Resources

Blog

Fraudsters Use Salary Increase Scam to Steal Employees' Credentials

Digital fraudsters have launched a new phishing campaign that uses a salary increase scam to trick employees into handing over their credentials. Spotted by the Cofense Phishing Defense Center, the campaign used spoofing techniques to trick recipients into thinking that the attack emails came from their HR department. Those emails claimed that the...
Blog

Men paid $100K by Uber to hush up hack plead guilty to extortion scheme

Two hackers face up to five years in prison after pleading guilty to their involvement in a scheme which saw them attempt to extort money from Uber and LinkedIn in exchange for the deletion of stolen data. Twenty-six-year-old Brandon Charles Glover and Vasile Meacre, 23, entered guilty pleas this week at a federal court in San Jose, California in...
Blog

Tripwire Patch Priority Index for October 2019

Tripwire's October 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First on the patch priority list this month are vulnerabilities that have been recently add to Metasploit. CVE-2019-13272 is a Linux kernel vulnerability; proof-of-concept code...
Blog

DNS Rebinding: A Frightening Attack Vector with Spooky Security Impacts

One of the greatest misconceptions about online safety is that home networks are somehow private. Unfortunately, this hasn’t been true since around the turn of the century when we started filling our home networks with Internet-connected boxes serving local web pages. The problem is that web browsers typically make little distinction between web...
Blog

Leadership Through Security: The Changing Role of the CISO

The traditional career path for a chief information security officer (CISO) is fairly straightforward. An individual begins their career in IT but ultimately moves to security after demonstrating a security mindset. Once established within the ranks of information security, the professional receives promotion after promotion until they attain the...
Blog

Court Cases Affected by TrialWorks Ransomware Incident

A ransomware incident at TrialWorks forced at least two law firms to request deadline extensions for some of their court cases. JML Law, APLC requested an extension of 18 days to submit documents pertaining to one of its cases. According to court files, the Woodland Hills-based law firm attributed its request to a "hosting outage" at TrialWorks, its...
Blog

Modern Skills for Modern CISOs: Your Questions Answered

Sometimes your best intentions are thwarted by technology. That was the case when Thom Langford and I attempted to do a Q&A session after our webinar “Modern Skills for Modern CISOs.” Unfortunately, the session ended before we got the chance to answer the questions that the audience had submitted. The silver lining is that we had the chance to write...
Blog

Scammer Stole $500K from Ocala, FL in Spear Phishing Attack

A scammer stole a little more than $500,000 from the City of Ocala, Florida as the result of a successful spear phishing attack. According to Ocala.com, an Ocala employee fell for a spear-phishing attack, one of the most common variants of phishing campaigns, near the end of October. They opened an...
Blog

Jackson Health System Fined $2.15M for HIPAA Violations

Jackson Health System (JHS) paid a civil money penalty of $2.15 million after having violated some of HIPAA's provisions. The case dates back to August 2013 when JHS submitted a breach report to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services. In its report, the...
Blog

Is the Electric Grid Ready to Respond to Increased Cyber Threats?

Reports from the U.S. Government Accountability Office (GAO) and Siemens highlight both the increasing cyber threats faced by the electric utility companies and the lack of adequate readiness to respond to these threats. According to these reports, a cyber-attack on the electric grid could cause “severe” damage. The electric grid delivers the...
Blog

Cyber Attack Risk Climbs in Latest WEF Regional Risk Report

Unsurprisingly, cyber attacks are growing in the business sector and not just in the United States but world-wide. Cyber-attacks represent the greatest risk in six out of ten of the top economies in the world. The report presented by the World Economic Forum discusses formjacking, cryptojacking, ransomware like LockerGoga and other cyber-attacks of...
Blog

Guide to Container Security – Everything You Need to Know

Ah, the wonders of technology. In the innovation-rich Information Age, we are the beneficiaries of a nonstop wave of new advancements, each offering the ability to execute vital tasks faster and more efficiently than ever before. However, along with each breakthrough comes potential security vulnerabilities. Such is the case with containerization....
Blog

Malspam Campaign Targeted German Organizations with Buran Ransomware

Researchers spotted a malspam campaign that targeted German organizations with samples of the Buran crypto-ransomware family. In early October, Bromium observed a malspam campaign whose emails impersonated online fax service eFax. The emails contained hyperlinks to a PHP page that served up malicious Word documents. This technique helped the Word...
Blog

5 Container Security Risks Every Company Faces

Over the course of the past 10 years, traditional application development methodology (waterfall) has given way in favor of the more agile DevOps-centric methodologies focused on continuous delivery and continuous deployment. This trend was turbocharged in 2013 when Docker containers came onto the scene and ushered in the proverbial crossing of the...
Blog

Phishing Campaign Uses Clever Tricks to Steal Stripe Credentials

Researchers have detected a new phishing campaign that uses some clever tricks in order to steal users' Stripe credentials. Cofense discovered the campaign when it came across an attack email that pretended to originate from "Stripe Support." The message informed recipients that their account contained invalid details and that it was therefore...