This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit...

Today’s VERT Alert addresses Microsoft’s January 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-812 on Wednesday, January 9th. In-The-Wild & Disclosed CVEs CVE-2019-0579 The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to...

An unknown individual compromised an alert service and abused their access to send out a spam message to some of the service's customers. The Australian Early Warning Network (EWN) alert service disclosed first in a Facebook post and later on its website that the compromise took place near the beginning of the year: At around 930pm EDT 5th January,...

Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning...

The elephant in the room is the viability and sustainability of blockchain technology. Cryptocurrency mining, for instance, requires specialized rigs that consume electricity. In certain estimates, at the time of writing, the bitcoin network's energy consumption came in at 41 globally if it was a country. This means the bitcoin blockchain consumes...

The website of Luas, the tram system operating in Ireland's capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days. Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland,...

There’s nothing more impactful than a proactive cybersecurity strategy. What’s your preferred scenario: the one where you’re reeling from a lethal data breach with thousands of customer profiles compromised, or, the one where your team identified and diffused a problem before it had time to wreak havoc? The key difference between a company that...

As discussed before, the blockchain-based solution is built to provide strong integrity and independent verifiability. An exception to the independent verifiability is private blockchain solutions. In this part, we discuss both of these technological dimensions and detail their applicability and limitations. Public distributed blockchain provides...

It's been a fantastic year on The State of Security blog. We've seen a real plethora of high-quality articles and here are my 10 favorites! A Google Cloud Platform Primer with Security Fundamentals | By Ben Layer Though less well-known than Microsoft Azure and Amazon Web Services, Google Cloud Platform currently makes up five percent of the cloud...

A lot has been going on with autonomous vehicles these days. Almost every famous car manufacturer seems to be in a rush to master the perfected version of self-driving cars. While most people believe that fully autonomous vehicles are still in their infancy stage, manufacturers think that they will dominate the roads by 2020. The problem with...

Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death. Being doxxed can have serious consequences for your safety and privacy. How can you prevent it? Doxxing and...

If you own a WordPress site, then you should be careful about your website security. To successfully run a blog, business or online store, you need to make sure your website is totally safe. Customers visit your website, purchase products and pass sensitive information like passwords, credit card details etc. If there is a place to infiltrate to...

Phishers are bypassing common forms of two-factor authentication (2FA) in a campaign targeting hundreds of Google and Yahoo accounts. In a new report, Amnesty International uses several attack emails sent to it by Human Rights Defenders (HRDs) spread across the Middle East and North Africa to analyze the campaign. A typical attack email in this...

Tripwire's December 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Internet Explorer and Scripting Engine. These patches resolve nine vulnerabilities, including fixes for Memory Corruption and Remote Code Execution (RCE)...

Following on from the round-up we released yesterday, today we look through the rest of what our regular contributors shared as their standout moments from 2018. Bob Covello, IT Security Director | @BobCovello "The most memorable event for me in 2018 was a positive one. There was enormous progress made towards getting multi-factor authentication...

Over the past few years, I've had the pleasure of welcoming interns on our security research team. One of my goals was to pass on knowledge of security to these folks and pique their interest in (a career in) security. The goal of any teacher is to pass on their knowledge to the younger generation, in essence creating a miniature version of...

The National Aeronautics and Space Administration (NASA) has warned its employees of a data breach that might have compromised their personal information. On 18 December, the agency's Human Resources Messaging System (HRMES) sent out a message to all employees informing them of a potential security...

As 2018 draws to a close, it's been a fascinating year in the IT security community. From record-breaking data breaches, new regulations and the Meltdown and Spectre debacle, we can certainly say it's been eventful. To round the year off, we thought it would be interesting to ask some of our regular contributors (and followers on Twitter) what their...