Read the original article: The MITRE ATT&CK Framework: Discovery The Discovery tactic is one which is difficult to defend against. It has a lot of similarities to the Reconnaissance stage of the Lockheed Martin Cyber Kill Chain. There are certain…
Category: The State of Security
World Password Day: Using a Passphrase to Strengthen Your Security
Read the original article: World Password Day: Using a Passphrase to Strengthen Your Security Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that…
Maze Ransomware Targets the Hospitals and Labs Fighting Coronavirus
Read the original article: Maze Ransomware Targets the Hospitals and Labs Fighting Coronavirus “Never let a good crisis go to waste.” These wise words have been recently attributed to former Bill Clinton Chief of Staff Rahm Emanuel, though Freakonomics actually…
Getting Zoom Security Right – 8 Tips for Family and Friends
Read the original article: Getting Zoom Security Right – 8 Tips for Family and Friends If you’ve read a newspaper or watched the news in the past few weeks, you’ll notice one common topic that all the major news outlets…
Digital Fraudsters Masquerading as FINRA in Phishing Emails
Read the original article: Digital Fraudsters Masquerading as FINRA in Phishing Emails The Financial Industry Regulatory Authority (FINRA) warned that digital fraudsters are impersonating it in an ongoing phishing email campaign. In a regulatory notice published on its website, FINRA…
Podcast Episode 6: Taking Over IoT Devices with MQTT
Read the original article: Podcast Episode 6: Taking Over IoT Devices with MQTT Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of…
Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi
Read the original article: Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi The Ryuk and Sodinokibi ransomware families both contributed to an increase in the ransom amounts demanded by attackers over the past quarter. Coveware found that the average…
COVID-19 Scam Roundup – May 4, 2020
Read the original article: COVID-19 Scam Roundup – May 4, 2020 Malicious actors continue to abuse coronavirus 2019 (COVID-19) as a lure to profit off of innocent people. Indeed, Arkose Labs found that 26.5% of all transactions recorded in Q1…
Is Cyber Bullying Just Kids Being Mean On Social Media, Or Is There More To It?
Read the original article: Is Cyber Bullying Just Kids Being Mean On Social Media, Or Is There More To It? Whilst there are many definitions out there, to me cyberbullying is any form of communication that is aimed at hurting…
Phishers Increasingly Incorporating reCaptcha API into Campaigns
Read the original article: Phishers Increasingly Incorporating reCaptcha API into Campaigns Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts…
Newly-discovered Android malware steals banking passwords and 2FA codes
Read the original article: Newly-discovered Android malware steals banking passwords and 2FA codes Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.…
Chegg Confirmed Data Breach of Employee Records
Read the original article: Chegg Confirmed Data Breach of Employee Records American education technology company Chegg confirmed a data breach in which malicious actors stole some of its employee records. As reported by TechCrunch, digital attackers succeeded in stealing 700…
National Poetry Month – Cybersecurity Edition
Read the original article: National Poetry Month – Cybersecurity Edition April is National Poetry Month, a time when we can celebrate poets and their craft. To join in the celebrations, we at the State of Security asked employees at Tripwire…
The MITRE ATT&CK Framework: Credential Access
Read the original article: The MITRE ATT&CK Framework: Credential Access There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead?…
¿Qué es SCM (Gestión de Configuraciones de Seguridad)?
Read the original article: ¿Qué es SCM (Gestión de Configuraciones de Seguridad)? La seguridad de la red comienza con el descubrimiento de activos. Este control fundamental recomienda a las organizaciones desarrollar un inventario de todos los dispositivos y software autorizados…
Cloud Under Pressure: Keeping AWS Projects Secure
Read the original article: Cloud Under Pressure: Keeping AWS Projects Secure Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so…
Operators of Shade Ransomware Publish 750K Decryption Keys
Read the original article: Operators of Shade Ransomware Publish 750K Decryption Keys The operators of Shade ransomware published the decryption keys for 750,000 of their victims in an effort to help them recover their data. The authors of Shade used…
What is the Cyber Essentials Certification and How Can it Help Your Business?
Read the original article: What is the Cyber Essentials Certification and How Can it Help Your Business? According to a statistical research of the University of Portsmouth for the government of the UK, more than 80% of the cyber-attacks affecting…
Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls
Read the original article: Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to…
COVID-19 Scam Roundup – April 27, 2020
Read the original article: COVID-19 Scam Roundup – April 27, 2020 The coronavirus 2019 (COVID-19) scam onslaught continues. Per Threatpost, digital attackers ramped up their activity over Q1 2020 to the extent that they were sending approximately 1.5 million coronavirus-themed…
OSINT – Using Threat Intelligence to Secure Your Organisation
Read the original article: OSINT – Using Threat Intelligence to Secure Your Organisation In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps…
New Phishing Campaign Spoofed Skype to Steal Users’ Credentials
Read the original article: New Phishing Campaign Spoofed Skype to Steal Users’ Credentials A phishing campaign leveraged malicious emails to spoof video calling platform Skype in order to steal users’ account credentials. Cofense observed that the campaign began with an…
Expert Thoughts on How Infosec Pros Can Make the Most of Working From Home
Read the original article: Expert Thoughts on How Infosec Pros Can Make the Most of Working From Home We find ourselves in strange times. In response to the ongoing coronavirus epidemic, organizations have swiftly closed their offices and mandated that…
Maze Ransomware – What you Need to Know
Read the original article: Maze Ransomware – What you Need to Know What’s this Maze thing I keep hearing about? Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded…
VictoryGate Monero-Mining Botnet Spread via Infected USB Devices
Read the original article: VictoryGate Monero-Mining Botnet Spread via Infected USB Devices A previously undocumented botnet called “VictoryGate” propagated via infected USB devices in order to perform Monero-mining functionality. Slovakian security firm ESET revealed that it had sinkholed several command-and-control…
DoppelPaymer Ransomware Struck City in Los Angeles County
Read the original article: DoppelPaymer Ransomware Struck City in Los Angeles County DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices. As reported by Bleeping Computer, the…
What is Configuration Drift?
Read the original article: What is Configuration Drift? In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like…
Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns
Read the original article: Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family. In the first campaign spotted by Bitdefender, malicious actors…
FERC Approves Deferment of 3 CIP standards
Read the original article: FERC Approves Deferment of 3 CIP standards Just a couple of weeks back I posted to The State of Security an article titled “Finally Some Good News: NERC Proposes Deferment of 3 CIP standards,” and, as…
Building Effective Cybersecurity Budgets
Read the original article: Building Effective Cybersecurity Budgets Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with…
COVID-19 Scam Roundup – April 20, 2020
Read the original article: COVID-19 Scam Roundup – April 20, 2020 Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had…
5G Technology: How to Make Sure the Benefits Outweigh the Security Risks
Read the original article: 5G Technology: How to Make Sure the Benefits Outweigh the Security Risks It’s hard not to say that 5G technology brings a lot of benefits. 5G entails faster download speeds, and yes, if you have a…
U.S. House Oversight Committee Meeting Disrupted by Zoom-Bombers
Read the original article: U.S. House Oversight Committee Meeting Disrupted by Zoom-Bombers An internal government letter revealed that Zoom-bombers had disrupted a meeting held by the U.S. House Oversight Committee. In a letter sent to Representative Carolyn B. Maloney (D-N.Y.),…
A Zoom zero-day exploit is up for sale for $500,000
Read the original article: A Zoom zero-day exploit is up for sale for $500,000 Millions of people have moved onto the Zoom video-conferencing platform as the Coronavirus pandemic has forced them to work from their homes. According to Zoom’s own…
Ragnar Locker Ransomware Demands 1580 BTC from EDP
Read the original article: Ragnar Locker Ransomware Demands 1580 BTC from EDP Ragnar Locker ransomware demanded 1580 bitcoin (approximately $11 million) as ransom from Portuguese electric utilities company Energias de Portuga (EDP). As reported by Bleeping Computer, the operators of…
The MITRE ATT&CK Framework: Privilege Escalation
Read the original article: The MITRE ATT&CK Framework: Privilege Escalation Anyone who has had any experience on the offensive side of security has had fun with privilege escalation. There’s something exciting about exploiting a system to the point of getting…
Visibility, Vulnerabilities and VPNs – Extending Your Corporate Security Policies and Procedures to Cover Remote Workers
Read the original article: Visibility, Vulnerabilities and VPNs – Extending Your Corporate Security Policies and Procedures to Cover Remote Workers We’ve heard a lot about the drastic measures that organizations in North America and Western Europe are taking to protect…
Bad Actors Infiltrated New York’s State Government Computer Network
Read the complete article: Bad Actors Infiltrated New York’s State Government Computer Network Officials revealed that malicious actors had succeeded in infiltrating the computer network serving New York’s state government. According to the Wall Street Journal (WSJ), officials revealed on…
Realizing Hybrid Asset Discovery with Tripwire Industrial Appliance
Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was…
VERT Threat Alert: April 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th. In-The-Wild & Disclosed CVEs CVE-2020-0935 A vulnerability in the OneDrive for Windows desktop…
New Wiper Malware Blames Two Security Researchers for Infection
A new wiper malware falsely informed victims in its infection notice that two security researchers had been responsible for attacking them. According to Bleeping Computer, users who downloaded programs from free software and crack sites found that they couldn’t successfully…
COVID-19 Scam Roundup – April 14, 2020
On March 27, 2020, President Trump signed an unprecedented $2 trillion stimulus package into law. The legislation received support from both chambers of the U.S. Congress for its goal to minimize the economic effects of the global coronavirus 2019 (COVID-19)…
Cybersecurity in Education (K-12) with the CIS Controls
Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free”…
Podcast Episode 5: Staying Up to Speed on Your Top Security Priorities with CISO Mark Houpt
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…
The MITRE ATT&CK Framework: Persistence
When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than…
Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness
New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer…
What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring
We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS…
Fake Malwarebytes Site Used by Malvertising Attack to Spread Raccoon
A malvertising campaign used a copycat website for anti-malware software provider Malwarebytes to distribute the Raccoon infostealer. Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain “malwarebytes-free[.]com.” Registered…
The Cyber Threat Intelligence Analyst – Speaking Your Languge
One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and…
Finally Some Good News: NERC Proposes Deferment of 3 CIP standards
Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3…
L4NC34 Ransomware’s Encryption Routine Reversed by Researchers
Security researchers reversed the encryption routine employed by L4NC34 ransomware by decrypting a file without paying the ransom. Sucuri Security first encountered L4NC34 ransomware when it began investigating an attack in which a malicious actor encrypted all website files and…
Tripwire Patch Priority Index for March 2020
Tripwire’s March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution,…
Misconfigured Docker API Ports Targeted by Kinsing Malware
Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware. According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container. The command…
COVID-19 Scam Roundup – April 6, 2020
Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1…
Results Speak Louder Than Words: A Guide to Evaluating ICS Security Tools
Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a…
Nearly Half of Employees Don’t Know What to Do When Ransomware Hits
A survey revealed that approximately half of employees didn’t know how to respond in the event their organization suffered a ransomware infection. In its survey of North American business employees, Kaspersky found that 45% of respondents overall did not know…
Zoom promises to improve its security and privacy as usage (and concern) soars
What’s happened? Well, Coronavirus 2019 (COVID-19) happened. Okay, smart alec. I know about that. What else is going on? Well, because so many people are (wisely) staying at home, they’re using videoconferencing and chat technology like Zoom to keep in…
Los 7 hábitos de la gestión de vulnerabilidad altamente efectiva
En la superficie, la gestión de vulnerabilidades (VM) es casi omnipresente. Si le pregunta a alguien si su organización tiene VM, la gran mayoría responderá afirmativamente. De hecho, Tripwire hizo esa misma pregunta en una encuesta reciente sobre el tema.…
We’re All Remote Here: Videoconferencing Securely
The current pandemic has certainly shown the utility of electronic collaboration tools such as videoconferencing platforms. Once an expensive perk of solely enterprise companies, the video call is now used not only for executives remotely attending board meetings but also…
VelvetSweatshop Technique Used by Attack Campaign to Deliver LimeRAT
An attack campaign leveraged the Excel VelvetSweatshop encryption technique to deliver samples of the LimeRAT malware family. According to Mimecast, those responsible for this attack campaign turned to VelvetSweatshop to enhance the efficacy of their efforts. Nefarious individuals have a…
The MITRE ATT&CK Framework: Execution
Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than, Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state of the art advanced persistent threat actors, all…
Are You Ready for the Remote Work’s Toll on Corporate Security?
Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security. Using a VPN for New Stay-at-Home Workers Millions of employees are…
COVID-19 Scam Roundup – March 30, 2020
Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400…
COVID-19 Scam Roundup – Week of 3/23/20
Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400…
Mr and Mrs CISO: Security in the Age of the Lockdown
With so many of us frantically learning to juggle our roles as parents, workers and most recently teachers; is it just my wife and I who feel it necessary to monitor the online activity of our teenagers during this lockdown?…
Now Is the Time to Get up to Speed with CMMC and SP 800-171 Rev 2
At the beginning of March 2020, Fifth Domain reported that Colorado-based aerospace, automotive and industrial parts manufacturer Visser Precision LLC had suffered a DoppelPaymer ransomware infection. Those behind this attack ultimately published information stolen from some of Visser’s customers. Those…
Tupperware Website Compromised with Credit Card Skimmer
Digital attackers compromised the website of kitchen and household products manufacturer Tupperware with a credit card skimmer. On March 20, researchers at Malwarebytes observed that attackers had compromised tupperware[.]com by hiding malicious code within an image file. This code activated…
Third-party data breach exposes GE employees’ personal information
Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at…
Industrial Entities in Middle East Targeted by WildPressure APT Operation
A newly detected advanced persistent threat (APT) operation called “WildPressure” targeted industrial organizations and other entities in the Middle East. Researchers at Kaspersky Lab observed WildPressue distributing samples of a fully operation trojan written in C++ called “Milum.” With timestamps…
The Future is Hybrid: Practicing Security in the Hybrid Cloud
By now, many organizations have adopted the cloud in some way. We saw organizations moving whole servers over to the cloud at the beginning, but now we see small parts of a system being moved to the cloud and new…
¿Qué es FIM (Monitoreo de integridad de archivos)?
El monitoreo de integridad de archivos (FIM) existe porque el cambio es común dentro de los entornos de TI de las organizaciones. Los activos de hardware cambian. Los programas de software cambian. Los estados de las configuraciones cambian. Algunas de…
Dispelling 5 Myths and Misconceptions Surrounding File Integrity Monitoring (FIM)
File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder…
Free Cyber Safety Resources during COVID-19
Whether you are reading this from somewhere in the United States or overseas, chances are you are doing it from the comfort of your home. Not because you chose to but because you were asked to do so in order…
Podcast Episode 4: Understanding the Impact of the Skills Gap on the Infosec Market
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…
COVID-19 Scam Roundup – Week of 3/16/20
Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between…
The MITRE ATT&CK Framework: Initial Access
Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What…
How Organizations Can Fight to Retain Talent Amidst the Infosec Skills Gap
In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to…
Whatever happened to cryptojacking?
A couple of years ago it felt like you couldn’t turn your head in any direction without seeing another headline about cryptomining and – its more evil sibling – cryptojacking. Countless websites were hijacked, and injected with cryptocurrency-mining code designed…
Food Delivery Website in Germany Targeted by DDoS Attackers
Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack. Jitse Groen, founder and CEO of the Germany-based food delivery service Takeaway (Lieferando.de), announced on March 18 that his company had suffered a DDoS…
ICS Environments and Patch Management: What to Do If You Can’t Patch
The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Although the terms “patch management” and “vulnerability management” are used…
Nefilim Ransomware Threatens to Release Victims’ Data within a Week
A newly discovered ransomware family called “Nefilim” told its victims that it would publish their stolen data within a week unless they paid their ransom. According to Bleeping Computer, Nefilim started up near the end of February 2020. The threat…
How Organizations Can Achieve Security Availability
We have seen great strides in improving security tooling and processes over the past ten years. Via constantly maturing security models, security teams have become increasingly dependent upon an ever-more complex toolchain of products and services. But what happens when…
¿Trabajando desde casa debido al COVID-19? Lo que tú y tu organización deben considerar
En primer lugar, nuestros corazones están con aquellos en todo el mundo afectados por el coronavirus (COVID-19). El director del Centro de Control y Prevención de Enfermedades (CDC) de EE.UU., que asesora al país sobre salud pública, ha indicado que…
The State of the Cybersecurity Market: Where We’ve Come, Where We’re Going
There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to…
What Is Multi-Factor Authentication, and What Does It Have to Do with You?
Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective. It’s a skill that people build over…
Cloudflare Worker Employed as C&C Server by BlackWater Malware
Security researchers spotted BlackWater malware leveraging a Cloudflare Worker for command-and-control (C&C) functionality. MalwareHunterTeam observed that the threat activity began with an RAR file called “Important – COVID-19.rar.” The file pretended to contain important information about the global COVID-19 outbreak,…
Working from Home during COVID-19? What You and Your Organization Need to Consider
First and foremost, our hearts go out to those around the world impacted by the COVID-19 virus. The director of the U.S. Center for Disease Control & Prevention (CDC), who advises the country on public health, has indicated that the…
Illinois Public Health Dept’s Website Went Down After NetWalker Attack
The website for a public health department in Illinois went down after the agency suffered a NetWalker ransomware attack. According to local media reports, officials at the Champaign-Urbana Public Health District (C-UPHD) became aware of the ransomware attack on March…
Phishing attacks exploit YouTube redirects to catch the unwary
Attackers are increasingly exploiting the fact that email gateways turn a blind eye to links to popular sites such as YouTube, in order to phish passwords from unsuspecting computer users. Researcher Ashley Trans of Cofense highlighted the threat in a…
MITRE Releases an Update to The Common Weakness Enumeration (CWE)
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations,…
The Expert’s Guide on Tackling the Cybersecurity Skills Gap
The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An…
Spam Campaign Leverages IQY Files to Distribute Paradise Ransomware
Security researchers detected a spam campaign leveraging Internet Query (IQY) files in an attempt to distribute Paradise ransomware. Lastline observed that the campaign began by trying to trick users into opening an IQY file, an Excel-readable text file which downloads…
We Want You! Win the War on Ransomware Today
Arguably, the first malware extortion attack occurred in 1988 – the AIDS Trojan had the potential to be the first example of ransomware, but due to a design flaw, the victims didn’t end up actually having to pay up the…
How to Leverage NIST Cybersecurity Framework for Data Integrity
Together with the National Cybersecurity Center of Excellence (NCCoE), the National Institute of Standards and Technology (NIST) has released a series of practice guides that focuses on data integrity: the property that data has not been altered in an unauthorized…
VERT Threat Alert: March 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s March 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-874 on Wednesday, March 11th. In-The-Wild & Disclosed CVEs Microsoft has not identified any of the vulnerabilities released…
Chatbot Used by Phishing Scammers to Help Victims Provide Their Data
Digital fraudsters incorporated a chatbot into their phishing scam for the purpose of helping victims hand over their personal information. In a scam discovered by MalwareHunterTeam and shared with Bleeping Computer, digital attackers targeted Russian users with fake refunds of…
Four Important Steps to Secure the United States 2020 Election
It’s an unfortunate reality that cyber attacks on the U.S. 2020 election are likely to happen. However, while this is a potent threat to democracy, an even greater threat is to not take the necessary actions to prevent these attacks…
Facebook Sued by OAIC for Allegedly Violating Over 300K Aussies’ Privacy
The Office of Australian Information Commissioner (OAIC) filed a lawsuit alleging that Facebook violated the privacy of over 300,000 of its Australian users. On March 9, OAIC announced that it had submitted court documents against Facebook. In those materials, it…
3 Tips for Enterprise Patch Management
A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft; my tablet needing a…
To Be or Not to Be: BCSI in the Cloud?
With regard to BCSI (BES (Bulk Electric System) Cyber System Information) in the cloud, responsible entity sentiments at the moment may be akin to Prince Hamlet as he contemplated death and suicide, “bemoaning the pain and unfairness of life but…