InfraGard recently put out a Flash Alert for a piece of malware called Fruit Fly. I sat through this briefing during last year’s Black Hat/DefCon conference and this malware is unique because it can live in an environment for months, if not years, undetected. There are no ransomware screens alerting the user that they’ve been infected or the ominous blue screen of death. It was first discovered in January of 2017 by Thomas Reed who works for Malwarebytes, who’s also a top Mac OS security researcher and conducted the initial analysis, but since then other variants been identified, dissected, and monitored.

On March 25th, Under Armour was made aware that they had an unauthorized party gain access and acquire data associated with 150 million MyFitnessPal user accounts. The information they could’ve gathered includes, but is not limited to, usernames, email addresses, and hashed passwords. What are hashed passwords? Hashed passwords, from a high level, happen when passwords are ran through a mathematical function to create an encrypted version and a message authentication code (MAC) of a plaintext password. In MyFitnessPal’s case, they used a bcrypt hashing function, the same type that was used by formerly hacked Ashley Madison. After the Ashley Madison hack, the entire database and all password hashes were made available to the hackers of the world and now they have the password hashes of MyFitnessPal too. What does this mean for those of you that have an account on MyFitnessPal?

Just after the New Year, on January 8th, Attorney General Josh Stein and Rep. Jason Saine proposed new legislation aiming to strengthen North Carolina’s laws around data breaches. The proposed law has many aspects that would make North Carolina residents very happy, but what affect will it have on North Carolina businesses?

Today, the risk of a security incident or data breach is higher than ever. Having an Incident Response Plan is crucial to maintaining a strong security posture so you can protect your business before, during and after an attack.

(Image via Reddit) It’s the holiday season and that means more people are traveling and spending time in airports, bus/train stations, and generally wondering if the next stop, coffee shop or store has free Wi-Fi. The habitual curiosity is understandable – why use your cell data when you can hook up to a free connection to the web, right? In fact, there’s always a couple of questions I seem to get on this subject when people find out I’m a security professional. They are: What do you think about public Wi-Fi? Is free Wi-Fi safe to use? Is it ok to use the Wi-Fi at the airport?

Ransomware has evolved. It now spreads on its own inside a network, from machine to machine, encrypting files and compromising hosts. With an estimated global cost of cyberattacks sitting at $400 billion per year, and ransomware being expected to remain at the forefront of these attacks, it’s important to know how ransomware works, who it targets, and how to protect your business with a multi-layered defense. Take a look inside ransomware with our partners at Cisco Security: