Author Archives: David Bisson

Oregon State University (OSU) Discloses Data Breach

Oregon State University (OSU) has disclosed a security incident that potentially affected the personally identifiable information of some students and their families. On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise, the email account contained the personal […]… Read More

The post Oregon State University (OSU) Discloses Data Breach appeared first on The State of Security.

French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2

The French Ministry of Interior has released a decryption utility for versions 1 and 2 of PyLocky ransomware to the public. On 11 June, the ministry of the French government unveiled the tool as the product of collaboration between its various agencies, including the Brigade d’enquêtes sur les fraudes aux technologies de l’information (BEFTI) of […]… Read More

The post French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2 appeared first on The State of Security.

Aircraft Parts Manufacturer Halts Operations After Ransomware Attack

Aircraft parts manufacturer ASCO has temporarily suspended operations worldwide after falling victim to a ransomware attack. As reported by Data News, ASCO decided that it would shut down its headquarters in Zaventem, a Belgian municipality situated within the province of Flemish Brabant, as a result of the attack. This suspension is expected to place approximately […]… Read More

The post Aircraft Parts Manufacturer Halts Operations After Ransomware Attack appeared first on The State of Security.

Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack

The City of Lake City has confirmed that a “Triple Threat” ransomware attack affected the functionality of several of its computer systems. According to its Facebook statement, the Floridian municipality became the target of a ransomware program known as “Triple Threat” on 10 June 2019. This malware allegedly combined three different attack vectors to target […]… Read More

The post Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack appeared first on The State of Security.

Food Bank Needs Help Recovering from Ransomware Attack

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food […]… Read More

The post Food Bank Needs Help Recovering from Ransomware Attack appeared first on The State of Security.

What Is FIM (File Integrity Monitoring)?

File integrity monitoring (FIM) exists because change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during a patch cycle; some cause concern by their unexpected nature. Organizations commonly respond to such dynamism by investing in asset discovery and […]… Read More

The post What Is FIM (File Integrity Monitoring)? appeared first on The State of Security.

Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor

Microsoft is warning users to be on the lookout for a malspam campaign that’s abusing an Office vulnerability in order to distribute a backdoor. On 7 June, Microsoft Security Intelligence took to Twitter to raise awareness of the operation. The campaign, which remains active as of this writing, begins when users receive a malspam email […]… Read More

The post Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor appeared first on The State of Security.

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not require any authentication. This made it possible for […]… Read More

The post Fortune 500 Company Addresses Weakness Behind 264GB Data Leak appeared first on The State of Security.

PCASTLE Malware Attacks Targeting China-Based Systems with XMRig

A new wave of attacks involving PCASTLE malware are targeting systems located in China with the XMRig cryptocurrency miner. On 17 May, Trend Micro first observed a series of attacks that use PCASTLE, an obfuscated PowerShell script, to target mainly China-based systems with XMRig, cryptomining malware was involved in numerous attacks in 2018. The security […]… Read More

The post PCASTLE Malware Attacks Targeting China-Based Systems with XMRig appeared first on The State of Security.

Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack

The first quarter profits for Norsk Hydro sank after the Norwegian aluminum and renewable energy company fell victim to a ransomware attack. According to Reuters, Norsk Hydro’s gains fell to 559 million Norwegian crowns (approximately $64.3 million at the time of reporting) in the first quarter of 2019. That number is down from 3.15 billion […]… Read More

The post Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack appeared first on The State of Security.

12 Common Tools for Your DevOps Team

DevOps is revolutionizing the way enterprises deliver apps to the market by blending software development and information technology operations. This convergence creates an assembly line for the cloud, as Tim Erlin wrote for The State of Security, by increasing the rate at which companies can develop apps and deliver them to users. 12 Common Tools […]… Read More

The post 12 Common Tools for Your DevOps Team appeared first on The State of Security.

Australia National University Reveals Data Breach Involving 19 Years of Info

Australia National University (ANU) has disclosed a data breach that affected some information of its community members dating back 19 years. On 4 June, ANU Vice-Chancellor Brian Schmidt revealed that the school had discovered a data breach in May. An analysis of the event uncovered that someone had accessed the school’s systems illegally back in […]… Read More

The post Australia National University Reveals Data Breach Involving 19 Years of Info appeared first on The State of Security.

Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems

Eurofins Scientific, an international group of laboratories headquartered in Brussels, revealed that a ransomware attack disrupted some of its IT systems. On 3 June, the food, pharmaceutical and environmental laboratory testing provider revealed that its IT security monitoring teams had discovered a ransomware attack over the weekend that had affected several of its IT systems. […]… Read More

The post Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems appeared first on The State of Security.

Apple Releases Firmware Security Updates for AirPort Base Stations

Apple recently released a series of updates that address several firmware security issues affecting its AirPort base stations. Released on 30 May, the changes fix eight vulnerabilities that apply to the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. Almost half of these bugs concerned denial-of-service (DoS) attacks. Apple fixed one of these […]… Read More

The post Apple Releases Firmware Security Updates for AirPort Base Stations appeared first on The State of Security.

Checkers Says Data Breach Affected 100+ Locations

Checkers Drive-In Restaurants, Inc. revealed that a data breach possibly affected customers at more than 100 of its Checkers and Rally’s locations. Adam Noyes, chief administrative officer and executive vice president at Checkers Drive-In Restaurants, Inc., wrote in a statement that the double drive-thru restaurant chain recently learned of a malware infection involving some of […]… Read More

The post Checkers Says Data Breach Affected 100+ Locations appeared first on The State of Security.

Flipboard Resets Users’ Passwords after Discovering Security Incident

News and social media aggregator Flipboard reset all users’ passwords after discovering a security incident that might have affected some of their data. On 28 May, the company revealed that its engineering team had recently detected suspicious activity in the network environment where its databases reside. Flipboard responded by launching an investigation and engaging an […]… Read More

The post Flipboard Resets Users’ Passwords after Discovering Security Incident appeared first on The State of Security.

How to Secure Your Information on AWS: 10 Best Practices

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was […]… Read More

The post How to Secure Your Information on AWS: 10 Best Practices appeared first on The State of Security.

Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot

Digital criminals have begun abusing a secure tunneling service to deliver samples of the Lokibot banking malware family. My Online Security came across an instance of this campaign when they received an email pretending to originate come from BBVA Banco Continental, a Spanish bank. The email leveraged the lure of a fake payment transfer to […]… Read More

The post Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot appeared first on The State of Security.

Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google

Google found that users who add a recovery phone number to their accounts effectively block 100 percent of automated bot attacks by doing so. The tech giant arrived at this finding after teaming up with New York University and the University of California, San Diego to investigate the efficacy of basic account hygiene in preventing […]… Read More

The post Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google appeared first on The State of Security.

Free Decryptor Released for GetCrypt Ransomware

Security researchers have released a tool that enables victims of GetCrypt ransomware to recover their affected files for free. On 23 May, web security and antivirus software provider Emsisoft announced the release of its GetCrypt decrypter. This utility asks victims of the ransomware to supply both an encrypted copy and the original version of a […]… Read More

The post Free Decryptor Released for GetCrypt Ransomware appeared first on The State of Security.

Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction

A Windows laptop infected with six high-profile computer viruses has surpassed a value of one million dollars in public auction bids. For a project called “The Persistence of Chaos,” contemporary internet artist Guo O. Dong and security firm Deep Instinct infected a Samsung NC10-14GB 10.2-Inch Blue Netbook (2008) running Windows XP SP3 with six pieces […]… Read More

The post Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction appeared first on The State of Security.

One Year Later: First GDPR Execution Overview Reveals There’s Still Work to Do

It’s been nearly a year since the European Union’s General Data Protection Regulation (GDPR) became enforceable. In that span of time, news outlets have reported various stories largely concerning the regulation and its penalties scheme. In January 2019, for instance, the world learned that France’s data protection regulator CNIL had fined Google 50 million euros […]… Read More

The post One Year Later: First GDPR Execution Overview Reveals There’s Still Work to Do appeared first on The State of Security.

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared to previous attacks involving the malware. In this particular instance, the attack email used the lure […]… Read More

The post HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider appeared first on The State of Security.

Company Behind LeakedSource Pleads Guilty after RCMP Investigation

A company responsible for helping to operate LeakedSource.com has submitted a guilty plea following an investigation by the Royal Canadian Mounted Police (RCMP). On 17 May, Defiant Tech Inc. pleaded guilty to the charge of “trafficking in identity information and possession of property obtained by crime” in association with an investigation surrounding LeakedSource. RCMP initiated […]… Read More

The post Company Behind LeakedSource Pleads Guilty after RCMP Investigation appeared first on The State of Security.

Stack Overflow Discloses Digital Attack against Production Systems

Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a statement posted to Stack Overflow’s website, she explained that someone had obtained production-level access to the […]… Read More

The post Stack Overflow Discloses Digital Attack against Production Systems appeared first on The State of Security.

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart threat actors used the same skimmer against two web-based suppliers to try to steal users’ payment card information. As discovered by security researcher Willem de Groot, the first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system […]… Read More

The post Magecart Used Same Skimmer against Two Web-Based Suppliers appeared first on The State of Security.

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS […]… Read More

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on The State of Security.

Global Information Services Company Discloses Malware Attack

A global information services company has disclosed a malware attack that affected several of its applications and platforms. On 6 May, global solutions provider Wolters Kluwer published a statement in which it confirmed that it was suffering network issues: We are experiencing network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of […]… Read More

The post Global Information Services Company Discloses Malware Attack appeared first on The State of Security.

A Changing Threat Landscape: Inside Verizon’s 2019 DBIR

Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how sending data to […]… Read More

The post A Changing Threat Landscape: Inside Verizon’s 2019 DBIR appeared first on The State of Security.

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers’ information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the online tutoring program detected the security […]… Read More

The post Online Tutoring Program Reveals Customer Data Breach appeared first on The State of Security.

What Is DevOps Maturity, and How Does It Relate to DevOps Security?

By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments. Such variety has helped shape organizations’ DevOps […]… Read More

The post What Is DevOps Maturity, and How Does It Relate to DevOps Security? appeared first on The State of Security.

Fraudsters Targeting Consumers with One-Ring Phone Scams

Fraudsters are targeting consumers with one-ring phone scams that exploit people’s curiosity so as to trick them into paying exorbitant fees. According to the U.S. Federal Communications Commission (FCC), this scam oftentimes begins when a fraudster contacts an unsuspecting consumer using a one-ring phone call. Many of these calls appear to originate from phone numbers […]… Read More

The post Fraudsters Targeting Consumers with One-Ring Phone Scams appeared first on The State of Security.

President Trump Signs EO to Bolster Federal Digital Security Workforce

President Trump has signed an executive order (EO) that seeks to bolster the U.S. federal government’s digital security workforce. On 2 May, President Trump authorized the “Executive Order on America’s Cybersecurity Workforce.” This directive sets out various actions designed to strengthen the federal digital security workforce. For instance, it requires the Secretary of Homeland Security […]… Read More

The post President Trump Signs EO to Bolster Federal Digital Security Workforce appeared first on The State of Security.

Unprotected Database Exposed 13.7M Users’ Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared his […]… Read More

The post Unprotected Database Exposed 13.7M Users’ Employment Information appeared first on The State of Security.

$9.8M Settlement to Eddie Bauer Data Breach Filed in Federal Court

A Washington federal court has received a $9.8 million settlement that would resolve a data breach class-action lawsuit filed against Eddie Bauer. Filed on 26 April, the proposed settlement is the product of two years of litigation between Eddie Bauer and Veridian Credit Union, a process which included an in-person mediation meeting held in February, […]… Read More

The post $9.8M Settlement to Eddie Bauer Data Breach Filed in Federal Court appeared first on The State of Security.