Another Ransomware Variant Strikes Colorado DOT Days after Initial Attack

Colorado’s Department of Transportation (CDOT) has suffered an infection from another variant of the same ransomware family that attacked it just days earlier. On 1 March, a variant of SamSam ransomware targeted employees at CDOT. The attack didn’t hamper the Department’s Traffic Operations Center, the Colorado Governor’s Office of Information Technology (OIT) told KUSA-TV. But […]… Read More

The post Another Ransomware Variant Strikes Colorado DOT Days after Initial Attack appeared first on The State of Security.

The post Another Ransomware Variant Strikes Colorado DOT Days after Initial Attack appeared first on Security Boulevard.

from Another Ransomware Variant Strikes Colorado DOT Days after Initial Attack

A Dozen Connecticut State Agencies Targeted by WannaCry Ransomware

Government officials have revealed that WannaCry ransomware affected more than 100 computers at a dozen Connecticut state agencies. According to Connecticut’s Department of Administrative Services (DAS), state officials detected the digital attack against 160 computers at 12 state agencies on 23 February. Jeffrey Beckham, a spokesperson for the agency, says that IT personnel worked on […]… Read More

The post A Dozen Connecticut State Agencies Targeted by WannaCry Ransomware appeared first on The State of Security.

The post A Dozen Connecticut State Agencies Targeted by WannaCry Ransomware appeared first on Security Boulevard.

from A Dozen Connecticut State Agencies Targeted by WannaCry Ransomware

Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts

A company embedded password-stealing malware into an installer as part of its digital rights management (DRM) efforts to combat software pirates. On 18 Sunday, Reddit user crankyrecursion spotted the malware hiding within Flight Sim Labs’ installer for its A320 flight simulator desktop software. A little digging on the user’s part revealed that the threat originates […]… Read More

The post Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts appeared first on The State of Security.

The post Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts appeared first on Security Boulevard.

from Company Embedded Password-Stealing Malware into Installer as Part of DRM Efforts

Criminals Abused SWIFT to Steal $6M from Central Bank of Russia

Unknown criminals abused the SWIFT network to steal 339.5 million rubles ($6 million) from the Central Bank of Russia in 2017. The bank’s Financial Sector Computer Emergency Response Team (FinCERT) revealed the attack in its report on illegal transactions that occurred in 2017. As quoted by Sputnik International: Bank of Russia has been informed about […]… Read More

The post Criminals Abused SWIFT to Steal $6M from Central Bank of Russia appeared first on The State of Security.

The post Criminals Abused SWIFT to Steal $6M from Central Bank of Russia appeared first on Security Boulevard.

from Criminals Abused SWIFT to Steal $6M from Central Bank of Russia

Cryakl Ransomware Decryption Keys Released by Belgian Federal Police

The Belgian federal police has released free decryption keys for Cryakl ransomware following an international law enforcement operation. On 9 February, the European Union Agency for Law Enforcement Cooperation (Europol) announced the release of the keys through No More Ransom. The move represents the culmination of an investigation that involved Belgian police, the Dutch National […]… Read More

The post Cryakl Ransomware Decryption Keys Released by Belgian Federal Police appeared first on The State of Security.

The post Cryakl Ransomware Decryption Keys Released by Belgian Federal Police appeared first on Security Boulevard.

from Cryakl Ransomware Decryption Keys Released by Belgian Federal Police

Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online […]… Read More

The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on The State of Security.

The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on Security Boulevard.

from Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII

Scammers are impersonating the FBI’s Internet Crime Complaint Center (IC3) in order to infect users with malware and/or steal their personally identifiable information (PII). On 1 February, the real IC3 issued a public service announcement warning users of three scams that are impersonating the multi-agency task force. Here’s the FBI on the first ruse, for […]… Read More

The post Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII appeared first on The State of Security.

The post Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII appeared first on Security Boulevard.

from Scammers Impersonating the FBI’s IC3 to Distribute Malware, Steal PII

The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017

The second half of 2017 was busy in terms of digital security events. In September, consumer reporting agency Equifax announced a breach that potentially compromised the Social Security Numbers and other personal information of 143 million U.S. consumers. Less than two months later, organizations in Russia and Ukraine suffered infections at the hands of BadRabbit, […]… Read More

The post The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017 appeared first on The State of Security.

The post The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017 appeared first on Security Boulevard.

from The Top Malware Families in Banking, Mobile, Ransomware, and Crypto-Mining of 2017

Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Cisco has patched a remote code execution (RCE) vulnerability bearing a “perfect” CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following 10 Cisco products: 3000 Series […]… Read More

The post Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software appeared first on The State of Security.

The post Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software appeared first on Security Boulevard.

from Cisco Fixes 10.0 CVSS-Scored RCE Bug Affecting Its ASA Software

Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users

Users of a fitness tracking app have inadvertently exposed the locations of military bases by publicly sharing their jogging/cycling routes. Many service people who use Strava, an app which allows them to record their exercise activity using GPS plotting, are sharing their data publicly. Their movements have ended up in Strava Labs’ Global Heatmap consisting […]… Read More

The post Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users appeared first on The State of Security.

The post Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users appeared first on Security Boulevard.

from Locations of Military Bases Inadvertently Exposed by Fitness Tracker Users

Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers

Phishing attacks continue to threaten organizations’ digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it’s useful to examine the granular details of this attack method. […]… Read More

The post Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers appeared first on The State of Security.

The post Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers appeared first on Security Boulevard.

from Three-Quarters of Organizations Experienced Phishing Attacks in 2017, Report Uncovers

WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists

A popular WordPress plugin has fixed a vulnerability that allowed an unauthenticated user to download the subscriber lists for more than 100,000 websites. Email Subscribers & Newsletters incorporated the fix into version 3.4.8 on 19 January after working closely with Dominykas Gelucevicius from ThreatPress, a company which offers security products and services for WordPress users. […]… Read More

The post WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists appeared first on The State of Security.

The post WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists appeared first on Security Boulevard.

from WordPress Plugin Fixes Bug Allowing Download of 100K+ Sites’ Subscriber Lists

Another Indiana Hospital Hit by Ransomware Attack

Another hospital in Indiana has suffered a ransomware attack that affected some of its servers and prevented files from loading correctly. On 11 January, an employee of Adams Memorial Hospital of Decatur, Indiana notified administrators that some files didn’t look correct. Susan Sefton, a spokesperson for the hospital, said the network went blank before files […]… Read More

The post Another Indiana Hospital Hit by Ransomware Attack appeared first on The State of Security.

The post Another Indiana Hospital Hit by Ransomware Attack appeared first on Security Boulevard.

from Another Indiana Hospital Hit by Ransomware Attack

Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data

The healthcare industry is no stranger to data breaches. In 2017, SSM Health, the University of Iowa Health Care (UIHC), and Arkansas Oral & Facial Surgery Center all suffered security incidents where bad actors possibly exposed patients’ medical data. No doubt there are also countless other healthcare organizations that have yet to detect an ongoing […]… Read More

The post Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data appeared first on The State of Security.

The post Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data appeared first on Security Boulevard.

from Survey: Half of RNs ‘Very Confident’ in Their Employers’ Ability to Secure Patient Data

MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses

MailChimp has plugged a privacy issue that leaked users’ email addresses when they responded to websites’ newsletter campaigns. Self-proclaimed mobile enthusiast Terence Eden discovered what he calls an “annoying privacy violation” while viewing the referral logs for his website. Those logs help document “Referer Headers” (misspelling intended), optional header fields which specify the address of […]… Read More

The post MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses appeared first on The State of Security.

The post MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses appeared first on Security Boulevard.

from MailChimp Fixes Privacy Issue that Leaked Respondents’ Email Addresses

Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach

Aetna has agreed to pay $17 million as part of a settlement agreement for a breach that might have compromised thousands of HIV patients’ privacy. On 16 January, the United States District Court for the Eastern District Court of Pennsylvania received a proposed settlement agreement (PDF). The arrangement stipulates that Aetna, Inc., Aetna Life Insurance […]… Read More

The post Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach appeared first on The State of Security.

The post Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach appeared first on Security Boulevard.

from Aetna Accepts $17M Settlement Agreement for HIV Privacy Breach

4 Security Controls Keeping Up with the Evolution of IT Environments

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and public and private clouds. At the […]… Read More

The post 4 Security Controls Keeping Up with the Evolution of IT Environments appeared first on The State of Security.

The post 4 Security Controls Keeping Up with the Evolution of IT Environments appeared first on Security Boulevard.

from 4 Security Controls Keeping Up with the Evolution of IT Environments

VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data

VTech Electronics Limited has agreed to pay $650,000 as part of a settlement agreement with the Federal Trade Commission (FTC) for a 2015 breach that exposed millions of parents’ and children’s data. On 8 January, the United States District Court in the Northern District of Illinois (Eastern Division) processed an action (PDF) by which the […]… Read More

The post VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data appeared first on The State of Security.

The post VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data appeared first on Security Boulevard.

from VTech to Pay FTC $650K for 2015 Breach of Parents’, Children’s Data

3 Malware Trends to Watch Out for in 2018

We already know the security industry witnessed several significant ransomware attacks in 2017. Some of these campaigns derived at least part of their success from recent developments among malware families more generally. These trends will no doubt continue to shape bad actors’ offensives and how defenders can hope to protect against them in 2018. Digital […]… Read More

The post 3 Malware Trends to Watch Out for in 2018 appeared first on The State of Security.

The post 3 Malware Trends to Watch Out for in 2018 appeared first on Security Boulevard.

from 3 Malware Trends to Watch Out for in 2018

240,000 Federal Employees’ PII Potentially Exposed in DHS Data Breach

A data breach involving the U.S. Department of Homeland Security (DHS) might have exposed more than 240,000 current and former federal employees’ personally identifiable information (PII). On 3 January, DHS published a statement about the security incident. In it, Chief Privacy Officer Phillip S. Kaplan reveals that the U.S. Attorney’s Office and the Department of […]… Read More

The post 240,000 Federal Employees’ PII Potentially Exposed in DHS Data Breach appeared first on The State of Security.

The post 240,000 Federal Employees’ PII Potentially Exposed in DHS Data Breach appeared first on Security Boulevard.

from 240,000 Federal Employees’ PII Potentially Exposed in DHS Data Breach