Steve Ragan
CSOonline
Indianapolis, IN, United States
Contact Steve
Discover and connect with journalists and influencers around the world, save time on email research, monitor the news, and more.
| Recent: |
|
| Past: |
|
Past articles by Steve:
What are phishing kits? Web components of phishing attacks explained
A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization. → Read More
Gwinnett Medical Center investigating possible data breach
After being contacted by Salted Hash about a possible data breach, Gwinnett Medical Center, a not-for-profit network of healthcare providers in Gwinnett County, Georgia, has confirmed they're investigating what the healthcare provider is calling an IT incident. → Read More
Facebook: 50 million accounts impacted by security flaw
On Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon. → Read More
Scammers pose as CNN's Wolf Blitzer, target security professionals
Here's an interesting, if not outright comical, story for those of you just coming back to work after a long Labor Day weekend. Scammers are pretending to be a well-known CNN anchor and offering serious cash to anyone looking to be a security commentator on air. → Read More
Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding
On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending reforms be made to the troubled CVE program. In fact, the letters state, if the "deep-seated issues" in the CVE program are ever going to find resolution, DHS and MITRE will need to act sooner, rather than later. → Read More
Mirai leveraging Aboriginal Linux to target multiple platforms
The Mirai botnet hasn't gone away, you don't hear about it much, but the code has been constantly updated and maintained. Recently, Symantec's Dinesh Venkatesan discovered a command and control (C&C) server hosting various types of malware, each one targeted for a specific platform. → Read More
Salted Hash Ep 42: Phishing AI
All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent phishing campaign targeting Apple users. → Read More
Inside Dropbox and Microsoft Office phishing attacks
Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox but ends at Microsoft Office. → Read More
What are phishing kits? Web components of phishing attacks explained
A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization. → Read More
Introducing Kit Hunter, a phishing kit detection script
Kit Hunter is a basic Python script that will run on Linux or Windows. When you run Kit Hunter it searches web directories for phishing kits based on common kit elements located in the tag file. If there is a match, it logs the results and offers detailed context on the detections. → Read More
Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections
Reddit, one of the largest websites on the internet, announced on Wednesday that someone was able to compromise staff accounts at their cloud and source code hosting providers, leaving backups, source code, and various logs exposed. → Read More
Samsam infected thousands of LabCorp systems via brute force RDP
LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and mitigation, the ransomware was able to encrypt thousands of systems and several hundred production servers. → Read More
Salted Hash Ep 34: Red Team vs. Vulnerability Assessments
This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster diving. → Read More
No data breach at Patreon, but proactive notice caused some concern
Patreon, the membership platform that helps creators get paid for their work, sent users a letter on Monday warning them about a data breach at Typeform. But the proactive letter caused some panic, as more than a few people took it to mean the Patreon platform itself was breached. That isn't what happened. → Read More
92 million MyHeritage email addresses found on private server
On Monday, MyHeritage, an online genealogy platform, announced that more than 90 million of their users had email addresses and hashed passwords compromised, after a researcher discovered a file being hosted on a private server. → Read More
Salted Hash – SC 02: What a TSB phishing attack looks like
In April, TSB (a retail and commercial bank in the UK) announced they would shutdown some systems for an IT upgrade. However, the upgrade was a disaster, and over a month later customers are still having problems. As a result, criminals have turn to phishing in order to capitalize on the chaos created by the botched IT upgrade. → Read More
Salted Hash - SC 01: What an Apple phishing attack looks like
Today on Salted Hash, we’re going to look at a phishing attack from two sides. The first side will be what the victim sees. After that, we're going to see what the criminal sees. We'll also discuss some steps administrators can take to uncover these attacks in their own environments. → Read More
Researchers warn PGP and S/MIME users of serious vulnerabilities
A professor at Münster University issued a warning on Sunday about serious vulnerabilities in PGP and S/MIME – two widely-used methods for encrypting email – which if exploited could reveal plain text communications. The issue also impacts emails from the past. → Read More
North Korean anti-virus uses old Trend Micro components
Researchers at Checkpoint have published a report showing that North Korea's SiliVaccine, the country's anti-virus product, uses functional elements taken from a ten-year-old copy of Trend Micro's anti-virus. → Read More
Salted Hash Ep 24: Defending against mobile threats
Welcome back! After shooting several episodes during the RSA Conference in San Francisco, this week Salted Hash talks mobile threats with VASCO's Will LaSala. In addition to this week's episode, we've also got some additional footage from the conference. → Read More