Resources

Blog

Phishers Use Fake VPN Config Notification to Target Office 365 Details

Security researchers observed phishers leveraging a fake VPN configuration notification to target employees' Office 365 credentials. Abnormal Security found that the campaign attempted to capitalize on the trend of organizations implementing VPNs for the purpose of securing their remote employees during COVID-19. As quoted by the security platform: ...
Blog

Contact Tracing: De-mystifying How an App Designed to Track People Can Ensure User Privacy and Security

Many governments in many countries around the world recognise that contact tracing plays a very important part to reduce the spread of the deadly disease, COVID-19. In this article, we take a look at the conventional method of contact tracking and comparing it against how technology helps contact tracing and its pro’s and con’s. Traditional contact...
Blog

The Cybersecurity Implications of 5G Technology

The coming of widespread 5G technology promises more than just faster everything, enhanced capacity and greater reliability. Leading proponents of the wonders of 5G, such as the theoretical physicist and author Michio Kaku, paint a picture of a true technological “paradigm shift, a game-changer.” The self-described futurist invites us to imagine a...
Blog

Tripwire Patch Priority Index for May 2020

Tripwire's May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware. Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and...
Blog

Sandworm Team Exploiting Vulnerability in Exim Mail Transfer Agent

The U.S. National Security Agency (NSA) warned that the Sandworm team is exploiting a vulnerability that affects Exim Mail Transfer Agent (MTA) software. In a cybersecurity advisory published on May 28, the NSA revealed that the Sandworm team has been exploiting the Exim MTA security flaw since August 2019. The vulnerability (CVE-2019-10149) first...
Blog

NetWalker Ransomware - What You Need to Know

What is NetWalker? NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data. ...
Blog

PonyFinal Ransomware Delivered by Extended Human-Operated Attacks

Security researchers witnessed the deployment of PonyFinal ransomware at the end of extended human-operated attack campaigns. In a series of tweets, Microsoft Security Intelligence revealed it had observed human-operated campaigns laying in wait for the right moment to deploy PonyFinal ransomware as their final payload. In their operations, the...
Blog

[F]Unicorn Ransomware Masquerading as COVID-19 Contact Tracing App

A new ransomware family called "[F]Unicorn" masqueraded as a COVID-19 contact tracing app in order to target Italian users. On May 25, the the Computer Emergency Response Team (CERT) from the Agency for Digital Italy (AgID) revealed in an advisory that it had received a sample of [F]Unicorn from security researcher JamesWT_MHT. The sample analyzed...
Blog

The MITRE ATT&CK Framework: Exfiltration

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage. Ransomware, for example, usually has no interest in exfiltrating data. As with the Collection tactic, there’s little guidance on how to mitigate an attacker...
Blog

Protecting Fleet Data from Security Threats

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard...
Blog

Updated AnarchyGrabber Steals Passwords, Spreads to Discord Friends

Researchers found an updated version of AnarchyGrabber that steals victims' plaintext passwords and infects victims' friends on Discord. Detected as AnarchyGrabber3, the new trojan variant modified the Discord client's %AppData%\Discord\[version]\modules\discord_desktop_core\index.js file upon successful installation. This process gave the malware...
Blog

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization. Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics...
Blog

How to Protect the Future of IT

Working remotely, either from home or from elsewhere, isn’t something new. It has been used by many companies worldwide over the past decade. That said, it was typically restricted to only a couple days a month or to specific IT-savvy departments. But as we have seen throughout time, adversity and crisis lead to change and sometimes revolutions in...
Blog

Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions. What benefits have those organizations experienced in achieving compliance, for...
Blog

U.S. Elections: Effectively Balancing Access and Security

For a Democratic Party desperate to unseat President Trump in November, the primary election process has been filled with large-scale technology failure, official miscalculations, voter annoyance and public embarrassment, not to mention piles of money spent in pursuit of an improved 21st-century process that turned out to be worse than what they had...
Blog

MilkmanVictory Ransomware Created for Purpose of Attacking Scammers

A hacking group claimed that it developed a new ransomware strain called "MilkmanVictory" for the purpose of attacking scammers. Collectively known as "CyberWare," the group announced their creation on Twitter in mid-May. https://twitter.com/LiteMods/status/1261605833290514432?s=20 In an email conversation with Bleeping Computer, CyberWare revealed...