Resources

Blog

Citrix NetScaler CVE-2019-19781: What You Need to Know

Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw. What’s...
Blog

SNAKE Ransomware Targeting Entire Corporate Networks

Security researchers have observed samples of the new SNAKE ransomware family targeting organizations' entire corporate networks. Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation. Upon successful infection, the ransomware deletes the machine's Shadow Volume Copies...
Blog

From Good to Great - Building on ICS Security Basics

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...
Blog

VERT Threat Alert: Citrix NetScaler/ADC Critical Flaw (CVE-2019-19781)

Vulnerability Description Citrix has indicated that an unauthenticated attacker can exploit this flaw to perform arbitrary code execution. Although details from Citrix are minimal, VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance. These flaws ultimately allow the...
Blog

Navigating ICS Security: The Value of Frameworks

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp

ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been. Prioritizing Asset Assessment The biggest change at this level is the focus on the breadth of assessment going...
Blog

CIP-003-7: Transient Cyber Assets and Removable Media in 2020

Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems. The purpose of the standard is to specify...
Blog

Travelex Temporarily Disabled All Its Systems Following a Malware Attack

Foreign exchange company Travelex announced that it had temporarily disabled all of its systems following a malware attack. Twitter user Izzy Fergus first noticed something was wrong when she attempted to visit travelex.co.uk and saw a runtime error message. When she reached out to the company on Twitter, Travelex UK informed her that it was...
Blog

How to Achieve Compliance with NIS Directive

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect...
Blog

Tripwire Enterprise and Zero Trust

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM) tools...
Blog

Landry's Notifies Customers of Payment Card Incident

Dining, hospitality and entertainment corporation Landry's notified customers of a security incident that might have affected their payment card data. On December 31, Landry's revealed that it first learned of the incident after it detected unauthorized activity on the payment processing systems for...
Blog

Special Olympics NY's Email Server Abused to Send Phishing Emails

Digital attackers compromised an email server owned by Special Olympics NY and then abused it to target donors with phishing emails. The attack emails told recipients that an automatic donation transaction of $1,942.49 would register on their accounts within the next two hours. The email then asked recipients to review a PDF statement to confirm...
Blog

The Top 10 State of Security Blog Posts from 2019

It’s been another fantastic year on The State of Security blog. With over 350 blogs published from all walks of the security community, we like to think of the blog as more of an industry resource that caters to not only experienced security professionals but also to those who are new to the community. To finish the year off, I wanted to look back on...
Blog

Honeypots: A Guide To Increasing Security

Honeypots are not a new idea. They have been part of the cybersecurity world for decades and have frequently gone in and out of "fashion" over that period. Recently, though, they have become an increasingly important part of vulnerability management. That's for a couple of reasons. Honeypots offer real-world data on the types of threats that...
Blog

AWS vs. Azure vs. Google – What’s the Difference from a Cloud Security Standpoint?

When mainstream cloud computing first began to appear on the horizon, (Amazon launched its Elastic Compute Cloud product in 2006.) many organizations were initially hesitant to entrust their most valuable data and processes to a technological innovation named after something that appears so delicate. Oh, how times have changed. Today, an estimated 96% of organizations use cloud computing, with...
Blog

Over 100 Android Apps Used 'Soraka' Package to Perform Ad Fraud

Researchers identified more than 100 apps that used a common code package named "Soraka" to perform ad fraud on users' Android devices. The White Ops Threat Intelligence team observed that many of the apps did not have a suspicious reputation at the time of discovery. For instance, the "Best Fortune Explorer" registered no red flags with anti-virus...