Blog

Blog

Two Bitcoin Mining Firms Slammed with $10M Penalty for Ponzi Scheme

Two Bitcoin mining companies have received orders to each pay a $10 million penalty for conducting a Ponzi scheme orchestrated by their principal. On 2 June 2017, the U.S. District Court for the District of Connecticut issued its judgment against two Connecticut-based companies, GAW Miners, LLC and ZenMiner, LLC, that cooperated with their principal...
Blog

There Is No Cyber Talent Crunch; You’re Just Hiring Wrong

“Cyber talent crunch challenges CIOs,” says one headline. “Businesses vulnerable due to talent shortage,” screams another. Intel even published a report revealing, among other things, that 82% of IT professionals confirm there is a shortfall in information security talent. And yet, at every information security conference I attend, I find no...
Blog

Women in Information Security: Jennifer Sunshine Steffens

When a layperson imagines someone who works in cybersecurity, or any area of tech, they probably picture a man. But I'm a female information security professional, and I've had a great time speaking to other women in my industry. Last time, I spoke to Sarah Aoun, who educates journalists and political activists on how to keep their data secure. This...
Blog

Cyber Security Training Online: An Interview with Ryan Corey of Cybrary

In recent posts, The State of Security has interviewed teachers who are helping to bring cyber security education to Canada's schools. We would be remiss, however, if we didn't recognize others' efforts to bring these types of training programs online and to institutions located elsewhere around the world. To cover this broader trend, we'll now...
Blog

Hackers Breach Kmart's Store Payment Card Systems

Kmart is informing customers that their credit card details may have been stolen after learning of a security breach involving its payment processing systems. Sears Holdings, Kmart’s parent company, confirmed the incident on Wednesday, but did not disclose any information regarding the number of stores affected or when the incident occurred. The...
Blog

Customer Data Reportedly Compromised in OneLogin Security Incident

Identity and access management software vendor OneLogin has suffered a security incident that reportedly compromised customer data. On 31 May, the provider of identity-driven security solutions revealed that an unauthorized party had gained access to OneLogin data in the U.S. region. Alvaro Hoyos, chief information security officer at OneLogin,...
Blog

Hackers Leak Personal Data and Photos from Cosmetic Surgery Clinic

A group of hackers have leaked personal data and photos that belong to patients of a cosmetic surgery clinic based in Lithuania. On 30 May, the bad actors published online some 25,000 private photos, including nude images, from patients of the Grozio Chirurgija clinic. They also included personal information in their dump. Those details ranged from...
Blog

Law Firm Loses £110K to BEC Scam as Fraudster Gets the Slammer

A law firm lost more than £100,000 to a business email compromise (BEC) scam around the same time that a serial fraudster received a prison sentence. The law firm in question helped orchestrate the sale of property owned by three individuals, who asked to receive their share of the sales money separately. On the date of sale, two of the entities...
Blog

How to Get Away with Hacking the Department of Homeland Security

Many businesses live in fear of having their systems hacked. After all, who wants their customers' data to spill out onto the internet or have their confidential plans and intellectual property stolen by online criminals? But more and more organizations like Google, Facebook, and Amazon are actually welcoming attempts to test their security in the...
Blog

Women in Information Security: Sarah Aoun

Women are doing very important work in the cybersecurity field, and I've really been enjoying talking to some of the brightest and most interesting minds in my field. In my last interview, I spoke to Kelly Shortridge. She went from a career in high finance to a security-related product manager role for BAE. This time, I get to talk to Sarah Aoun....
Blog

Top 10 Mobile Security Tips for Your Summer Vacation

With the summer holiday and festival season getting into full swing, you’ll want to stay connected to convenient travel and social media apps more than ever. But it’s important to be hyper-aware that cyber thieves are on the prowl for your personal, financial and location information. When traveling, like many of us will be doing this Memorial Day,...
Blog

Five Australian Hospitals Suffer IT Outages after Patching for Ransomware

Five hospitals in the Australian state of Queensland have suffered IT outages after a botched attempt to patch their systems against ransomware. On 25 May, Queensland Health Minister Cameron Dick provided some details to The Courier-Mail about the failures: "Over the course of that weekend as part of protecting our systems from cyber-attack, a...
Blog

Tripwire Tuesdays: Avoiding IT Crisis Fatigue

Tripwire Enterprise can gather any number of different kinds of information from a monitored system, such as file and folder changes, registry changes, policy changes, etc. However, cast the net too wide and you can potentially end up with more information coming in than you can react to. This will lead to important changes (the signal) being lost...
Blog

Newly Designed Jaff Ransomware Now Encrypts Data with WLU Extension

An updated variant of Jaff ransomware boasts a more professional design and now encrypts victims' data with the WLU extension. On 23 May, Internet Storm Center (ISC) handler Brad Duncan collected 20 malspam emails that all used a fake invoice theme and a spoofed email address. The emails also came with a PDF attachment containing an embedded Word...