Resources

Blog

Over 28 Million Taringa! User Records Exposed in Data Breach

Social networking platform Taringa! has confirmed a data breach that exposed nearly every record in its 28 million registered user base. On 4 September, data breach notification LeakBase disclosed a hack where attackers allegedly stole the records for 28,722,877 registered users of Taringa!, a popular Latin American social media site. The Hacker...
Blog

August 2017: The Month in Ransomware

Although the ransomware industry has resumed growth after July’s decline, nothing game-changing happened in the online extortion ecosystem last month. There was an influx of new GlobeImposter ransomware variants and real-life spinoffs of the Hidden Tear proof-of-concept. The Locky strain geared up for another rise with its Lukitus persona. And a...
Blog

Protecting Critical Infrastructure in the Age of IoT

Keeping up with advances in technology is like being a hamster on a wheel: the race never ends. But that drive is ultimately what yields innovative advances in IT – for both hackers and cyber professionals alike. We need to understand that we cannot control this evolution – neither its speed nor progress – but we can implement standards and best...
Blog

The Cloud’s Shared Responsibility Model Explained

Over the past few months, the security industry has witnessed several major cloud data breaches. The Deep Root Analytics leak sent shockwaves across the cybersecurity community in June, as sensitive information on 197 million American voters was exposed. A few weeks later, data on six million Verizon users was exposed by Nice systems, a third-party...
Blog

10 Essential Bug Bounty Programs of 2017

In 2015, The State of Security published a list of 11 essential bug bounty frameworks. Numerous organizations and even some government entities have launched their own vulnerability reward programs (VRPs) since then. With that in mind, I think it's time for an updated list. Here are 10 essential bug bounty programs for 2017. 1. Apple Website:...
Blog

Cancer Treatment Center Notifies 19K Patients of Ransomware Attack

A cancer treatment center has notified more than 19,000 patients of a ransomware attack that might have affected their personal and medical information. Medical Oncology Hematology Consultants, P.A. ("the Practice), which is located in the Helen F. Graham Cancer Center & Research Institute, detected the infection on 7 July 2017. Its analysis reveals...
Blog

Should Security Researchers Protect Organizations by Any Means Necessary?

Responsible disclosure is the gold standard for fixing security vulnerabilities. But as we all know, sometimes at least one stakeholder doesn't hold up their end of the agreement. Parties violate a responsible disclosure timeline for many reasons. Take the Zero Day Initiative, for instance. One of its security researchers discovered a vulnerability...
Blog

Half of Organizations Fail to Maintain PCI Compliance, Finds New Report

Nearly half of organizations that store, process or transmit card data are still failing to maintain PCI DSS compliance from year to year, reveal new statistics. According to the 2017 Verizon Payment Security Report, the number of enterprises becoming fully compliant is on an upward trend—growing almost five-fold since 2012. Last year, 55.4 percent...
Blog

Trojan Using Infected USBs to Help Spread Fileless Malware

A trojan is leveraging infected USB flash disks to help spread fileless malware that abuses legitimate functions on a compromised system. The baddy, which Trend Micro detects as "TROJ_ANDROM.SVN," conceals itself within two malicious files on an infected USB. These files are called "addddddadadaaddaaddaaaadadddddaddadaaaaadaddaa...
Blog

How to Safeguard Your Online Banking Information

10 years ago, people used to enter a bank physically to complete any kind of transaction. The situation has changed a lot today. With the introduction of online banking, people are able to make all types of transactions with the click or touch of a button. Last year, a survey from Bank of America revealed that 62 percent of Americans now utilize...
Blog

One in 10 UK Companies Lack an Incident Response Plan, Says Survey

The damage wrought by the WannaCry and NotPetya malware outbreaks highlights the importance of organizations taking steps to strengthen their digital security defenses. But in the shadow of such high-profile attacks, the state of organizations' security postures remains unclear. Do most companies understand the importance of their information and...
Blog

“Cyber” Is Not an Appropriate Risk Category

“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of this...
Blog

Stackoverflowin: The Story of How IoT Broke the Internet

Recently, an incident commonly referred to as “stackoverflowin” swept social media. On February 4, 2017, a 17-year-old hacker from the UK using the alias ‘stackoverflowin’ decided on a whim to do some printing. He printed quite a bit. In fact, he printed so much that it started to trend on Twitter. That’s because he printed to every open printer on...
Blog

Android Trojan Targeting South Korean Users via Smishing Campaign

An Android trojan is using SMS phishing texts (or "smishing" messages) to prey upon unsuspecting South Korean mobile users. In July 2017, users uploaded to South Korean websites screenshots of texts asking them to click on suspicious shortened links. One message warns recipients that someone might have leaked a private picture of them to the web....
Blog

Highs & Lows of Cyber Security in Healthcare

Cyber security is a relatively new concern to the healthcare sector. Most organizations began looking into it in just the past five years. Given this still-nascent focus, there have been some real lows for healthcare and highs for cyber attackers. Good News to Start There's some good news to share with respect to healthcare providers (acute and...
Blog

Cyber Security Recruiting: Win Top Candidates with These Tips

Your cyber security department has some big hurdles when it comes to hiring. In IT, 10 percent of all job postings are in cyber, and the growth rate is 2x faster than other IT jobs. There will be 1.5-2 million unfilled cyber jobs by 2019. Currently, cyber job postings take 24 percent longer to fill than other IT jobs and 35 percent longer to fill...
Blog

Android Ransomware Development Made a Cinch by TDK Mobile Apps

Wannabe computer criminals can now easily create Android ransomware thanks to what are known as trojan development kits (TDKs). TDKs automate the process of developing new mobile malware by leveraging a version of the computer-aided software engineering (CASE) tool model. These device-aided malware engineering (DAME) utilities enable an actor to...
Blog

Malware Using Facebook Messenger to Serve up Multi-Platform Threats

Malware is spreading via Facebook Messenger as part of an attack campaign designed to infect users with multi-platform digital threats. In early August, Kaspersky Lab senior security researcher David Jacoby received a curious message via Facebook's messenger service. The message originated from one of his friends with whom he rarely speaks on the...