Steve Ragan

Senior Staff Writer

Prior to joining the journalism world in 2005, Steve Ragan spent 15 years as a freelance IT contractor focused on infrastructure management and security. He's a father of two and rounded geek with a strong technical background.

Apple's High Sierra allows root with no password, there's a workaround to help

Apple's High Sierra allows root with no password, there's a workaround to help

Earlier this afternoon on Twitter, a developer posted a screenshot and reported it was possible to obtain root access on Apple's High Sierra without a password. Several users recreated this issue on their own systems, including a...

Salted Hash Ep 8: What keeps IT administrators up at night?

Salted Hash Ep 8: What keeps IT administrators up at night?

This week's episode of Salted Hash takes a quick look at things that frighten administrators. We're joined by CSO's Michael Nadeau, who shares his take on the matter. As expected, some of the topics include ransomware, insider...

Salted Hash Ep 7: Matrix Banker malware and insider threats

Salted Hash Ep 7: Matrix Banker malware and insider threats

This week's episode of Salted Hash takes a look at insider threats and the return of Matrix Banker, a family of malware that is targeting organizations in Mexico. Our guest is Justin Fier, the director for cyber intelligence and...

Why you should fear phishing more than data breaches

Why you should fear phishing more than data breaches

A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks – not data breaches – pose the most risk to users when it comes to lost access.

Salted Hash Ep 6: Ransomware marketplaces and the future of malware

Salted Hash Ep 6: Ransomware marketplaces and the future of malware

Would you give up a customer's data or credentials if that was the demand in a ransomware attack? No financial payment, just a password, or a document. That's a nightmare scenario, and it's just one of the few that Steve Ragan and...

Malwarebytes is tracking missed detections in traditional antivirus

Malwarebytes is tracking missed detections in traditional antivirus

Tracking real-world scans on systems over the first six months of 2017, Malwarebytes says that typical desktop anti-virus solutions aren't cutting it. The company examined detection data from nearly 10 million endpoints, and...

BadRabbit ransomware attacks multiple media outlets

BadRabbit ransomware attacks multiple media outlets

On Tuesday, Russian media outlet Interfax said in a statement their servers were offline, due to a virus attack. The news agency shifted their reporting efforts to Facebook while they work to recover. A short time later, Russian...

Kaspersky code review doesn’t solve the spying problem

Kaspersky code review doesn’t solve the spying problem

Earlier this month, a report in The Wall Street Journal says that hackers working for the Russian government used Kaspersky's Anti-Virus software to steal documents from a contractor's computer. The company denies any involvement, and...

Inside the thriving ransomware market

Inside the thriving ransomware market

Researchers at Carbon Black examined the Ransomware market and discovered some interesting facts about the booming criminal economy. Mirroring some of the legal technology markets, such as those for software development, the market...

KRACK: Researcher discovers flaws in WPA2 authentication
Update

KRACK: Researcher discovers flaws in WPA2 authentication

A researcher has released details on vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol, which he calls KRACK. Attacks taking advantage of the issues will work against all modern protected Wi-Fi networks. To put it...

Social engineer bank robber arrested weeks after successful $142,000 heist

Social engineer bank robber arrested weeks after successful $142,000 heist

A Malaysian bank robber who used social engineering as his primary weapon in a string of thefts was recently arrested at his home in Batu Berendam, Malacca, three weeks after successfully walking away with $142,000 (RM600,000) by...

Scammers sent follow-up emails in Office 365 phishing campaign

Scammers sent follow-up emails in Office 365 phishing campaign

As previously reported on Salted Hash, a recent phishing email looking to harvest credentials was actually part of an ongoing phishing campaign targeting Office 365 customers. The campaign has been going on since late 2016, and is...

Whole Foods Market investigating payment card breach

Whole Foods Market investigating payment card breach

Whole Foods Market, a supermarket chain that specializes in items that don't contain artificial preservatives, colors, etc. said on Thursday they’re investigating a payment card breach at the venues of some stores where taprooms and...

Hackers create memorial for a cockroach named Trevor

Hackers create memorial for a cockroach named Trevor

On Sunday evening, hours after the closing ceremonies of DerbyCon, participants gathered across the street from the conference hotel at the local Smashburger in downtown Louisville, KY. But the hackers didn’t gather for food, they...

Surviving ransomware by keeping things simple

Surviving ransomware by keeping things simple

Ransomware is a topic everyone knows about, but unless you've experienced a ransomware attack, it's hard to really describe and understand the stress associated with these events.

Office 365 Phishing attacks create a sustained insider nightmare for IT

Office 365 Phishing attacks create a sustained insider nightmare for IT

Earlier this month, Salted Hash deconstructed a Phishing email that had bypassed company filters and made into the general inbox. The email focused on an outdated subdivision, and was easily spotted as a scam. However, we've since...

17 penetration testing tools the pros use

17 penetration testing tools the pros use

We asked a few professional hackers for their thoughts on the best penetration testing tools. Here's what they said.

Equifax says website vulnerability exposed 143 million US consumers

Equifax says website vulnerability exposed 143 million US consumers

Equifax, one of the largest credit bureaus in the U.S., said on Thursday that an application vulnerability on one of their websites led to a data breach that exposed about 143 million consumers. The breach was discovered on July 29,...

Office 365 phishing – A quick look at a recent example

Office 365 phishing – A quick look at a recent example

On Thursday, an interesting email showed up in my inbox. The message says there are emails pending, because I've used 98-percent of my storage space. In order to fix this, I needed to download and save the attached configuration. The...

Security firms team up to neutralize WireX botnet after multiple DDoS attacks

Security firms team up to neutralize WireX botnet after multiple DDoS attacks

Researchers from Akamai, Cloudflare, Flashpoint, Google, Oracle (Dyn), RiskIQ, Team Cymru, and others worked together to take down an Android-based botnet responsible for several DDoS attacks earlier this month.

Load More