Resources

Blog

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term...
Blog

A Google Cloud Platform Primer with Security Fundamentals

We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services but, this time, we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) is growing at an impressive 83 percent year over year but generally receives less focus than AWS and Azure. We can use some of our best practice cloud...
Blog

#TripwireBookClub – The Ghidra Book

It’s been a little while since we last reviewed a book, but a lot of my team has been spending time with Ghidra this year. Craig Young taught a course on the subject, and I’ve used it with my students at Fanshawe College in their Malware Analysis course. Given our fascination with Ghidra, reviewing The Ghidra Book: The Definitive Guide by Chris...
Blog

VERT Alert: SolarWinds Supply Chain Attack

Vulnerability Description The United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software. The attacks have been ongoing since at least March 2020 and...
Blog

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers

Digital attackers launched a new ransomware campaign dubbed "PLEASE_READ_ME" in an effort to target MySQL servers. Guardicore first spotted the attack back in January 2020. After that, it witnessed a total of 92 attacks emanate from 11 IP addresses, with most based in Ireland and the United Kingdom at the time of analysis. The security firm found...
Blog

Cloud Security: Messy Blobs and Leaky Buckets

Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it.A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google...
Blog

Goodbye to Flash - if you're still running it, uninstall Flash Player now

It's time to say a final "Goodbye" to Flash. (Or should that be "Good riddance"?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021. In...
Blog

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that's using an exact domain spoofing tactic in order to impersonate Microsoft. On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primarily worked in the financial services, healthcare, insurance, manufacturing, utilities and telecom...
Blog

Phorpiex Botnet Named "Most Wanted Malware" in November 2020

The Phorpiex botnet earned the notorious designation of "most wanted malware" for the month of November 2020. In its Global Threat Index for November 2020, Check Point Research revealed that it had observed a surge in new Phorpiex botnet infections that had affected four percent of organizations globally. This threat activity enabled Phorpiex to...
Blog

Lessons from Teaching Cybersecurity: Week 10

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

VERT Threat Alert: December 2020 Patch Tuesday Analysis

Today’s VERT Threat Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th. In-The-Wild & Disclosed CVEs There are no In-The-Wild or Disclosed CVEs patched this month. CVE Breakdown by Tag While historical Microsoft...
Blog

Tripwire Patch Priority Index for November 2020

Tripwire's November 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are three vulnerabilities in Oracle WebLogic Server that have recently been included within the Metasploit exploit framework. Supported versions of Oracle WebLogic Server that...
Blog

Ghidra 101: Cursor Text Highlighting

In this blog series, I will be putting the spotlight on useful Ghidra features that you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective while reverse engineering. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. What is...
Blog

BEC Scammers Struck Philadelphia Non-Profit Food Bank

Malicious actors used a Business Email Compromise (BEC) scam to prey upon a Philadelphia non-profit food bank. According to The Philadelphia Inquirer, the scam occurred back in July when the hunger relief organization Philabundance was nearing the completion of its $12 million Philabundance Community Kitchen. ...
Blog

Thoughts from the NCSC 2020 Annual Review

The National Cyber Security Centre (NCSC) released its annual review of 2020. If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.” This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in...