Securitymost recent

The State of Security:

UPS Says Phishing Incident Might Have Exposed Some Customers’ Data

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorized person had used a phishing attack to gain access to store email accounts at some of its store locations between September 29, 2019 […]… 

The State of Security:

Navigating ICS Security: Best Practices for ICS Decision-Makers

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of solutions. In the case of […]… 

The State of Security:

The Vendor Security Assessment (VSA): What You Need to Know

Requesting that a SaaS company answer a Vendor Security request has become a regular thing for companies who work in the cloud. But have you thought about how the reverse works, that is, when your customer has a VSA process focusing on you? The Vendor Security Assessment, or VSA, is the means by which your […]… 

Mozilla Security Blog:

CRLite: Speeding Up Secure Browsing

CRLite pushes bulk certificate revocation information to Firefox users, reducing the need to actively query such information one by one. Additionally this new technology eliminates the privacy leak that individual queries can bring, and does so for the whole Web, … Continue reading

The post

The State of Security:

Health Quest Begins Notifying Patients Affected by Phishing Incident

Health Quest announced that it’s begun notifying patients whose information might have been exposed in a phishing incident. According to its website notice, Health Quest first learned of the incident in July 2018 when several employees fell for a phishing attack and thereby inadvertently disclosed their email account credentials to an unauthorized party. The Hudson […]… 

The State of Security:

GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey

A new survey found that regulators have thus far imposed $126 million worth of fines for data breaches and other GDPR infringements. According to DLA Piper’s GDPR Data Breach Survey, data protection regulators imposed €114 million (about US$126 million / £97 million) in GDPR-related fines between May 25, 2018 and January 27, 2020. The international […]… 

The State of Security:

The Top 19 Information Security Conferences of 2020

With the 2010s now over, the infosec industry is now fully invested in 2020 and beyond. The 2020s will no doubt present their fair share of challenging digital security threats. But they will also enable security professionals to discuss shared difficulties at conferences and summits. To help promote these collaborative events, we at The State […]… 

The State of Security:

You’ve Bought Security Software. Now What?

Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers, and he was concerned that the scanner came back with 0 results. After reviewing his […]… 

The State of Security:

NIS Directive: Who Are the Operators of Essential Services (OES)?

The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges. It is a true game-changer for cybersecurity resilience and cooperation in Europe. As we noted in a previous blog post, the Directive has three main objectives: Improving national cybersecurity capabilities Building cooperation at EU level Promoting a culture of risk management and incident […]… 

The State of Security:

Domain Name of WeLeakInfo.com Seized by FBI and DOJ

The Federal Bureau of Investigations (FBI) and the Department of Justice (DOJ) announced that they have seized the domain name for weleakinfo.com. On January 16, the U.S. Attorney’s Office for the District of Columbia announced that the FBI and DOJ had executed a warrant to seize the domain of weleakinfo.com in cooperation with law enforcement […]… 

The State of Security:

PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data could include the following: Customer names Postal addresses Email addresses Phone numbers Medical information (including […]… 

The State of Security:

Ako Ransomware Using Spam Attachments to Target Networks

Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. On January 14, AppRiver Senior Cybersecurity Analyst David Pickett contacted Bleeping Computer and told the computer self-help site that his company had observed Ako being distributed via spam email. Using subject lines such as “Agreement 2020 #1775505,” the attack […]… 

The State of Security:

Key Cloud Security Challenges and Strategies to Overcome Them

The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. First and foremost, the cat is out of the bag. We’re not going back to the […]… 

The State of Security:

ISA Global Cybersecurity Alliance: Your Expertise is Needed

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. These standards not only address configuration weaknesses to harden systems against vulnerabilities, but they also help address design […]… 

The State of Security:

Emotet Used Phishing Emails to Target the United Nations

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations (UN). They used this disguise to conduct a phishing campaign with “highly specific targeting.” In […]… 

SecurityNews