Category: The State of Security

Researchers observed digital attackers employing expired security certificates as a disguise to distribute the Buerak downloader and Mokes malware. Kaspersky Lab learned of a new attack method in which malicious actors leveraged infected websites to warn visitors of an expired…

Read more →

In an ever-evolving security world, we to need to secure more with even fewer resources. While the cybersecurity skills gap increases, leaving “350,000 U.S. cybersecurity jobs unfilled yearly,” it is vital to work together to protect our environments and educate…

Read more →

Mobile telecommunications company T-Mobile disclosed a data security incident that might have exposed the account information of some of its customers. T-Mobile’s Cybersecurity team learned of the incident when it discovered an attack against its email vendor. The team responded…

Read more →

The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems…

Read more →

If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to…

Read more →

Non-profit certificate authority (CA) Let’s Encrypt announced it will revoke more than three million digital certificates due to a software bug. On March 3, Let’s Encrypt revealed its plan to revoke 3,048,289 currently-valid certificates. That figure represented approximately 2.6% of…

Read more →

The risk of a data breach with significant financial consequences and damage to brand equity is the fear of most large publicly traded companies. But many smaller businesses wrongly assume they are too small to be on the radar of…

Read more →

Security researchers discovered a new ransomware family called “PwndLocker” targeting municipalities and enterprise networks. Bleeping Computer learned that PwndLocker has been active since late 2019 and has targeted a variety of U.S. cities and organizations in that span of time.…

Read more →

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…

Read more →

You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner…

Read more →

Pharmacy store chain operator Walgreens notified some of its customers of a data security incident involving its mobile app. According to a sample notification letter sent to Office of the Attorney General of California, Walgreens detected an error involving its…

Read more →

Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you’ve been kicking around in the world of IT security for more years than you’d like to admit, then you’ll surely…

Read more →

An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving text messages…

Read more →

Tripwire’s February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege,…

Read more →

What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and…

Read more →

Scammers disguised two domains as a content delivery network (CDN) in an attempt to quietly target visitors with a credit card skimmer. Malwarebytes noticed something suspicious within the website code of a Parisian boutique store. At first, the script looked…

Read more →

The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking…

Read more →

Security researchers discovered an attack campaign that abused fears surrounding the global coronavirus outbreak to deliver the Remcos RAT. Yoroi Security detected the attack campaign when its threat intelligence activities uncovered a suspicious artifact named “CoronaVirusSafetyMeasures_pdf.” In their analysis, Yoroi’s…

Read more →

During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to…

Read more →

The operators of DoppelPaymer ransomware launched a site for publishing the data of their victims who don’t pay the ransom. On February 25, DoppelPaymer’s handlers published a site called “Dopple leaks.” A message on the site at the time of…

Read more →

Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems…

Read more →

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of…

Read more →

Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users’ Microsoft credentials. Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using…

Read more →

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that…

Read more →

One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on…

Read more →

The U.S. Department of Defense (DoD) warned that a data breach at the Defense Information Systems Agency (DISA) might have compromised some individuals’ personal information. In a photograph of a letter obtained by Reuters, DISA CIO and Risk Management Executive…

Read more →

Scammers created a fake website to masquerade as the organizers of Burning Man and to trick people into buying non-existent tickets for the arts event. Kaspersky Lab discovered a fraudulent website that attempted to capitalize on people’s interest in attending…

Read more →

In part one of this cyber resilience blog series, we discussed what it means to be a resilient organization. For part two, let’s discuss why organizations need to consider these challenges and who’s responsible for addressing them. Whilst asking why…

Read more →

As hackers’ methods become more sophisticated, the scale of email security breaches and the frequency at which they occur grow greater with each passing year. In 2019 alone, an estimated 2 billion unique email addresses, accompanied by over 21 million…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) revealed that a natural gas compression facility suffered a ransomware attack. According to CISA Alert (AA20-049A), digital attackers leveraged a spearphishing link and abused the lack of robust network segmentation to infect Windows-based…

Read more →

In 2011, I was in the middle of sitting down when I suddenly felt prickling sensations start from my toes, spread up my legs, and make their way into my arms. I was gasping for air. As the sensation traveled…

Read more →

For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the…

Read more →

Security researchers observed samples of the AZORult trojan disguising themselves as fake ProtonVPN installers for distribution. Back in November 2019, malicious actors launched this attack campaign by registering the domain “protonvpn[.]store” with a registrar based in Russia. One iteration of…

Read more →

RSA Conference USA is one of the most anticipated digital security events of the year. Last year, its 31 keynote presentations, more than 621 speaker sessions, 700 presenting companies on the exposition floor attracted over 42,000 attendees. Given such popularity,…

Read more →

How Is YARA used? Historically, common detection methods have used file hashes (MD5, SHA1, and SHA256)—unique signatures based on the entire contents of the file—to identify malware. Modern threat actors have increased in sophistication to a point where every instance…

Read more →

Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this? As an Incident Commander (IC), you have…

Read more →

Convenience store and gas station chain Rutter’s disclosed a security incident that might have affected customers’ payment card data. According to a notice posted on its website, Rutter’s launched an investigation after receiving a report from a third-party of someone…

Read more →

Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component…

Read more →

Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component…

Read more →

As if Puerto Rico wasn’t having a hard enough time as it attempts to recover from a recession, the damage caused by devastating hurricanes in recent years, and a damaging earthquake last month, it now finds itself being exploited by…

Read more →

Security researchers spotted a new ransomware strain called “Ransomwared” demanding explicit pictures from its victims as a means of payment. Upon successful infection, Ransomwared runs its encryption routine, appending the file extensions “.ransomwared” and “.iwanttits” to each file it encrypts.…

Read more →

Having worked with many individuals responding to incidents where their digital private images were shared without consent, social media or email accounts had unauthorised access, and even physical safety was a concern, it is all too familiar how terrifying the…

Read more →

Google revealed that it blocked more than 1.9 billion installations of Android malware from non-Play Store sources over the course of 2019. On 11 February, Google revealed on the Android Developers Blog that it had succeeded in scanning billions of…

Read more →

Today’s VERT Alert addresses Microsoft’s February 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-870 on Wednesday, February 12th.  In-The-Wild & Disclosed CVEs CVE-2020-0674 A vulnerability exists in the way that Internet…

Read more →

Security researchers have spotted a new PayPal phishing email scam that tries to steal a victim’s Social Security Number (SSN), among other sensitive data. The attack email informed a victim that their PayPal account was locked, and it instructed them…

Read more →

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…

Read more →

What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs…

Read more →

A San Diego-based provider of affordable preschool disclosed that a data privacy incident might have affected some customers’ personal information. In a notice of data breach published on February 5, Educational Enrichment Systems, Inc. (EES) announced that it had suffered…

Read more →

You’ve seen the high-level stats on the cybersecurity skills gap, but I’ll remind you of some of the main ones from the (ISC)2 Cybersecurity Workforce Study: In the United States, the cybersecurity workforce gap is nearly 500,000. The cybersecurity workforce…

Read more →

Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by…

Read more →

Phishing Attack A few years ago, I myself was vished, or ‘phished,’ over the phone. The caller was someone, likely offshore in a call center, who had done a little bit of research online to find my name, my phone…

Read more →

It may not be the most efficient way to steal data from an organisation, let alone the most practical, but researchers at Ben-Gurion University in Israel have once again detailed an imaginative way to exfiltrate information from an air-gapped computer.…

Read more →

The University of Maastricht publicly revealed that it paid a ransom of 30 bitcoins to recover its computer systems following a ransomware attack. Nick Bos, vice president of the university, shared what officials knew about the digital attack at a…

Read more →

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by…

Read more →

Is an electricity provider’s supply chain its weakest link in the event of a cyberattack? The evidence is compelling that third parties often play unwitting roles. For example, the NotPetya ransomware attacks in mid-2017 originally gained a foothold via a…

Read more →

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a…

Read more →

I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization. That being said, there’s still…

Read more →

A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some samples. Its…

Read more →

Tripwire’s January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware, and Linux. Exploit Alert: Metasploit Up first on the patch priority list this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities…

Read more →

Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan. IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials…

Read more →

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents.…

Read more →

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES)…

Read more →

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year.…

Read more →

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the…

Read more →

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the…

Read more →

One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider. Changes that we accept Changes that are good Changes that are bad A lot of…

Read more →

An investigation claims that the UK’s National Health Service, which was hit hard by the notorious WannaCry worm in 2017, has seen a marked fall in ransomware attacks since. A report published by Comparitech, based upon Freedom of Information requests,…

Read more →

A Ryuk sample was reportedly responsible for a ransomware infection at a contractor for the U.S. Department of Defense (DOD). According to ZDNet, Electronic Warfare Associates (EWA) suffered a ransomware infection in which the offending malware encrypted its web servers.…

Read more →

There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention…

Read more →

Digital criminals posted customers’ payment card details exposed in the 2019 Wawa data breach for sale on a dark web marketplace. In December 2019, the Joker’s Stash first announced what it called the “BIGBADABOOM-III” breach. Advertisements posted by the dark…

Read more →

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest…

Read more →

Remote conferencing services provider Zoom patched a vulnerability that could have allowed an attacker to find and join active meetings. Check Point explained that the issue stemmed from the way in which Zoom secured certain meetings: If you use Zoom,…

Read more →

Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire…

Read more →

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all…

Read more →

In Part 1 of the Plights of the Round Table, the executive staff of Camelot was working on the strategic plan for the following year. Morgan, the CEO, needs to decide how to spend her limited budget for the best…

Read more →

Two state senators from New York State introduced bills that would ban municipalities from meeting ransomware attackers’ demands. On January 14, 2020, NYS Senator Phil Boyle of the 4th Senate District proposed Senate Bill S7246. Senator Boyle along with his…

Read more →

In a previous article, we discussed what the NIS Directive is. The European Union developed the Directive in response to the emerging cyber threats to critical infrastructure and the impact cyber-attacks have on society and the European digital market. The…

Read more →

A Russian national pleaded guilty to having operated Cardplanet and another website that provided digital criminal services to its customers. Appearing before Senior U.S. District Judge T.S. Ellis III, Aleksei Burkov, 29, pleaded guilty to charges of access device fraud,…

Read more →

A new report into the state of ransomware at the tail end of 2019 has revealed that things aren’t getting any better. In Q4 of 2019, according to the new study published by security firm Coveware, the average ransom payment…

Read more →

The Shlayer trojan accounted for approximately 30 percent of all of Kaspersky Lab’s malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for…

Read more →

Digital attacks are a top concern for Industrial Control System (ICS) security professionals. In a survey conducted by Dimensional Research, 88 percent of these personnel told Tripwire that they were concerned about the threat of a digital attack. An even…

Read more →

The United Parcel Service (UPS) revealed that a phishing incident might have exposed the information of some of its customers. In its “Notice of Data Breach” letter, UPS disclosed that an unauthorized person had used a phishing attack to gain…

Read more →

Requesting that a SaaS company answer a Vendor Security request has become a regular thing for companies who work in the cloud. But have you thought about how the reverse works, that is, when your customer has a VSA process…

Read more →

As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might…

Read more →

Health Quest announced that it’s begun notifying patients whose information might have been exposed in a phishing incident. According to its website notice, Health Quest first learned of the incident in July 2018 when several employees fell for a phishing…

Read more →

With the 2010s now over, the infosec industry is now fully invested in 2020 and beyond. The 2020s will no doubt present their fair share of challenging digital security threats. But they will also enable security professionals to discuss shared…

Read more →

A new survey found that regulators have thus far imposed imposed $126 million worth of fines for data breaches and other GDPR infringements. According to DLA Piper’s GDPR Data Breach Survey, data protection regulators imposed €114 million (about US$126 million…

Read more →

The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives: Improving national cybersecurity capabilities Building cooperation at EU level Promoting a…

Read more →

Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers,…

Read more →

The Federal Bureau of Investigations (FBI) and the Department of Justice (DOJ) announced that they have seized the domain name for weleakinfo.com. On January 16, the U.S. Attorney’s Office for the District of Columbia announced that the FBI and DOJ…

Read more →

Canadian online pharmacy PlanetDrugsDirect.com has contacted customers warning them that their data might have been exposed in what they euphemistically describe as a “data security incident”. In an email seen by Bleeping Computer, the website warned that exposed personal data…

Read more →

Security researchers observed that Ako ransomware is using malicious spam attachments to go after organizations’ networks. On January 14, AppRiver Senior Cybersecurity Analyst David Pickett contacted Bleeping Computer and told the computer self-help site that his company had observed Ako…

Read more →

The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. First…

Read more →

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. These standards not…

Read more →

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations…

Read more →

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support…

Read more →

Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th.  In-The-Wild & Disclosed CVEs CVE-2020-0601 While there are no in-the-wild and disclosed CVEs…

Read more →

The Government Communications Headquarters (GCHQ) is urging people to no longer use computers with Windows 7 installed for banking or email. A spokesperson for the National Cyber Security Centre (NCSC), a part of GCHQ, encouraged consumers to upgrade their Windows…

Read more →

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it’s no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I…

Read more →

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam. On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed…

Read more →