Several high-profile attack campaigns targeting Middle Eastern companies have recently come to the attention of the security community. One of the first operations we heard about occurred on November 17, 2016, when Shamoon resurfaced and leveraged Disstrack malware to wipe the computers at an energy organization based in Saudi Arabia. Apparently, ...

During the second week of February, information security professionals will head over to San Francisco to attend RSA, one of The State of Security's top 13 conferences for 2017. The conference is primarily focused on information security-related topics and typically draws over 45,000 attendees per year, making it one of the largest information...

In the United States, there is a basic rule of thumb that at some point after a block of metal undergoes a certain amount of manufacturing, it becomes a rifle. When approximately 80 percent of the manufacturing is complete, the metal is not a weapon; at 81 percent, it is. A weapon is dangerous; it is often regulated, and more often than not, it has...

A Configuration Management Database (CMDB) is a repository that is an authoritative source of information of what assets are on the corporate network. At least, that’s what it’s supposed to be. However, in many of my recent discussions, the more common definition given for CMDB is “a struggle.” Does that sound familiar? If so, keep reading. If not,...

One of the best friends a user can have in today's digital age is a virtual private network (VPN). This tool masks a user's IP address and tunnels their data through a network of servers. In so doing, a VPN helps a user anonymously and more securely browse the web. Unfortunately, not all VPNs fulfill that purpose. A group of researchers from Queen...

The United States takes the number one spot worldwide in data breaches disclosed last year, revealed a new report analyzing breach activity in 2016. Risk Based Security’s annual report released on Wednesday found that the U.S. accounted for nearly half – 47.5 percent – of all incidents, and a whopping 68.2 percent of all exposed records. Close to 2...

A new variant of the SpyNote remote access trojan (RAT) is infecting Android devices by masquerading as a mobile Netflix app. The malware, which is based off the SpyNote RAT builder leaked in 2016, displays the same icon used by the official Netflix app that's found on Google Play. But it's a fake. Clicking on the app causes the icon to disappear...

A recent report released by Shodan found that as of January 22, 2017, nearly 200,000 publicly accessible internet devices were vulnerable to Heartbleed. The detailed report gives some insight into those who continue to be exposed to this vulnerability. It's no surprise that the majority of these systems are HTTPS pages hosted by Apache and running...

My boyfriend works a demanding day job at a major Canadian big box furniture and appliance retailing chain. Knowing that I write about information security for a living, he had an interesting story to tell me: "An LG Smart TV was returned to us by the customer, and it had their credit card credentials in it! Why didn't they do a factory reset first...

There are numerous ways to redirect a user to an exploit kit. Some of these methods are quite sophisticated. Take pseudo-Darkleech, for instance. This attack campaign injects malicious code into WordPress core files. That code creates a malicious iframe that redirects the user to a landing page for an exploit kit. In so doing, the campaign builds...

Some digital threats are more serious than others but when it comes to unpatched software, nothing's worse than an exploit kit. These software packages come preprogrammed with the ability to exploit active security issues on vulnerable computers. If they find one such hole agape, they'll use their exploit code to download ransomware and other baddies...

Adobe is no stranger to finding itself in the security headlines for all the wrong reasons, and it seems that things may not be changing as we enter 2017. There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently...

In modern times, it is possible for an attacker to persistently and repeatedly hijack a victim's bank account at most major US banks through the victim visiting a web page. This is done without browser exploits or any visible warning. For a criminal, these attacks are cheap and highly successful. The attack that I am talking about is DNS hijacking....

It’s January again, and as usual, various media outlets are busy reporting on vulnerability statistics from the previous year. As usual, the CVE Details folks have worked up a lot of hype based on CVE counts, and once again, the media has taken the bait with sensational headlines about Google’s Android being the most vulnerable product of 2016. For...

John Callahan’s October article “4 Reasons to Get Your Masters in Cyber Security” made me think about how to help students and cyber professionals strengthen a critical soft skill: written communication. Research synthesis and analysis papers are common in academic environments. These critical thinking assignments require students to conduct research...

Today’s VERT Alert addresses 4 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-706 on Wednesday, January 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Most organizations are overwhelmed, understaffed, and/or underfunded when it comes to cybersecurity. These constraints create a critical need to prioritize on the most critical cybersecurity measures. However, often these priorities are unclear or hard to determine, leading to less-than-optimal cybersecurity product purchases and/or activities. This...

Businesses of all sizes are taking note that cyber threats are continually on the rise. No one is safe. In our digital world, you just can't be too cautious when it comes to protecting your data. This is true whether your company employs 200,000 or 10 employees. Cyber criminals have no bounds. They just want to profit off of your information. That...

With 2016 coming to a close, The State of Security wanted to give our readers an overview of some of the most interesting, educational, and standout blogs from the year to help fill the time between eating holiday treats and celebrating the New Year. 6 Stages of Network Intrusion and How to Defend Against Them In June, David Bisson wrote up...

As the year approaches the end, it is a time to reflect on 2016 and industrial control systems (ICS) security. Why ICS security? Because securing ICS should be everyone’s concern. Consider the impact on this critical infrastructure and what it means to you. Impact Why? Your entertainment—watching movies on your TV or laptop,...