A Gmail phishing campaign is clever enough to have almost tricked or successfully fooled multiple technical users. The attack, which other contributors to The State of Security have spotted, begins when a Gmail user receives an email. Oftentimes, the message comes from someone they know whose account has already been compromised. The email appears...

It's now evident there are many more hacker intrusions during which security experts struggle to repel attackers and resolve damage than we first thought. The growing trends of sabotage, extortion, and disruption of both individual users and critical services have raised concerns about cybersecurity worldwide. Cybersecurity Threats Are a Leading...

Almost everything you read or hear about routers includes a sentence or two about router security. The focus is generally on this essential piece of hardware as the first line of defense in an internet-connected world. Many medium-sized companies and large corporations take this into account when they purchase and set up their network infrastructure...

Businesses have always struggled with the idea of business security. Are you doing enough to protect your company, clients, and employees? Is there really such a thing as too much security? Technology is constantly changing, and as such, so are the threats many organizations face. Everywhere you turn, some security company is trying to point out...

There are many ways for IT professionals to broaden their knowledge of information security. Attending infosec conferences, for instance, provides personnel with an opportunity to complete in-person trainings and network with like-minded individuals. Outside of industry events, analysts can pick up a book that explores a specific topic of...

A popular social media app known as Wishbone has suffered a data breach that exposed 2.2 million email addresses along with 287,000 cell numbers. In the middle of March 2017, security researcher Troy Hunt received a MongoDB database that belongs to Wishbone. The app, first founded in 2015, allows users to vote on two-choice polls. Over the past two...

It doesn’t seem that long ago that we didn’t have online access to many of our utility, banking, and/or even shopping accounts. I was fortunate enough to be part of a revolutionary project at a university in southern England back in 1988, where accessing the internet was using a 1200 baud modem, a terminal emulator connecting via a mainframe that...

Over the weekend, I became immersed in a discussion on Twitter centered around getting more people involved in InfoSec conferences. Here’s the original post by @hacks4pancakes: Lesley’s initial point led to many great responses relating to the value of attending conferences and the process of...

Attackers hacked a third-party service and used their unauthorized access to push out Nazi-themed tweets from high-profile Twitter accounts. On 14 March, prominent companies, publishers, and personalities tweeted out messages containing swastikas and the hashtags #NaziGermany and #NaziHollan written in Turkish. It's thought that supporters of Turkey...

Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

I was lucky enough to be at the event at which Sean McBride initially spoke about potatoes. Who doesn’t love a good potato? It was actually a succinct outline of a process in agriculture that takes place every day, outlining pinch points of a potato harvester that could illicit physical harm to the workers performing their everyday jobs. It was a...

Over the past few weeks I have been seeing quite a few news articles around fileless malware infecting companies around the world. The article from Ars Technica specifically states that the goal of fileless malware is to reside in memory in order to remain nearly invisible. Besides residing in memory, the second aspect of fileless malware is the...

Digital attackers have many different strategies for infiltrating a target organization. That even goes for companies with robust perimeter defenses. Bad actors simply need to find a soft target they can exploit. Oftentimes, they find what they're looking for along a target's supply chain. We can best understand the supply chain as a network of...

In a recent survey by tech giant Mozilla, an overwhelming majority of Internet users admitted they are not informed about how to protect themselves online. The survey polled over 30,000 participants from around the globe – including France, Germany, Australia, Canada, the US and the UK – in an effort to learn more about users’ views on privacy,...

For the first time, the Office of Civil Rights (“OCR”) penalized a covered entity for failure to implement audit procedures to review, modify, and/or terminate users’ right of access. In the scope of the investigation, it was discovered that more than 100,000 individuals had their electronic Protected Heath Information (“ePhi”) records impermissibly...

When hard disk drives contain super sensitive data, cybersecurity professionals like myself will usually recommend that they shouldn't be placed in any computers that have an operational TCP/IP stack. There are various ways that internet-connected computers can secure themselves against attack, such as firewalls, IPS devices, antivirus software, and...

A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades. Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews: “We are taking this case very seriously, as it is very...

The Internet of Things (IoT) embodies great promise and risk. On the one hand, ordinary users view IoT as a means of streamlining their activities across billions of "smart" devices. They hope such connectivity will ultimately translate into better and easier lives. On the other hand, IoT devices aren't always designed with security in mind. This...

CAPTCHAs – these things: A human creation built to foil robots. However, as is ever so common these days, the robots are winning. But! it doesn’t have to be that way. The first CAPTCHAs were created in 2000, and most every CAPTCHA since has remained virtually the same. This becomes problematic...

We all can agree that security training is critical, but have you ever wondered why your organization does not share your same level of excitement when it comes training time? The majority of organizations struggle with getting employees motivated and enthusiastic about training. Many employees look at training as a quarterly or yearly checkbox with...