Author Archives: David Bisson

Attackers Abused Indian Bank’s SWIFT System to Try to Steal $2M

Digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds. On 18 February, City Union Bank disclosed the attempted heist in a statement (PDF): During our reconciliation process on 7th February 2018, it was found that 3 fraudulent transactions were initiated by […]… Read More

The post Attackers Abused Indian Bank’s SWIFT System to Try to Steal $2M appeared first on The State of Security.

Criminals Abused SWIFT to Steal $6M from Central Bank of Russia

Unknown criminals abused the SWIFT network to steal 339.5 million rubles ($6 million) from the Central Bank of Russia in 2017. The bank’s Financial Sector Computer Emergency Response Team (FinCERT) revealed the attack in its report on illegal transactions that occurred in 2017. As quoted by Sputnik International: Bank of Russia has been informed about […]… Read More

The post Criminals Abused SWIFT to Steal $6M from Central Bank of Russia appeared first on The State of Security.

Survey Reveals 92 Percent of IT Professionals Concerned About Public Wi-Fi Security Risks on Corporate Devices

A new survey revealed that 92 percent of IT professionals are concerned about Wi-Fi security risks related to accessing public networks on corporate devices.

According to a Spiceworks, most IT professionals believe organizations could do more to address these risks. Just 63 percent of respondents said they are confident that employees use a virtual private network (VPN) when accessing public Wi-Fi on a corporate device, and even fewer (55 percent) said they think organizations are protected against these threats overall.

IoT Sparks Wi-Fi Security Concerns

Their concerns are justified: Twelve percent of respondents said their organization has suffered a security incident that involved an employee connecting to public Wi-Fi. Even more troubling is the fact 34 percent of IT professionals don’t know whether their employer has experienced such an incident due to the difficulty of detecting these events.

But IT professionals aren’t just concerned about public Wi-Fi — they’re also worried about the security of devices that are connecting to corporate networks. Respondents to the Spiceworks survey attributed the greatest risk of Wi-Fi attacks to Internet of Things (IoT) devices, such as IP-enabled controllers (52 percent), appliances (49 percent), video equipment (42 percent) and electronic peripherals (40 percent). By contrast, 32 percent ranked Windows laptops as the greatest risk, while 18 percent cited iOS smartphones.

“While adoption of IoT devices is increasing in the workplace, many IT professionals are still wary of connecting these often unpatchable devices to corporate Wi-Fi networks,” said Peter Tsai, senior technology analyst at Spiceworks, in a press release. “As a result, some organizations are delaying the adoption of IoT devices and holding out hope that the forthcoming WPA3 protocol might improve Wi-Fi security.”

Don’t Wait for WPA3

But organizations don’t have to wait for WPA3 to begin addressing the persistent challenges associated with Wi-Fi security. In the meantime, they can use standard Wi-Fi security protocols and create guest Wi-Fi networks for visitors. If they haven’t done so already, they can also set up complex admin passwords on networking devices, implement strong service set identifier (SSID) networking names and enact MAC address filtering.

The post Survey Reveals 92 Percent of IT Professionals Concerned About Public Wi-Fi Security Risks on Corporate Devices appeared first on Security Intelligence.

UK Government Publicly Attributes NotPetya Outbreak to Russia

UK government officials have publicly attributed the NotPetya malware attacks of June 2017 to actors in the Russian government. Foreign Office Minister Lord Ahmad made his thoughts known in a statement released on 15 February: The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of […]… Read More

The post UK Government Publicly Attributes NotPetya Outbreak to Russia appeared first on The State of Security.

DoubleDoor IoT Botnet Abuses Two Vulnerabilities to Circumvent Firewalls, Modems

The DoubleDoor Internet of Things (IoT) botnet circumvents firewall protection and other security measures by abusing two vulnerabilities. Detected by NewSky Security in its honeypot logs, DoubleDoor begins by deploying CVE-2015-7755. The vulnerability allows remote attackers to gain administrative access to ScreenOS, an operating system for Juniper Networks’ hardware firewall devices, by entering a hardcoded […]… Read More

The post DoubleDoor IoT Botnet Abuses Two Vulnerabilities to Circumvent Firewalls, Modems appeared first on The State of Security.

Thousands of Websites Load Cryptocurrency Miner After Cybercriminals Compromise Third-Party Library

Thousands of websites secretly loaded a cryptocurrency miner that preys upon visitors after cybercriminals compromised a third-party library.

Security researcher Scott Helme reported the incident in a blog post that detailed how unknown actors changed one of the script files hosted by Texthelp, a provider of reading-assistive technology. Those malefactors targeted the Browsealoud web screen reader and altered it to include the CoinHive Monero miner.

“The ba.js had been altered to include a document.write call that added a CoinHive crypto miner to any page it was loaded in to,” Helme explained. In total, he found that the incident affected more than 4,000 websites, including many “prominent government websites” in the U.S. and U.K.

Swift Response

Helme reached out to Texthelp following his discovery, and the technology provider responded by temporarily disabling Browsealoud. It also issued a statement informing customers that it had implemented its “data security action plan” after learning of the issue. Texthelp went on to note that it had removed Browsealoud from all customer sites and mitigated any associated risk within four hours.

The U.K.’s Information Commissioner’s Office (ICO) took down its website Feb. 11 after learning it had been affected. The site remained offline the next day while the ICO investigated the incident.

Preventing Cryptocurrency Miner Attacks

The surge of cryptocurrency miner attacks in recent months calls for domain owners to strengthen the security of their websites. According to Helme, they can protect their sites against this particular attack type by adding the SRI Integrity Attribute, which enables the browser to determine whether a file has been modified. If someone has changed it, the browser won’t load the file.

Domain owners can take their website security one step further by implementing the Content Security Policy and the require-sri-for directive, Helme noted. Together, those measures prevent any script from loading on a hosted webpage without an SRI Integrity Attribute.

The post Thousands of Websites Load Cryptocurrency Miner After Cybercriminals Compromise Third-Party Library appeared first on Security Intelligence.

AndroRAT Exploiting Vulnerability to Escalate Privileges on Android Devices

A new variant of the Android Remote Access Tool (AndroRAT) is exploiting a vulnerability to escalate privileges on unpatched Android devices. The malware disguises itself as a utility app called “TrashCleaner” and waits for users to download it from a malicious URL. Upon running for the first time, the malicious app forces the device to […]… Read More

The post AndroRAT Exploiting Vulnerability to Escalate Privileges on Android Devices appeared first on The State of Security.

Litecoin Is the Second-Most Popular Cryptocurrency on the Dark Web, Study Finds

Litecoin is the second-most popular cryptocurrency among vendors that operate on the Dark Web, according to recent research.

Recorded Future analyzed 150 message boards, marketplaces and illicit services on the Dark Web and determined that 30 percent of these vendors currently accept Litecoin as an alternative payment system. Not far behind is Dash, another form of cryptocurrency, which is accepted by 1 in 5 digital underground merchants.

Meanwhile, bitcoin still enjoys universal acceptance among Dark Web vendors.

Litecoin Gaining Ground on Bitcoin

According to the report, bitcoin’s rise in popularity has strained the blockchain network, resulting in larger payment fees and rendering these payments “economically infeasible.” In addition, some criminals abuse the blockchain to try to double-spend their bitcoins.

Most vendors have responded by requiring three confirmations before marking a transaction as complete. Such a policy makes Dark Web bitcoin users jittery, especially if they’re purchasing illicit goods such as drugs or weapons.

Litecoin’s code increases the speed of transactions. As a result, transaction fees are low and miners can generate a larger number of coins. Recorded Future asserted that these benefits could ultimately make Litecoin, or a similar cryptocurrency such as Dash, the top choice on the Dark Web within the next year.

Ryan Taylor, CEO of the Dash Core team, told SC Magazine he disagrees with that assessment, noting that the criminal underground doesn’t use his cryptocurrency. “Currently, less than 1 percent of transactions on the Dash network utilize the PrivateSend feature,” he said, “which contradicts the assertion that Dash is on the rise as a Dark Net payments alternative.”

The Growing Risk of Cryptocurrency Mining Attacks

If Litecoin continues to grow in popularity, ransomware authors will surely adopt the cryptocurrency. Bad actors will also begin using cryptocurrency mining attacks to generate new Litecoin, which could increase the number of organizations that will be affected by such incidents in the coming years.

The post Litecoin Is the Second-Most Popular Cryptocurrency on the Dark Web, Study Finds appeared first on Security Intelligence.

4K+ Websites Infected with Crypto-Miner after Tech Provider Hacked

Bad actors secretly infected more than 4,000 websites with the script for a crypto-miner after hacking a single technology provider. The trouble started on 11 February when Ian Thornton-Trump encountered something concerning while visiting the website for the UK Information Commissioner’s Office (ICO). Just visiting #ICO page this morning and have some concerns. Can someone […]… Read More

The post 4K+ Websites Infected with Crypto-Miner after Tech Provider Hacked appeared first on The State of Security.

Cryakl Ransomware Decryption Keys Released by Belgian Federal Police

The Belgian federal police has released free decryption keys for Cryakl ransomware following an international law enforcement operation. On 9 February, the European Union Agency for Law Enforcement Cooperation (Europol) announced the release of the keys through No More Ransom. The move represents the culmination of an investigation that involved Belgian police, the Dutch National […]… Read More

The post Cryakl Ransomware Decryption Keys Released by Belgian Federal Police appeared first on The State of Security.

Identity Fraud Affected 16.7 Million U.S. Consumers in 2017, Report Reveals

The number of identity theft victims rose by 8 percent to 16.7 million U.S. consumers in 2017, according to a new report.

Javelin Strategy & Research’s “2018 Identity Fraud Study” revealed that identity thieves preyed upon 1.3 million more victims in 2017 than they did the previous year by adapting to changing technologies and regulations. This flexibility enabled bad actors to steal a total of $16.8 million from unsuspecting U.S. consumers.

Emerging Identity Theft Trends

The study, which was sponsored by Identity Guard, synthesized the responses of 5,000 U.S. adults who participated in a survey during the first half of November 2017. It found that the surge in identity fraud, which affected 6.64 percent of U.S. consumers last year, is largely attributed to two key trends.

First, the number of cases of account takeover tripled over the past year and reached a four-year high, with losses climbing to $5.1 billion. Victims spent an average of 15 hours and $290 to resolve the fraud cases affecting them.

Second, malefactors responded to the rise of EuroPay, MasterCard and Visa (EMV) chip card technologies by committing card-not-present (CNP) fraud. In fact, CNP fraud was 81 percent more prevalent in 2017 than point-of-sale fraud.

A ‘Runaway Year’ for Identity Fraud

Identity fraud is unlikely to slow down anytime soon. Al Pascual, senior vice president, research director, and head of fraud and security at Javelin, called 2017 “a runaway year for fraudsters” in a press release.

“Fraudsters are growing more sophisticated in response to industry’s efforts to implement better security,” he said, adding that consumers can take advantage of a variety of digital solutions to stay abreast of activity related to their accounts.

Customers should enable two-factor authentication (2FA) on all web accounts that offer it. They should also sign up for account activity alerts, consider placing a security freeze on their credit reports with each of the main credit bureaus, and secure devices by avoiding public Wi-Fi, using a virtual private network (VPN) and encrypting data.

Organizations also have a responsibility to combat identity fraud. Financial associations in particular need to prevent bad actors from creating new accounts with stolen identities. As new fraud patterns emerge and evolve, it’s critical for security leaders to follow basic best practices and adapt their systems to the shifting cybercriminal landscape.

Read more about biometrics, authentication and the future of identity

The post Identity Fraud Affected 16.7 Million U.S. Consumers in 2017, Report Reveals appeared first on Security Intelligence.

Cryptomining Software Discovered on Tennessee Hospital’s EMR Server

A Tennessee hospital discovered cryptomining software installed on a server that hosts its electronic medical records (EMR) system. In January 2018, Decatur County General Hospital began notifying patients of a incident involving its electronic medical record systems. Its breach notification letter (PDF) reveals the hospital first learned about the security event from its EMR vendor: […]… Read More

The post Cryptomining Software Discovered on Tennessee Hospital’s EMR Server appeared first on The State of Security.

NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Account

NameCheap has said it intends to notify customers of a misconfiguration issue that allowed customers to create subdomains for any hosted account. Richard Kirkendall, CEO for the ICANN-accredited registrar, said on Twitter that the company is currently conducting an audit and plans on “contacting any affected customers directly” following the discovery of a misconfiguration issue […]… Read More

The post NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Account appeared first on The State of Security.

Grammarly Fixes Vulnerability that Exposes Users’ Data for All Websites

Grammarly has fixed a vulnerability that exposes users’ typos, documents, and other data for all websites with which they’ve used the platform. Tavis Ormandy, a Google computer security researcher who discovered a memory disclosure bug in CloudFlare’s reverse-proxy systems in February 2017, wrote up a security advisory about the Grammarly flaw on 2 February. In […]… Read More

The post Grammarly Fixes Vulnerability that Exposes Users’ Data for All Websites appeared first on The State of Security.

Lauri Love Won’t Be Extradited to the United States for Alleged Hacking Crimes

A UK court of appeals has ruled that Lauri Love will not be extradited to the United States to face trial for his alleged hacking crimes. The lord chief justice, Lord Burnett of Maldon, and Mr. Justice Ouseley handed down their judgment at the Royal Courts of Justice on 5 February. Outside, supporters gathered with […]… Read More

The post Lauri Love Won’t Be Extradited to the United States for Alleged Hacking Crimes appeared first on The State of Security.

Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online […]… Read More

The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on The State of Security.

Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII

Scammers are impersonating the FBI’s Internet Crime Complaint Center (IC3) in order to infect users with malware and/or steal their personally identifiable information (PII). On 1 February, the real IC3 issued a public service announcement warning users of three scams that are impersonating the multi-agency task force. Here’s the FBI on the first ruse, for […]… Read More

The post Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII appeared first on The State of Security.

Man Arrested for Allegedly Hacking Car-Sharing Company Database

Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service. On 30 January, investigators of Strike Force Artsy, a division of the State Crime Command’s Cybercrime Squad, executed a search warrant at a home in Penrose. Officers arrested a 37-year-old man and charged him with two counts […]… Read More

The post Man Arrested for Allegedly Hacking Car-Sharing Company Database appeared first on The State of Security.

The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017

The second half of 2017 was busy in terms of digital security events. In September, consumer reporting agency Equifax announced a breach that potentially compromised the Social Security Numbers and other personal information of 143 million U.S. consumers. Less than two months later, organizations in Russia and Ukraine suffered infections at the hands of BadRabbit, […]… Read More

The post The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017 appeared first on The State of Security.

Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Cisco has patched a remote code execution (RCE) vulnerability bearing a “perfect” CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following 10 Cisco products: 3000 Series […]… Read More

The post Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software appeared first on The State of Security.

Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs’ Global Heatmap consisting […]… Read More

The post Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users appeared first on The State of Security.

15 Million People Worldwide Affected by a Single Monero Mining Operation

A single Monero cryptocurrency mining operation has used malware delivery techniques to affect at least 15 million people worldwide. The campaign, which has been active since at least October 2017, delivers its payload using one of 250 unique Microsoft Preinstallation Environment (PE) files like “File4org]_421064.exe” and “[Dropmefiles]_420549.exe.” The files appear to come from popular file-sharing […]… Read More

The post 15 Million People Worldwide Affected by a Single Monero Mining Operation appeared first on The State of Security.

Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers

Phishing attacks continue to threaten organizations’ digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it’s useful to examine the granular details of this attack method. […]… Read More

The post Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers appeared first on The State of Security.

WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists

A popular WordPress plugin has fixed a vulnerability that allowed an unauthenticated user to download the subscriber lists for more than 100,000 websites. Email Subscribers & Newsletters incorporated the fix into version 3.4.8 on 19 January after working closely with Dominykas Gelucevicius from ThreatPress, a company which offers security products and services for WordPress users. […]… Read More

The post WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists appeared first on The State of Security.

Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups

An engineering firm in Canada has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system. The infection occurred when bad actors targeted DGH Engineering Ltd. with a malicious email. An employee at the firm, which maintains offices near Winnipeg, Manitoba and Red Deer, Alberta, clicked on a clink contained therein. […]… Read More

The post Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups appeared first on The State of Security.

Another Indiana Hospital Hit by Ransomware Attack

Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn’t look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank before files […]… Read More

The post Another Indiana Hospital Hit by Ransomware Attack appeared first on The State of Security.

Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data

The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients’ medical data. No doubt there are also countless other healthcare organizations that have yet to detect an ongoing […]… Read More

The post Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data appeared first on The State of Security.

MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses

MailChimp has plugged a privacy issue that leaked users’ email addresses when they responded to websites’ newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an “annoying privacy violation” while viewing the referral logs for his website. Those logs help document “Referer Headers” (misspelling intended), optional header fields which specify the address of […]… Read More

The post MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses appeared first on The State of Security.

Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach

Aetna has agreed to pay $17 million as part of a settlement agreement for a breach that might have compromised thousands of HIV patients’ privacy. On 16 January, the United States District Court for the Eastern District Court of Pennsylvania received a proposed settlement agreement (PDF). The arrangement stipulates that Aetna, Inc., Aetna Life Insurance […]… Read More

The post Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach appeared first on The State of Security.

Mega Millions Winner “Giving Back” Twitter Campaign Looks Like a Scam

A Mega Millions lottery jackpot winner’s “giving back” campaign on Twitter looks and sounds an awful lot like a scam. Numerous Twitter profiles have been popping up claiming to be operated by Shane Missler, a 20-year-old resident of Florida who won the $451 million Mega Millions lottery jackpot in January. Many of those new accounts […]… Read More

The post Mega Millions Winner “Giving Back” Twitter Campaign Looks Like a Scam appeared first on The State of Security.

Crypto-Miner Named the “Most Wanted” Malware for December 2017

A JavaScript-based cryptocurrency miner earned the top spot in a list of the “most wanted” malware for December 2017. For its final Global Threat Index of 2017, Check Point observed Coinhive supplant Roughted, a large-scale malvertising campaign, as the most prevalent form of malware. This Monero-miner made waves back in October 2017 when it registered […]… Read More

The post Crypto-Miner Named the “Most Wanted” Malware for December 2017 appeared first on The State of Security.

Hospital Shut Down Its Computer Network Following Ransomware Attack

A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59: Hancock Regional Hospital has been the victim of a criminal act by an unknown […]… Read More

The post Hospital Shut Down Its Computer Network Following Ransomware Attack appeared first on The State of Security.

4 Security Controls Keeping Up with the Evolution of IT Environments

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and public and private clouds. At the […]… Read More

The post 4 Security Controls Keeping Up with the Evolution of IT Environments appeared first on The State of Security.

AdultSwine Malware Displays Porn Ads within Child-Themed Android Apps

AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google’s Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google’s Play Store up until recently. […]… Read More

The post AdultSwine Malware Displays Porn Ads within Child-Themed Android Apps appeared first on The State of Security.

Malware Dev Charged with Spying on “Thousands” of Users for 13 Years

The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years. An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts Phillip R. Durachinsky, 28, of North Royalton Ohio masterminded a scheme by which he […]… Read More

The post Malware Dev Charged with Spying on “Thousands” of Users for 13 Years appeared first on The State of Security.

UK Data Protection Bill Changes Would Help Protect Security Researchers

Proposed amendments to the United Kingdom’s Data Protection Bill would help protect security researchers working with anonymized data. Introduced by Lord Ashton of Hyde, Parliamentary Under-Secretary of State at the Department for Culture, Media and Sport, the draft changes (PDF) address Clause 162 of the third generation of data protection law that has entered the […]… Read More

The post UK Data Protection Bill Changes Would Help Protect Security Researchers appeared first on The State of Security.

The Top 17 Information Security Conferences of 2018

With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and summits. To help promote these collaborative events, […]… Read More

The post The Top 17 Information Security Conferences of 2018 appeared first on The State of Security.

VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data

VTech Electronics Limited has agreed to pay $650,000 as part of a settlement agreement with the Federal Trade Commission (FTC) for a 2015 breach that exposed millions of parents’ and children’s data. On 8 January, the United States District Court in the Northern District of Illinois (Eastern Division) processed an action (PDF) by which the […]… Read More

The post VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data appeared first on The State of Security.

30K Florida Medicaid Recipients’ Data Possibly Accessed in Phishing Attack

Criminals might have accessed the personal and medical information of 30,000 Florida Medicaid recipients via a successful phishing attack. On 2 January 2018, Florida’s Agency for Health Care Administration (Agency) received the preliminary findings of a review launched by the state’s Inspector General. The review analyzed a malicious phishing email for which an employee at […]… Read More

The post 30K Florida Medicaid Recipients’ Data Possibly Accessed in Phishing Attack appeared first on The State of Security.

3 Malware Trends to Watch Out for in 2018

We already know the security industry witnessed several significant ransomware attacks in 2017. Some of these campaigns derived at least part of their success from recent developments among malware families more generally. These trends will no doubt continue to shape bad actors’ offensives and how defenders can hope to protect against them in 2018. Digital […]… Read More

The post 3 Malware Trends to Watch Out for in 2018 appeared first on The State of Security.

Ukrainian Accounting Software Developer’s Website Abused to Push Out Banking Malware

Attackers abused the website of a Ukraine-based accounting software developer to serve banking malware to unsuspecting users. The attack occurred in August 2017 around the Independence Day holiday in Ukraine. At around that time, unknown individuals hacked the website for Crystal Finance Millennium (CFM), a Ukrainian company which provides accounting software along with other services. […]… Read More

The post Ukrainian Accounting Software Developer’s Website Abused to Push Out Banking Malware appeared first on The State of Security.