Resources

Blog

Major data center provider hit by ransomware attack, claims report

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware....
Blog

PSA: Beware of Exposing Ports in Docker

Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a great way to ship a reliable software environment between systems or even to customers. However, like with any technology,...
Blog

Tripwire Patch Priority Index for November 2019

Tripwire’s November 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, Linux Kernel and Adobe. Exploit Alert: Metasploit First, on the patch priority list, this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities, identified by CVE-2019-11539 and CVE-2019-11510...
Blog

Universal Network-level Call Blocking: What You Need to Know

Many of the current telephone scams use caller ID spoofing to mask the identity of the caller. A few of those telephone scams spoof caller IDs that don’t match the North American standard for legitimate numbers. These blatantly obvious spoofed caller IDs are the target of the Canadian Radio-television and Telecommunications Commission (CRTC). Last...
Blog

Verizon’s 2019 Payment Security Report – Not Just for PCI

If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it focuses on the PCI DSS standard and...
Blog

Smith & Wesson Online Store Affected by Magecart Attack

The online store for American gun manufacturer Smith & Wesson fell victim to a Magecart attack that's designed to steal customers' payment data. Willem de Groot of Sanguine Security learned that a particular Magecart group had been impersonating his employer and abusing his name as a contact to register domain names. While investigating this group,...
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2

The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Document the requirements Start by documenting what is in place now and what objections the organization...
Blog

Security for Cloud Services: IaaS Deep Dive

In this, the final post in my series on considerations for managing your security with cloud services, we will be looking at Infrastructure as a Service (IaaS). If you haven’t yet read the previous blog entries about SaaS and PaaS, it’s worth going back to read these first, as much of the thinking associated with these services is also true for IaaS...
Blog

Five “W’s” for Vulnerability Management

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. What Is Vulnerability Management? Vulnerability assessments are useful for detecting security issues within your environment....
Blog

The Future of Cybersecurity Insurance

Cybersecurity incidents and data breaches have become a normal part of the news cycle. It feels like every day you hear about a big corporation or organization suffering an attack that has put customer or user data in jeopardy. Sometimes this is because a security strategy was lacking; sometimes, the criminal's attack was simply too powerful....
Blog

DeathRansom Ransomware Fixes Issues, Now Encrypting Victims' Data

After its developers fixed several issues, DeathRansom ransomware is now actively infecting users and encrypting victims' data. DeathRansom wasn't actually crypto-ransomware when attackers first began distributing it. At that time, the threat pretended to encrypt users' information and appended the .wctc extension onto victims' files. Researchers...
Blog

Fullz House Group Using Phishing and Web Skimming to Maximize Profits

A new threat group called "Fullz House" is using both phishing and web skimming in order to maximize the profits of its attacks. Fullz House isn't new to the threat landscape, but RiskIQ observed that the group had expanded its activities to include web skimming beginning in August-September 2019. These two operations are mostly split. However,...
Blog

Ransomware: ‘Tis the Season for Retailers to be Prepared

‘Tis the season! Winter holidays are upon us, and with it brings the yearly high-volume online shopping season we all know as Black Friday/Cyber Monday (BFCM). With the total US consumer spending estimated at over $717 billion in the 2018 BFCM season, retailers know that the next few weeks are a critical time for their infrastructure. Unfortunately...
Blog

Security for Cloud Services: PaaS Deep Dive

In my last blog, I gave you some insight into some of the starting steps for adjusting your security strategies for a SaaS-enabled world. Here, I explore some of the additional adaptions to consider with PaaS. Traditional IT organisations have seen significant gains in adopting Platform as a Service (PaaS) solutions. In this blog post, the second in...
Blog

Cloud Security Threats: Escaping the Egregious Eleven - Part Two

Depending on your familiarity with the Cloud Security Alliance (CSA) publications, part one of this blog was intended as either an introduction or a nagging reminder of the ‘Egregious Eleven’ security threats to cloud computing. It also hopefully made some helpful observations about the first six items on the list. Part two now looks at the...
Blog

New Decryption Tool Released for Jigsaw Ransomware

Security researchers have released a new decryption tool that could help victims of Jigsaw ransomware recover their affected files for free. In a blog post announcing the new utility, Emsisoft explained that its decryptor can work against 85 extensions employed by the ransomware family. The security firm also said that they would update their tool...