This is the third and last blog I will write for State of Security on the topic of the groundbreaking, maverick TV series ‘Mr Robot.’ As this week, the credits rolled one final time on the show's mind bending and utterly bizarre (even by its own standards) conclusion. A lot has changed since the first season aired, both for cybersecurity and the...

A newly discovered PayPal phishing scam attempts to steal much more than just a user's login credentials for the online payments service. Slovakian security firm ESET observed that the scam began by targeting users with an attack email warning them of unusual activity involving their account. The email urged recipients to click on an embedded link...

That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in...

Convenience store chain Wawa disclosed a malware incident that might have exposed some of its customers' payment card details. In a "Notice of Data Breach" published on December 19, 2019, Wawa CEO Chris Gheysens revealed that the company's information security teams had discovered malware on some of...

Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security...

A list of some of the worst passwords for 2019 revealed that users continue to turn to "123456" above all of the other ill-advised combinations. In total, TeamsID published 50 of the worst passwords used during the past year. The top 15 of these are presented below: 123456 123456789 qwerty password 1234567 12345678 12345 iloveyou 111111 ...

Businesses are always looking for ways to control and reduce the cost of doing business as well as gain a competitive advantage over their respective competitors. The constant pressure of doing more with less has introduced many offerings designed to reduce the cost and complexity of the IT/OT infrastructures that support the business. Let’s take a...

LifeLabs identified a digital attack that potentially exposed the personal information of approximately 15 million of its customers. In a letter to all of its customers, LifeLabs President and CEO Charles Brown explained that malicious actors gained unauthorized access to systems containing customers...

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise...

An analysis of a new backdoor called "Poison Frog" revealed that the OilRig threat group was sloppy in its development of the malware. Kaspersky Lab came across Poison Frog while scanning its archives using its YARA rule to hunt for new and old malware samples employed by OilRig. It launched this investigatory effort shortly after crackers operating...

After spending several decades in this industry, I have seen growth in many different security products and in many different areas. All the while, I've questioned whether specific technologies were offering real value or were just over-marketed to create more revenue opportunities for investors. As we have seen repeatedly, categories of security...

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested...

A New Jersey hospital said that it was forced to cancel some surgeries and other medical procedures after falling victim to a ransomware attack. Hackensack Meridian Health, a non-profit health care center based in Edison, New Jersey, revealed to the Wall Street Journal (WSJ) that the attack began on...

I have wanted to do a series like this for some time. I frequently watch movies and point out social engineering and OSINT techniques or inaccuracies as well as OPSEC blunders. These blunders, in addition to the matrix style waterfall screens, are equally bad as the "hacking" you see in movies. So, let's level the playing field about the specific...

Researchers discovered a phishing campaign which attackers designed to harvest login credentials from government procurement services. According to Anomali Labs, malicious actors crafted their campaign to target various services used by public and private entities to match buyers and sellers of government services. They did so by directing...

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details. The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make...

Finding a security vendor that is the best fit for your company’s business objectives, culture, risk profile, and budget is challenging today. The purpose of this blog is to suggest that working with a “vendor partner” is more than working with a standard technology vendor in that a partner aligns not only with “Technology” concerns but also with ...

Today’s VERT Alert addresses Microsoft’s December 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-863 on Wednesday, December 11th. In-The-Wild & Disclosed CVEs CVE-2019-1458 A vulnerability in Win32k is currently seeing active exploitation that could give an attacker the ability to...

Attackers provided victims who paid with an updated Ryuk ransomware decryptor that could potentially damage their larger files. Emsisoft found that malicious actors had added numerous new features to Ryuk ransomware over the past year. In a lesser-known case, attackers gave Ryuk the ability to partially encrypt files that exceeded 54.4 MB in size....

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology...