Category Archives: IT Security and Data Protection

Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack

Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack. On 17 June, the board of the Palm Beach County municipality voted unanimously to authorize that the city insurer pay 65 bitcoins (worth approximately $602,000 at the time of this writing) to those responsible […]… Read More

The post Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack appeared first on The State of Security.

Modular Plurox Backdoor Comes with Cryptomining, Worm-Like Plugins

A new modular backdoor detected as “Plurox” comes with multiple plugins that expand its capabilities to include cryptomining and worm-like behavior. In February 2019, Kaspersky Lab’s researchers first detected the backdoor. Their analysis revealed that the backdoor, written in C, arrived with debug lines. This suggests that the malware was still in testing at the […]… Read More

The post Modular Plurox Backdoor Comes with Cryptomining, Worm-Like Plugins appeared first on The State of Security.

Your Personally Identifiable Information Is Part of You: Stop Giving It Away

Are hackers really the problem when governments can just ask for or legislate the requirement to turn over user data? Russia currently has approximately 149 million people living in within its borders, and while Tinder is not the most popular dating app in the country, even a small percentage of the population could be subjected […]… Read More

The post Your Personally Identifiable Information Is Part of You: Stop Giving It Away appeared first on The State of Security.

Researchers Release Decryptor that Works against GandCrab Version 5.2

Security researchers have released a decryptor that works against the latest variants of GandCrab ransomware, including version 5.2. On 17 June, Bitdefender announced that users can download the tool from the No More Ransom Project’s website. They can then use the utility to freely decrypt any and all files which samples of GandCrab through version […]… Read More

The post Researchers Release Decryptor that Works against GandCrab Version 5.2 appeared first on The State of Security.

Oregon State University (OSU) Discloses Data Breach

Oregon State University (OSU) has disclosed a security incident that potentially affected the personally identifiable information of some students and their families. On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise, the email account contained the personal […]… Read More

The post Oregon State University (OSU) Discloses Data Breach appeared first on The State of Security.

French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2

The French Ministry of Interior has released a decryption utility for versions 1 and 2 of PyLocky ransomware to the public. On 11 June, the ministry of the French government unveiled the tool as the product of collaboration between its various agencies, including the Brigade d’enquêtes sur les fraudes aux technologies de l’information (BEFTI) of […]… Read More

The post French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2 appeared first on The State of Security.

Aircraft Parts Manufacturer Halts Operations After Ransomware Attack

Aircraft parts manufacturer ASCO has temporarily suspended operations worldwide after falling victim to a ransomware attack. As reported by Data News, ASCO decided that it would shut down its headquarters in Zaventem, a Belgian municipality situated within the province of Flemish Brabant, as a result of the attack. This suspension is expected to place approximately […]… Read More

The post Aircraft Parts Manufacturer Halts Operations After Ransomware Attack appeared first on The State of Security.

What Public Sector CISOs Should Take Away from Verizon’s 2019 DBIR

It’s been a few weeks since Verizon released the 12th edition of its Data Breach Investigations Report (DBIR). For this publication, Verizon’s researchers studied 41,686 security incidents in which a response was necessary. These analysts found that 2,013 of those incidents were data breaches in that some sort of information was actually compromised. Out of […]… Read More

The post What Public Sector CISOs Should Take Away from Verizon’s 2019 DBIR appeared first on The State of Security.

The Tax Paying Hacker: A Modern Phenomenon

In a dark room lit only by the light from four computer monitors sits a hacker named Hector (not his real name). You can hear the faint pulse of an EDM track coming from his headphones as Hector taps away on his computer’s keyboard. The above description could serve as the setting for a hacker […]… Read More

The post The Tax Paying Hacker: A Modern Phenomenon appeared first on The State of Security.

Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack

The City of Lake City has confirmed that a “Triple Threat” ransomware attack affected the functionality of several of its computer systems. According to its Facebook statement, the Floridian municipality became the target of a ransomware program known as “Triple Threat” on 10 June 2019. This malware allegedly combined three different attack vectors to target […]… Read More

The post Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack appeared first on The State of Security.

YouTube Attacks to Watch Out For in 2019

YouTube, the world’s top provider of streaming multimedia content, keeps reaching new heights in terms of its popularity. Nearly two billion monthly users and five billion videos watched every single day – these impressive statistics speak for themselves, and the numbers are steadily growing year over year. Everybody loves YouTube and so do cybercriminals, only […]… Read More

The post YouTube Attacks to Watch Out For in 2019 appeared first on The State of Security.

Food Bank Needs Help Recovering from Ransomware Attack

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food […]… Read More

The post Food Bank Needs Help Recovering from Ransomware Attack appeared first on The State of Security.

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not require any authentication. This made it possible for […]… Read More

The post Fortune 500 Company Addresses Weakness Behind 264GB Data Leak appeared first on The State of Security.

Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen

Cryptocurrency wallet service GateHub has warned that over 100 customers have had their ledger wallets hacked and funds stolen.

The post Cryptocurrency wallet GateHub hacked, nearly $10 million worth of Ripple (XRP) stolen appeared first on The State of Security.

PCASTLE Malware Attacks Targeting China-Based Systems with XMRig

A new wave of attacks involving PCASTLE malware are targeting systems located in China with the XMRig cryptocurrency miner. On 17 May, Trend Micro first observed a series of attacks that use PCASTLE, an obfuscated PowerShell script, to target mainly China-based systems with XMRig, cryptomining malware was involved in numerous attacks in 2018. The security […]… Read More

The post PCASTLE Malware Attacks Targeting China-Based Systems with XMRig appeared first on The State of Security.

Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack

The first quarter profits for Norsk Hydro sank after the Norwegian aluminum and renewable energy company fell victim to a ransomware attack. According to Reuters, Norsk Hydro’s gains fell to 559 million Norwegian crowns (approximately $64.3 million at the time of reporting) in the first quarter of 2019. That number is down from 3.15 billion […]… Read More

The post Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack appeared first on The State of Security.

Australia National University Reveals Data Breach Involving 19 Years of Info

Australia National University (ANU) has disclosed a data breach that affected some information of its community members dating back 19 years. On 4 June, ANU Vice-Chancellor Brian Schmidt revealed that the school had discovered a data breach in May. An analysis of the event uncovered that someone had accessed the school’s systems illegally back in […]… Read More

The post Australia National University Reveals Data Breach Involving 19 Years of Info appeared first on The State of Security.

Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems

Eurofins Scientific, an international group of laboratories headquartered in Brussels, revealed that a ransomware attack disrupted some of its IT systems. On 3 June, the food, pharmaceutical and environmental laboratory testing provider revealed that its IT security monitoring teams had discovered a ransomware attack over the weekend that had affected several of its IT systems. […]… Read More

The post Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems appeared first on The State of Security.

Apple Releases Firmware Security Updates for AirPort Base Stations

Apple recently released a series of updates that address several firmware security issues affecting its AirPort base stations. Released on 30 May, the changes fix eight vulnerabilities that apply to the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. Almost half of these bugs concerned denial-of-service (DoS) attacks. Apple fixed one of these […]… Read More

The post Apple Releases Firmware Security Updates for AirPort Base Stations appeared first on The State of Security.

Checkers Says Data Breach Affected 100+ Locations

Checkers Drive-In Restaurants, Inc. revealed that a data breach possibly affected customers at more than 100 of its Checkers and Rally’s locations. Adam Noyes, chief administrative officer and executive vice president at Checkers Drive-In Restaurants, Inc., wrote in a statement that the double drive-thru restaurant chain recently learned of a malware infection involving some of […]… Read More

The post Checkers Says Data Breach Affected 100+ Locations appeared first on The State of Security.

Flipboard Resets Users’ Passwords after Discovering Security Incident

News and social media aggregator Flipboard reset all users’ passwords after discovering a security incident that might have affected some of their data. On 28 May, the company revealed that its engineering team had recently detected suspicious activity in the network environment where its databases reside. Flipboard responded by launching an investigation and engaging an […]… Read More

The post Flipboard Resets Users’ Passwords after Discovering Security Incident appeared first on The State of Security.

How to Secure Your Information on AWS: 10 Best Practices

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was […]… Read More

The post How to Secure Your Information on AWS: 10 Best Practices appeared first on The State of Security.

Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot

Digital criminals have begun abusing a secure tunneling service to deliver samples of the Lokibot banking malware family. My Online Security came across an instance of this campaign when they received an email pretending to originate come from BBVA Banco Continental, a Spanish bank. The email leveraged the lure of a fake payment transfer to […]… Read More

The post Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot appeared first on The State of Security.

Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google

Google found that users who add a recovery phone number to their accounts effectively block 100 percent of automated bot attacks by doing so. The tech giant arrived at this finding after teaming up with New York University and the University of California, San Diego to investigate the efficacy of basic account hygiene in preventing […]… Read More

The post Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google appeared first on The State of Security.

Free Decryptor Released for GetCrypt Ransomware

Security researchers have released a tool that enables victims of GetCrypt ransomware to recover their affected files for free. On 23 May, web security and antivirus software provider Emsisoft announced the release of its GetCrypt decrypter. This utility asks victims of the ransomware to supply both an encrypted copy and the original version of a […]… Read More

The post Free Decryptor Released for GetCrypt Ransomware appeared first on The State of Security.

Endpoint Security: It’s a Whole New World

Once upon a time, endpoint security was just a hall monitor. It watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines and sped up the heart rates of […]… Read More

The post Endpoint Security: It’s a Whole New World appeared first on The State of Security.

One Year Later: First GDPR Execution Overview Reveals There’s Still Work to Do

It’s been nearly a year since the European Union’s General Data Protection Regulation (GDPR) became enforceable. In that span of time, news outlets have reported various stories largely concerning the regulation and its penalties scheme. In January 2019, for instance, the world learned that France’s data protection regulator CNIL had fined Google 50 million euros […]… Read More

The post One Year Later: First GDPR Execution Overview Reveals There’s Still Work to Do appeared first on The State of Security.

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared to previous attacks involving the malware. In this particular instance, the attack email used the lure […]… Read More

The post HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider appeared first on The State of Security.

Letting Go While Holding On: Managing Cyber Risk in Cloud Environments

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Within a year, the tone had changed. What used to be “we’re thinking about it” became “the CIO […]… Read More

The post Letting Go While Holding On: Managing Cyber Risk in Cloud Environments appeared first on The State of Security.

Company Behind LeakedSource Pleads Guilty after RCMP Investigation

A company responsible for helping to operate LeakedSource.com has submitted a guilty plea following an investigation by the Royal Canadian Mounted Police (RCMP). On 17 May, Defiant Tech Inc. pleaded guilty to the charge of “trafficking in identity information and possession of property obtained by crime” in association with an investigation surrounding LeakedSource. RCMP initiated […]… Read More

The post Company Behind LeakedSource Pleads Guilty after RCMP Investigation appeared first on The State of Security.

Stack Overflow Discloses Digital Attack against Production Systems

Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a statement posted to Stack Overflow’s website, she explained that someone had obtained production-level access to the […]… Read More

The post Stack Overflow Discloses Digital Attack against Production Systems appeared first on The State of Security.

Forbes subscribers warned of Magecart threat skimming credit card details

The notorious Magecart malware, that blights online stores by stealing payment card details from unsuspecting shoppers at checkout, has claimed another high profile victim. Security researcher Troy Mursch raised the alarm on Twitter that the Forbes magazine subscription website had been compromised with malicious code that was siphoning off sensitive credit card information as users […]… Read More

The post Forbes subscribers warned of Magecart threat skimming credit card details appeared first on The State of Security.

A Simple Data Breach Guide (Interpreting GDPR)

Perhaps it’s too melodramatic to claim that the debate over how to define a data breach “rages on” because we haven’t seen bodies flying out of windows yet, but it is a serious question with genuine financial ramifications now that the General Data Protection Regulation (GDPR) and its accompanying fines for mishandling data have arrived […]… Read More

The post A Simple Data Breach Guide (Interpreting GDPR) appeared first on The State of Security.

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart threat actors used the same skimmer against two web-based suppliers to try to steal users’ payment card information. As discovered by security researcher Willem de Groot, the first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system […]… Read More

The post Magecart Used Same Skimmer against Two Web-Based Suppliers appeared first on The State of Security.

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS […]… Read More

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on The State of Security.

A Changing Threat Landscape: Inside Verizon’s 2019 DBIR

Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how sending data to […]… Read More

The post A Changing Threat Landscape: Inside Verizon’s 2019 DBIR appeared first on The State of Security.

Highlights from the Verizon DBIR 2019

Every year, the Verizon Data Breach Investigations Report comes out, and there’s a mad scramble to inspect and interpret the data. The report is data-rich, as always, and already contains a bunch of analysis, so there are really only a few options for adding value to the conversation. Industry commentators can choose to disagree with […]… Read More

The post Highlights from the Verizon DBIR 2019 appeared first on The State of Security.

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers’ information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the online tutoring program detected the security […]… Read More

The post Online Tutoring Program Reveals Customer Data Breach appeared first on The State of Security.

Unprotected Database Exposed 13.7M Users’ Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared his […]… Read More

The post Unprotected Database Exposed 13.7M Users’ Employment Information appeared first on The State of Security.

World Password Day: Using a Passphrase to Strengthen Your Security

Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you’ve reused an old password from 2012? Surprisingly, quite a lot. Hashed passwords and the plain text equivalent from a breached site can be paired with your then-username. Hackers […]… Read More

The post World Password Day: Using a Passphrase to Strengthen Your Security appeared first on The State of Security.