Steve Ragan

Senior Staff Writer

Prior to joining the journalism world in 2005, Steve Ragan spent 15 years as a freelance IT contractor focused on infrastructure management and security. He's a father of two and rounded geek with a strong technical background.

Gwinnett Medical Center investigating possible data breach

Facebook: 30 million accounts impacted by security flaw (updated)

Facebook: 30 million accounts impacted by security flaw (updated)

On Friday, Facebook’s VP of product management Guy Rosen, coordinating with a Facebook post by founder Mark Zuckerberg, said the company discovered someone had abused access tokens for 50 million users on Tuesday afternoon.

Scammers pose as CNN's Wolf Blitzer, target security professionals

Scammers pose as CNN's Wolf Blitzer, target security professionals

Here's an interesting, if not outright comical, story for those of you just coming back to work after a long Labor Day weekend. Scammers are pretending to be a well-known CNN anchor and offering serious cash to anyone looking to be a...

Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding

Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding

On Monday, the Energy and Commerce Committee sent letters to MITRE Corporation and the Department of Homeland Security (DHS), recommending reforms be made to the troubled CVE program. In fact, the letters state, if the "deep-seated...

Mirai leveraging Aboriginal Linux to target multiple platforms

Mirai leveraging Aboriginal Linux to target multiple platforms

The Mirai botnet hasn't gone away, you don't hear about it much, but the code has been constantly updated and maintained. Recently, Symantec's Dinesh Venkatesan discovered a command and control (C&C) server hosting various types of...

Talking phishing campaigns with @PhishingAI's Jeremy Richards | Salted Hash, Ep. 42

Talking phishing campaigns with @PhishingAI's Jeremy Richards | Salted Hash, Ep. 42

All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent...

Inside Dropbox and Microsoft Office phishing attacks | Salted Hash, Ep. SC03

Inside Dropbox and Microsoft Office phishing attacks | Salted Hash, Ep. SC03

Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox...

What are phishing kits? Web components of phishing attacks explained
Awareness

What are phishing kits? Web components of phishing attacks explained

A phishing kit is the back-end to a phishing attack. It's the final step in most cases, where the criminal has replicated a known brand or organization.

Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40

Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40

Kit Hunter is a basic Python script that will run on Linux or Windows. When you run Kit Hunter it searches web directories for phishing kits based on common kit elements located in the tag file. If there is a match, it logs the...

Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections

Reddit discloses hack, says SMS intercept allowed attackers to skirt 2FA protections

Reddit, one of the largest websites on the internet, announced on Wednesday that someone was able to compromise staff accounts at their cloud and source code hosting providers, leaving backups, source code, and various logs exposed.

Samsam infected thousands of LabCorp systems via brute force RDP

Samsam infected thousands of LabCorp systems via brute force RDP

LabCorp, one of the largest clinical labs in the U.S., said the Samsam ransomware attack that forced their systems offline was contained quickly and didn't result in a data breach. However, in the brief time between detection and...

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

Salted Hash Ep 34: Red Team vs. Vulnerability Assessments

This week on Salted Hash, Phil Grimes, Professional Services Lead at RedLegg, discusses why words matter, the concept of scoping for Red Teams, and shares more stories from his days in the field as we discuss tailgating and dumpster...

Load More