On November 17, 2016, the security community witnessed the resurgence of a familiar enemy. That's the day when Shamoon 2, the successor of an attack campaign which first emerged in 2012, delivered Disttrack wiper malware to an organization based in Saudi Arabia. True to its design, Disttrack spread through the company's network and overwrote the...

Hopefully, we all know by now that it's a big mistake to post too much personal information on social media. For instance, telling the world that your house will empty because you're going away on holiday could lead to burglary. Similarly, it's a pretty dumb idea to post photos of your debit card on Twitter. And we all should know by now about the...

Scammers are using fake Amazon payment sites to steal money from customers lured in by unbeatable deals. Comparitech, a website which offers consumer advice on topics relating to technology and information security, recently investigated one such fraudster. The fake seller goes by the name Sc-Elegance. They have a reputation for selling expensive...

John Callahan’s October article “4 Reasons to Get Your Masters in Cyber Security” made me think about how to help students and cyber professionals strengthen a critical soft skill: written communication. Research synthesis and analysis papers are common in academic environments. These critical thinking assignments require students to conduct...

"By sitting in the alcove, and keeping well back, Winston was able to remain outside the range of the telescreen, so far as sight went. He could be heard, of course, but so long as he stayed in his present position he could not be seen." The above quote is a snippet from George Orwell’s dystopian-themed novel 1984, where Big Brother is constantly...

A new ransomware family called Spora comes outfitted with a sophisticated encryption scheme and a professionally designed payment portal. Spora, which is Russian for the word "spore," relies on fake invoice emails for distribution. The emails bear ZIP files containing HTML Application (HTA) files as attachments. But users might not realize it. That...

** UPDATED 2018 Blog Here: The Top 17 Information Security Conferences of 2018 ** 2017 is finally here. You know what that means: another information security conference season is upon us. We couldn't be more excited! Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security...

The Russian hacking fiasco we've been following over the past weeks – hysteria, which is due to the flawed Grizzly Steppe report and subsequent haphazard news reporting – has done a grave disservice to the serious issue of national cybersecurity. If the world is going to ever turn the corner from its current state of rampant cyber(in)security, it...

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

A school located in Los Angeles County, California has paid computer criminals 28,000 USD after it suffered a ransomware attack. Officials at Los Angeles Valley College (LAVC) came to the decision after a ransomware infection left them with no way to recover their organization's encrypted data. As the school explains in an update (PDF): "In...

A large Australian bank exposed 60,000 of its customers' account details after it inadvertently sent an email to the wrong recipient. National Australia Bank (NAB), which was one of the targets of sophisticated Android malware in March 2016, disclosed the data leak in December. It appears a former NAB employee sent confirmation emails to 60,000 new...

Most organizations are overwhelmed, understaffed, and/or underfunded when it comes to cybersecurity. These constraints create a critical need to prioritize on the most critical cybersecurity measures. However, often these priorities are unclear or hard to determine, leading to less-than-optimal cybersecurity product purchases and/or activities. This...

Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users' login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. He found that the offending fraudsters are targeting users who lack a high level of security awareness. As he told Threatpost: "This is an...

It's 2017, which means we're less than a year and a half out from the EU General Data Protection Regulation (GDPR) taking full effect. The European Commission has a lot to do in the meantime. One of its most pressing objectives is to adapt the current rules, which are enshrined in European Union's ePrivacy Directive, to the GDPR and thereby help...

Typically, security risks and challenges coming from your IT security team are only realized after there is an actual cyber security event. Things such as ransomware or DDoS attacks quickly become a priority for executives and place them in a responsive mode. Being proactive is sometimes difficult to quantify in the IT security world with a...

Online extortionists closed 2016 with a spike in ransomware activity. The statistics for December were alarming: 32 new samples emerged and 33 existing strains got updated. The fact that security researchers released nine decryption tools is quite promising, but it is still a weak countervailing factor. The report below explores the ins and outs of...

GoldenEye ransomware wants to interview with your company's HR department, but it's not interested in filling an open position. For this new campaign, GoldenEye has assumed a job application theme to target German speakers in companies' HR departments. The authors of the ransomware, which is an updated form of Petya, know it's part of HR employees'...

In recent weeks there have been some peculiar new strains of ransomware spotted. Take the Popcorn Time ransomware, for instance, which lets you decrypt your files "the nasty way" by helping the blackmailers spread their attack further. If you can infect two other victims (and get them to pay up) Popcorn Time's developers will allegedly send you your...

In recent years, Wi-Fi networks are usually secured with the Wi-Fi Protected Access II (WPA2), a security protocol which leverages a strong cryptographic hash function (PBKDF2 with the network's ESSID as salt) to protect the pre-shared key (PSK). Breaking into a WPA-2 network can be a great challenge during a penetration test. A modern GPU that is...

An attacker is obtaining access to unprotected MongoDB databases, stealing and erasing their content, and holding them for ransom. On 27 December, security researcher Victor Gevers came across a MongoDB server that was open to external connections and that lacked a password on its admin account. This database didn't contain a lot of information. In...