Resources

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Decryption Tool Released for WannaRen Ransomware

By David Bisson on Wed, 08/19/2020
Security researchers released a decryption tool that enables victims of WannaRen ransomware to recover their files for free. On August 19, Bitdefender announced that it had made a WannaRen decryption utility publicly available for download. The security firm urged victims of this ransomware to save the decryptor somewhere on their computer after...
Security Execs’ Advice on Overcoming the Challenges of Remote Work
Blog

Security Execs’ Advice on Overcoming the Challenges of Remote Work

By Joe Pettit on Mon, 08/17/2020
At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger...
From Customer to Employee – A Tripwire Journey
Blog

From Customer to Employee – A Tripwire Journey

By Joe Pettit on Mon, 08/17/2020
Tripwire is very much household name within the cybersecurity community. It's been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

By David Bisson on Mon, 08/17/2020
Malicious actors launched credential stuffing attacks that targeted Canada's GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing...
Integrating the Risk Management Framework (RMF) with DevOps
Blog

Integrating the Risk Management Framework (RMF) with DevOps

By Anastasios Arampatzis on Thu, 08/13/2020
Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to the...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page

By David Bisson on Thu, 08/13/2020
The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages. On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A): The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Google App Engine, Azure App Service Abused in Phishing Campaign

By David Bisson on Wed, 08/12/2020
A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims' Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link "https://bitly[.]com/33nMLkZ" distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain "https:/...
Blog

Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

By Editorial Staff on Wed, 08/12/2020
Cloud misconfigurations are no laughing matter. In its "2020 Cloud Misconfigurations Report," DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: August 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/11/2020
Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed...
Vulnerability & Risk Management
VERT Research
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

By David Bisson on Tue, 08/11/2020
Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their...
The Importance of Content for Security Tools like Tripwire
Blog

The Importance of Content for Security Tools like Tripwire

By Editorial Staff on Mon, 08/10/2020
Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

By David Bisson on Mon, 08/10/2020
Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that...
The State of Civil Aviation Cybersecurity
Blog

The State of Civil Aviation Cybersecurity

By Anastasios Arampatzis on Sun, 08/09/2020
Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Emotet Botnet Named 'Most Wanted Malware' for July 2020

By David Bisson on Fri, 08/07/2020
The Emotet botnet earned the title of "most wanted" malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm's Global Threat Index for that month. Emotet launched...