Securitymost recent

The State of Security:

Hacking Is Not a Crime! Additional Thoughts from DEFCON 2019

In my previous post, I spoke about all of the different DEFCON villages where attendees can learn about and purchase all sorts of fun hacking/counter hacking tools. Even so, I covered only a small fraction of the activities at the conference. For example, attendees have the opportunity to participate in a lot of contests run […]… 

The State of Security:

Critical Security Vulnerability Disclosed in iTerm2 App

A critical vulnerability has been discovered in the popular iTerm2 application, an open source terminal emulator program designed to replace the default Apple Terminal in macOS. iTerm2 often finds its way into lists of some of the best software to install on a Mac. It is especially popular with power users as a result of […]… 

The State of Security:

Phishing Attack Possibly Affected 68K Patients of The Methodist Hospitals

The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients. According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodist’) responded by launching an investigation into what […]… 

The State of Security:

The Current State of CCPA – What You Need to Know

In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms […]… 

Mozilla Security Blog:

Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit

A security audit funded by the Mozilla Open Source Support Program (MOSS) has discovered a critical security vulnerability in the widely used macOS terminal emulator iTerm2. After finding the vulnerability, Mozilla, Radically Open Security (ROS, the firm that conducted the … Continue reading

The post

The State of Security:

Ransomware victim hacks attacker, turning the tables by stealing decryption keys

Normally it works like this. Someone gets infected by ransomware, and then they pay the ransom. The victim then licks their wounds and hopefully learns something from the experience. And that’s what happened to Tobias Frömel, a German developer and web designer who found himself paying a Bitcoin ransom of 670 Euros (US $735) after […]… 

The State of Security:

New Sextortion Scam Uses Alternative Cryptocurrencies to Evade Detection

A new sextortion scam variant is using a wallet for a cryptocurrency other than bitcoin in an attempt to evade detection. On October 8, Cofense revealed it had detected a modified sextortion scam that was using a wallet address for Litecoin instead of bitcoin. The variant thereby differentiated itself from earlier sextortion campaigns detected by […]… 

The State of Security:

Survey: 93% of ICS Pros Fear Digital Attacks Will Affect Operations

Digital attackers are increasingly targeting industrial environments these days. Take manufacturing organizations, for instance. Back in late-August, FortiGuard Labs discovered a malspam campaign that had targeted a large U.S. manufacturing company with a variant of the LokiBot infostealer family. It wasn’t long thereafter when Bloomberg reported on the efforts of bad actors to target Airbus […]… 

The State of Security:

VERT Threat Alert: October 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-853 on Wednesday, October 9th. In-The-Wild & Disclosed CVEs There are no in-the-wild or disclosed CVEs this month. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are […]… 

The State of Security:

Instagram Launches New Feature to Help Users Identify Phishing Emails

Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform. On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate. Heads up: […]… 

The State of Security:

Decryption Keys Released by Developer of HildaCrypt Ransomware

The developer of HildaCrypt has released the master decryption keys that would allow potential victims of the ransomware to recover their data for free. On October 4, a security researcher who goes by the name “GrujaRS” posted about the discovery of a new variant of STOP, a well–known ransomware family. New #Stop (Djvu) #Ransomware extension […]… 

The State of Security:

NCSAM: It’s Everyone’s Job to Ensure Online Safety at Work

October is National Cyber Security Awareness Month (NCSAM). NCSAM is a great initiative to help educate and inform our friends and family on the importance of taking your digital security seriously. To help continue to support this initiative, we asked a range of industry experts to share some of their tips to help us stay […]… 

The State of Security:

6 Common Phishing Attacks and How to Protect Against Them

Phishing attacks don’t show any sign of slowing down. Per its 2019 Phishing Trends and Intelligence Report, PhishLabs found that total phishing volume rose 40.9 percent over the course of 2018. These attacks targeted a range of organizations, especially financial service companies, email and online service providers and cloud/file hosting firms. It’s, therefore, no surprise […]… 

The State of Security:

Secure Configuration in Cloud – IaaS, PaaS and SaaS Explained

If I asked you what security products you had in place to manage your risk within your IT organisation 10 years ago, you’d probably have been able to list a half dozen different tools and confidently note that most of your infrastructure was covered by a common set of key products such as antivirus, DLP, […]… 

The State of Security:

Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains

Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information. On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security inc..