A hospital shut down its network after a ransomware attack restricted authorized personnel access to some of its computer systems. On 12 January, Hancock Regional Hospital confirmed in a statement that it had suffered a ransomware attack. As quoted by FOX59: Hancock Regional Hospital has been the victim of a criminal act by an unknown party that...

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations' futures look like they will consist of hybrid setups: environments combining physical servers, virtualization, and...

AdultSwine malware displays pornographic ads within affected child-themed game apps that were once available for download on Google's Play Store. Researchers at Check Point detected AdultSwine hidden within 60 game apps, including some with children as their target audience. All of those affected apps were available for download on Google's Play...

WhatsApp likes to brag about its end-to-end encryption, but researchers from Germany's Ruhr University Bochum have discovered a flaw that could allow unwanted eyes to spy upon your private group chats. In a technical research paper that explores the end-to-end security of three different secure messaging apps capable of allowing "private" group...

The United States Justice Department has charged an alleged malware author with spying on thousands of users for a period of 13 years. Phillip R. Durachinsky (Source: Cleveland Scene) An indictment filed with the U.S. District Court for the the Northern District of Ohio (Eastern Division) asserts...

There are several technical methods of stealing passwords via malware or software vulnerabilities, and one of the most difficult to defend against occurs when users disclose their credentials unknowingly. Yes, I am referring to phishing. Specifically, phishing that tricks users into accessing a fake website and entering their credentials. We often...

High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes. Findings revealed that the majority (78...

Based on the past year, one thing that is certain to be on every company’s mind is security. Among the various concerns associated with security, perhaps the most important is how much it costs to effectively secure your company data in the age of large-scale cyberattacks and breaches. According to Accenture’s 2017 “Cost of Cybercrime” report, the...

You can now read the 2019 edition here! With 2017 now in the rear-view mirror, the security industry is turning its attention to 2018. The new year will no doubt present its fair share of challenging digital security threats. So too will it present numerous opportunities for infosec professionals to discuss shared difficulties at conferences and...

Today’s VERT Alert addresses the remainder of the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-760 on Wednesday, January 10th. In-The-Wild & Disclosed CVEs CVE-2018-0802 A malicious file could cause code execution due to Microsoft Office Equation Editor’s failure...

VTech Electronics Limited has agreed to pay $650,000 as part of a settlement agreement with the Federal Trade Commission (FTC) for a 2015 breach that exposed millions of parents' and children's data. On 8 January, the United States District Court in the Northern District of Illinois (Eastern Division...

Recently at its re:Invent 2017 conference, Amazon announced an interesting new security offering called GuardDuty. GuardDuty uses threat intelligence, machine learning and anomaly detection to deliver agentless security findings across a variety of AWS services. This blog will discuss a bit about GuardDuty and show one example of how to gather custom...

Criminals might have accessed the personal and medical information of 30,000 Florida Medicaid recipients via a successful phishing attack. On 2 January 2018, Florida's Agency for Health Care Administration (Agency) received the preliminary findings of a review launched by the state's Inspector...

Ransomware activity was on a fairly high level till mid-December but slowed down by the end of the month, perhaps due to threat actors’ holiday spree. Some of the newsmaking events included the onset of the first-ever blackmail virus targeting network-attached storage devices, the breach of California's voter database, and arrests of CTB-Locker and...

Vulnerability Description Meltdown and Spectre are hardware design vulnerabilities in CPUs utilizing speculative execution. While the defect exists in the hardware, mitigations in operating systems are possible and are currently available. CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. The...

Attackers abused the website of a Ukraine-based accounting software developer to serve banking malware to unsuspecting users. The attack occurred in August 2017 around the Independence Day holiday in Ukraine. At around that time, unknown individuals hacked the website for Crystal Finance Millennium (CFM), a Ukrainian company which provides...

Today’s VERT Alert addresses the Microsoft January 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-759 on Friday, January 5th. We are not yet certain if this release contains all January updates or if Tuesday will see a second set of updates released. In-The-Wild & Disclosed CVEs ...

If this first week is any indication, 2018 could mark a significant paradigm shift in trusted computing and open source hardware. Chip makers have been very effective in making enhancements to greatly improve application performance, but the revelation of Spectre and Meltdown makes it clear that more attention needs to be paid to hardware level...