April is National Poetry Month, a time when we can celebrate poets and their craft. To join in the celebrations, we at the State of Security asked employees at Tripwire and in the wider infosec community to create and share some of their favorite cybersecurity-related poems with us. Here are some of our favorites from Twitter: https://twitter.com...

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather throw a brick through a window or use a key to the front door? https://www.youtube.com/watch?v...

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon...

The operators of Shade ransomware published the decryption keys for 750,000 of their victims in an effort to help them recover their data. The authors of Shade used a GitHub post to make decryption keys available to all of its remaining victims (approximately 750,000). They also used the posting to provide a bit of context about their decision: We...

According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting businesses in the UK could have been prevented by the implementation of some basic security controls. To help organizations adopt good practices in information security, the UK government released a...

British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to Sophos, the attack chain began when digital attackers exploited a zero-day SQL injection vulnerability to achieve RCE on some firewall products. They abused this...

The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed attack emails by the middle of April. How can we then be surprised by ZDNet's reporting that the number of digital crime reports received...

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst...

A phishing campaign leveraged malicious emails to spoof video calling platform Skype in order to steal users' account credentials. Cofense observed that the campaign began with an attack email that appeared to originate from Skype. Specifically, the attackers crafted the sending email address to read as "67519-81987[@]skype.[REDACTED EMAIL]." But a...

We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that all employees begin working from home. This development has created security challenges with which many organizations are still grappling. That’s not the only impact COVID-19 has had on security....

A previously undocumented botnet called "VictoryGate" propagated via infected USB devices in order to perform Monero-mining functionality. Slovakian security firm ESET revealed that it had sinkholed several command-and-control (C&C) domains so that it could monitor VictoryGate's activity. Through this process, the company learned that VictoryGate...

What's this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data. There's been plenty of ransomware before. What makes Maze so special? Like...

DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices. As reported by Bleeping Computer, the operators of DoppelPaymer updated their "Dopple Leaks" leak site with a post entitled "City of Torrance, CA." This post contained numerous links to files that...

Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family. In the first campaign spotted by Bitdefender, malicious actors sent out emails that appeared to originate from Egyptian state oil company Engineering for Petroleum and Process Industries (Enppi). Those emails invited...

Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as suspected, the Federal Energy Regulatory Commission (FERC) approved the extension officially on April, 17th with this order. Having approved NERC’s petition submitted on April 6th, FERC...

Building an effective and resilient organization on a budget isn't a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge. When presenting the webcast “It’s...

Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims...

It’s hard not to say that 5G technology brings a lot of benefits. 5G entails faster download speeds, and yes, if you have a 5G-enabled handset, you could hear and appreciate the speed increases for videos, gaming, etc. However, 5G provides added benefits that go way above those for the everyday user. Let’s take a look at the high speed and low...

Millions of people have moved onto the Zoom video-conferencing platform as the coronavirus pandemic has forced them to work from their homes. According to Zoom's own statistics, its daily usage has soared from approximately 10 million daily users in December to over 200 million today. And although Zoom must be pleased to see so many more people...

Ragnar Locker ransomware demanded 1580 bitcoin (approximately $11 million) as ransom from Portuguese electric utilities company Energias de Portuga (EDP). As reported by Bleeping Computer, the operators of Ragnar Locker published a new post on their data leak website in which they claimed that they had stolen a large amount of data from the European...