Category Archives: IT Security and Data Protection

Managing Information Security Skepticism by Changing Workplace Culture

Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals! Naturally, it’s hard for people to get behind something that feels […]… Read More

The post Managing Information Security Skepticism by Changing Workplace Culture appeared first on The State of Security.

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected […]… Read More

The post New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers appeared first on The State of Security.

The Importance of Content for Security Tools like Tripwire

Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, […]… Read More

The post The Importance of Content for Security Tools like Tripwire appeared first on The State of Security.

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that cPanel had released […]… Read More

The post Phishers Send Out Fake cPanel Security Vulnerabilities Advisory appeared first on The State of Security.

The State of Civil Aviation Cybersecurity

Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly interconnected. Civil aviation is mainly reliant on […]… Read More

The post The State of Civil Aviation Cybersecurity appeared first on The State of Security.

Emotet Botnet Named ‘Most Wanted Malware’ for July 2020

The Emotet botnet earned the title of “most wanted” malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm’s Global Threat Index for that month. […]… Read More

The post Emotet Botnet Named ‘Most Wanted Malware’ for July 2020 appeared first on The State of Security.

Phishing Campaign Leads Users to Site Disguised as Email Scanner

A phishing campaign tricked users into visiting a website that masqueraded as an email scanner in an effort to steal their account credentials. Kaspersky Lab found that the campaign began with a scam email containing a fake virus alert. This email claimed to originate from an organization’s “Email Security Team,” but it actually originated from […]… Read More

The post Phishing Campaign Leads Users to Site Disguised as Email Scanner appeared first on The State of Security.

FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status

The Federal Bureau of Investigations (FBI) warned of the security risks that organizations face if they continue to use the Windows 7 operating system despite its end of life (EOL) status. In a private industry notification published on August 3, the FBI explained that it had witnessed computer criminals exploiting operating systems that had achieved […]… Read More

The post FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status appeared first on The State of Security.

Secure Remote Access: Why It’s Important and How to Do It Right

COVID-19 forced organizations all over the world to transition their employees to a work-from-home policy. That change came at a time when organizations’ connected infrastructure is more complex than ever. Such complexity doesn’t just extend across IT environments, either. Indeed, machines and production processes are also becoming increasingly complex as organizations with OT environments seek […]… Read More

The post Secure Remote Access: Why It’s Important and How to Do It Right appeared first on The State of Security.

Belarus Announces Arrest of GandCrab Ransomware Distributor

Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-year-old resident of Gomel in cooperation with the United Kingdom and Romania. An investigation into the […]… Read More

The post Belarus Announces Arrest of GandCrab Ransomware Distributor appeared first on The State of Security.

The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity

Ships are increasingly using systems that rely on digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, the convergence of information technology (IT) and operational technology (OT) onboard ships and their connection to the Internet creates an increased attack surface that needs to be addressed. Challenges in […]… Read More

The post The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity appeared first on The State of Security.

Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials

Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims’ Microsoft credentials. Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access to target employees in […]… Read More

The post Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials appeared first on The State of Security.

FBI Releases Flash Alert on Netwalker Ransomware

The Federal Bureau of Investigations (FBI) released a flash alert in which it warned organizations about the dangers of Netwalker ransomware. On July 28, the FBI revealed in Flash Alert MI-000130-MW that it had received notifications of attacks involving Netwalker against U.S. and foreign government organizations along with entities operating in the healthcare and education […]… Read More

The post FBI Releases Flash Alert on Netwalker Ransomware appeared first on The State of Security.

Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data

A subsidiary of the Dussman Group suffered a ransomware infection in which malicious actors stole and publicly leaked its data. As reported by Bleeping Computer, the operators of Nefilim ransomware made good on a promise made back in March to begin publishing victims’ stolen information by updating their data leaks website with a post entitled […]… Read More

The post Dussman Group Subsidiary Struck by Ransomware that Leaked Its Data appeared first on The State of Security.

Phishers Using Fake Sharepoint Messages to Target Office 365 Details

Phishers leveraged fake automated messages from collaborative platform Sharepoint as a means to target users’ Office 365 credentials. Abnormal Security found that the phishing campaign began with an attack email that appeared to be an automated message from Sharepoint. To add legitimacy to this ruse, the attackers used spoofing techniques to disguise the sender as […]… Read More

The post Phishers Using Fake Sharepoint Messages to Target Office 365 Details appeared first on The State of Security.

Using Good Cyber Practices to Frame your Personal Cyber Narrative

Someone in my Twitter timeline wrote a post that resonated with me. Instead of advocating the idea of our firms mandating what we can and cannot do in our homes as working from home (WFH) standards, she said how gracious it was for us to let the firms into our home environments where we had […]… Read More

The post Using Good Cyber Practices to Frame your Personal Cyber Narrative appeared first on The State of Security.

Google Chrome Aims to Keep its Edge Over Other Browsers with its Latest Privacy and Security Features

Google Chrome may currently enjoy the numero uno position in the world of browsers, but it is starting to feel the pressure. The competition is heating up with its rivals like Microsoft Edge offering upgraded security features to lock in more users. The coronavirus pandemic has brought extensive changes to the way people operate, which […]… Read More

The post Google Chrome Aims to Keep its Edge Over Other Browsers with its Latest Privacy and Security Features appeared first on The State of Security.

Multi-Platform Malware Framework ‘MATA’ Claimed Victims Worldwide

Security researchers discovered a multi-platform malware framework called “MATA” that had succeeded in targeting victims worldwide. On Securelist, Kaspersky Lab revealed that it had shared its discovery of MATA with its Threat Intelligence Portal customers. The Russian security firm explained in its analysis that the first artifacts pertaining to MATA emerged back in April 2018. […]… Read More

The post Multi-Platform Malware Framework ‘MATA’ Claimed Victims Worldwide appeared first on The State of Security.