Security Breach Notification Laws

Posted by Jordan Kadlec on May 10, 2017 9:49:16 AM
submit to reddit

As of now, 48 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have implemented legislation that requires private or government entities to notify individuals if they have experienced a security breach. Alabama, New Mexico, and South Dakota are the three remaining states who don’t have official security breach notification laws. Even my Midwestern home-state of Iowa now has a mandatory data breach notification law.

Read More

Topics: Data Breach, Business

March Ransomware in Review

Posted by Jordan Kadlec on Apr 5, 2017 2:20:50 PM
submit to reddit

March was a month where a lot of small ransomware variants appeared but never came to fruition. There was, however, an update on CryptoLocker making its return, Cerber added a couple of new features, and Android ransomware appears to be here to stay. We also have a list of decryptors that were released, enabling you to recover your files without paying the ransom.

Read More

Topics: Cyber Threats, Data Breach, Ransomware, Ransomware Decrypters, decrypters

Double Agent: The Zero-Day That Could Last for Months

Posted by Jordan Kadlec on Mar 27, 2017 10:06:06 AM
submit to reddit

A zero-day attack named Double Agent has been discovered that exploits a 15-year-old feature in Windows from XP through Windows 10. The attack has the ability to take over antivirus software on machines running Windows and turns them into a weaponized Trojan capable of attacking the very system it was designed to protect. 

Read More

Topics: Cyber Threats, Data Breach, Zero Day, Zero Day Attacks, Zero Day Vulnerability

Spear Phishing Examples

Posted by Jordan Kadlec on Mar 16, 2017 9:59:49 AM
submit to reddit

Phishing is one of the most common attack vectors hackers use to initially infiltrate a user’s system. Phishing is an attempt to obtain user credentials, financial data, or other sensitive information by emulating a legitimate email communication. Phishing emails can also be used to trick a user into clicking on a malicious attachment or link that is embedded into an email. Spear phishing, on the other hand, is a targeted phishing campaign where hackers first research their target individual or company to increase their chance of success. By doing this, hackers attempt to appear more trustworthy as a legitimate business entity thus making the target less suspicious. Spear phishing presents a much greater threat than phishing in general as the targets are often high-level executives of large corporations.

Read More

Topics: Cyber Threats, Data Breach, Phishing, Spear Phishing

Top 7 Revelations of Vault 7

Posted by Jordan Kadlec on Mar 9, 2017 11:50:51 AM
submit to reddit

WikiLeaks dropped a bombshell on Tuesday, March 7th when it began a new series of leaks on the U.S. Central Intelligence Agency. Code-named Vault 7, Year Zero is the first series and is comprised of 8,761 documents and files from inside the Central Intelligence Agency’s (CIA) high-security network. Below are 7 revelations from Vault 7.

Read More

Topics: Cyber Threats, Data Breach, Press Release

Advanced Persistent Threats and Ransomware

Posted by Jordan Kadlec on Mar 6, 2017 8:00:00 AM
submit to reddit

Advanced Persistent Threats (APT) and ransomware have been the most dreaded types of malware over the last couple of years. While there are clear and distinct differences between APTs and ransomware, we are now seeing the two being paired together to create a type of hybrid malware.

Read More

Topics: Cyber Threats, Data Breach, Business, Ransomware

February Ransomware in Review

Posted by Jordan Kadlec on Mar 2, 2017 10:55:06 AM
submit to reddit

Although February was a short month, there certainly wasn’t a shortage of new ransomware variants. While there were several variants that will probably never make it into circulation, there was some notable ransomwares that we should all be aware of. We will review the most notable ransomware variants throughout the month as well as provide an update on new versions that infect Android devices. Unfortunately, there weren’t any decryption keys that were released over the last 28 days. 

Read More

Topics: Cyber Threats, Data Breach, Ransomware

Zero-Day Attack Examples

Posted by Jordan Kadlec on Mar 1, 2017 8:30:00 AM
submit to reddit

Stuxnet is known as the world’s first cyber weapon.  Stuxnet was used to break Iran’s uranium enrichment centrifuges when it was feared they were producing chemical weapons. While there’s no proof as to who created the zero-day exploit, everyone seems to agree that it was the National Security Agency (NSA) who launched the digital weapon. Stuxnet, which was previously named ‘Olympic Games’, made its way into the Iranian nuclear enrichment facility at Natanz in 2006. The code infected specific industrial control systems the Iranians were using and proceeded to speed up or slow down the centrifuges until they destroyed themselves, all while the operators’ computer screens showed everything was working as normal.

Read More

Topics: Cyber Threats, Data Breach, Scams, Business

BEWARE: You Can be Sued for Cybersecurity Negligence

Posted by Jordan Kadlec on Feb 23, 2017 11:57:56 AM
submit to reddit

In this day and age, it seems like you can sue or be sued for almost anything. Now, a company is being sued for cybersecurity negligence. That’s right; you can be sued for not having proper cybersecurity measures in place. Johnson & Bell, a Chicago-based law firm, is involved in a lawsuit for being negligent and engaging in malpractice by allowing information security vulnerabilities to develop that created risks to client information.

Read More

Topics: Cyber Threats, Data Breach, Business

PlayStation and Xbox Users Hacked

Posted by Jordan Kadlec on Feb 6, 2017 8:00:00 AM
submit to reddit

The personal details of over 2.5 million PlayStation and Xbox users has been hacked on PSP ISO and Xbox ISO forums. These forums aren’t directly linked to the distributors of the gaming counsels rather; they are used to share links to free and pirated software.

Read More

Topics: Cyber Threats, Data Breach, Business