Resources

Blog

Phishing Site Encrypted With AES Designed to Steal Users' Apple IDs

Scammers designed a phishing website and encrypted it with the Advanced Encrypted Standard (AES) in their attempts to steal unsuspecting users' Apple IDs. Researchers at Trend Micro came across the phishing campaign on 30 April. It all began when they received an email designed to look like it came from Apple. The email warned recipients that Apple...
Blog

Encryption Is Only as Strong as Your Password

In recent months, the encryption debate has heated up once again. Most recently, some shock waves were sent across the industry when ThreatWire reported a new tool, known as GrayKey, which could decrypt the latest versions of the iPhone. Fortunately, that tool is only available to law enforcement agencies... for now. The point to be noted is that if...
Blog

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

This month's Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks. The vulnerability, dubbed CVE-2018-8174, is a remote code execution flaw in the Windows VBScript Engine. It affects the latest version of Internet Explorer and any...
Blog

Devs Find Fake Version of Bitcoin Wallet Stealing Users' Seeds

Developers have found that a fake version of a popular Bitcoin Wallet comes equipped with the ability to steal users' seeds. On 9 May, the Electrum team published a document on GitHub calling out "Electrum Pro" as "stealware" and "bitcoin-stealing malware." According to the developers, the individuals behind Electrum Pro took control of "electrum...
Blog

The Behavioral Intelligence Officer

With the advent of increased cyber security related threats, the majority of attacks point to one target, and that is the human element. Examine any survey relating to cyber security threats faced by organizations from ransomware to phishing, and these attacks all have one target in common: the human element is necessary to trigger the attack....
Blog

Why Organizations Need to Secure Their Containers

Containers are revolutionizing the way that organizations deploy applications. These technologies are packages, notes Amazon Web Services (AWS), that enable teams to run applications and their code, configurations and dependencies in resource-isolated processes. As such, they allow for reduced environmental dependencies, support for micro-services...
Blog

VERT Threat Alert: May 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th. In-The-Wild & Disclosed CVEs CVE-2018-8120 This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According...
Blog

8 Tips to Harden Your Joomla Installation

Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla is the second...
Blog

Women in Information Security: Valerie Thomas

In my last interview, I spoke with Jen Fox. She’s a Senior Security Consultant who specializes in compliance. This time, I had the pleasure of speaking with Valerie Thomas. She has a lot of expertise in both penetration testing and industrial cybersecurity. Kim Crawley: Please tell me about your cybersecurity role and how you got there. Valerie...
Blog

A DevOps Model: What It Is and Why It's Beneficial

Software development has changed significantly in recent years. This transformation is, in part, a response to challenges resulting from the traditional waterfall software development model. Under the old process, a software company receives a deadline for creating a product that's ready to roll out to customers. The firm activates its team of...
Blog

Twitter Asks Users to Change Passwords After Finding Internal Log Bug

Twitter is asking its more than 330 million users to change their passwords after it discovered a bug within one of its internal logs. On 3 May, CTO Parag Agrawal announced the discovery of a weakness that had undermined Twitter's secure storage of users' passwords. He explained that Twitter uses the bcrypt cryptographic hashing algorithm to convert...
Blog

Kitty malware gets its claws into Drupal websites to mine Monero

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family. Security researchers at Incapsula report that Kitty is attempting to hijack servers using the highly critical Drupalgeddon 2.0 remote code execution exploit (CVE-2018-7600), which was made public at...
Blog

Phishers Leveraging GDPR-Themed Scam Emails to Steal Users' Information

Phishers are using scam emails that leverage the European Union's General Data Protection Regulation (GDPR) as a theme in an attempt to steal users' information, a security firm found. Researchers at managed threat detection solutions provider RedScan came across one such phishing message that appeared to originate from Airbnb. The scam email, which...
Blog

The FBI’s 10 Most-Wanted Black-Hat Hackers – #7 and #6

The FBI's 10 most-wanted black-hat hackers countdown continues this week with No. 7 and No. 6: the co-conspirators Bjorn Daniel Sundin and Shaileshkumar “Sam” P. Jain. On 26 May 2010, the U.S. District Court of Northern Illinois indicted Sundin, Jain and a third suspect for one count of conspiracy to commit computer fraud, one count of computer...
Blog

Man Pleads Guilty to Sicking Army of Spambots on Twitch

A 20-year-old man has pleaded guilty to targeting more than a thousand members of streaming video platform Twitch with an army of spambots. On 1 May, Brandan Lukas Apple confessed to a charge of "mischief in relation to computer data" before a Port Coquitlam provincial court judge. The court responded by handing down a four-month conditional...
Blog

Integrity Management: What It Is and How It Can Protect Your Data

In a previous article, I noted that organizations are witnessing a surge in integrity-based attacks targeting their networks. Enterprises can defend themselves against these types of threats by turning to the National Institute of Standards and Technology (NIST) Cybersecurity Framework. They can then pair the risk-based approach with NIST SP 800-53...