Category: The State of Security

Read the original article: The MITRE ATT&CK Framework: Discovery The Discovery tactic is one which is difficult to defend against. It has a lot of similarities to the Reconnaissance stage of the Lockheed Martin Cyber Kill Chain. There are certain…

Read more →

Read the original article: World Password Day: Using a Passphrase to Strengthen Your Security Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that…

Read more →

Read the original article: Maze Ransomware Targets the Hospitals and Labs Fighting Coronavirus “Never let a good crisis go to waste.” These wise words have been recently attributed to former Bill Clinton Chief of Staff Rahm Emanuel, though Freakonomics actually…

Read more →

Read the original article: Getting Zoom Security Right – 8 Tips for Family and Friends If you’ve read a newspaper or watched the news in the past few weeks, you’ll notice one common topic that all the major news outlets…

Read more →

Read the original article: Digital Fraudsters Masquerading as FINRA in Phishing Emails The Financial Industry Regulatory Authority (FINRA) warned that digital fraudsters are impersonating it in an ongoing phishing email campaign. In a regulatory notice published on its website, FINRA…

Read more →

Read the original article: Podcast Episode 6: Taking Over IoT Devices with MQTT Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of…

Read more →

Read the original article: Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi The Ryuk and Sodinokibi ransomware families both contributed to an increase in the ransom amounts demanded by attackers over the past quarter. Coveware found that the average…

Read more →

Read the original article: COVID-19 Scam Roundup – May 4, 2020 Malicious actors continue to abuse coronavirus 2019 (COVID-19) as a lure to profit off of innocent people. Indeed, Arkose Labs found that 26.5% of all transactions recorded in Q1…

Read more →

Read the original article: Is Cyber Bullying Just Kids Being Mean On Social Media, Or Is There More To It? Whilst there are many definitions out there, to me cyberbullying is any form of communication that is aimed at hurting…

Read more →

Read the original article: Phishers Increasingly Incorporating reCaptcha API into Campaigns Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts…

Read more →

Read the original article: Newly-discovered Android malware steals banking passwords and 2FA codes Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.…

Read more →

Read the original article: Chegg Confirmed Data Breach of Employee Records American education technology company Chegg confirmed a data breach in which malicious actors stole some of its employee records. As reported by TechCrunch, digital attackers succeeded in stealing 700…

Read more →

Read the original article: National Poetry Month – Cybersecurity Edition April is National Poetry Month, a time when we can celebrate poets and their craft. To join in the celebrations, we at the State of Security asked employees at Tripwire…

Read more →

Read the original article: The MITRE ATT&CK Framework: Credential Access There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead?…

Read more →

Read the original article: ¿Qué es SCM (Gestión de Configuraciones de Seguridad)? La seguridad de la red comienza con el descubrimiento de activos. Este control fundamental recomienda a las organizaciones desarrollar un inventario de todos los dispositivos y software autorizados…

Read more →

Read the original article: Cloud Under Pressure: Keeping AWS Projects Secure Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so…

Read more →

Read the original article: Operators of Shade Ransomware Publish 750K Decryption Keys The operators of Shade ransomware published the decryption keys for 750,000 of their victims in an effort to help them recover their data. The authors of Shade used…

Read more →

Read the original article: What is the Cyber Essentials Certification and How Can it Help Your Business? According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting…

Read more →

Read the original article: Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to…

Read more →

Read the original article: COVID-19 Scam Roundup – April 27, 2020 The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed…

Read more →

Read the original article: OSINT – Using Threat Intelligence to Secure Your Organisation In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps…

Read more →

Read the original article: New Phishing Campaign Spoofed Skype to Steal Users’ Credentials A phishing campaign leveraged malicious emails to spoof video calling platform Skype in order to steal users’ account credentials. Cofense observed that the campaign began with an…

Read more →

Read the original article: Expert Thoughts on How Infosec Pros Can Make the Most of Working From Home We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that…

Read more →

Read the original article: Maze Ransomware – What you Need to Know What’s this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded…

Read more →

Read the original article: VictoryGate Monero-Mining Botnet Spread via Infected USB Devices A previously undocumented botnet called “VictoryGate” propagated via infected USB devices in order to perform Monero-mining functionality. Slovakian security firm ESET revealed that it had sinkholed several command-and-control…

Read more →

Read the original article: DoppelPaymer Ransomware Struck City in Los Angeles County DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices. As reported by Bleeping Computer, the…

Read more →

Read the original article: What is Configuration Drift? In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like…

Read more →

Read the original article: Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family. In the first campaign spotted by Bitdefender, malicious actors…

Read more →

Read the original article: FERC Approves Deferment of 3 CIP standards Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as…

Read more →

Read the original article: Building Effective Cybersecurity Budgets Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with…

Read more →

Read the original article: COVID-19 Scam Roundup – April 20, 2020 Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had…

Read more →

Read the original article: 5G Technology: How to Make Sure the Benefits Outweigh the Security Risks It’s hard not to say that 5G technology brings a lot of benefits. 5G entails faster download speeds, and yes, if you have a…

Read more →

Read the original article: U.S. House Oversight Committee Meeting Disrupted by Zoom-Bombers An internal government letter revealed that Zoom-bombers had disrupted a meeting held by the U.S. House Oversight Committee. In a letter sent to Representative Carolyn B. Maloney (D-N.Y.),…

Read more →

Read the original article: A Zoom zero-day exploit is up for sale for $500,000 Millions of people have moved onto the Zoom video-conferencing platform as the Coronavirus pandemic has forced them to work from their homes. According to Zoom’s own…

Read more →

Read the original article: Ragnar Locker Ransomware Demands 1580 BTC from EDP Ragnar Locker ransomware demanded 1580 bitcoin (approximately $11 million) as ransom from Portuguese electric utilities company Energias de Portuga (EDP). As reported by Bleeping Computer, the operators of…

Read more →

Read the original article: The MITRE ATT&CK Framework: Privilege Escalation Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting…

Read more →

Read the original article: Visibility, Vulnerabilities and VPNs – Extending Your Corporate Security Policies and Procedures to Cover Remote Workers We’ve heard a lot about the drastic measures that organizations in North America and Western Europe are taking to protect…

Read more →

Read the complete article: Bad Actors Infiltrated New York’s State Government Computer Network Officials revealed that malicious actors had succeeded in infiltrating the computer network serving New York’s state government. According to the Wall Street Journal (WSJ), officials revealed on…

Read more →

Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was…

Read more →

Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th. In-The-Wild & Disclosed CVEs CVE-2020-0935 A vulnerability in the OneDrive for Windows desktop…

Read more →

A new wiper malware falsely informed victims in its infection notice that two security researchers had been responsible for attacking them. According to Bleeping Computer, users who downloaded programs from free software and crack sites found that they couldn’t successfully…

Read more →

On March 27, 2020, President Trump signed an unprecedented $2 trillion stimulus package into law. The legislation received support from both chambers of the U.S. Congress for its goal to minimize the economic effects of the global coronavirus 2019 (COVID-19)…

Read more →

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free”…

Read more →

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…

Read more →

When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than…

Read more →

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer…

Read more →

We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS…

Read more →

A malvertising campaign used a copycat website for anti-malware software provider Malwarebytes to distribute the Raccoon infostealer. Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain “malwarebytes-free[.]com.” Registered…

Read more →

One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and…

Read more →

Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3…

Read more →

Security researchers reversed the encryption routine employed by L4NC34 ransomware by decrypting a file without paying the ransom. Sucuri Security first encountered L4NC34 ransomware when it began investigating an attack in which a malicious actor encrypted all website files and…

Read more →

Tripwire’s March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution,…

Read more →

Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware. According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container. The command…

Read more →

Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1…

Read more →

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a…

Read more →

A survey revealed that approximately half of employees didn’t know how to respond in the event their organization suffered a ransomware infection. In its survey of North American business employees, Kaspersky found that 45% of respondents overall did not know…

Read more →

What’s happened? Well, Coronavirus 2019 (COVID-19) happened. Okay, smart alec. I know about that. What else is going on? Well, because so many people are (wisely) staying at home, they’re using videoconferencing and chat technology like Zoom to keep in…

Read more →

En la superficie, la gestión de vulnerabilidades (VM) es casi omnipresente. Si le pregunta a alguien si su organización tiene VM, la gran mayoría responderá afirmativamente. De hecho, Tripwire hizo esa misma pregunta en una encuesta reciente sobre el tema.…

Read more →

The current pandemic has certainly shown the utility of electronic collaboration tools such as videoconferencing platforms. Once an expensive perk of solely enterprise companies, the video call is now used not only for executives remotely attending board meetings but also…

Read more →

An attack campaign leveraged the Excel VelvetSweatshop encryption technique to deliver samples of the LimeRAT malware family. According to Mimecast, those responsible for this attack campaign turned to VelvetSweatshop to enhance the efficacy of their efforts. Nefarious individuals have a…

Read more →

Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than, Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, all…

Read more →

Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security. Using a VPN for New Stay-at-Home Workers Millions of employees are…

Read more →

Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400…

Read more →

Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400…

Read more →

With so many of us frantically learning to juggle our roles as parents, workers and most recently teachers; is it just my wife and I who feel it necessary to monitor the online activity of our teenagers during this lockdown?…

Read more →

At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those…

Read more →

Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer. On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated…

Read more →

Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at…

Read more →

A newly detected advanced persistent threat (APT) operation called “WildPressure” targeted industrial organizations and other entities in the Middle East. Researchers at Kaspersky Lab observed WildPressue distributing samples of a fully operation trojan written in C++ called “Milum.” With timestamps…

Read more →

By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new…

Read more →

El monitoreo de integridad de archivos (FIM) existe porque el cambio es común dentro de los entornos de TI de las organizaciones. Los activos de hardware cambian. Los programas de software cambian. Los estados de las configuraciones cambian. Algunas de…

Read more →

File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder…

Read more →

Whether you are reading this from somewhere in the United States or overseas, chances are you are doing it from the comfort of your home. Not because you chose to but because you were asked to do so in order…

Read more →

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…

Read more →

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between…

Read more →

Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What…

Read more →

In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to…

Read more →

A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking. Countless websites were hijacked, and injected with cryptocurrency-mining code designed…

Read more →

Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack. Jitse Groen, founder and CEO of the Germany-based food delivery service Takeaway (Lieferando.de), announced on March 18 that his company had suffered a DDoS…

Read more →

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used…

Read more →

A newly discovered ransomware family called “Nefilim” told its victims that it would publish their stolen data within a week unless they paid their ransom. According to Bleeping Computer, Nefilim started up near the end of February 2020. The threat…

Read more →

We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when…

Read more →

En primer lugar, nuestros corazones están con aquellos en todo el mundo afectados por el coronavirus (COVID-19). El director del Centro de Control y Prevención de Enfermedades (CDC) de EE.UU., que asesora al país sobre salud pública, ha indicado que…

Read more →

There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to…

Read more →

Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective. It’s a skill that people build over…

Read more →

Security researchers spotted BlackWater malware leveraging a Cloudflare Worker for command-and-control (C&C) functionality. MalwareHunterTeam observed that the threat activity began with an RAR file called “Important – COVID-19.rar.” The file pretended to contain important information about the global COVID-19 outbreak,…

Read more →

First and foremost, our hearts go out to those around the world impacted by the COVID-19 virus. The director of the U.S. Center for Disease Control & Prevention (CDC), who advises the country on public health, has indicated that the…

Read more →

The website for a public health department in Illinois went down after the agency suffered a NetWalker ransomware attack. According to local media reports, officials at the Champaign-Urbana Public Health District (C-UPHD) became aware of the ransomware attack on March…

Read more →

Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users. Researcher Ashley Trans of Cofense highlighted the threat in a…

Read more →

MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations,…

Read more →

The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An…

Read more →

Security researchers detected a spam campaign leveraging Internet Query (IQY) files in an attempt to distribute Paradise ransomware. Lastline observed that the campaign began by trying to trick users into opening an IQY file, an Excel-readable text file which downloads…

Read more →

Arguably, the first malware extortion attack occurred in 1988 – the AIDS Trojan had the potential to be the first example of ransomware, but due to a design flaw, the victims didn’t end up actually having to pay up the…

Read more →

Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized…

Read more →

Today’s VERT Alert addresses Microsoft’s March 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-874 on Wednesday, March 11th. In-The-Wild & Disclosed CVEs Microsoft has not identified any of the vulnerabilities released…

Read more →

Digital fraudsters incorporated a chatbot into their phishing scam for the purpose of helping victims hand over their personal information. In a scam discovered by MalwareHunterTeam and shared with Bleeping Computer, digital attackers targeted Russian users with fake refunds of…

Read more →

It’s an unfortunate reality that cyber attacks on the U.S. 2020 election are likely to happen. However, while this is a potent threat to democracy, an even greater threat is to not take the necessary actions to prevent these attacks…

Read more →

The Office of Australian Information Commissioner (OAIC) filed a lawsuit alleging that Facebook violated the privacy of over 300,000 of its Australian users. On March 9, OAIC announced that it had submitted court documents against Facebook. In those materials, it…

Read more →

A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft; my tablet needing a…

Read more →

With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but…

Read more →