Blog

Blog

WannaCryptor Ransomware Strikes NHS Hospitals, Telefonica, and Others

Within a matter of hours, an updated version of WannaCryptor ransomware struck hospitals belonging to the National Health Service (NHS), Telefonica, and several other high-profile targets. News of the attacks first broke on the morning of 12 May, when a doctor operating under the pseudonym "B" broke posted the following message on Twitter: https:/...
Blog

7 Tips to Keep Your Mother Safe Online

Mother's Day is a holiday honoring mothers around the world. This special day traditionally falls on the second Sunday of every May. The timing couldn't be more perfect, as it allows children to present springtime flowers in full bloom as a gift to their mothers. We at The State of Security love and respect our mothers, which is why we spend all...
Blog

.Jaff Virus File Ransomware – The New Locky?

A new ransomware threat called .Jaff Virus File Ransomware has been discovered. Early signs were pointing to the virus potentially being a new variant of the much feared Locky Virus. However, it turns out this is not the case after all. .Jaff Virus File is yet another addition to the fearsome ransomware cyber threat family – it has just been...
Blog

Persirai IoT botnet threatens to hijack over 120,000 IP cameras

Internet-connected cameras around the world are once again being hijacked by malicious hackers in order to carry out distributed denial-of-service (DDoS) attacks. Security researchers at Trend Micro have identified that over 1,000 different models of Internet Protocol (IP) cameras are at risk of being compromised by the threat dubbed Persirai, which...
Blog

The Google Docs Phishing Scam: A Win for Security Awareness

Even if you weren't aware of it, you likely contributed to the security awareness of the global Internet community in early May 2017. By now, you’ve undoubtedly heard of the phishing scam using a phony Google Docs third-party extension. Across all sectors of social media, word spread like wildfire. I know I couldn't scroll through my Facebook feed...
Blog

Tripwire Tuesdays: Right Data, Right Audience

The Tripwire Product Suite is capable of collecting a treasure trove of information. These stored pieces of data can change from useful information to an exhaustive record of every activity, something which can easily overwhelm your IT staff. We are going to focus on FIM/SCM information today to help eliminate the noise and focus in on delivering...
Blog

How the UK is Closing the Cybersecurity Skills Gap

There is a growing skills gap in the cybersecurity sector around the world. Online recruitment company Indeed recently released a report that revealed Israel had the biggest cybersecurity skills shortage of anywhere in the world between Q3 2014 and Q3 2016. The country in second place? The UK – with less than a third of employer demand (31.6%). A...
Blog

WhatsApp Users Can Now Encrypt iCloud Data Backups

WhatsApp users can now encrypt their in-app messages and contacts that are uploaded to Apple's servers as data backups. The new feature works when a user of the secure messaging app chooses to back up their data to iCloud Drive. Once they've entered in a texted verification code sent to them by the Facebook-owned company, they receive an encryption...
Blog

The Key to Merging DevOps with Security

In today’s tech and data world, the risk around security is no longer focused on tills, commercial surveillance systems, or locks. Security systems are more focused on data breaches and network security. And as the speed at which DevOps teams are releasing code increases, so comes the increase in security risks to end users. Rigorous security review...
Blog

ICS Security Starts with an Understanding of Industrial Digital Attacks

In a previous article, I discussed how organizations are working to protect their industrial control systems (ICS) against intentional and accidental security threats. One of their biggest challenges is figuring out whether their information technology (IT) or operational technology (OT) teams are responsible for ensuring ICS security. Given the...
Blog

VERT Threat Alert: May 2017 Patch Tuesday Analysis

Today’s VERT Alert addresses the Microsoft May 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-724 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2017-0290 Also known as Microsoft Security Advisory 4022344, this is a code execution in the Microsoft Malware Protection Engine...
Blog

Microsoft Releases Emergency Patch for "Critical" RCE Vulnerability

Microsoft has released an emergency patch for a "critical" remote code execution (RCE) vulnerability affecting its Malware Protection Engine. On 8 May, the Redmond-based technology giant issued a security advisory addressing CVE-2017-0290. The flaw causes the Microsoft Malware Protection Engine to not scan a specially crafted file properly. It...
Blog

Women in Information Security: Cheryl Biswas

Last time, I had the honor of speaking with Lesley Carhart, a security incident response team leader who also writes the tisiphone.net cybersecurity blog. She's a Circle City Con staff. I just so happen to be talking to one of the people who's presenting there later this year, Cheryl Biswas. Cheryl is currently a cybersecurity consultant for KPMG....
Blog

Situational Awareness: Beware of Your Cyber Surroundings

In previous articles on understanding big data, the need for AI, using encryption and tokenization (including the drawbacks of encryption), and the series on human vulnerabilities, we laid down just some of the building blocks necessary to create a robust cybersecurity strategy. Yet there is a larger problem we often experience: losing the trees for...
Blog

How to Build a Secure Wordpress Environment

In Part 1 of this series, we covered how easy it is for any novice to set up a self-hosted WordPress site and how quickly security can fall between the cracks. In this blog post, I will share with you what to look for in a Webhost provider, how to secure and harden WordPress, and what often-overlooked items you should watch out for during this...
Blog

April 2017: The Month in Ransomware

Online extortionists took their attacks to a whole new level last month. They brought the infamous Locky monster back to life after more than three months of hiatus. The architects of the Jigsaw ransomware campaign were busier than ever, contriving seven new variants of their plague. The Hidden Tear, EDA2, and CryptoWire proof-of-concept ransomware...
Blog

Phishers Spoofing Email Senders to Muck around with Victims' Web Accounts

Users encounter phishing attacks across every medium of their digital lives. Fortunately, there are lots of ways they can protect themselves. When a suspect email lands in their inbox, for example, recipients can check for grammar/spelling errors and other suspicious indicators. They can also verify the source by hovering over or clicking on the...
Blog

Kazuar's API Access Lets Trojan Run Commands on Compromised Systems

A backdoor espionage trojan known as Kazuar has API access that it can leverage to run commands on the systems it compromises. The malware, which is written in Microsoft's .NET Framework and uses the ConfuserEX open source packer, initializes by gathering system and malware information and using those items to generate a mutex. It then creates a...