Digital attackers launched a new ransomware campaign dubbed "PLEASE_READ_ME" in an effort to target MySQL servers. Guardicore first spotted the attack back in January 2020. After that, it witnessed a total of 92 attacks emanate from 11 IP addresses, with most based in Ireland and the United Kingdom at the time of analysis. The security firm found...

Aside from managing Tripwire's security research team, Tyler Reguly also teaches a college course on cybersecurity. On this episode, Tyler shares his experience teaching the next generation of cybersecurity practitioners who are about to graduate and enter the workforce. https://open.spotify.com/episode/4vHeutSHKSmIN7ofHJDfCB ...

2020 has been a very interesting year for the global workforce, with the vast majority of organizations having to rapidly transition to a remote workforce with little to no prior notice thanks to the COVID-19 pandemic. The 2020 (ISC)2 Cybersecurity Workforce Study looks at the effect of this transition to remote work and how organizations have...

Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it. A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google...

It's time to say a final "Goodbye" to Flash. (Or should that be "Good riddance"?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021. In...

Security researchers detected a new spear-phishing attack that's using an exact domain spoofing tactic in order to impersonate Microsoft. On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primarily worked in the financial services, healthcare, insurance, manufacturing, utilities and telecom...

The Phorpiex botnet earned the notorious designation of "most wanted malware" for the month of November 2020. In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections that had affected four percent of organizations globally. This threat activity enabled Phorpiex to...

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

Today’s VERT Threat Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th. In-The-Wild & Disclosed CVEs There are no In-The-Wild or Disclosed CVEs patched this month. CVE Breakdown by Tag While historical Microsoft...

Tripwire's November 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are three vulnerabilities in Oracle WebLogic Server that have recently been included within the Metasploit exploit framework. Supported versions of Oracle WebLogic Server that...

In this blog series, I will be putting the spotlight on useful Ghidra features that you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective while reverse engineering. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. What is...

Malicious actors used a Business Email Compromise (BEC) scam to prey upon a Philadelphia non-profit food bank. According to The Philadelphia Inquirer, the scam occurred back in July when the hunger relief organization Philabundance was nearing the completion of its $12 million Philabundance Community Kitchen. ...

The National Cyber Security Centre (NCSC) released its annual review of 2020. If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.” This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in...

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT). One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to...

The Egregor ransomware gang struck TransLink, the authority responsible for managing Metro Vancouver's transportation network. On December 1, TransLink announced that certain issues were affecting its phones, online services and payment systems. The authority later confirmed that it had suffered a ransomware attack and that those responsible for...

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

Embraer, a Brazilian manufacturer of aircraft, has disclosed that hackers managed to breach its computer systems, and steal data. Although Embraer may not be a household name, it is the world's third-largest producer of civil aircraft (after Boeing and Airbus), having delivered more than 8,000 aeroplanes to date. According to a press release...

A global phishing campaign targeted organizations associated with the Coronavirus 2019 (COVID-19) cold chain. Discovered by IBM Security X-Force, the operation began in September 2020 by targeting multiple entities that support the Cold Chain Equipment Optimization Platform (CCEOP). A program created by Gavi, The Vaccine Alliance, CCEOP aims to...

The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending...

As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST). If you are unfamiliar with NIST, it is an organization that produces many publications including the well-respected Special Publication SP 800-53r5 standard, titled “Security and Privacy Controls for Information Systems and Organizations.” ...