In Part I, I described some structural problems in MITRE’s ATT&CK adversarial behavior framework. We looked at a couple of examples of techniques that vary greatly in terms of abstraction as well as techniques that ought to be classified as parent and sub-technique. Both examples are borne out of the lack of hierarchical structure among techniques...

A national trade association has disclosed a data breach that allegedly took place following a successful phishing attack. On 3 July, the American Land Title Association (ALTA) said that the security incident affected title and settlement company usernames and passwords. It also noted that it first learned about the data breach on social media. As...

What's happened? British Airways is facing a record fine of £183 million, after its systems were breached by hackers last year and the personal and payment card information of around 500,000 customers were stolen. 183 million quid!? That sounds huge! Yes, it's the biggest fine ever handed out by the UK's Information Commissioner's Office (ICO). In...

Speed and security. Old-fashioned thinking contended that the two were incompatible; that high-velocity development and deployment of apps and software services invariably introduced higher levels of risk. However, it has become increasingly apparent that speed is a necessary aspect of security. The stakes are sky-high, with some estimates...

If you are a security practitioner, then you may have noticed that much of the security industry exists because of vulnerabilities. Regardless of what job position you occupy, vulnerabilities are oftentimes the reason why you wake up every morning and ultimately engage infosec from within your cutting-edge working environment. Vulnerabilities will...

The United States Senate has passed a bill to help strengthen the defenses of the U.S. energy grid against digital attacks. On 27 June, the Senate passed the Securing Energy Infrastructure Act. Introduced by U.S. Senators Angus King (I-Maine) and Jim Risch (R-Idaho), the main purpose of the...

“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had a real subject...

A municipality in Florida fired its IT director shortly after paying off bad actors who infected its computer systems with ransomware. Joe Helfenberg, the city manager of Lake City, confirmed to WCJB that the municipality fired Brian Hawkins, who was its director of information technology. This...

As Lead Systems Engineer (EMEA) at Tripwire, I’ve had the pleasure of sitting down with and talking to many prospective customers about their security needs. I always ask about their existing digital capabilities during our talks. When I do, I usually get the following response: “We have lots of different tools but these solutions are either...

Tripwire's June 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and Adobe. First and most importantly this month are patches available to resolve 2 deserialization vulnerabilities in Oracle WebLogic. These vulnerabilities are identified as CVE-2019-2725 and CVE-2019-2729. Both of these...

Vulnerability management (VM) is an essential process through which organizations can reduce risk in their environments. But myths and misconceptions surrounding VM abound. For instance, organizations commonly approach vulnerability management in the same way as they do patch management. Others are guilty of believing that all attacks rely on...

European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 million) stolen from users of cryptocurrency exchange. In a press release, Europol described how five men and one woman were simultaneously arrested on Tuesday morning at the homes of the suspects in Charlcombe, Lower Weston and Staverton ...

Following last year’s exceedingly successful inaugural MITRE ATT&CK™ conference, this year’s highly anticipated ATT&CKcon 2.0 conference will be held from Oct 28-30 at MITRE’s McLean headquarters. MITRE’s always open to hearing feedback about the limitations of the ATT&CK framework and how to make ATT&CK more useful. Today, I want to look at the...

Cybercriminals have learnt something very valuable in the last couple of weeks: in order to regain access to their data, cities in Florida are prepared to pay out huge Bitcoin ransoms to hackers. Less than a week after the city of Riviera Beach, 80 miles from Miami, unanimously voted to pay US $600,000 worth of Bitcoins to an extortionist who had...

In the attacker's world, all vulnerabilities and potential exploits work toward the hacker's advantage — not yours, not mine. This includes WordPress hacks. While living back east (over a decade ago), I was friends with several small business owners. One weekend morning, the owner of the local photography studio called me at 7 am and said: "I think...

Defining a data breach can be tough for a lot of organizations. However, since the introduction of the General Data Protection Regulation (GDPR) in 2018, organizations that operate in the EU need to follow regulatory guidelines that can have real business implications if ignored. But when a cyber incident hits your organization, do you know if it...

Normally, when you hear about stocks dropping, it's due to some scandal or crisis. Market watchers will tell you that a range of elements can affect the value of a publicly traded company and cause stock prices to rise or fall. Consumer confidence is a major factor that influences a company's reputation and perceived value. What does that have to do...

Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack. On 17 June, the board of the Palm Beach County municipality voted unanimously to authorize that the city insurer pay 65 bitcoins (worth approximately $602,000 at the...

The recent Vectra 2019 Spotlight Report on Healthcare indicates that the proliferation of healthcare internet-of-things (IoT) devices, along with a lack of network segmentation, insufficient access controls and reliance on legacy systems, has created an increasing attack surface that can be exploited by cyber criminals determined to steal personally...