Foreign exchange company Travelex announced that it had temporarily disabled all of its systems following a malware attack. Twitter user Izzy Fergus first noticed something was wrong when she attempted to visit travelex.co.uk and saw a runtime error message. When she reached out to the company on Twitter, Travelex UK informed her that it was...

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to...

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM)...

Dining, hospitality and entertainment corporation Landry's notified customers of a security incident that might have affected their payment card data. On December 31, Landry's revealed that it first learned of the incident after it detected unauthorized activity on the payment processing systems for...

Digital attackers compromised an email server owned by Special Olympics NY and then abused it to target donors with phishing emails. The attack emails told recipients that an automatic donation transaction of $1,942.49 would register on their accounts within the next two hours. The email then asked recipients to review a PDF statement to confirm...

It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community. To finish the year off, I wanted to look back...

Wyze implemented a token refresh for all of its users after learning of a security incident that allegedly leaked user data. On December 26, Twelve Security reported that smart home camera provider Wyze had left its production servers open to the web. The security stated that the misconfiguration had...

Honeypots are not a new idea. They have been part of the cybersecurity world for decades and have frequently gone in and out of "fashion" over that period. Recently, though, they have become an increasingly important part of vulnerability management. That's for a couple of reasons. Honeypots offer real-world data on the types of threats that...

Researchers identified more than 100 apps that used a common code package named "Soraka" to perform ad fraud on users' Android devices. The White Ops Threat Intelligence team observed that many of the apps did not have a suspicious reputation at the time of discovery. For instance, the "Best Fortune Explorer" registered no red flags with anti-virus...

TikTok, the popular video posting app, has come under increased scrutiny. Recently, two lawsuits filed against the platform accused TikTok of privacy violations. According to a report from Reuters, a plaintiff accused TikTok of creating an account without her knowledge or consent in one lawsuit filed in California. The lawsuit accused TikTok of...

At some point in the past, I began making new year’s resolutions for doing a bit of personal privacy and security maintenance on New Year’s Day or thereabouts. I would usually have a bit of downtime to finally get around to doing the things I’d been putting off all year. It’s become a fun habit that I wanted to share. Changing Passwords One of my...

A marketing agency announced just days before Christmas that it would be temporarily suspending operations as it works to recover from a ransomware attack. Sandra Franecke, CEO of the Heritage Company, sent a letter to employees that the company would temporarily be suspending its operations. She...

I recently wrote about phishing around the holidays and while I was working on the piece, I noticed a couple of friends posting recent emails on Facebook. I thought it might be fun to dig a bit deeper into those emails and look at the telltale signs that indicate these are phishing attempts. Signs of Phishing - Example #1 ...

This is the third and last blog I will write for State of Security on the topic of the groundbreaking, maverick TV series ‘Mr Robot.’ As this week, the credits rolled one final time on the show's mind bending and utterly bizarre (even by its own standards) conclusion. A lot has changed since the first season aired, both for cybersecurity and the...

A newly discovered PayPal phishing scam attempts to steal much more than just a user's login credentials for the online payments service. Slovakian security firm ESET observed that the scam began by targeting users with an attack email warning them of unusual activity involving their account. The email urged recipients to click on an embedded link...

That phrase came to me many years ago when working on a multi-million pound IT outsourcing deal. We were up to our necks in the finer points of platform-wide and stack-deep security, and I realised we were fighting amongst ourselves more than challenging the final competing vendors. This infighting was partly due to the large amount of IT staff in...

Convenience store chain Wawa disclosed a malware incident that might have exposed some of its customers' payment card details. In a "Notice of Data Breach" published on December 19, 2019, Wawa CEO Chris Gheysens revealed that the company's information security teams had discovered malware on some of...

Context setting: In my first article on cloud security, I talked about the journey to cloud migration. What are the things you need to consider when planning the big move? To realize the full value of this post, you must have already identified the motivations for migration and the locations of some resources you can use to enhance your security...

A list of some of the worst passwords for 2019 revealed that users continue to turn to "123456" above all of the other ill-advised combinations. In total, TeamsID published 50 of the worst passwords used during the past year. The top 15 of these are presented below: 123456 123456789 qwerty password 1234567 12345678 12345 iloveyou 111111 ...