Resources

Join Tripwire VERT at SecTor 2019
Blog

Join Tripwire VERT at SecTor 2019

By Tyler Reguly on Wed, 09/25/2019
For the past few years, VERT has been running an IoT Hack Lab at SecTor, a security conference in Toronto, Ontario, Canada. Interested attendees (including Expo attendees, who can get a free pass using code Tripwire2019) can visit the Hack Lab with their laptop and learn how to hack various IoT devices from routers and baby monitors to more complex...
How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3

By Editorial Staff on Mon, 09/23/2019
Part 2: Cyber Hygiene Made Public – A Necessary Evil? In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC...
Blog

Building a Foundation for “Smart” Steel Factories with Fog Computing, the Cloud and Cybersecurity

By Lane Thames on Sun, 09/22/2019
Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Over 12,000 WannaCry Variants Detected in the Wild

By David Bisson on Thu, 09/19/2019
Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August...
#TripwireBookClub – Practical Binary Analysis
Blog

#TripwireBookClub – Practical Binary Analysis

By Tyler Reguly on Wed, 09/18/2019
After an extended delay, we’ve finally reviewed our next book for #TripwireBookClub. This time around, we looked at Practical Binary Analysis written by Dennis Andriesse and published by No Starch Press. This book is a deep dive into binary analysis, and I think that it’s best just to quote the opening paragraph of the book’s preface: “Binary...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

TFlower Ransomware Targeting Businesses via Exposed RDS

By David Bisson on Wed, 09/18/2019
A new crypto-ransomware threat called "TFlower" is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine's exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with...
Concerns and Challenges for Effective Cloud Security
Blog

Concerns and Challenges for Effective Cloud Security

By Anastasios Arampatzis on Tue, 09/17/2019
In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web...
How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

By Editorial Staff on Mon, 09/16/2019
Part 1: Laying the Groundwork for Achieving Certification In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Varying standards...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Spam Campaign Targeting German Users with Ordinypt Malware

By David Bisson on Mon, 09/16/2019
A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line "Bewerbung via Arbeitsagentur - Eva...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

COBALT DICKENS Launched New Phishing Operation against Universities

By David Bisson on Thu, 09/12/2019
The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks' Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used...
How to Foil the 6 Stages of a Network Intrusion
Blog

How to Foil the 6 Stages of a Network Intrusion

By David Bisson on Thu, 09/12/2019
The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive...
What to Do If You Receive a Legitimate 'Unusual Account Activity' Notice
Blog

What to Do If You Receive a Legitimate 'Unusual Account Activity' Notice

By Editorial Staff on Wed, 09/11/2019
Sadly, it’s all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren’t the only motivation here for issuing these types of notifications....
Toyota Parts Supplier Loses $37 Million in Email Scam
Blog

Toyota Parts Supplier Loses $37 Million in Email Scam

By Graham Cluley on Wed, 09/11/2019
Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen ...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: September 2019 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/10/2019
Today’s VERT Alert addresses Microsoft’s September 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-849 on Wednesday, September 11th. In-The-Wild & Disclosed CVEs CVE-2019-1214 An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver can allow an...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

District in Rockford Public Schools Confirms Ransomware Attack

By David Bisson on Tue, 09/10/2019
A district within the Rockford Public Schools (RPS) system has confirmed it suffered a ransomware attack that affected parts of its network. On 6 September, District 205 of RPS posted a statement on Facebook in which it noted that its Internet, phones and information systems used to track attendance...
10 of the Most Significant Ransomware Attacks of All Time
Blog

10 of the Most Significant Ransomware Attacks of All Time

By David Bisson on Mon, 09/09/2019
For years, ransomware actors have developed new families and attack campaigns in increasing frequency and numbers. Such activity peaked in 2017 but then fell in tandem with cryptocurrency miners’ rise. This development was short-lived, however. Between Q4 2018 and Q1 2019, Malwarebytes observed a 195 percent increase in ransomware detections...