The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let's talk about some of those challenges. First and foremost, the cat is out of the bag. We're not going back to the data center, and any resistance...

The ISA/IEC 62443 series of standards, developed by the ISA99 committee and adopted by the International Electrotechnical Commission, provides a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems. These standards not only address configuration weaknesses to harden...

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations. In an email provided by Cofense to Bleeping Computer, Emotet's handlers pretended to be representatives of Norway to the United Nations (UN). They used this disguise to conduct a phishing campaign with "highly specific...

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support service could not help. They advised my friend to report this incident to the police. The money transfers were...

Today’s VERT Alert addresses Microsoft’s January 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-866 on Wednesday, January 15th. In-The-Wild & Disclosed CVEs CVE-2020-0601 While there are no in-the-wild and disclosed CVEs in the January patch drop, there is a lot of discussion around...

The Government Communications Headquarters (GCHQ) is urging people to no longer use computers with Windows 7 installed for banking or email. A spokesperson for the National Cyber Security Centre (NCSC), a part of GCHQ, encouraged consumers to upgrade their Windows 7 devices. As quoted in a report by Telegraph:We would urge those using the software...

In a previous post, I wrote about my key take-aways from Verizon’s 2019 Payment Security Report. While it's no surprise it was full of interesting and useful data, (Verizon’s yearly Data Breach Investigation Report (DBIR) has become required reading.) I was delighted to find an excellent guide on the the 9-5-4 model, a means by which an organization...

A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam. On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed that it was investigating a phishing email scam that cost it $2.3 million. https://twitter.com...

On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...

The UK Information Commissioner's Office (ICO) fined DSG Retail Limited £500,000 following a malware attack that affected millions of the retailer's customers. As the result of an investigation, the ICO learned that the DSG Retail Limited had suffered a security incident in which an attacker installed malware on 5,390 tills at Currys PC World and...

A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them. 27-year-old Scott Cowley, of St Helens, Merseyside, was arrested last November as part of an international investigation into purchasers of the Imminent Monitor RAT. Imminent...

Tripwire's December 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Citrix, Microsoft, Django, and Adobe. Critical Vulnerabilities: Up first on the patch priority list this month is a critical arbitrary code execution vulnerability for the Citrix ADC application. In particular, Citrix ADC and Citrix Gateway (formerly...

Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw. What’s...

Security researchers have observed samples of the new SNAKE ransomware family targeting organizations' entire corporate networks. Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation. Upon successful infection, the ransomware deletes the machine's Shadow Volume Copies...

In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined term and could speak...

Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...

Vulnerability Description Citrix has indicated that an unauthenticated attacker can exploit this flaw to perform arbitrary code execution. Although details from Citrix are minimal, VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance. These flaws ultimately allow the...

Canyon Bicycles revealed that malicious individuals succeeded in accessing its IT systems as the result of a digital attack. The German bike manufacturer announced in a press release that the digital attack occurred shortly before the turn of the year. For that attack, Canyon Bicycles explained that ...

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...