Resources

Blog

VERT Threat Alert: August 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-684 on Wednesday, August 10th. EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLE Automated Exploit Easy ...
Blog

Adaptive Security Starts with the Human Being

Many problems in information security are both perennial and intractable. Audits expose them year after year. Breach after breach occurs because of them. Information security managers are fired as a result of the inevitable breaches, and the deck chairs are rearranged again each time. And yet, the attack surface rarely changes. It’s a revolving door...
Blog

Could Your Smart Home Put You at Risk?

The Internet of Things (IoT) is slowly taking over consumer markets in every category, from coffee makers to fitness trackers. Yet while smart automation might seem like the ideal for consumer convenience, when it comes to home security systems, connecting to the Internet can lead to increased vulnerability. In this article, we take a look at some...
Blog

Man Charged with Selling Stolen Bank Accounts on Dark Web

A federal grand jury has charged a man with selling access to bank customers' stolen account logins on a dark web marketplace. On 22 July, 2016, U.S. Magistrate Judge Janet F. King charged Aaron James Glende, 35, of Winona, Minnesota with bank fraud, access device fraud, and aggravated identity theft after the man allegedly advertised criminal...
Blog

Recommendations for Protecting Against ICS Security Threats

Security is not the same for the industrial control systems (ICS) as it is for information technology (IT). This difference in part arises from the unique characteristics that set IoT and IT environments apart from one another. Take IT, for instance. One of the most important business drivers for securing systems in those types of environments is...
Blog

Apple Announces Bug Bounty Program with Maximum Reward of $200K

Apple has announced it will be launching a bug bounty program that will pay security researchers upwards of USD 200,000 for finding flaws in its software. On Thursday at the Black Hat USA 2016 security conference in Las Vegas, Nevada, head of the Apple Security Engineering and Architecture group Ivan Krstic made the announcement at the end of his...
Blog

How Financial Institutions Can Navigate the New FinCen Rules

The timing could not have been better. Or worse. On the one hand, the massive leak of the so-called Panama Papers earlier this year shone a bright light on the scope of the issues financial institutions grapple with daily to combat money laundering activity and comply with complex, global regulations. On the other, it is likely that more than a few...
Blog

Does dropping malicious USB sticks really work? Yes, worryingly well...

Good samaritans and skinflints beware! Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach. This is no secret, of course. We have all (hopefully) been aware of the dangers of inserting an unknown USB device into our computers for some time. Heck, the technique has even made it into the...
Blog

PCI 3.2 and The Regulation Storm

There is never a dull moment for compliance and security. Case in point, amidst a brewing storm of regulation, version 3.2 of the Payment Card Industry Data Security Standards (PCI DSS) announced in late spring articulates good data security intent along with controversy. PCI has been around since 2006, and aims to protect payment data for consumers...
Blog

Nigerian Mastermind Scammer Arrested for Stealing $60M from Victims

Authorities have arrested a Nigerian mastermind scammer for leading an international criminal network's efforts to steal $60 million from its victims. INTERPOL arrested the 40-year-old Nigerian national, known as "Mike," in June 2016 after law enforcement officers received a report containing actionable intelligence from Trend Micro, a strategic...
Blog

Ruckus Raucous: Finding Security Flaws in Enterprise-Class Hardware

Wireless routers designed for consumers often do not employ proper security practices. This topic was extensively covered in VERT’s 2014 report, “SOHO Wireless Router (In)security.” Our research revealed that 74% of the 50 top-selling consumer routers on Amazon shipped with security vulnerabilities, including 20 different models where the latest...
Blog

Five Security Tips to Protect Embedded Devices

Embedded devices on enterprise networks make attractive targets for hackers because they provide potential footholds. These systems perform a variety of functions, often involving sensitive data or control of critical systems. Network gear, printers, storage appliances and other equipment generally do not have end-point protection installed, making...
Blog

How Employees React to Security Policies

First, security professionals should understand that people’s resources are limited. Moreover, people tend to struggle with making effective decisions when they are tired. To test the validity of this argument, psychologists designed an experiment in which they divided participants into two groups. The first group was asked to memorise a two-digit...
Blog

Disney Confirms Data Breach of Playdom Forums' Servers

Disney Consumer Products and Interactive Media has confirmed a data breach that affected some users of its Playdom forums. A spokesperson for the business segment of the Walt Disney Company explains in a statement that security teams detected the incident back in July: "On July 12, 2016, we became aware that an unauthorized party gained access to...
Blog

Reviving the Forgotten Principle of Responsible Disclosure

In today’s vulnerability market, vendors want to squeeze every ounce of publicity out of their security researchers. As a result, responsible disclosure often falls by the wayside. The same is true of independent researchers in search of their 15 minutes of fame. A fatal flaw in a major product is akin to Kennedy’s dream of landing a man on the moon...
Blog

Why A Ransomware Event Is Not A Data Breach

Think of a word that sparks an emotion in you. It could be as simple as “shoes,” which makes my wife smile every time, or it could be a dark and foreboding word. Certain words trigger an emotional—sometimes visceral—response. For me, one of those words is “breach.” In a recent post about the Department of Health and Human Services’ (HHS)...
Blog

Identifying Cyber Risks: The Important Role of Senior Management

It is becoming more and more evident that cybersecurity is one of the focal points regarding security risks in the twenty-first century for all organisations. It is understandable that almost every organisation which has access to any kind of computing devices will be at risk and will probably experience harmful cyber incidents. Hackers, whether...