Category Archives: IT Security and Data Protection

Save the Children Federation Tricked Into Sending $1 Million to Scammers

Scammers tricked Save the Children Federation, a well-known U.S. charity, into sending them approximately one million dollars. As reported by The Boston Globe, digital attackers compromised the email account of a Save the Children Federation employee sometime in 2017. They then abused that access to issue a series of fake invoices and documents designed to […]… Read More

The post Save the Children Federation Tricked Into Sending $1 Million to Scammers appeared first on The State of Security.

Saipem Identified a Digital Attack against Some of Its Servers

Italian oil and gas industry contractor Saipem has announced that it identified a digital attack against some of its servers. On 10 December, Saipem published a statement on its website in which it revealed the attack and said it was in the process of collecting information to determine the impact on its systems and the […]… Read More

The post Saipem Identified a Digital Attack against Some of Its Servers appeared first on The State of Security.

Bug Affected 52.5 Million Users in Connection with a Google+ API

A bug connected to a Google+ API potentially exposed the profile information belonging to 52.5 million users of Google’s social network. According to David Thacker, VP of Product Management for G Suite, a software update in November introduced the weakness. This bug enabled apps that requested visibility of 52.5 million Google+ users’ name, email address, […]… Read More

The post Bug Affected 52.5 Million Users in Connection with a Google+ API appeared first on The State of Security.

Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers

Digital attackers used new malware called “Linux Rabbit” and “Rabbot” to install cryptominers on targeted devices and servers. In August 2018, researchers at Anomali Labs came across a campaign where Linux Rabbit targeted Linux servers located in Russia, South Korea, the United Kingdom and the United States. The malware began by using Tor hidden services […]… Read More

The post Linux Rabbit and Rabbot Malware Leveraged to Install Cryptominers appeared first on The State of Security.

Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea

Computer users are being reminded once again to take care over the browser extensions they install after security experts discovered a hacking campaign that has been targeting academic institutions since at least May 2018.

The post Malicious Chrome extension which sloppily spied on academics believed to originate from North Korea appeared first on The State of Security.

More Than 100,000 PCs in China Infected by New Ransomware Strain

A new ransomware strain successfully infected more than 100,000 personal computers in China over a period of just four days. According to a report from Velvet Security, the first samples of this ransomware broke out on 1 December after users installed multiple social media-themed apps including “Account Operation V3.1,” an app designed to help users […]… Read More

The post More Than 100,000 PCs in China Infected by New Ransomware Strain appeared first on The State of Security.

Security Incident Potentially Exposed 100 Million Quora Users’ Personal Data

A security incident at Quora potentially compromised the personal information and other details of approximately 100 million users. On 30 November, the question-and-answer website identified that a third party had gained access to one of its systems and compromised the data of 100 million users. The information potentially exposed by the incident included users’ names, […]… Read More

The post Security Incident Potentially Exposed 100 Million Quora Users’ Personal Data appeared first on The State of Security.

Marriott Reveals Security Incident Involving Starwood Reservation Database

Marriott announced that it recently detected and addressed a security incident involving the Starwood guest reservation database. On 30 November, Marriott revealed that an internal investigation had found evidence of unauthorized access to the database containing guests’ reservation information at Sheraton hotels and other Starwood properties on or before 10 September 2018. The American multinational […]… Read More

The post Marriott Reveals Security Incident Involving Starwood Reservation Database appeared first on The State of Security.

Dell Discloses Digital Security Event Involving Customer Information

Dell disclosed a digital security incident in which unauthorized individuals targeted some pieces of customer information. On 28 November, the American multinational computer technology company announced that it had detected a security incident earlier in the month. The event consisted of unauthorized activity on Dell.com, Premier, Global Portal and support.dell.com (‘Esupport’). Other parts of the […]… Read More

The post Dell Discloses Digital Security Event Involving Customer Information appeared first on The State of Security.

Worm Using Removable Drives to Distribute BLADABINDI Backdoor

A newly detected worm is propagating through removable drives to distribute a fileless variant of the BLADABINDI backdoor. In mid-November, researchers at Trend Micro first observed the worm, which the security firm detects as “Worm.Win32.BLADABINDI.AA.” They’re still investigating the threat’s exact method for infecting a system. But after analyzing its propagation routine, the researchers determined […]… Read More

The post Worm Using Removable Drives to Distribute BLADABINDI Backdoor appeared first on The State of Security.

Catching Configuration Changes that Can Lead to Data Exposure

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many users stop and think. Though it’s still […]… Read More

The post Catching Configuration Changes that Can Lead to Data Exposure appeared first on The State of Security.

The State of Security: Catching Configuration Changes that Can Lead to Data Exposure

Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black Friday and Cyber Monday this year, it certainly will make many users stop and think. Though it’s still […]… Read More

The post Catching Configuration Changes that Can Lead to Data Exposure appeared first on The State of Security.



The State of Security

German Social Media Provider Fined €20K for Data Breach

A German social media provider received an order to pay a €20,000 fine for a data breach that occurred in the summer of 2018. On 22 November, the regional data protection watchdog LfDI Baden-Württemberg announced that it had imposed the fine on a local “social media provider” after the organization filed a data breach report […]… Read More

The post German Social Media Provider Fined €20K for Data Breach appeared first on The State of Security.

5 Reasons Why Your Business Needs Penetration Testing

Nowadays, high-profile security breaches continue to dominate the media headlines. This trend places an increasing number of businesses at risk. They are growing in amount and complexity while malicious hackers are actively developing new and more sophisticated forms of attacks every single day. Having anti-virus software and a firewall, as well as assuming that your […]… Read More

The post 5 Reasons Why Your Business Needs Penetration Testing appeared first on The State of Security.

5 Digital Threats to Watch Out for on Black Friday

The end of November is a busy time in the United States. On Thanksgiving, friends and family gather together to give thanks for good food, good company and good fortune. Once they’ve put away the leftovers, many Americans don their coats, head to the malls and wait in line all night. For what? Black Friday, […]… Read More

The post 5 Digital Threats to Watch Out for on Black Friday appeared first on The State of Security.

The State of Security: Countering Espionage: An Enterprise Risk Management View

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More

The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.



The State of Security

Countering Espionage: An Enterprise Risk Management View

I am neither a political scientist nor a historian. However, I am conscious of some certain past events in human history which had political impacts and also influenced the course of history as we know it. Some say such events occurred on the basis of social, political and historical backgrounds and factors, whilst others pointed […]… Read More

The post Countering Espionage: An Enterprise Risk Management View appeared first on The State of Security.

Security vs. Compliance: What’s the Difference?

Security and compliance are often said in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. As much as I would like to see auditors and developers (or Security Analysts) living in harmony like a delicious Reese’s […]… Read More

The post Security vs. Compliance: What’s the Difference? appeared first on The State of Security.

Two Young Men Jailed for Involvement in TalkTalk Data Breach

Two young men received prison sentences for helping to perpetrate a data breach at the UK telecommunications provider TalkTalk. On 19 November, Judge Anuja Dhir QC at the Old Bailey sentenced Matthew Hanley, 23, to 12 months in prison. She handed down a slightly lighter sentence of eight months in jail to Connor Allsopp, 21. […]… Read More

The post Two Young Men Jailed for Involvement in TalkTalk Data Breach appeared first on The State of Security.

Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack

Malaysia’s largest media company allegedly suffered a ransomware attack that affected its ability to use its in-house email system. Anonymous sources told The Edge Financial Daily that ransomware attackers struck Media Prima Berhad, a media giant which operates businesses in television, print, radio, out-of-home advertising, content and digital media. According to those unnamed individuals, bad […]… Read More

The post Malaysia’s Largest Media Company Allegedly Suffers Ransomware Attack appeared first on The State of Security.

14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday

Researchers discovered 14 malware families targeting dozens of e-commerce brands just over one week before Black Friday. Kaspersky Lab observed the threats targeting 67 e-commerce brands including 33 consumer apparel sites, eight consumer electronic outlets and three online retail platforms. Banking trojans made up more than half of the malware tracked by Kaspersky. They included […]… Read More

The post 14 Malware Families Targeting E-Commerce Brands Ahead of Black Friday appeared first on The State of Security.

Hash Hunting: Why File Hashes are Still Important

According to Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable intelligence. When security research teams or government agencies release threat intelligence reports, some of the more tactical actionable intelligence is in the indicators. These indicators include (but are not limited to) IP addresses, domain names, file names or file hashes. […]… Read More

The post Hash Hunting: Why File Hashes are Still Important appeared first on The State of Security.

Unearthing Ransomware Characteristics Using Classification Taxonomy

We are familiar with the problem of ransomware – malicious software that seeks to encrypt user data and demand a ransom in return for the decryption key. There are several defensive measures that help work against crypto-malware. Backups work, in theory, but are not always available or are partial. We need to realize that ransomware […]… Read More

The post Unearthing Ransomware Characteristics Using Classification Taxonomy appeared first on The State of Security.

Half a Million People Potentially Affected by Data Breach at Bankers Life

A data breach at Bankers Life might have compromised the personally identifiable information of over half a million people. On 25 October 2018, Fortune 1000 company CNO Financial Group, Inc. submitted a report to the Office for Civil Rights’ Breach Portal at the U.S. Department of Health and Human Services. The report revealed an instance […]… Read More

The post Half a Million People Potentially Affected by Data Breach at Bankers Life appeared first on The State of Security.

HSBC Bank Notifies Customers of Data Breach

HSBC Bank sent a letter to an undisclosed number of customers informing them of a data breach that might have exposed their personal information. The California Attorney General’s Office recently received a template of a letter that HSBC Bank sent out to customers on 2 November. In the notice, the bank explains that it learned […]… Read More

The post HSBC Bank Notifies Customers of Data Breach appeared first on The State of Security.