Xiaoqing Zheng, an engineer working for GE in Albany, was arrested and charged by the FBI for stealing around 20,000 files and providing them to the Chinese government. Interestingly, Zheng used steganography – hiding data in images – to remove the data off of GE’s network.  The accused has been charged, but not convicted. Zheng […]

Read more

A new cryptomining malware, unofficially titled ZombieBoy, is active and exploiting numerous vulnerabilities in an effort to increase the likelihood of infection.  Similar to WannaCry, it exploits CVE-2017-0143 and CVE-2017-0146, DoublePulsar and EternalBlue respectively.  These two exploits look for open SMB (445) ports and exploits those that are unpatched.  It also exploits CVE-2017-9073, which is […]

Read more

How do you know if you are hacked?  That is one of the first five questions I ask when consulting a CISO or discussing Security On-Demand services with clients and customers.  It’s a simple but important question that is much harder to answer than you might expect, especially if you have a young or immature […]

Read more

  It has been nearly 3-months since GDPR went into effect.  In some ways the impact has been notable for everyone as we have all seen a ton of “privacy policy” notifications to agree to.  What may not be as noticeable is its impact on Security Operations Manange Service Providers.  These businesses are designed to […]

Read more

If 2017 was the year of Ransomware, 2018 may well be known as the year of Cryptocurrency Miners.  Crypto mining in and of itself is neither malicious nor a security event. However, the same tools and domains that any random individual may use to legitimately mine their own crypto are also being used by botnets […]

Read more

Phishing is one of the most effective ways for hackers to breach a network, steal personal data, or conduct identity theft.  One would think that after so many years of phishing and spam emails coming at us and all the ways in which companies are training their staff on how to identify phishing that phishing […]

Read more

Insider threats continue to be the most dangerous threat to any organization.  They are threats to internal data and intellectual property, network performance and security, and even the health and safety of the workforce.  The veracity of this threat is exemplified by the FBI charging Joshua Schulte, a CIA engineer, as the individual behind the […]

Read more

This morning US-CERT published a malware analysis report on a North Korean trojan they call “TYPEFRAME”.  The report contains 11 malware samples that targeted Windows machines using executables and a macro-enabled Microsoft Word document.  TYPEFRAME appears to have much of the expected functionality of an Advanced Persistent Threat type malware; including connecting to C2 nodes […]

Read more