The Federal Communication Commission (FCC) has adopted new rules that will require Internet Service Providers (ISPs) to obtain customers' permission before they sell their data for marketing purposes. On 27 October, the Commission's Democratic majority secured the passage of the rules with a 3-2 vote, with Republicans opposing adoption. Chairman Tom...

Windows AppLocker is a powerful whitelisting technology built into modern Windows operating systems. It provides the ability to lock down installers, scripts and executables on the local machine via either a white list or a black list of file data. For many organizations, this is a great technology to reduce the attack surface of the endpoint by...

We at The State of Security have explored all the ways people can strengthen their security online in acknowledgement of National Cyber Security Awareness Month (NCSAM) 2016. We kicked off the public awareness campaign by providing tips on how users can protect their passwords, as well as defend against ransomware and other common IT security...

Macro malware arrived with a bang 21 years ago, and it's still causing problems. Concept, the first ever virus to spread by infecting Microsoft Office files, turned the anti-virus world on its head overnight when it was shipped by Microsoft on a CD ROM in August 1995. Up until then the main thing computer users had to worry about was malware hiding...

Dyn has stated that approximately 100,000 bots infected with Mirai malware helped launch a large distributed denial-of-service (DDoS) attack against its domain name system (DNS) infrastructure. Scott Hilton, EVP of product at the internet performance management company, said in a statement on 26 October that the distributed denial-of-service (DDoS)...

Yep, here we go again taking on something new. Something counter-intuitive to what we know. Or perhaps it is something that people really don’t want to know about right now. Perhaps it is counter-intuitive to the cybersecurity jobs we hold. Yet we know in our heart of hearts that “status” quo cybersecurity isn’t working for our company, business,...

Cybercriminals are leveraging social media to lure unsuspecting users into handing over their online banking credentials. According to researchers at security firm Proofpoint, a new series of phishing attacks has been seen targeting customers of major UK banks via Twitter. The attack is carried out as follows: First, cybercriminals create convincing...

The current diagnosis for healthcare cyber security is frightening. Here's our current assessment:One in three healthcare records were compromised in 2015 (IBM 2016).Healthcare is the number one industry when it comes to its records being breached (IBM 2016).Ransomware is on the rise, with 88 percent of attacks occurring in healthcare (Solutionary...

There's no better time than autumn to raise user awareness about how to stay safe online. It's a time of year when children return to school and information security students take the next step towards launching their career. We also can't forget that October is National Cyber Security Awareness Month (NCSAM) in the United States and European Cyber...

The newest variant of Locky ransomware has begun to add yet another file extension to the files it encrypts, and it is the .thor file extension. The virus drops a _WHAT_is.html and the same named .bmp type of file after an infection has been caused. The ransomware also creates several other files, such as a malicious .dll file that causes the...

We’ve all been warned – no matter what we do online, somebody is out there watching. It might be to gather information for marketing purposes. The exposure of personal information to the wrong party, however, is a real concern. All of our emails, photos, passwords, addresses, credit card numbers, and social media messages are out there for someone...

It’s been weeks since Apple released its new operating systems, iOS 10 and mac OS Sierra. The new updates brought security patches, features and upgrades. Siri assistant has finally arrived on desktops, and an exciting universal clipboard allows you to select photos from an iPhone device and paste them directly on the desktop. However, with these...

Well, this didn’t take long – after .Odin, and .Zepto before it, the latest successor to the Locky Ransomware line is here. It has been rather “playfully” named .Shit File Virus by its creators. Apart from the name, there’s nothing to laugh at concerning this newest Ransomware threat. A rather significant drop in malware activity in the last few weeks...

Security researchers are warning of a rise in mobile apps leaking user privacy data, including device metadata, location and personally identifiable information (PII). In a new report analyzing mobile privacy trends, researchers at Zscaler revealed both Android and iOS users could be left vulnerable to targeted denial-of-service attacks, phishing...

Information security is the fastest growing area of IT. It affects more people in more ways than ever before. It affects not only our public records, our utilities, our white-collar work, and our entertainment. Now that we carry small computers in our pockets and in our cars, talk of the Internet of Things (IoT) is also starting to become reality....

On September 20, 2016, the Mirai botnet temporarily brought down Brian Krebs' information security blog KrebsonSecurity.com. It did so by launching a distributed denial-of-service (DDoS) campaign, the attack traffic of which peaked at approximately 620 Gbps in size – one of the largest DDoS offensives the Internet has ever seen. A week or two later,...

UPDATED 21/10/2016 11:15 EDT DYN has restored service after a distributed denial-of-service (DDoS) attack against its DNS infrastructure took down Spotify, Twitter, and a host of other sites. The internet performance management company published a statement on its status page explaining that a DDoS attack was responsible for the service interruption...

The skills gap is one of the five greatest challenges to organizations' compliance and IT operations. It manifests itself in two ways. First, some information security professionals might not be qualified for their positions. Security practitioners who lack an appropriate skill set might have a difficult time connecting security to the business. If...

Perhaps completely in sync with the tremendous press surrounding the new HBO hit series WestWorld, the Obama White House issued a press release on October 11, 2016, entitled "The Future of Artificial Intelligence" along with a lengthy report “National Artificial Intelligence ('A.I') Research and Development Strategic Plan” (PDF, hereinafter the ...

Several banks in India will either reissue or institute a PIN reset on 3.2 million debit cards that attackers likely compromised in a malware campaign. Individuals with knowledge of the incident report that malware affected the systems of Hitachi Payment Services, a provider of ATM terminals, point...