Resources

Blog

Looking to Drive down the Cost of Doing Business? Use Managed Services

Businesses are always looking for ways to control and reduce the cost of doing business as well as gain a competitive advantage over their respective competitors. The constant pressure of doing more with less has introduced many offerings designed to reduce the cost and complexity of the IT/OT infrastructures that support the business. Let’s take a...
Blog

Navigating ICS Security: The Threat Landscape

Whilst working for a management consultancy, I learned a lot more about industrial control systems (ICS) than I ever imagined I would. In many cases, this wasn’t from working on them directly; it was from simply speaking to the technicians and reading documentation. Oftentimes, we have the false belief that our systems are safe from compromise...
Blog

Poison Frog Malware Samples Reveal OilRig's Sloppiness

An analysis of a new backdoor called "Poison Frog" revealed that the OilRig threat group was sloppy in its development of the malware. Kaspersky Lab came across Poison Frog while scanning its archives using its YARA rule to hunt for new and old malware samples employed by OilRig. It launched this investigatory effort shortly after crackers operating...
Blog

What Does Integrity Monitoring Have To Do With Security Anyway?

After spending several decades in this industry, I have seen growth in many different security products and in many different areas. All the while, I've questioned whether specific technologies were offering real value or were just over-marketed to create more revenue opportunities for investors. As we have seen repeatedly, categories of security...
Blog

Companies That Request PII From Vendors Must Protect It

In my line of work, it is often a requirement to provide our customers with background information on the employees who will be performing on-site professional services. This is not in itself an issue, but how the customer receives and handles that information can be. Tripwire best practice is for HR to provide an attestation of all requested...
Blog

Medical Care at NJ Hospital Disrupted by Ransomware Attack

A New Jersey hospital said that it was forced to cancel some surgeries and other medical procedures after falling victim to a ransomware attack. Hackensack Meridian Health, a non-profit health care center based in Edison, New Jersey, revealed to the Wall Street Journal (WSJ) that the attack began on...
Blog

Social Engineering the Silver Screen: Home Alone Edition

I have wanted to do a series like this for some time. I frequently watch movies and point out social engineering and OSINT techniques or inaccuracies as well as OPSEC blunders. These blunders, in addition to the matrix style waterfall screens, are equally bad as the "hacking" you see in movies. So, let's level the playing field about the specific...
Blog

Government Procurement Services Targeted in Phishing Campaign

Researchers discovered a phishing campaign which attackers designed to harvest login credentials from government procurement services. According to Anomali Labs, malicious actors crafted their campaign to target various services used by public and private entities to match buyers and sellers of government services. They did so by directing...
Blog

Waco water bill attack just the latest in a wave of Click2Gov breaches

The City of Waco has warned residents that their online payments for water services may have been intercepted by hackers who stole credit card details. The heart of the problem lies in the third-party online payment software that Waco and several other cities and municipalities use to let residents pay their bills, pay parking fines, as well as make...
Blog

Finding a Good Vendor Partner: More than Technology

Finding a security vendor that is the best fit for your company’s business objectives, culture, risk profile, and budget is challenging today. The purpose of this blog is to suggest that working with a “vendor partner” is more than working with a standard technology vendor in that a partner aligns not only with “Technology” concerns but also with ...
Blog

VERT Threat Alert: December 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s December 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-863 on Wednesday, December 11th. In-The-Wild & Disclosed CVEs CVE-2019-1458 A vulnerability in Win32k is currently seeing active exploitation that could give an attacker the ability to...
Blog

Updated Ryuk Ransomware Decryptor Could Damage Larger Files

Attackers provided victims who paid with an updated Ryuk ransomware decryptor that could potentially damage their larger files. Emsisoft found that malicious actors had added numerous new features to Ryuk ransomware over the past year. In a lesser-known case, attackers gave Ryuk the ability to partially encrypt files that exceeded 54.4 MB in size....
Blog

Navigating ICS Security: Knowing the Basics

As we begin our new decade of the 2020s, we can look back at the last 30 odd years and examine the collaboration between technology and our daily lives. If you think of your day-to-day, it’s easy to see how much our society relies on technology. Consider our smart devices such as mobile phones, watches, even homes. However, what about the technology...
Blog

Spotify Phishing Campaign Tells Users that Their Subscriptions Are Frozen

A new Spotify-themed phishing campaign informed recipients that the music streaming service had frozen their subscriptions. On 5 December, MailGuard discovered an email that appeared to come from Spotify. The email itself used the display name "Spotify" along with the music streaming service's logo to lull recipients into a false sense of security....
Blog

Moving to the Cloud: Motivations Behind the Migration

Consider how many times a day you check your mobile phone, smartwatch, smart TV, and/or other connected devices. How normal does it seem to be reaching out to an external source, not actually sure where this information is stored, or even coming from, but that it’s there, accessible and ready to be taken in? Organizations wishing to migrate to a...
Blog

CMMC: The Logical End of ISO 27001, SOC 2 & Other Certifications

In the not-too-distant future, I can clearly see how ISO 27001, SOC 2 and other [redacted] certifications could become a diminished, legacy activity, viewed as a rarity left over from marketing efforts to distinguish an organization’s security posture from its competition. Absurd? Unrealistic? Actually, it is a very pragmatic understanding of what...
Blog

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware....
Blog

PSA: Beware of Exposing Ports in Docker

Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology,...