Researchers observed digital attackers employing expired security certificates as a disguise to distribute the Buerak downloader and Mokes malware. Kaspersky Lab learned of a new attack method in which malicious actors leveraged infected websites to warn visitors of an expired…
Category: The State of Security
Why It’s Important to Have a Customer Community in the World of Cybersecurity
In an ever-evolving security world, we to need to secure more with even fewer resources. While the cybersecurity skills gap increases, leaving “350,000 U.S. cybersecurity jobs unfilled yearly,” it is vital to work together to protect our environments and educate…
T-Mobile Says Security Incident Might Have Exposed Customers’ Data
Mobile telecommunications company T-Mobile disclosed a data security incident that might have exposed the account information of some of its customers. T-Mobile’s Cybersecurity team learned of the incident when it discovered an attack against its email vendor. The team responded…
The War of Passwords: Compliance vs NIST
The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems…
What is ISO 27701?
If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to…
Let’s Encrypt Says It Will Revoke 3M Certificates Due to Software Bug
Non-profit certificate authority (CA) Let’s Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let’s Encrypt revealed its plan to revoke 3,048,289 currently-valid certificates. That figure represented approximately 2.6% of…
How to Communicate Risk: Profiles, Dashboards and Responsibilities
The risk of a data breach with significant financial consequences and damage to brand equity is the fear of most large publicly traded companies. But many smaller businesses wrongly assume they are too small to be on the radar of…
PwndLocker Ransomware Targeting Municipalities, Enterprise Networks
Security researchers discovered a new ransomware family called “PwndLocker” targeting municipalities and enterprise networks. Bleeping Computer learned that PwndLocker has been active since late 2019 and has targeted a variety of U.S. cities and organizations in that span of time.…
Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…
What Is PIPEDA? And How Does It Protect You and Your Privacy?
You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner…
Walgreens Disclosed Data Security Incident Involving Its Mobile App
Pharmacy store chain operator Walgreens notified some of its customers of a data security incident involving its mobile app. According to a sample notification letter sent to Office of the Attorney General of California, Walgreens detected an error involving its…
Beware secret lovers spreading Nemty ransomware
Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely…
More Than 140GB of Data Exposed by Israeli Marketing Company
An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving text messages…
Tripwire Patch Priority Index for February 2020
Tripwire’s February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege,…
Red Teaming: How to Run Effective Cyber-Drills?
What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and…
Scammers Disguise Two Domains as CDN to Cloak Credit Card Skimmer
Scammers disguised two domains as a content delivery network (CDN) in an attempt to quietly target visitors with a credit card skimmer. Malwarebytes noticed something suspicious within the website code of a Parisian boutique store. At first, the script looked…
NSA Releases Cloud Vulnerability Guidance
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking…
Attack Campaign Leveraged Coronavirus Theme to Deliver Remcos RAT
Security researchers discovered an attack campaign that abused fears surrounding the global coronavirus outbreak to deliver the Remcos RAT. Yoroi Security detected the attack campaign when its threat intelligence activities uncovered a suspicious artifact named “CoronaVirusSafetyMeasures_pdf.” In their analysis, Yoroi’s…
SANS 2019 Incident Response Survey: Successful IR Relies on Visibility
During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to…
DoppelPaymer Ransomware Launches Site for Publishing Victims’ Data
The operators of DoppelPaymer ransomware launched a site for publishing the data of their victims who don’t pay the ransom. On February 25, DoppelPaymer’s handlers published a site called “Dopple leaks.” A message on the site at the time of…
The MITRE ATT&CK Framework: Impact
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems…
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4
The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of…
Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials
Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users’ Microsoft credentials. Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using…
How to Get Started in Digital Forensics
If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that…
NetOps vs DevOps vs DevSecOps – What’s the Difference?
One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on…
U.S. Department of Defense Disclosed Data Breach at DISA
The U.S. Department of Defense (DoD) warned that a data breach at the Defense Information Systems Agency (DISA) might have compromised some individuals’ personal information. In a photograph of a letter obtained by Reuters, DISA CIO and Risk Management Executive…
Scammers Use Fake Website to Masquerade as Burning Man Organizers
Scammers created a fake website to masquerade as the organizers of Burning Man and to trick people into buying non-existent tickets for the arts event. Kaspersky Lab discovered a fraudulent website that attempted to capitalize on people’s interest in attending…
Why Is Cyber Resilience Essential and Who’s Responsible for It?
In part one of this cyber resilience blog series, we discussed what it means to be a resilient organization. For part two, let’s discuss why organizations need to consider these challenges and who’s responsible for addressing them. Whilst asking why…
Top Email Security Threats of 2020 – How To Stop Them
As hackers’ methods become more sophisticated, the scale of email security breaches and the frequency at which they occur grow greater with each passing year. In 2019 alone, an estimated 2 billion unique email addresses, accompanied by over 21 million…
CISA Disclosed Ransomware Attack at Natural Gas Compression Facility
The Cybersecurity and Infrastructure Security Agency (CISA) revealed that a natural gas compression facility suffered a ransomware attack. According to CISA Alert (AA20-049A), digital attackers leveraged a spearphishing link and abused the lack of robust network segmentation to infect Windows-based…
Mental Health for Hackers: Contents Under Pressure
In 2011, I was in the middle of sitting down when I suddenly felt prickling sensations start from my toes, spread up my legs, and make their way into my arms. I was gasping for air. As the sensation traveled…
Red Teaming for Blue Teamers: A Practical Approach Using Open Source Tools
For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the…
AZORult Trojan Disguised Itself as Fake ProtonVPN Installer
Security researchers observed samples of the AZORult trojan disguising themselves as fake ProtonVPN installers for distribution. Back in November 2019, malicious actors launched this attack campaign by registering the domain “protonvpn[.]store” with a registrar based in Russia. One iteration of…
10 Must-See Talks to Attend at RSA Conference 2020
RSA Conference USA is one of the most anticipated digital security events of the year. Last year, its 31 keynote presentations, more than 621 speaker sessions, 700 presenting companies on the exposition floor attracted over 42,000 attendees. Given such popularity,…
Signature and Socket Based Malware Detection with osquery and YARA
How Is YARA used? Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance…
Crisis Management Automation for the Entire Organization with Dispatch – BSidesSF Preview
Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this? As an Incident Commander (IC), you have…
Payment Card Data Security Incident Disclosed by Rutter’s
Convenience store and gas station chain Rutter’s disclosed a security incident that might have affected customers’ payment card data. According to a notice posted on its website, Rutter’s launched an investigation after receiving a report from a third-party of someone…
MOSE: Using Configuration Management for Offensive and Defensive Security
Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component…
MOSE: Using Configuration Management for Evil
Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component…
Puerto Rico government falls for $2.6 million email scam
As if Puerto Rico wasn’t having a hard enough time as it attempts to recover from a recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by…
‘Ransomwared’ Ransomware Strain Demands Explicit Pictures as Payment
Security researchers spotted a new ransomware strain called “Ransomwared” demanding explicit pictures from its victims as a means of payment. Upon successful infection, Ransomwared runs its encryption routine, appending the file extensions “.ransomwared” and “.iwanttits” to each file it encrypts.…
A Guide to Digital Privacy for You and Your Family
Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terrifying the…
Google Foiled Over 1.9B Malware Installs from Non-Play Sources in 2019
Google revealed that it blocked more than 1.9 billion installations of Android malware from non-Play Store sources over the course of 2019. On 11 February, Google revealed on the Android Developers Blog that it had succeeded in scanning billions of…
VERT Threat Alert: February 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s February 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-870 on Wednesday, February 12th. In-The-Wild & Disclosed CVEs CVE-2020-0674 A vulnerability exists in the way that Internet…
New PayPal Phishing Email Scam Wants Your Social Security Number
Security researchers have spotted a new PayPal phishing email scam that tries to steal a victim’s Social Security Number (SSN), among other sensitive data. The attack email informed a victim that their PayPal account was locked, and it instructed them…
(Podcast) Episode 2: Cybersecurity Awareness with Graham Cluley
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…
Cyber Resilience – Everything You (Really) Need to Know
What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs…
Data Privacy Event Disclosed by Affordable Preschool Provider
A San Diego-based provider of affordable preschool disclosed that a data privacy incident might have affected some customers’ personal information. In a notice of data breach published on February 5, Educational Enrichment Systems, Inc. (EES) announced that it had suffered…
No Relief for Cybersecurity Teams in Sight, Reveals Tripwire’s Latest Skills Gap Report
You’ve seen the high-level stats on the cybersecurity skills gap, but I’ll remind you of some of the main ones from the (ISC)2 Cybersecurity Workforce Study: In the United States, the cybersecurity workforce gap is nearly 500,000. The cybersecurity workforce…
10 Tenets for Cyber Resilience in a Digital World
Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by…
Protecting Organizations from Customized Phishing Attacks
Phishing Attack A few years ago, I myself was vished, or ‘phished,’ over the phone. The caller was someone, likely offshore in a call center, who had done a little bit of research online to find my name, my phone…
How your screen’s brightness could be leaking data from your air-gapped computer
It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer.…
University of Maastricht Paid 30 Bitcoins to Ransomware Attackers
The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack. Nick Bos, vice president of the university, shared what officials knew about the digital attack at a…
3 Malware Trends to Watch Out for in 2020
Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by…
So You Want to Achieve NERC CIP-013-1 Compliance…
Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a…
DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI
The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a…
What Is Log Management, and Why Is It Important?
I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization. That being said, there’s still…
Spam Campaign Leveraged RTF Documents to Spread Infostealers
A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some samples. Its…
Tripwire Patch Priority Index for January 2020
Tripwire’s January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware, and Linux. Exploit Alert: Metasploit Up first on the patch priority list this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities…
Email Attackers Abusing Coronavirus Outbreak to Spread Emotet
Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan. IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials…
Helping Healthcare Organizations Mature their Cybersecurity Practices
Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents.…
Assessment Frameworks for NIS Directive Compliance
According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES)…
Why Asset Visibility Is Essential to the Security of Your Industrial Environment
Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year.…
UK High Court Approves Freezing Injunction on $1M Ransomware Payment
The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the…
UK High Court Clears Freezing Injunction on $1M Ransomware Payment
The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the…
Change Is Inevitable: Tripwire File Analyzer
One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider. Changes that we accept Changes that are good Changes that are bad A lot of…
The NHS has suffered only six ransomware attacks since the WannaCry worm, investigation reveals
An investigation claims that the UK’s National Health Service, which was hit hard by the notorious WannaCry worm in 2017, has seen a marked fall in ransomware attacks since. A report published by Comparitech, based upon Freedom of Information requests,…
Ryuk Reportedly Behind Ransomware Infection at DOD Contractor
A Ryuk sample was reportedly responsible for a ransomware infection at a contractor for the U.S. Department of Defense (DOD). According to ZDNet, Electronic Warfare Associates (EWA) suffered a ransomware infection in which the offending malware encrypted its web servers.…
On Authorization and Implementation of Access Control Models
There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention…
Payment Cards Exposed in Wawa Breach Offered for Sale on Dark Web
Digital criminals posted customers’ payment card details exposed in the 2019 Wawa data breach for sale on a dark web marketplace. In December 2019, the Joker’s Stash first announced what it called the “BIGBADABOOM-III” breach. Advertisements posted by the dark…
(Podcast) Episode 01: What “Attack Surface” Means in 2020
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…
Zoom Bug Potentially Allowed Attackers to Find and Join Active Meetings
Remote conferencing services provider Zoom patched a vulnerability that could have allowed an attacker to find and join active meetings. Check Point explained that the issue stemmed from the way in which Zoom secured certain meetings: If you use Zoom,…
5 Ways Your Organization Can Ensure Improved Data Security
Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire…
Navigating ICS Security: Having your Action Plan Ready
Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all…
Plights of the Round Table – Strategic Lessons from the Casino
In Part 1 of the Plights of the Round Table, the executive staff of Camelot was working on the strategic plan for the following year. Morgan, the CEO, needs to decide how to spend her limited budget for the best…
NY Bills Would Ban Municipalities From Meeting Ransomware Demands
Two state senators from New York State introduced bills that would ban municipalities from meeting ransomware attackers’ demands. On January 14, 2020, NYS Senator Phil Boyle of the 4th Senate District proposed Senate Bill S7246. Senator Boyle along with his…
Who Are the Digital Service Providers (DSP) under the NIS Directive?
In a previous article, we discussed what the NIS Directive is. The European Union developed the Directive in response to the emerging cyber threats to critical infrastructure and the impact cyber-attacks have on society and the European digital market. The…
Russian National Pleads Guilty to Having Run Cardplanet Marketplace
A Russian national pleaded guilty to having operated Cardplanet and another website that provided digital criminal services to its customers. Appearing before Senior U.S. District Judge T.S. Ellis III, Aleksei Burkov, 29, pleaded guilty to charges of access device fraud,…
Ransomware: The average ransom payment doubled in just three months
A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better. In Q4 of 2019, according to the new study published by security firm Coveware, the average ransom payment…
Shlayer Trojan Accounted for 30 Percent of Detections for macOS in 2019
The Shlayer trojan accounted for approximately 30 percent of all of Kaspersky Lab’s malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for…
How CISOs Can Expand Their Security Duties into Industrial Environments
Digital attacks are a top concern for Industrial Control System (ICS) security professionals. In a survey conducted by Dimensional Research, 88 percent of these personnel told Tripwire that they were concerned about the threat of a digital attack. An even…
UPS Says Phishing Incident Might Have Exposed Some Customers’ Data
The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorized person had used a phishing attack to gain…
The Vendor Security Assessment (VSA): What You Need to Know
Requesting that a SaaS company answer a Vendor Security request has become a regular thing for companies who work in the cloud. But have you thought about how the reverse works, that is, when your customer has a VSA process…
Navigating ICS Security: Best Practices for ICS Decision-Makers
As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might…
Health Quest Begins Notifying Patients Affected by Phishing Incident
Health Quest announced that it’s begun notifying patients whose information might have been exposed in a phishing incident. According to its website notice, Health Quest first learned of the incident in July 2018 when several employees fell for a phishing…
The Top 19 Information Security Conferences of 2020
With the 2010s now over, the infosec industry is now fully invested in 2020 and beyond. The 2020s will no doubt present their fair share of challenging digital security threats. But they will also enable security professionals to discuss shared…
GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey
A new survey found that regulators have thus far imposed imposed $126 million worth of fines for data breaches and other GDPR infringements. According to DLA Piper’s GDPR Data Breach Survey, data protection regulators imposed €114 million (about US$126 million…
NIS Directive: Who are the Operators of Essential Services (OES)?
The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives: Improving national cybersecurity capabilities Building cooperation at EU level Promoting a…
You’ve Bought Security Software. Now What?
Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers,…
Domain Name of WeLeakInfo.com Seized by FBI and DOJ
The Federal Bureau of Investigations (FBI) and the Department of Justice (DOJ) announced that they have seized the domain name for weleakinfo.com. On January 16, the U.S. Attorney’s Office for the District of Columbia announced that the FBI and DOJ…
PlanetDrugsDirect reveals security breach, warns customers their data may have been exposed
Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data…
Ako Ransomware Using Spam Attachments to Target Networks
Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. On January 14, AppRiver Senior Cybersecurity Analyst David Pickett contacted Bleeping Computer and told the computer self-help site that his company had observed Ako…
Key Cloud Security Challenges and Strategies to Overcome Them
The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. First…
ISA Global Cybersecurity Alliance: Your Expertise is Needed
The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. These standards not…
Emotet Used Phishing Emails to Target the United Nations
The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations…
Android Banking Trojans: History, Types, Modus Operandi
One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support…
VERT Threat Alert: January 2020 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th. In-The-Wild & Disclosed CVEs CVE-2020-0601 While there are no in-the-wild and disclosed CVEs…
GCHQ Urges People to No Longer Use Windows 7 PCs for Banking, Email
The Government Communications Headquarters (GCHQ) is urging people to no longer use computers with Windows 7 installed for banking or email. A spokesperson for the National Cyber Security Centre (NCSC), a part of GCHQ, encouraged consumers to upgrade their Windows…
Developing a Data Protection Compliance Program – Verizon’s 9-5-4 Model
In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I…
Texas School District Lost $2.3M to Phishing Email Scam
A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam. On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed…