The newest variant of Locky ransomware has begun to add yet another file extension to the files it encrypts, and it is the .thor file extension. The virus drops a _WHAT_is.html and the same named .bmp type of file after an infection has been caused. The ransomware also creates several other files, such as a malicious .dll file that causes the...

We’ve all been warned – no matter what we do online, somebody is out there watching. It might be to gather information for marketing purposes. The exposure of personal information to the wrong party, however, is a real concern. All of our emails, photos, passwords, addresses, credit card numbers, and social media messages are out there for someone...

It’s been weeks since Apple released its new operating systems, iOS 10 and mac OS Sierra. The new updates brought security patches, features and upgrades. Siri assistant has finally arrived on desktops, and an exciting universal clipboard allows you to select photos from an iPhone device and paste them directly on the desktop. However, with these...

Well, this didn’t take long – after .Odin, and .Zepto before it, the latest successor to the Locky Ransomware line is here. It has been rather “playfully” named .Shit File Virus by its creators. Apart from the name, there’s nothing to laugh at concerning this newest Ransomware threat. A rather significant drop in malware activity in the last few...

Security researchers are warning of a rise in mobile apps leaking user privacy data, including device metadata, location and personally identifiable information (PII). In a new report analyzing mobile privacy trends, researchers at Zscaler revealed both Android and iOS users could be left vulnerable to targeted denial-of-service attacks, phishing...

Information security is the fastest growing area of IT. It affects more people in more ways than ever before. It affects not only our public records, our utilities, our white-collar work, and our entertainment. Now that we carry small computers in our pockets and in our cars, talk of the Internet of Things (IoT) is also starting to become reality....

On September 20, 2016, the Mirai botnet temporarily brought down Brian Krebs' information security blog KrebsonSecurity.com. It did so by launching a distributed denial-of-service (DDoS) campaign, the attack traffic of which peaked at approximately 620 Gbps in size – one of the largest DDoS offensives the Internet has ever seen. A week or two later,...

UPDATED 21/10/2016 11:15 EDT DYN has restored service after a distributed denial-of-service (DDoS) attack against its DNS infrastructure took down Spotify, Twitter, and a host of other sites. The internet performance management company published a statement on its status page explaining that a DDoS attack was responsible for the service interruption...

The skills gap is one of the five greatest challenges to organizations' compliance and IT operations. It manifests itself in two ways. First, some information security professionals might not be qualified for their positions. Security practitioners who lack an appropriate skill set might have a difficult time connecting security to the business. If...

Perhaps completely in sync with the tremendous press surrounding the new HBO hit series WestWorld, the Obama White House issued a press release on October 11, 2016, entitled "The Future of Artificial Intelligence" along with a lengthy report “National Artificial Intelligence ('A.I') Research and Development Strategic Plan” (PDF, hereinafter the ...

Several banks in India will either reissue or institute a PIN reset on 3.2 million debit cards that attackers likely compromised in a malware campaign. Individuals with knowledge of the incident report that malware affected the systems of Hitachi Payment Services, a provider of ATM terminals, point...

This post will touch briefly on the "why" of reproducible builds, but it is primarily a quick and dirty "how to" when building for Amazon Web Services. If you're not familiar with the concept, reproducible builds (sometimes referred to as "verifiable builds”) are a methodology of building software in such a way that the path from the source code to...

There is a severe talent shortage in the cyber security field. In fact, it’s one of the few fields with a negative unemployment rate, and analysts are estimating that there will be 1.5 million cyber security job openings by 2019. So, if you have been considering entering the field or advancing your career within the industry, this is an opportune...

A type of macro malware campaign has incorporated password protection into its attack emails in order to serve up ransomware. The campaign begins with an email that comes with an attached document bearing the .dot extension. It's password-protected, and the only way a recipient can open it is to enter in the password provided by the sender in the...

Information security is a concern when it comes to smart city technologies. Tripwire found out as much when it commissioned Dimensional Research to speak with 203 IT professionals working for state and local governments about the digital security challenges of implementing smart city initiatives. Out of those who responded, 88 percent of IT...

Organizations around the world are taking a more innovative approach to managing threats in today’s digital era, reveals the 19th annual Global State of Information Security Survey (GSISS). This year’s study – produced by PwC in conjunction with CIO and CSO – includes the responses of more than 10,000 business and IT security executives from over...

Hackers stole nuclear research data and personal information off of a computer at the University of Toyama’s Hydrogen Isotope Research Center. According to university officials, the hackers posed as a Tokyo university student to deliver a malware-laden document to a teaching member at the center, which conducts research on hydrogen, deuterium, and...

Last week, I had the opportunity to travel to Tokyo, Japan to visit the Tripwire Japan office. I also had time to tour the city a bit with my colleague Lane Thames and his wife Linda. While the flights were long, the experience was absolutely worth it. The subway system, while pretty crazy to look at via map, was easy to navigate with the help of...

Android users are being reminded to only install apps from the official Google Play store or trusted third parties, after new research has revealed an alarming number of devices continue to be infected by a notorious family of malware. Security researchers at Cheetah Mobile Security claim that it is responsible for most of the Android infections...

Some people hate the red team. They think of them as the adversary, and at the extreme, people worry that their jobs are on the line. If any holes are found, network defenders worry it could be a mark on their competency. However, this should not be the case. Although it does not come across this way initially, the red team is leveraged to help the...