Officials revealed that malicious actors had succeeded in infiltrating the computer network serving New York's state government. According to the Wall Street Journal (WSJ), officials revealed on April 13 that New York's Office of Information Technology had discovered the security incident in late...

Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th. In-The-Wild & Disclosed CVEs CVE-2020-0935 A vulnerability in the OneDrive for Windows desktop application could allow an attacker to overwrite a targeted file...

A new wiper malware falsely informed victims in its infection notice that two security researchers had been responsible for attacking them. According to Bleeping Computer, users who downloaded programs from free software and crack sites found that they couldn't successfully authenticate themselves and unlock their Windows computers. Instead, their...

On March 27, 2020, President Trump signed an unprecedented $2 trillion stimulus package into law. The legislation received support from both chambers of the U.S. Congress for its goal to minimize the economic effects of the global coronavirus 2019 (COVID-19) pandemic, reported CNN. A key component of that package was the direction to provide...

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily...

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...

When I first started researching ATT&CK last year, Persistence was the tactic which made me fall in love. Even though I have been in the industry for some time, I learned more from digging into the various techniques here than any other tactic. While I knew about fun tricks like replacing sethc.exe with cmd.exe and hitting the shift key a bunch of...

New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new features that drive new customer interest and increase retention of existing clients, there is a very real risk of...

We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need to adhere to CIS controls as they provide a critical baseline for maintaining our security framework and...

A malvertising campaign used a copycat website for anti-malware software provider Malwarebytes to distribute the Raccoon infostealer. Malwarebytes learned of the campaign when someone notified the security firm that someone was abusing its brand using the lookalike domain "malwarebytes-free[.]com." Registered on March 29 via REGISTRAR OF DOMAIN...

One item that comes up a lot in conversations is how security teams or IT teams struggle to speak the “business language” to business leaders, mainly to members of the senior leadership that make the final decisions on spending and investments. This problem could have its roots in IT, and later security, teams historically having their management...

Amidst all the pandemic doom and gloom, we finally have something positive come from the chaos: NERC filed a motion recently (April 6, 2020) to defer three Critical Infrastructure Protection (CIP) Reliability Standards (as well as 1 PER, and 3 PRC standards) for three months due to the national emergency declared on March 13th by President Trump. As...

Security researchers reversed the encryption routine employed by L4NC34 ransomware by decrypting a file without paying the ransom. Sucuri Security first encountered L4NC34 ransomware when it began investigating an attack in which a malicious actor encrypted all website files and appended ".crypt" to their file names. The security firm dug a bit...

Tripwire's March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution, and memory corruption vulnerabilities. Next on the list are...

Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware. According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container. The command used for creating the Ubuntu container included a shell script "d.sh." By means of...

Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks...

Why leveraging live environment simulations and putting ICS tools to the test is the best way to evaluate their fitness. Track and field was one of my favorite sports growing up. I didn’t begin competitively participating until I was a teenager, but I was instantly hooked once I started. Why? Because the clock didn’t lie. The tape measure didn’t lie...

A survey revealed that approximately half of employees didn't know how to respond in the event their organization suffered a ransomware infection. In its survey of North American business employees, Kaspersky found that 45% of respondents overall did not know the proper steps they should take in response to a ransomware attack. Respondents whose...

What's happened? Well, Coronavirus 2019 (COVID-19) happened. Okay, smart alec. I know about that. What else is going on? Well, because so many people are (wisely) staying at home, they're using videoconferencing and chat technology like Zoom to keep in touch with friends, family and colleagues. In fact, Zoom says that daily usage has soared from...

An attack campaign leveraged the Excel VelvetSweatshop encryption technique to deliver samples of the LimeRAT malware family. According to Mimecast, those responsible for this attack campaign turned to VelvetSweatshop to enhance the efficacy of their efforts. Nefarious individuals have a history of using a password to encrypt malicious Excel...