May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions. What benefits have those organizations experienced in achieving compliance, for instance? Have they encountered any drawbacks […]… Read More
The post Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary appeared first on The State of Security.
For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history. In an incident report published on its website, BlockFi was keen to stress that the hacker’s activity had been logged […]… Read More
The post BlockFi Hacked Following SIM Swap Attack, But Says No Funds Lost appeared first on The State of Security.
The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives. I see most of these techniques as being useful for describing what a piece of malware or threat actor is up to rather than looking to them for guidance on […]… Read More
The post The MITRE ATT&CK Framework: Collection appeared first on The State of Security.
Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data. Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Department of […]… Read More
The post ‘Glitch’ in Illinois’ PUA System Blamed for Exposing SSNs, Private Data appeared first on The State of Security.
Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked. This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years. The list is designed to […]… Read More
The post The top 10 most-targeted security vulnerabilities – despite patches having been available for years appeared first on The State of Security.
It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victims. More often than not, an attacker will gain an initial foothold and […]… Read More
The post The MITRE ATT&CK Framework: Lateral Movement appeared first on The State of Security.
Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password or passphrase from 2012? Surprisingly, quite a lot. Hashed passwords and the plain text equivalent from a breached site can be paired with your […]… Read More
The post World Password Day: Using a Passphrase to Strengthen Your Security appeared first on The State of Security.