A backdoor espionage trojan known as Kazuar has API access that it can leverage to run commands on the systems it compromises. The malware, which is written in Microsoft's .NET Framework and uses the ConfuserEX open source packer, initializes by gathering system and malware information and using those items to generate a mutex. It then creates a...

What's happened? You may well be one of the millions of internet users who received a dangerous email offering to share a Google Docs file with you. If you made the mistake of clicking on the link, you could start a process that could potentially result in your email archive and contact lists being slurped up in strangers and the same dangerous...

In today's expanding world of digital security threats, some truths are self-evident. Information security professionals must understand: That change happens That protecting customers and preventing unnecessary downtime is both a financial and moral imperative That we can only collect intelligence on things that we monitor That we must...

We at The State of Security recently began interviewing educators who are helping to launch cyber security programs in Canada's schools. Last time, we spoke with Benjamin Kelly, a teacher at Caledonia Regional High School in New Brunswick. We'll now speak with Pierre Clavet of Collège communautaire du Nouveau-Brunswick (CCNB). Maribeth Pusieski:...

Healthcare organizations reported 328 data breaches in 2016, a substantial increase from 268 the previous year and setting a new all-time high for the industry. According to Bitglass’ 2017 Healthcare Breach Report, the breaches exposed the records of roughly 16.6 million Americans as a result of hacks, lost or stolen devices, unauthorized disclosure...

A new ransomware threat is on the loose, and users better be prepared for it in case it comes knocking on their door. And it’s not the Locky Virus this time! This latest malicious variant goes under the name of ThunderCrypt Virus File Ransomware. For now, it has mainly been infecting users in different Asian countries but if history is any...

Since President Donald Trump took office on Jan 20, he and his administration have done a number of contentious things. Arguably, the most contentious among them is his signing of the Internet Privacy Bill, which allows Internet Service Providers (ISPs) across the U.S. to sell consumer data. Seen as a direct rollback of internet protection laws...

Chances are if you are reading this article, you have already moved some, or perhaps most, of your IT infrastructure to the cloud. While most organizations spend lots of time, energy and money developing strategies for integrating their important data and workflow to the cloud, they usually don’t worry about security and risk management strategies...

The world of IT is moving to the cloud. Market data varies but estimates of cloud usage show approximately 20-25% of overall computing workloads operate in public cloud environments today, with that number expected to grow to 50% over the next 5-10 years (Goldman-Sachs forecast). Organizations are starting to operate in a hybrid environment that...

A vendor of health information technology has restored access to electronic health records (EHR) after it suffered a ransomware attack. On 24 April, EHR and revenue cycle management solutions provider Greenway Health disclosed the ransomware incident to its customers. CEO Scott Zimmerman said there was no evidence that those responsible for the...

April 29, 2017, marked Donald Trump's 100th day in office as President of the United States. Since his inauguration on January 20, President Trump has fulfilled his campaign promises of nominating a conservative judge to the Supreme Court and withdrawing the United States from the Trans-Pacific Partnership. But he has yet to meet some of his other...

Earlier this year, I had the opportunity to present at S4x17 in Miami on the topic of deep packet inspection (DPI) technologies and the ways in which you could evaluate products that tout DPI features. At first glance, I thought, "Sure, no problem. How hard could it be?" It turns out that this is a difficult problem for a few reasons. The...

When the 2017 Verizon Data Breach Investigations Report (DBIR) came out last week, I read through it like I do every year. Each time I go through the report, I challenge myself to find something new and interesting. This year, I was intrigued by the "Things to consider" and "Areas of focus" at the end of each section. These two blurbs gave tips on...

Bug bounties, security acknowledgements and reward programs all have strong ties to IT security today. But that wasn't always the case. In the past, public penetration testers and security researchers mostly looked out for their personal benefit without recognizing their own responsibility to the security community. The reason? In a lot of cases,...

Sometimes you find inspiration in unlikely places. Never did I think, for example, that I would be able to connect my day job as a writer in the security awareness field with a burgeoning hobby of mine: birdwatching. But the more I “bird,” the more what I learn about birdwatching—both in the field and from birdwatching blogs—begins to filter into my...

Victims of identity theft don't always need to file a police report, explains the Federal Trade Commission (FTC) in an alert. In an effort to help simplify the recovery process for identity theft victims, the FTC has created a government portal at IdentityTheft.gov. Victims just need to register with this page and answer some questions. ...

10 years and counting! Such is the milestone of Verizon's 2017 Data Breach Investigations Report (DBIR). Like in years past, the 10th version of Verizon's research initiative highlights new patterns, evolving trends, and interesting findings in the information security field. It does so by synthesizing reports that Verizon received of discovered...

On average, each person has 27 online logins and passwords. They protect our bank accounts, our social media, our phones, and more. Passwords are the keys that unlock our digital lives. But what makes them so secure, and how can you make sure your passwords are doing a good job of protecting your information and your identity? Creating a Secure...

A battle between two rival families of malware is being blamed for the downtime that a Californian ISP suffered earlier this month. As BleepingComputer reports, customers of Sierra Tel unexpectedly found themselves without telephone and internet connectivity on April 10. In a statement issued by the ISP the following day, the blame was put firmly on...

Whenever you talk about WordPress security, every gig hands you a list of security plugins. My point of view and approach are different. I am not saying that using security plugins will not provide you efficient security. All I am saying is that only using security plugins will not completely secure your website. You have to take actions out of the...