Researchers have detected a new phishing campaign that uses some clever tricks in order to steal users’ Stripe credentials. Cofense discovered the campaign when it came across an attack email that pretended to originate from “Stripe Support.” The message informed recipients that their account contained invalid details and that it was therefore scheduled to be […]… Read More
The post Phishing Campaign Uses Clever Tricks to Steal Stripe Credentials appeared first on The State of Security.
Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts. In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first time it’s discovered a cryptojacking worm specifically using containers in the Docker Engine for distribution. (It’s not the first time that cryptojacking malware […]… Read More
The post Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts appeared first on The State of Security.
Digital fraudsters are using compromised servers and bogus links in an ongoing effort to target LinkedIn members with scams. The scam began when a Sophos employee received what it appeared to be an unexceptional email from someone they know in real life and with whom they keep in touch on LinkedIn. The body of the […]… Read More
The post Scammers Using Hacked Servers, Bogus Links to Target LinkedIn Users appeared first on The State of Security.
The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients. According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodist’) responded by launching an investigation into what […]… Read More
The post Phishing Attack Possibly Affected 68K Patients of The Methodist Hospitals appeared first on The State of Security.
A new sextortion scam variant is using a wallet for a cryptocurrency other than bitcoin in an attempt to evade detection. On October 8, Cofense revealed it had detected a modified sextortion scam that was using a wallet address for Litecoin instead of bitcoin. The variant thereby differentiated itself from earlier sextortion campaigns detected by […]… Read More
The post New Sextortion Scam Uses Alternative Cryptocurrencies to Evade Detection appeared first on The State of Security.
Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform. On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate. Heads up: […]… Read More
The post Instagram Launches New Feature to Help Users Identify Phishing Emails appeared first on The State of Security.
The developer of HildaCrypt has released the master decryption keys that would allow potential victims of the ransomware to recover their data for free. On October 4, a security researcher who goes by the name “GrujaRS” posted about the discovery of a new variant of STOP, a well–known ransomware family. New #Stop (Djvu) #Ransomware extension […]… Read More
The post Decryption Keys Released by Developer of HildaCrypt Ransomware appeared first on The State of Security.
Phishing attacks don’t show any sign of slowing down. Per its 2019 Phishing Trends and Intelligence Report, PhishLabs found that total phishing volume rose 40.9 percent over the course of 2018. These attacks targeted a range of organizations, especially financial service companies, email and online service providers and cloud/file hosting firms. It’s, therefore, no surprise […]… Read More
The post 6 Common Phishing Attacks and How to Protect Against Them appeared first on The State of Security.
Three restaurant chains based in the United States have revealed they suffered security incidents that affected customers’ payment card information. On October 2, three subsidiaries of Focus Brands–Moe’s Southwest Grill, McAlister’s Deli and Schlotzsky’s–published near-identical copies of a security incident notice. These statements revealed that the restaurants had nearly finished investigating security incidents of which […]… Read More
The post Payment Card Security Incidents Disclosed by Three U.S. Restaurant Chains appeared first on The State of Security.
A series of operational security (OpSec) failures on the part of attackers enabled researchers to discover the Geost botnet. In mid-2018, Virus Bulletin researchers Sebastian Garcia, María José Erquiaga and Anna Shirokova discovered Geost, one of the largest Android banking botnets known today, while analyzing another malware family called HtBot. The researchers found that HtBot […]… Read More
The post Discovery of Geost Botnet Made Possible by Attacker OpSec Fails appeared first on The State of Security.
Digital criminals have launched a new attack campaign that they’re using to target U.S. petroleum companies with the Adwind RAT. Netskope discovered the operation in the beginning of September and found that it was distributing the Adwind RAT from “members[.]westnet[.]com[.]au/~joeven/.” With this URL in mind, it’s likely that the individual responsible for the campaign either […]… Read More
The post Attackers Targeting U.S. Petroleum Companies with Adwind RAT appeared first on The State of Security.
A Danish company revealed that the costs associated with what appears to be a ransomware attack could reach as much as $95 million. Demant, a Danish manufacturer of hearing aids, suffered a “critical incident” that affected its IT infrastructure on 3 September. The company’s IT team responded by shutting down multiple systems across multiple locations […]… Read More
The post Danish Firm Says Costs of Apparent Ransomware Attack Could Reach $95M appeared first on The State of Security.
A malvertising actor known as “eGobbler” used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser’s pop-up blocker built into iOS devices. […]… Read More
The post eGobbler Malvertiser Bypassed Browser Protections Using Obscure Bugs appeared first on The State of Security.
We at The State of Security are committed to helping aspiring information security professionals reach their full potential. Towards that end, we compiled a list of the top 10 highest paying jobs in the industry. We even highlighted the U.S. cities that tend to reward security personnel with the best salaries, amenities and other benefits. […]… Read More
The post 10 Respected Providers of IT Security Training appeared first on The State of Security.
Samples of a new malware family called “Divergent” are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn’t identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They also […]… Read More
The post Divergent Malware Using NodeJS, WinDivert in Fileless Attacks appeared first on The State of Security.
Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new invoice awaiting payment. Under that […]… Read More
The post Percentage-Based URL Encoding Used by Phishers to Evade Detection appeared first on The State of Security.
Security researchers have released decryption tools which victims of two different ransomware families can use to recover their files for free. On 25 September, Kaspersky Lab unveiled decryptors for both the Yatron and FortuneCrypt crypto-ransomware families. In its analysis of the first threat, the Russian security firm found that Yatron derived much of its code […]… Read More
The post Free Decryptors Released for Two Ransomware Families appeared first on The State of Security.
Previous coverage of their tactics, techniques and procedures (TTPs) has failed to deter digital attackers in their efforts to target U.S. utilities with LookBack malware. Between 21 August and 29 August 2019, Proofpoint observed several spear phishing emails targeting U.S. utilities. Those messages appeared to originate from globalenergycertification[.]net, an attacker-controlled domain designed to impersonate the […]… Read More
The post Attackers Undeterred in Efforts to Target U.S. Utilities with LookBack appeared first on The State of Security.
Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series. #5: […]… Read More
The post The Top 10 Highest Paying Jobs in Information Security – Part 2 appeared first on The State of Security.
Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August 2019, for instance, […]… Read More
The post Over 12,000 WannaCry Variants Detected in the Wild appeared first on The State of Security.
The fact that scammers haunt Facebook and Twitter is not surprising. Even so, digital criminals don’t stop with just those two platforms. They’re also known to stalk users on LinkedIn where connections carry greater professional gravity. Fortunately, users can stay alert of such activity by familiarizing themselves with the most common types of LinkedIn scams. […]… Read More
The post A Guide on 5 Common LinkedIn Scams appeared first on The State of Security.
A new crypto-ransomware threat called “TFlower” is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine’s exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with TFlower. At that point, […]… Read More
The post TFlower Ransomware Targeting Businesses via Exposed RDS appeared first on The State of Security.
The actors responsible for the Emotet botnet returned after a four-month period of inactivity with a new malspam campaign. On 16 September, SpamHaus security researcher Raashid Bhat spotted a spate of new spam emails written in Polish or German that contained malicious attachments or links to malware downloads. Emotet is fully back in action and […]… Read More
The post Emotet Botnet Returns After Four-Month Hiatus With New Spam Campaign appeared first on The State of Security.
A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line “Bewerbung via Arbeitsagentur – Eva Richterwhich,” which translates […]… Read More
The post Spam Campaign Targeting German Users with Ordinypt Malware appeared first on The State of Security.
Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion […]… Read More
The post The Top 10 Highest Paying Jobs in Information Security – Part 1 appeared first on The State of Security.
The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous […]… Read More
The post COBALT DICKENS Launched New Phishing Operation against Universities appeared first on The State of Security.
The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most […]… Read More
The post How to Foil the 6 Stages of a Network Intrusion appeared first on The State of Security.
The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period. On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. […]… Read More
The post BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI appeared first on The State of Security.
A district within the Rockford Public Schools (RPS) system has confirmed it suffered a ransomware attack that affected parts of its network. On 6 September, District 205 of RPS posted a statement on Facebook in which it noted that its Internet, phones and information systems used to track attendance and student records were down. The […]… Read More
The post District in Rockford Public Schools Confirms Ransomware Attack appeared first on The State of Security.
For years, ransomware actors have developed new families and attack campaigns in increasing frequency and numbers. Such activity peaked in 2017 but then fell in tandem with cryptocurrency miners’ rise. This development was short-lived, however. Between Q4 2018 and Q1 2019, Malwarebytes observed a 195 percent increase in ransomware detections involving business targets. The rate […]… Read More
The post 10 of the Most Significant Ransomware Attacks of All Time appeared first on The State of Security.
Digital attackers created a fake PayPal website to distribute samples of a new variant of the Nemty crypto-ransomware family. Security researcher nao_sec uncovered the ransomware variant after they came across a fake PayPal website. This site promised users a return of 3-5 percent for making purchases through its payment system. But its primary purpose was […]… Read More
The post Fake PayPal Website Distributes New Variant of Nemty Ransomware appeared first on The State of Security.
The Alaskan city of Unalaska has recovered approximately $2.3 million after digital fraudsters targeted it with a phishing attack. Erin Reinders, city manager of Unalaska, revealed that the municipality had recovered $2,347,544.43 on 22 August. That amount constituted a large part of the $2,985,406.10 total which the City had sent to scammers. Per Reinders’ comments, […]… Read More
The post Unalaska Recovers $2.3 Million Following Phishing Attack appeared first on The State of Security.
Digital criminals demanded $5.3 million in ransom from the City of New Bedford, Massachusetts following a ransomware attack. Jon Mitchell, Mayor of New Bedford, explained in a press briefing that the ransom demand came shortly after the City’s Management Information Systems (MIS) staff detected a ransomware attack in the early morning hours of 5 July […]… Read More
The post Ransomware Attackers Demanded $5.3M from City of New Bedford appeared first on The State of Security.
Security researchers spotted a phishing campaign that used SharePoint to bypass email gateway and other perimeter technologies. Cofense learned of the campaign after it analyzed an attack email sent from a compromised account @independentlegalassessors.co.uk. The email asked the recipient to review a proposed document by clicking on an embedded URL. In this particular instance, bad […]… Read More
The post Phishing Campaign Used SharePoint to Bypass Email Perimeter Tech appeared first on The State of Security.
Google has decided to expand the scope of one of its bug bounty programs as well as launch another security rewards initiative. On 29 August, Android Security & Privacy team members Adam Bacchus, Sebastian Porst, and Patrick Mutchler announced that the Google Play Security Reward Program (GPSRP) will now cover all Google Play apps with […]… Read More
The post Google Expands Scope of One Bug Bounty Program, Launches Another appeared first on The State of Security.