Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th. In-The-Wild & Disclosed CVEs CVE-2019-1053 An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker...

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of...

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck. Now that I’m older, I watch more than I play, and I’m able to appreciate the many lessons team...

Microsoft is warning users to be on the lookout for a malspam campaign that's abusing an Office vulnerability in order to distribute a backdoor. On 7 June, Microsoft Security Intelligence took to Twitter to raise awareness of the operation. The campaign, which remains active as of this writing, begins when users receive a malspam email in one of...

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not...

In a "preliminary statement" published on its blog on Thursday, cryptocurrency wallet service GateHub has warned that over 100 customers have had their ledger wallets hacked and funds stolen. Dear Valued Customers, Recently, we have been notified by our customers and community members about funds on their XRP Ledger wallets being stolen and...

A new wave of attacks involving PCASTLE malware are targeting systems located in China with the XMRig cryptocurrency miner. On 17 May, Trend Micro first observed a series of attacks that use PCASTLE, an obfuscated PowerShell script, to target mainly China-based systems with XMRig, cryptomining malware was involved in numerous attacks in 2018. The...

DevOps is revolutionizing the way enterprises deliver apps to the market by blending software development and information technology operations. This convergence creates an assembly line for the cloud, as Tim Erlin wrote for The State of Security, by increasing the rate at which companies can develop apps and deliver them to users. 11 Common Tools...

The move to the cloud—in many ways—is a return to the early days of computing. When I took my first computer class in 1978, we used an IBM system/360 system time share. We rented out time on a remote system, sent our jobs over a modem to a computer at a university and got back the results of the program run. Today, we’re using the cloud, which is...

So, you have 2,000 network devices in your environment and everyone is telling you that you have to rotate all 2,000 device passwords every 30, 60 or 90 days (at a minimum). How are you going to manage this? The task seems monumental and time-consuming! If nothing is done, then your security/compliance posture will worsen due to reusing passwords...

In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent...

Eurofins Scientific, an international group of laboratories headquartered in Brussels, revealed that a ransomware attack disrupted some of its IT systems. On 3 June, the food, pharmaceutical and environmental laboratory testing provider revealed that its IT security monitoring teams had discovered a...

Tripwire's May 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. First and most importantly this month are the patches available to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability. As noted by Microsoft: [This] remote code execution vulnerability...

It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it would be a good time to revisit the RMF and to highlight some of its key updates. Overall, the new version...

Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a...

Security researchers have discovered a new strain of malware called "HiddenWasp" that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. According to a blog post by researchers at Intezer, the malware borrows from existing malware code publicly available on the internet including...

"OSCP is not about clearing the exam. It’s all about working deeply on labs." --Ramkisan Mohan (Check out his detailed guide to OSCP Preparation) I began my OSCP journey in the late fall of 2018. So far, I've rooted 23+ machines in the PWK labs, and I am still plugging away, hoping to get as many as possible, learn as much as possible and, of course...

News and social media aggregator Flipboard reset all users' passwords after discovering a security incident that might have affected some of their data. On 28 May, the company revealed that its engineering team had recently detected suspicious activity in the network environment where its databases...

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was simple negligence. The...