One data breach can lead to another. Because so much of the data stolen in breaches ends up for sale on the dark web, a threat actor can purchase authentication credentials — the emails and passwords — of the organization’s employees without having to steal them directly. With that information in hand, threat actors have an open door into

Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit.But today we’d like to offer a straight-forward roundup of the Tripwire product suite. Get to know the basics of Tripwire’s core solutions for FIM, SCM, VM and more. Without further ado:Tripwire® Enterpr

Unsecured Server Exposed Records Containing Sensitive Personal Data and Case Notes From Cook County CourtOn September 26, 2020, researchers discovered an unsecured Elasticsearch server exposing more than 323,277 Cook County court related records containing highly sensitive personal data. Cook County, Illinois, is the second most populous county in the U

Security vendor SonicWall has warned its customers that threat actors may have found zero-day vulnerabilities in some of its remote access products.An initial post on the vendor’s knowledgebase pages on Friday claimed that the NetExtender VPN client version 10.x and the SMB-focused SMA 100 series were at risk.However, an update over the weekend clarifi

Intel was forced to issue its financial results earlier than expected last week after an internal error made public some of the information before it was due to be released, the firm has confirmed.Originally, Intel CFO, George Davis claimed a “hacker” had got hold of an infographic detailing the earnings, which was waiting to be published on the

Manipulating Medical Devices The Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed)

Indian cryptocurrency exchange Buyucoin suffered a security incident, threat actors leaked sensitive data of 325K users. A new incident involving a cryptocurrency exchange made the headlines, the India-based cryptocurrency exchange suffered a security incident, threat actors leaked sensitive data of 325K users on the Dark Web. Leaked data includes nam

In the digital age, organizations and the missions and business processes they support rely on information technology and information systems to achieve their mission and business objectives. Not only is technology used to efficiently enable businesses to carry out operational activities, but it is also the backbone for the United States’ critical infr

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Standards are a cybersecurity compliance framework designed to protect utility organizations. Adhering to these guidelines is essential—falling short will leave your environment vulnerable to malicious actors and can result in some hefty fines. NERC CIP is a bur

Tesla has accused a former employee, a software engineer, of downloading about 26,000 sensitive files and transferring them on his personal Dropbox On Saturday, Tesla sued the former employee Alex Khatilov for allegedly stealing 26,000 confidential documents, including trade secrets. The software engineer transferred the sensitive files to his personal Dr

A well-known threat actor has leaked data belonging to 2.28 million users registered on the dating website MeetMindful. ZDNet first reported that the well-known threat actor ShinyHunters has leaked the data of more than 2.28 million users registered on the dating site MeetMindful, The threat actor leaked the data for free download on a publicly accessi

Windows 10X is a new streamlined version of Windows designed for security and performance that Microsoft announced in 2019 and plans to launch in Spring 2021 on a new range of devices.Many details so far have been scarce, but thanks to a Windows 10X build that was leaked last week, we can get a good look at the operating system and its features.In addition t

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims' network or web site as an extra tool to force them to pay a ransom. At the time, the two operations using this new tactic were SunCrypt and Ragn

A threat actor has leaked the stolen database for Indian cryptocurrency exchange Buyucoin on a hacking forum for free.Over the weekend, a threat actor known as ShinyHunters posted the link to an archive that contains the alleged database dumps for the Buyucoin cryptocurrency exchange.Pixlr database leaked for freeShinyHunters is a threat actor

The chipmaker Intel Corp. revealed that an internal error it the root cause of a data leak, it confirmed that corporate network was not impacted. The computer chipmaker Intel Corp. confirmed that an internal error is the cause of a data leak that prompted it to release a quarterly earnings report early. Intel chief financial officer, George Davis, tol