NEWS

NSA Responsible for Recent Cyberattacks in the United States

By Black Pine Cyber | May 27, 2019 | Comments Off on NSA Responsible for Recent Cyberattacks in the United States

As the City of Baltimore continues to struggle with the effects of the recent Robinhood ransomware attack that crippled their systems, the New York Times reports that the tool used to execute the attack relied on the EternalBlue exploits created by the National Security Agency. The NSA lost control of…

Read More

City of Baltimore Provides Update on Ransomware Attack

By Black Pine Cyber | May 21, 2019 | Comments Off on City of Baltimore Provides Update on Ransomware Attack

In a recent release, the City of Baltimore has advised that it is still unable to send or receive email after its systems were infected with the Robinhood ransomware on May 7th (16 days ago). The attack has disrupted real estate transactions, bill payments, email and telecommunications – though luckily,…

Read More

Wormable Vulnerability in Microsoft Remote Desktop Services (CVE-2019-0708)

By Black Pine Cyber | May 14, 2019 | Comments Off on Wormable Vulnerability in Microsoft Remote Desktop Services (CVE-2019-0708)

A number of important security updates from Microsoft and Adobe dropped this week. On Patch Tuesday, Microsoft released an update to address a major vulnerability – a “wormable” flaw in Remote Desktop Services (formerly known as Terminal Services) for Windows XP, Windows 7 and server products from Windows Server 2003…

Read More

ISACA Summit – The State of Cybersecurity

By Black Pine Cyber | May 10, 2019 | Comments Off on ISACA Summit – The State of Cybersecurity

Join information systems, technology and business professionals, and experts from across the globe for a dynamic discussion on today’s cybersecurity challenges, opportunities, trends – and on what lies ahead. Attend ISACA’s FREE Virtual Summit – a half-day event featuring live presentations and opportunities to connect with peers around the world.…

Read More

2019 Idaho Cybersecurity Interdependencies Summit

By Black Pine Cyber | April 29, 2019 | Comments Off on 2019 Idaho Cybersecurity Interdependencies Summit

2019 IDAHO CYBERSECURITY INTERDEPENDENCIES SUMMIT WHEN: April 29, 2019 from 8:30am Mountain until 5:00pm Mountain. Unfortunately, registration is now closed for this event. Please check back to read the final report on the Summit. ​​ WHERE: The Riverside Hotel 2900 W. Chinden Blvd. Boise, Idaho Preliminary agenda HERE Sponsorship opportunities…

Read More

SimplyWordPress Traced to Mason Soiza

By Black Pine Cyber | December 19, 2017 | Comments Off on SimplyWordPress Traced to Mason Soiza

Earlier today, the folks over at Wordfence released news that plugins from SimplyWordpress were found to be malicious in nature. The WordPress plugin “Captcha”, which had over 300,000 active installs, was modified to deploy an unauthenticated backdoor via an automatic update process that downloads, self-extracts and installs a different version…

Read More

BlueBorne vulnerability places billions of devices at risk…

By Black Pine Cyber | September 15, 2017 | Comments Off on BlueBorne vulnerability places billions of devices at risk…

Armis Labs has revealed a new attack vector that places billions of devices at risk and is completely platform agnostic. Virtually every device with Bluetooth enabled is exploitable via BlueBorne regardless of operating system  – Mac OS, iOS (only devices running iOS 9.3.5 and lower are affected), Android, Linux and…

Read More

Petya Ransomware a Front for State Cyberattack

By Black Pine Cyber | June 28, 2017 | Comments Off on Petya Ransomware a Front for State Cyberattack

The recently released and poorly constructed variant of the Petya ransomware, was not designed to make money… so it is not by definition, ransomware. Petya is a wiper. It was designed specifically to spread quickly across the globe and completely and permanently eviscerate any machine it infects. First deployed in…

Read More

OneLogin Breached (Again)

By Black Pine Cyber | June 1, 2017 | Comments Off on OneLogin Breached (Again)

Following a breach of their “secure notes” feature late last year, OneLogin has notified its users of a far larger breach that occurred on May 31, 2017. Covered by the BBC, Brian Krebs (Krebs on Security) and the Wordfence blog, this breach is far more damaging and affects all OneLogin users…

Read More

More than 100,000 WordPress sites hacked via REST API zero-day

By Black Pine Cyber | February 27, 2017 | Comments Off on More than 100,000 WordPress sites hacked via REST API zero-day

WordPress was updated on January 26th to patch three separate security vulnerabilities. At the time, the folks at WordPress advised that you should update immediately which is fairly normal (and recommended). What you may not know, is that a fourth vulnerability was kept private for several weeks. Why wasn’t it publicized? Security…

Read More