Resources

Blog

Securing Government Data with NIST 800-53

If you have ever heard of the Federal Information Security Management Act, then you are aware of the work done by the National Institute of Standards and Technology. The goal of the Act, not to mention the subsequent documents that resulted from strategies designed around implementing it, led NIST to create works designed to bolster security on the...
Blog

Adware Installers Disguised as Cracks Installing STOP Ransomware

STOP ransomware is using adware installers disguised as cracks as a new method of distributing itself to unsuspecting users. According to Bleeping Computer creator and owner Lawrence Abrams, websites known for distributing software cracks, or software which has been modified to remove or disable certain features, commonly use adware bundles to...
Blog

New Phobos Ransomware Using Same Ransom Note as Dharma

A new strain of ransomware known as "Phobos" is using the same ransom note employed by Dharma to demand payment from its victims. Ransomware incident response provider Coveware found that Phobos' ransom message differs from Dharma's only in the branding used for its header and footer. Otherwise, the notes are exactly the same. ...
Blog

IVR – A Response to Automated Calling

The FCC and most consumers are getting annoyed of “illegitimate” automated calling systems from calling. Most automated calling systems are hiding behind a spoofed caller ID, and blocking the number is not possible. Consumers that are really annoyed are looking for practical solutions. Furthermore, the FCC is pushing for caller authentication in 2019 to remove the “illegitimate” uses of caller ID...
Blog

What is Amazon GovCloud?

Amazon GovCloud is an isolated Amazon Web Service (AWS) designed to allow customers and the U.S government agencies to move their confidential data into the cloud to address their compliance and specific regulatory requirements. It runs under ITAR, the U.S. International Traffic in Arms Regulations. With this cloud service, US citizens can run...
Blog

Magecart hits hundreds of websites via ad supply chain hijack

A criminal Magecart gang successfully compromised hundreds of e-commerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online. Rather than specifically target individual websites, the hackers audaciously hacked a third-party Javascript library from French...
Blog

Nearly 800 Million Email Addresses Exposed in "Collection #1" Data Breach

A data breach known as "Collection #1" exposed approximately 800 million email addresses as well as tens of millions of passwords. In the beginning of January, multiple people reached out to Australian web security expert Troy Hunt about a sizable collection of files hosted on cloud service MEGA. This collection, which is no longer available on MEGA...
Blog

Triton, BlackEnergy, WannaCry – Has Your Behavior Changed?

Hopefully, the title of this blog has gotten your attention. In one of my prior blogs, ICS Cybersecurity: Visibility, Protective Controls, Continuous Monitoring – Wash, Rinse, Repeat, we talked about how the malicious threat landscape for industrial controls systems is constantly evolving and getting more sophisticated, thereby raising the need to...
Blog

Cybersecurity Is Every Leader’s Job

Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry sectors, the titles associated with these roles may vary greatly from CEO to Managing Director to Owner-Operator and beyond, but they share common...
Blog

Free Decryption Tool Created for PyLocky Ransomware Family

A researcher has created a free decryption tool which victims of the PyLocky ransomware family can use to recover their affected files. Mike Bautista, a security researcher at the Cisco Talos Intelligence Group, is responsible for developing the tool. Cisco Talos has made this utility freely available for download on GitHub. First reported on by...
Blog

Reddit users locked out of accounts after "security concern"

A large number of Reddit users are being told that they will have to reset their passwords in order to regain access to their accounts following what the site is calling a "security concern." The lockout occurred as Reddit's security team investigates what appears to have been an attempt to log into many users' accounts through a credential-stuffing...
Blog

Neiman Marcus to Pay $1.5 Million under Data Breach Settlement

Neiman Marcus Group, Inc. has agreed to pay $1.5 million as part of a settlement for an earlier data breach that exposed customers' information. Ken Paxton, Attorney General of Texas, announced on 8 January that he and his fellow Attorneys General from 42 other states will enter into the $1.5 million...
Blog

How Cybercriminals Are Getting Initial Access into Your System

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit...
Blog

VERT Threat Alert: January 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-812 on Wednesday, January 9th. In-The-Wild & Disclosed CVEs CVE-2019-0579 The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to...