Researchers Release Decryptor that Works against GandCrab Version 5.2
Tue, 18 Jun 2019 11:00:37 +0000

Security researchers have released a decryptor that works against the latest variants of GandCrab ransomware, including version 5.2. On 17 June, Bitdefender announced that users can download the tool from the No More Ransom Project’s website. They can then use the utility to freely decrypt any and all files which samples of GandCrab through version […]… Read More

The post Researchers Release Decryptor that Works against GandCrab Version 5.2 appeared first on The State of Security.

To Air-Gap or Not Air-Gap Industrial Control Networks
Tue, 18 Jun 2019 03:00:12 +0000

What is air-gapping, and why do we air-gap networks? What camp are you in? In the camp that believes in air-gaps, or the other set that says they truly do not exist? Air-gap networks are networks that are physically and logically isolated from other networks where communication between these networks is not physically or logically […]… Read More

The post To Air-Gap or Not Air-Gap Industrial Control Networks appeared first on The State of Security.

Oregon State University (OSU) Discloses Data Breach
Mon, 17 Jun 2019 10:53:58 +0000

Oregon State University (OSU) has disclosed a security incident that potentially affected the personally identifiable information of some students and their families. On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise, the email account contained the personal […]… Read More

The post Oregon State University (OSU) Discloses Data Breach appeared first on The State of Security.

Climbing the Vulnerability Management Mountain
Mon, 17 Jun 2019 03:00:52 +0000

The purpose of this series of blogs is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey. Your progress will depend on your […]… Read More

The post Climbing the Vulnerability Management Mountain appeared first on The State of Security.

Adding to the Toolkit – Some Useful Tools for Cloud Security
Mon, 17 Jun 2019 03:00:24 +0000

With more business applications moving to the cloud, the ability to assess network behavior has changed from a primarily systems administration function to a daily security operations concern. And whilst sec-ops teams are already familiar with firewall and network device log tools, these can be of limited use in a “cloud first” business where much […]… Read More

The post Adding to the Toolkit – Some Useful Tools for Cloud Security appeared first on The State of Security.

French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2
Fri, 14 Jun 2019 11:31:17 +0000

The French Ministry of Interior has released a decryption utility for versions 1 and 2 of PyLocky ransomware to the public. On 11 June, the ministry of the French government unveiled the tool as the product of collaboration between its various agencies, including the Brigade d’enquêtes sur les fraudes aux technologies de l’information (BEFTI) of […]… Read More

The post French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2 appeared first on The State of Security.

DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests
Thu, 13 Jun 2019 11:36:37 +0000

An attack which targeted users of the Telegram app on Wednesday might be linked to protests in Hong Kong that turned violent.

The post DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests appeared first on The State of Security.

Aircraft Parts Manufacturer Halts Operations After Ransomware Attack
Thu, 13 Jun 2019 11:25:27 +0000

Aircraft parts manufacturer ASCO has temporarily suspended operations worldwide after falling victim to a ransomware attack. As reported by Data News, ASCO decided that it would shut down its headquarters in Zaventem, a Belgian municipality situated within the province of Flemish Brabant, as a result of the attack. This suspension is expected to place approximately […]… Read More

The post Aircraft Parts Manufacturer Halts Operations After Ransomware Attack appeared first on The State of Security.

What Public Sector CISOs Should Take Away from Verizon’s 2019 DBIR
Thu, 13 Jun 2019 03:00:49 +0000

It’s been a few weeks since Verizon released the 12th edition of its Data Breach Investigations Report (DBIR). For this publication, Verizon’s researchers studied 41,686 security incidents in which a response was necessary. These analysts found that 2,013 of those incidents were data breaches in that some sort of information was actually compromised. Out of […]… Read More

The post What Public Sector CISOs Should Take Away from Verizon’s 2019 DBIR appeared first on The State of Security.

The Tax Paying Hacker: A Modern Phenomenon
Thu, 13 Jun 2019 03:00:24 +0000

In a dark room lit only by the light from four computer monitors sits a hacker named Hector (not his real name). You can hear the faint pulse of an EDM track coming from his headphones as Hector taps away on his computer’s keyboard. The above description could serve as the setting for a hacker […]… Read More

The post The Tax Paying Hacker: A Modern Phenomenon appeared first on The State of Security.

Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack
Wed, 12 Jun 2019 11:33:46 +0000

The City of Lake City has confirmed that a “Triple Threat” ransomware attack affected the functionality of several of its computer systems. According to its Facebook statement, the Floridian municipality became the target of a ransomware program known as “Triple Threat” on 10 June 2019. This malware allegedly combined three different attack vectors to target […]… Read More

The post Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack appeared first on The State of Security.

YouTube Attacks to Watch Out For in 2019
Wed, 12 Jun 2019 03:00:27 +0000

YouTube, the world’s top provider of streaming multimedia content, keeps reaching new heights in terms of its popularity. Nearly two billion monthly users and five billion videos watched every single day – these impressive statistics speak for themselves, and the numbers are steadily growing year over year. Everybody loves YouTube and so do cybercriminals, only […]… Read More

The post YouTube Attacks to Watch Out For in 2019 appeared first on The State of Security.

VERT Threat Alert: June 2019 Patch Tuesday Analysis
Tue, 11 Jun 2019 20:42:45 +0000

Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th. In-The-Wild & Disclosed CVEs CVE-2019-1053 An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker would require the ability to […]… Read More

The post VERT Threat Alert: June 2019 Patch Tuesday Analysis appeared first on The State of Security.

Food Bank Needs Help Recovering from Ransomware Attack
Tue, 11 Jun 2019 11:07:04 +0000

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food […]… Read More

The post Food Bank Needs Help Recovering from Ransomware Attack appeared first on The State of Security.

Steps for Successful Vulnerability Management: Lessons from the Pitch
Tue, 11 Jun 2019 03:00:46 +0000

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck. Now that I’m older, I watch more than I play, and I’m […]… Read More

The post Steps for Successful Vulnerability Management: Lessons from the Pitch appeared first on The State of Security.

What Is FIM (File Integrity Monitoring)?
Mon, 10 Jun 2019 11:30:57 +0000

File integrity monitoring (FIM) exists because change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during a patch cycle; some cause concern by their unexpected nature. Organizations commonly respond to such dynamism by investing in asset discovery and […]… Read More

The post What Is FIM (File Integrity Monitoring)? appeared first on The State of Security.

Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor
Mon, 10 Jun 2019 10:51:02 +0000

Microsoft is warning users to be on the lookout for a malspam campaign that’s abusing an Office vulnerability in order to distribute a backdoor. On 7 June, Microsoft Security Intelligence took to Twitter to raise awareness of the operation. The campaign, which remains active as of this writing, begins when users receive a malspam email […]… Read More

The post Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor appeared first on The State of Security.

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak
Fri, 07 Jun 2019 13:10:34 +0000

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not require any authentication. This made it possible for […]… Read More

The post Fortune 500 Company Addresses Weakness Behind 264GB Data Leak appeared first on The State of Security.

How to Advance ICS Cybersecurity: Implement Continuous Monitoring
Fri, 07 Jun 2019 12:18:01 +0000

Industrial Control Systems (ICS) include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and other control system configurations such as Programmable Logic Controllers (PLC). They are typically used in industries such as electric, water, oil and natural gas, transportation, chemical, pharmaceutical and manufacturing (e.g., automotive, aerospace). These control systems are vital to […]… Read More

The post How to Advance ICS Cybersecurity: Implement Continuous Monitoring appeared first on The State of Security.

Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen
Fri, 07 Jun 2019 12:16:26 +0000

Cryptocurrency wallet service GateHub has warned that over 100 customers have had their ledger wallets hacked and funds stolen.

The post Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen appeared first on The State of Security.


rssfeedwidget.com