Resources

Blog

CISA on Iran’s Cyber Threat: It’s Time to Review Your Cyber Security Posture!

Following the recent U.S. operation in Iraq which resulted in the killing of Iranian General Qassem Soleimani, Iran warned that it will retaliate. Although the international community and both involved countries have taken steps to deescalate the crisis, it is always prudent to stay alert and continually update your cybersecurity programs regardless of whether the opponent is a state actor or just...
Blog

Introducing the New MITRE ATT&CK Framework for Industrial Control Systems

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...
Blog

DSG Retail Limited Fined £500K by ICO Following Malware Attack

The UK Information Commissioner's Office (ICO) fined DSG Retail Limited £500,000 following a malware attack that affected millions of the retailer's customers. As the result of an investigation, the ICO learned that the DSG Retail Limited had suffered a security incident in which an attacker installed malware on 5,390 tills at Currys PC World and...
Blog

Man jailed for using webcam RAT to spy on women in their bedrooms

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them. 27-year-old Scott Cowley, of St Helens, Merseyside, was arrested last November as part of an international investigation into purchasers of the Imminent Monitor RAT. Imminent...
Blog

Tripwire Patch Priority Index for December 2019

Tripwire's December 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Citrix, Microsoft, Django, and Adobe. Critical Vulnerabilities: Up first on the patch priority list this month is a critical arbitrary code execution vulnerability for the Citrix ADC application. In particular, Citrix ADC and Citrix Gateway (formerly...
Blog

Citrix NetScaler CVE-2019-19781: What You Need to Know

Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw. What’s...
Blog

SNAKE Ransomware Targeting Entire Corporate Networks

Security researchers have observed samples of the new SNAKE ransomware family targeting organizations' entire corporate networks. Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation. Upon successful infection, the ransomware deletes the machine's Shadow Volume Copies...
Blog

From Good to Great - Building on ICS Security Basics

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...
Blog

VERT Threat Alert: Citrix NetScaler/ADC Critical Flaw (CVE-2019-19781)

Vulnerability Description Citrix has indicated that an unauthenticated attacker can exploit this flaw to perform arbitrary code execution. Although details from Citrix are minimal, VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance. These flaws ultimately allow the...
Blog

Navigating ICS Security: The Value of Frameworks

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp

ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been. Prioritizing Asset Assessment The biggest change at this level is the focus on the breadth of assessment going...
Blog

CIP-003-7: Transient Cyber Assets and Removable Media in 2020

Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems. The purpose of the standard is to specify...
Blog

Travelex Temporarily Disabled All Its Systems Following a Malware Attack

Foreign exchange company Travelex announced that it had temporarily disabled all of its systems following a malware attack. Twitter user Izzy Fergus first noticed something was wrong when she attempted to visit travelex.co.uk and saw a runtime error message. When she reached out to the company on Twitter, Travelex UK informed her that it was...
Blog

How to Achieve Compliance with NIS Directive

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to...
Blog

Tripwire Enterprise and Zero Trust

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM)...
Blog

Landry's Notifies Customers of Payment Card Incident

Dining, hospitality and entertainment corporation Landry's notified customers of a security incident that might have affected their payment card data. On December 31, Landry's revealed that it first learned of the incident after it detected unauthorized activity on the payment processing systems for...
Blog

Special Olympics NY's Email Server Abused to Send Phishing Emails

Digital attackers compromised an email server owned by Special Olympics NY and then abused it to target donors with phishing emails. The attack emails told recipients that an automatic donation transaction of $1,942.49 would register on their accounts within the next two hours. The email then asked recipients to review a PDF statement to confirm...