discovered by 360 Threat Intelligence Center, a research division of 360 Enterprise Security Group, the campaign sends out attack emails that come from “email@example.com” with the subject line “Fwd: Airlines plane crash Boeing 737 Max 8.” […]… Read More
The post Spam Campaign Uses Recent Boeing 737 Max Crashes to Push Malware appeared first on The State of Security.
|Attackers Sending Fake Copyright Infringement Notices to Instagram Users|
|Fri, 15 Mar 2019 21:55:04 +0000|
Digital attackers are targeting high-profile Instagram users with fake copyright infringement notifications in a bid to hijack their accounts. Detected by Kaspersky Lab, this scheme begins when an Instagram influencer receives an email notification informing them that their “account will be permanently deleted for copyright infringement.” The email notice looks official in that it uses […]… Read More
The post Attackers Sending Fake Copyright Infringement Notices to Instagram Users appeared first on The State of Security.
|How Easy Is It to Spoof a Caller ID?|
|Fri, 15 Mar 2019 10:00:04 +0000|
Caller ID spoofing has become a real nuisance with machines and scammers hiding behind a number that they are not authorized to use. This creates the need to prevent illegitimate calls from using random numbers. In the meantime, have you ever wondered how easy it is to spoof a caller ID? What software is needed? […]… Read More
|Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab|
|Thu, 14 Mar 2019 14:25:28 +0000|
Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware. An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer […]… Read More
The post Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab appeared first on The State of Security.
|US Senators say it shouldn’t be a secret when they’ve been hacked|
|Thu, 14 Mar 2019 12:23:27 +0000|
Federal agencies and companies are required by law to disclose breaches, but Congress is under no such obligation - meaning that the public may have no idea that their political representatives have been hit.
It's time this changed.
The post US Senators say it shouldn’t be a secret when they’ve been hacked appeared first on The State of Security.
|Understanding Vulnerability Scoring to Help Measure Risk|
|Wed, 13 Mar 2019 13:36:31 +0000|
Understanding vulnerability scoring can be a daunting task, but a good starting point is first understanding risk and being able to distinguish risk from a vulnerability. Both have been used interchangeably throughout the years. A vulnerability is some aspect of a systems functioning, configuration or architecture that makes the resource a target of potential misuse, […]… Read More
The post Understanding Vulnerability Scoring to Help Measure Risk appeared first on The State of Security.
|The Power of Vulnerability Management: Are You Maximizing Its Value?|
|Wed, 13 Mar 2019 12:52:47 +0000|
Tripwire has been in the business of providing vulnerability management solutions with IP360 for about 20 years. With over 20,000 vulnerabilities discovered last year alone, vulnerability management continues to be an important part of most security plans. And most organizations agree. In a recent survey, 89 percent of respondents said that their organizations runs vulnerability […]… Read More
The post The Power of Vulnerability Management: Are You Maximizing Its Value? appeared first on The State of Security.
|Kathmandu Notifies Customers of Security Incident Involving Its Website|
|Wed, 13 Mar 2019 11:15:43 +0000|
Outdoor apparel and equipment retail chain Kathmandu said it’s in the process of notifying customers about a security incident involving its website. On 13 March, Kathmandu released a notification disclosing how the company became aware of the security incident between 8 January and 12 February. At some point during that time, an unauthorized third party […]… Read More
The post Kathmandu Notifies Customers of Security Incident Involving Its Website appeared first on The State of Security.
|VERT Threat Alert: March 2019 Patch Tuesday Analysis|
|Wed, 13 Mar 2019 03:58:46 +0000|
Today’s VERT Alert addresses Microsoft’s March 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-821 on Wednesday, March 13th. In-The-Wild & Disclosed CVEs CVE-2019-0754 This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code is executed on the […]… Read More
The post VERT Threat Alert: March 2019 Patch Tuesday Analysis appeared first on The State of Security.
|New Sextortion Scam Says Adult Sites Infected Victims with Malware|
|Tue, 12 Mar 2019 18:27:51 +0000|
A new sextortion scam is informing victims that their computers suffered a malware infection after they visited an adult website. In this latest ruse, digital criminals claim that they infected a user with malware after they visited a child pornography website. They then say that they leveraged that infection to capture compromising video footage of […]… Read More
The post New Sextortion Scam Says Adult Sites Infected Victims with Malware appeared first on The State of Security.
|Why You Need to Align Your Cloud Strategy to Your Business Goals|
|Tue, 12 Mar 2019 10:30:37 +0000|
Your company has decided to adopt the Cloud – or maybe it was among the first ones that decided to rely on virtualized environments before it was even a thing. In either case, cloud security has to be managed. How do you go about that? Before checking out vendor marketing materials in search of the […]… Read More
The post Why You Need to Align Your Cloud Strategy to Your Business Goals appeared first on The State of Security.
|Cybersecurity Hygiene: Not a Dirty Little Secret for Long|
|Mon, 11 Mar 2019 16:10:38 +0000|
In October 2018, FICO (a consumer credit scoring specialist) began scoring the cybersecurity of companies based upon a scan of internet facing vulnerabilities. FICO grades companies using the same scoring that is familiar with consumer credit. These metrics are then used to compare security risks against competitors. This announcement has the potential to be a […]… Read More
The post Cybersecurity Hygiene: Not a Dirty Little Secret for Long appeared first on The State of Security.