Resources

Blog

Spora Ransomware Equipped with Sophisticated Encryption, Payment Site

A new ransomware family called Spora comes outfitted with a sophisticated encryption scheme and a professionally designed payment portal. Spora, which is Russian for the word "spore," relies on fake invoice emails for distribution. The emails bear ZIP files containing HTML Application (HTA) files as attachments. But users might not realize it. That...
Blog

The Top 13 Information Security Conferences of 2017

** UPDATED 2018 Blog Here: The Top 17 Information Security Conferences of 2018 ** 2017 is finally here. You know what that means: another information security conference season is upon us. We couldn't be more excited! Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security...
Blog

VERT Threat Alert: January 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Ransomware Attack Leads LA School to Fork Over $28K in Ransom

A school located in Los Angeles County, California has paid computer criminals 28,000 USD after it suffered a ransomware attack. Officials at Los Angeles Valley College (LAVC) came to the decision after a ransomware infection left them with no way to recover their organization's encrypted data. As the school explains in an update (PDF): "In...
Blog

Email Slip-Up Exposes 60,000 Bank Customers' Account Details

A large Australian bank exposed 60,000 of its customers' account details after it inadvertently sent an email to the wrong recipient. National Australia Bank (NAB), which was one of the targets of sophisticated Android malware in March 2016, disclosed the data leak in December. It appears a former NAB employee sent confirmation emails to 60,000 new...
Blog

The Need for Better Cybersecurity Prioritization Metrics

Most organizations are overwhelmed, understaffed, and/or underfunded when it comes to cybersecurity. These constraints create a critical need to prioritize on the most critical cybersecurity measures. However, often these priorities are unclear or hard to determine, leading to less-than-optimal cybersecurity product purchases and/or activities. This...
Blog

Fraudsters Using Fake Encrypted PDF to Phish for Victims' Credentials

Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users' login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. He found that the offending fraudsters are targeting users who lack a high level of security awareness. As he told Threatpost: "This is an...
Blog

December 2016: The Month in Ransomware

Online extortionists closed 2016 with a spike in ransomware activity. The statistics for December were alarming: 32 new samples emerged and 33 existing strains got updated. The fact that security researchers released nine decryption tools is quite promising, but it is still a weak countervailing factor. The report below explores the ins and outs of...
Blog

Are You Hiring? GoldenEye Ransomware Wants to Meet Your HR Department

GoldenEye ransomware wants to interview with your company's HR department, but it's not interested in filling an open position. For this new campaign, GoldenEye has assumed a job application theme to target German speakers in companies' HR departments. The authors of the ransomware, which is an updated form of Petya, know it's part of HR employees'...
Blog

Ransomware Offers Free Decryption if you Learn About Cybersecurity

In recent weeks there have been some peculiar new strains of ransomware spotted. Take the Popcorn Time ransomware, for instance, which lets you decrypt your files "the nasty way" by helping the blackmailers spread their attack further. If you can infect two other victims (and get them to pay up) Popcorn Time's developers will allegedly send you your...
Blog

Efficient Wi-Fi Phishing Attacks: Would You Fall for That?

In recent years, Wi-Fi networks are usually secured with the Wi-Fi Protected Access II (WPA2), a security protocol which leverages a strong cryptographic hash function (PBKDF2 with the network's ESSID as salt) to protect the pre-shared key (PSK). Breaking into a WPA-2 network can be a great challenge during a penetration test. A modern GPU that is...
Blog

Unprotected MongoDB Databases Wiped and Held for Ransom by Attacker

An attacker is obtaining access to unprotected MongoDB databases, stealing and erasing their content, and holding them for ransom. On 27 December, security researcher Victor Gevers came across a MongoDB server that was open to external connections and that lacked a password on its admin account. This database didn't contain a lot of information. In...
Blog

Divining Infosec: Security Experts' Predictions for 2017

We saw a lot happen in information security over the course of 2016. Some of these events, like the distributed denial-of-service (DDoS) attacks that struck Dyn and Russia's hacking of the DNC, made the public care about digital security as never before. Those incidents changed the national discourse on information security. As such, they shifted...
Blog

Anonymous Hackers Deface Victoria's Human Rights Commission Website

Hackers claiming to be part of Anonymous defaced the website of Victoria's Human Rights Commission. On 2 January, the statutory authority in the Australian state of Victoria announced on Twitter that its website was temporarily down. https://twitter.com/VEOHRC/status/816095043282796544 The Guardian reports Victoria's Human Rights Commission took its...
Blog

Dyn DDoS: What It Means for Supply Chain Security

By now, you have probably heard about one, maybe two massive Distributed Denial of Service (DDoS) attacks that occurred near the end of 2016. The first was Brian Krebs being subjected to a 620 Gbps DDoS. The second, and more noticeable, attack targeted DNS provider Dyn and took down parts of Twitter, Amazon, and other Dyn clients' infrastructure on...
Blog

How and Why Small Businesses Are Investing in Cybersecurity

Businesses of all sizes are taking note that cyber threats are continually on the rise. No one is safe. In our digital world, you just can't be too cautious when it comes to protecting your data. This is true whether your company employs 200,000 or 10 employees. Cyber criminals have no bounds. They just want to profit off of your information. That...
Blog

KillDisk Wiper Malware Evolves into Ransomware

KillDisk malware has moved away from wiping infected computers of their stored data and has evolved into ransomware. Researchers at ICS/SCADA security firm CyberX recently came across a new KillDisk variant. After reverse-engineering it, they found that the malware displayed a pop-up ransom message demanding victims pay 222 Bitcoins in exchange for...