Doug Olenick SC Media | Page 2 of 180

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

Emotet now using stolen emails for new attacks

By

The Emotet gang has started using the emails it stole in October 2018 marking a major milestone for the group and its activities. Cofense reported the group has so far sent more than 1,000 unique emails, with their own subject line, sent and is part of an effort to get away from using template-based emails…

First Look: Barac ETV

With the increasing trend of business services and applications leveraging encryption as the leading method of securing data in transit, malicious actors have once again adapted by developing more sophisticated attacks that employ the same technology. By using encryption to mask activities, bad actors can evade detection at organizations that lack the ability to inspect…

Join us for SC Media’s 2019 RiskSec Conference

SC Media’s 13th annual cybersecurity conference, RiskSec, will be held Wednesday, May 8 in Philadelphia. As a loyal SC reader, we are happy to offer you $100 off admission with discount code WEB. This year’s event will provide insights from thought leaders across various industries, focusing on the most significant issues that security professionals face…

Several vulnerabilities identified in TheCartPress WordPress plugin

WordPress removes vulnerable Yuzo Related Posts plugin

By

Sometimes when an organization dutifully shuts down a plugin due to cybersecurity concerns it merely acts as a signal flare to attract malicious actors to a possible attack vector and that seems to be what happened with the WordPress plugin Yuzo Related Posts. WordPress shut down Yuzo Related Posts, which has 60,000 installs, on March…

Ransomware knocks Greenville, N.C. offline

By

Greenville, N.C., has effectively been knocked offline by a ransomware attack with the city IT department having shut down the majority of its servers to limit the extent of the attack. In a Facebook post city officials said the incident began on April 10 and TheReflector.com reported a city spokesperson a ransom note was received…

Future-proof cybersecurity: Addressing implementation challenges in quantum cryptography

As cyberattacks grow in number and sophistication, it is essential that data is protected. But in today’s evolving threat landscape, this is not as simple as applying traditional security to communications systems. Indeed, many current systems use protocols based on mathematical problems, such as integer factorization, which could be easily cracked by quantum computers of…

'Havex' malware strikes industrial sector via watering hole attacks

Second Triton/Trisis critical infrastructure attack spotted

By

A second attack against a critical infrastructure target has been launched using the Triton/Trisis custom attack framework. FireEye researchers were able to attribute a second attack to the Russian group it fingered as being behind the initial 2017 attack that hit a petrochemical plant in Saudi Arabia through its industrial control system. Although details such…

Yahoo offers $117 million to settle 2016 data breach suit

By

Yahoo has more than doubled its proposed data breach settlement payout to $117.5 million after having a smaller amount rejected by a California judge in January. The original $50 million amount was rejected by U.S. District Judge Lucy Koh who said she couldn’t declare the settlement “fundamentally fair, adequate and reasonable” because it did not…

Uncomfortable Truth #1 about Phishing Defense

Part 1 of a 5-part series.    The threat posed by phishing is not new. For many years, the media and research papers have been littered with examples of data breaches that have been traced back to phishing attacks.   Organizations have attempted to tackle the threat through investments in next-gen technologies and increased employee…

The automation quandary: Or how to stop worrying and start automating

Information security is threatened from multiple angles. Threats have grown more sophisticated, digital infrastructures more complex, data more voluminous, and security talent increasingly scarce. The pace and volume make it impossible for IT groups to keep up. Automating tasks is an obvious solution to these challenges, but there are deeply ingrained concerns that automation will…

Next post in Executive Insight