The DoubleDoor Internet of Things (IoT) botnet circumvents firewall protection and other security measures by abusing two vulnerabilities. Detected by NewSky Security in its honeypot logs, DoubleDoor begins by deploying CVE-2015-7755. The vulnerability allows remote attackers to gain administrative access to ScreenOS, an operating system for Juniper...

Ransomware attacks against healthcare providers aren't new. In 2017, two crypto-malware infections affecting medical organizations made The State of Security's top list of ransomware attacks for the year. The first involved an unknown strain that targeted Arkansas Oral & Facial Surgery Center, an incident which affected X-ray images, documents, and...

2018 is set to be a very exciting year for cloud computing. In the fourth financial quarter of 2017, Amazon, SAP, Microsoft, IBM, Salesforce, Oracle, and Google combined had over $22 billion in their revenue from cloud services. Cloud services will only get bigger in 2018. It’s easy to understand why businesses love the cloud. It’s easier and more...

Today’s VERT Alert addresses Microsoft’s February 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th. In-The-Wild & Disclosed CVEs CVE-2018-0771 This vulnerability describes a Same-Origin Policy (SOP) bypass in Microsoft Edge. The SOP is designed to...

A new variant of the Android Remote Access Tool (AndroRAT) is exploiting a vulnerability to escalate privileges on unpatched Android devices. The malware disguises itself as a utility app called "TrashCleaner" and waits for users to download it from a malicious URL. Upon running for the first time, the malicious app forces the device to install what...

DevOps and traditional security seem to be at odds with one other. But it doesn’t have to be that way. You can make security a part of your DevOps process without sacrificing agility or security. First, let's define what DevOps is. Let's then look at how it combines with security to create DevSecOps. DevOps: A Working Definition So, what do we...

Bad actors secretly infected more than 4,000 websites with the script for a crypto-miner after hacking a single technology provider. The trouble started on 11 February when Ian Thornton-Trump encountered something concerning while visiting the website for the UK Information Commissioner's Office (ICO). https://twitter.com/phat_hobbit/status...

Navigating the noise, complexity and uncertainties of the cybersecurity landscape demands clear thinking. But that’s no easy task. The security professional today has to be knowledgeable about the organization’s own environment, business needs and risks, compliance requirements, best practice frameworks, internal policies and procedures, and the...

Securing industrial operations is a unique challenge. The same approach used to secure information technology (IT) networks can't effectively secure plant floors. That's because operational technology (OT) has evolved tremendously over the years, creating very complex environments consisting of a dizzying variety of devices from different makes,...

Researchers have identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn service pack to steal credit card data via a DNS server. According to security firm Forcepoint, the malware – dubbed "UDPoS" – is unusual in that it generates a large amount of UDP-based DNS traffic to exfiltrate magnetic strip payment card details. ...

The Belgian federal police has released free decryption keys for Cryakl ransomware following an international law enforcement operation. On 9 February, the European Union Agency for Law Enforcement Cooperation (Europol) announced the release of the keys through No More Ransom. The move represents the culmination of an investigation that involved...

A Tennessee hospital discovered cryptomining software installed on a server that hosts its electronic medical records (EMR) system. In January 2018, Decatur County General Hospital began notifying patients of a incident involving its electronic medical record systems. Its breach notification letter (PDF) reveals the hospital first learned about the...

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers. Data exposed during the breach included: Customers' first and last names Customers' home addresses Customers' dates of birth ...

Cryptocurrencies are hot. According to CoinMarketCap, there are now over 1,300 cryptocurrencies with new initial coin offerings (ICOs) accelerating all the time. Even Kodak is getting into the act with KODAKcoin. And currently, the price trajectory of Bitcoin is higher than a North Korean rocket, with Blockchain saving the world one application at a...

NameCheap has said it intends to notify customers of a misconfiguration issue that allowed customers to create subdomains for any hosted account. Richard Kirkendall, CEO for the ICANN-accredited registrar, said on Twitter that the company is currently conducting an audit and plans on "contacting any affected customers directly" following the...

There's a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors. There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a...

You’ve probably been hearing about the cloud a lot, and with the increasing number of businesses moving their data online, it’s obvious that cloud computing and security are here to stay. With a number of benefits like data security, minimized risks, regulatory compliance, flexibility, round-the-clock availability, uninterrupted maintenance and...

Grammarly has fixed a vulnerability that exposes users' documents created and saved within the platform's Editor interface. Tavis Ormandy, a Google computer security researcher who discovered a memory disclosure bug in CloudFlare’s reverse-proxy systems in February 2017, wrote up a security advisory about the Grammarly flaw on 2 February. In it, the...

Some of the most common phrases that come out of information security professional mouths include: “Well, that did not work” and “The project fell apart, and I don't know what I could have done better.” The pain of not knowing what security best practices your team can/should implement can cost the company time and money. It could also end up...