The Russian author of the notorious Citadel malware which infected over 11 million PCs and stole an astonishing $500 million from bank accounts has pleaded guilty to his crimes. 29-year-old Mark Vartanyan, who went by the online handle of "Kolypto", was arrested in the Norwegian town of Fredrikstad in 2015 at the request of the FBI. His extradition...

Cerber ransomware is infecting unsuspecting users via malspam emails sent out by the "Blank Slate" attack campaign. Blank Slate is known for sending out attack emails with two defining characteristics. First, the emails don't come with any message text. Second, they don't contain any information that gives away the nature of their attachments. Even...

As I discussed in a previous blog post, a key security control known as file integrity monitoring (FIM) helps organizations defend against digital threats by monitoring for unauthorized changes to their system state. But that's only half the battle. A change could be authorized but still create new security risk. Organizations need to watch for...

Just as traditional brick-and-mortar businesses are targeted by anarchists during protests or times of unrest, e-commerce businesses are targeted by cyber criminals, except they don’t wait for particular season or reason. Whether small, medium or large, every business is, sadly, at the mercy of hackers who will exploit every opportunity they get to...

A man used a business email compromise (BEC) scam to defraud two internet companies based in the United States out of 100 million dollars. On 21 March, the FBI along with the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against Evaldas Rimasauskas, 48, of Vilnius, Lithuania. Lithuanian authorities arrested...

At some point in your career, you will make mistakes—small mistakes, big mistakes, even career-defining mistakes. I am writing this in retrospect because during the course of my job duties, I recently made a mistake. The details are irrelevant, but I wanted to share my experience with making mistakes in the professional world. Mistakes and human...

A new scam is capitalizing on reports of 'Celebgate 2.0' by making off with users' personal information and posting spam on Twitter. According to several media outlets, hackers have published the private photos of multiple female actresses including Emma Watson, Amanda Seyfried, Dylan Penn, and others. Some are calling these leaks "Celegate 2.0," a...

It's funny how kids have an affinity for toys we enjoyed as kids – like Legos. They will spend hours creating the biggest “thing,” often leading to a parent’s near universal response, “Johnny! That is the biggest tower I have ever seen! Great job!” Children (and we) love Legos because they foster imagination, offering a limitless way to create...

There are a variety of ways a company can experience cyber incidents, ranging from a distributed denial of service network attack to internal information theft. The first response is usually to enlist incident response professionals to resolve the issue as quickly and efficiently as possible. However, there are several factors companies should...

A Gmail phishing campaign is clever enough to have almost tricked or successfully fooled multiple technical users. The attack, which other contributors to The State of Security have spotted, begins when a Gmail user receives an email. Oftentimes, the message comes from someone they know whose account has already been compromised. The email appears...

It's now evident there are many more hacker intrusions during which security experts struggle to repel attackers and resolve damage than we first thought. The growing trends of sabotage, extortion, and disruption of both individual users and critical services have raised concerns about cybersecurity worldwide. Cybersecurity Threats Are a Leading...

Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure...

Businesses have always struggled with the idea of business security. Are you doing enough to protect your company, clients, and employees? Is there really such a thing as too much security? Technology is constantly changing, and as such, so are the threats many organizations face. Everywhere you turn, some security company is trying to point out...

There are many ways for IT professionals to broaden their knowledge of information security. Attending infosec conferences, for instance, provides personnel with an opportunity to complete in-person trainings and network with like-minded individuals. Outside of industry events, analysts can pick up a book that explores a specific topic of...

A popular social media app known as Wishbone has suffered a data breach that exposed 2.2 million email addresses along with 287,000 cell numbers. In the middle of March 2017, security researcher Troy Hunt received a MongoDB database that belongs to Wishbone. The app, first founded in 2015, allows users to vote on two-choice polls. Over the past two...

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that...

Over the weekend, I became immersed in a discussion on Twitter centered around getting more people involved in InfoSec conferences. Here’s the original post by @hacks4pancakes: Lesley’s initial point led to many great responses relating to the value of attending conferences and the process of...

Attackers hacked a third-party service and used their unauthorized access to push out Nazi-themed tweets from high-profile Twitter accounts. On 14 March, prominent companies, publishers, and personalities tweeted out messages containing swastikas and the hashtags #NaziGermany and #NaziHollan written in Turkish. It's thought that supporters of Turkey...

Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs. It was a...