Resources

Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Divergent Malware Using NodeJS, WinDivert in Fileless Attacks

By David Bisson on Fri, 09/27/2019
Samples of a new malware family called "Divergent" are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn't identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They...
Why Cybersecurity Pros Need to Be Good Storytellers
Blog

Why Cybersecurity Pros Need to Be Good Storytellers

By Editorial Staff on Thu, 09/26/2019
Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several...
WordPress sites hacked through defunct Rich Reviews plugin
Blog

WordPress sites hacked through defunct Rich Reviews plugin

By Graham Cluley on Thu, 09/26/2019
An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and--worst of all--malware designed to infect users' computers. Researchers at WordFence went public about how hackers are exploiting a...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Percentage-Based URL Encoding Used by Phishers to Evade Detection

By David Bisson on Thu, 09/26/2019
Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new...
Join Tripwire VERT at SecTor 2019
Blog

Join Tripwire VERT at SecTor 2019

By Tyler Reguly on Wed, 09/25/2019
For the past few years, VERT has been running an IoT Hack Lab at SecTor, a security conference in Toronto, Ontario, Canada. Interested attendees (including Expo attendees, who can get a free pass using code Tripwire2019) can visit the Hack Lab with their laptop and learn how to hack various IoT devices from routers and baby monitors to more complex...
How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3

By Editorial Staff on Mon, 09/23/2019
Part 2: Cyber Hygiene Made Public – A Necessary Evil? In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC...
Blog

Building a Foundation for “Smart” Steel Factories with Fog Computing, the Cloud and Cybersecurity

By Lane Thames on Sun, 09/22/2019
Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Over 12,000 WannaCry Variants Detected in the Wild

By David Bisson on Thu, 09/19/2019
Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August...
#TripwireBookClub – Practical Binary Analysis
Blog

#TripwireBookClub – Practical Binary Analysis

By Tyler Reguly on Wed, 09/18/2019
After an extended delay, we’ve finally reviewed our next book for #TripwireBookClub. This time around, we looked at Practical Binary Analysis written by Dennis Andriesse and published by No Starch Press. This book is a deep dive into binary analysis, and I think that it’s best just to quote the opening paragraph of the book’s preface: “Binary...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

TFlower Ransomware Targeting Businesses via Exposed RDS

By David Bisson on Wed, 09/18/2019
A new crypto-ransomware threat called "TFlower" is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine's exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with...
Concerns and Challenges for Effective Cloud Security
Blog

Concerns and Challenges for Effective Cloud Security

By Anastasios Arampatzis on Tue, 09/17/2019
In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web...
How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

By Editorial Staff on Mon, 09/16/2019
Part 1: Laying the Groundwork for Achieving Certification In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Varying standards...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Spam Campaign Targeting German Users with Ordinypt Malware

By David Bisson on Mon, 09/16/2019
A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line "Bewerbung via Arbeitsagentur - Eva...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

COBALT DICKENS Launched New Phishing Operation against Universities

By David Bisson on Thu, 09/12/2019
The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks' Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used...
How to Foil the 6 Stages of a Network Intrusion
Blog

How to Foil the 6 Stages of a Network Intrusion

By David Bisson on Thu, 09/12/2019
The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive...
What to Do If You Receive a Legitimate 'Unusual Account Activity' Notice
Blog

What to Do If You Receive a Legitimate 'Unusual Account Activity' Notice

By Editorial Staff on Wed, 09/11/2019
Sadly, it’s all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren’t the only motivation here for issuing these types of notifications....
Toyota Parts Supplier Loses $37 Million in Email Scam
Blog

Toyota Parts Supplier Loses $37 Million in Email Scam

By Graham Cluley on Wed, 09/11/2019
Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen ...