Resources

Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Google App Engine, Azure App Service Abused in Phishing Campaign

By David Bisson on Wed, 08/12/2020
A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims' Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link "https://bitly[.]com/33nMLkZ" distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain "https:/...
Blog

Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

By Editorial Staff on Wed, 08/12/2020
Cloud misconfigurations are no laughing matter. In its "2020 Cloud Misconfigurations Report," DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: August 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/11/2020
Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed...
Vulnerability & Risk Management
VERT Research
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

By David Bisson on Tue, 08/11/2020
Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their...
The Importance of Content for Security Tools like Tripwire
Blog

The Importance of Content for Security Tools like Tripwire

By Editorial Staff on Mon, 08/10/2020
Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

By David Bisson on Mon, 08/10/2020
Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that...
The State of Civil Aviation Cybersecurity
Blog

The State of Civil Aviation Cybersecurity

By Anastasios Arampatzis on Sun, 08/09/2020
Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly...
Phorpiex Botnet Named "Most Wanted Malware" in November 2020
Blog

Emotet Botnet Named 'Most Wanted Malware' for July 2020

By David Bisson on Fri, 08/07/2020
The Emotet botnet earned the title of "most wanted" malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm's Global Threat Index for that month. Emotet launched...
The Center for Internet Security (CIS) Use Cases and Cost Justification
Blog

The Center for Internet Security (CIS) Use Cases and Cost Justification

By Michael Betti on Thu, 08/06/2020
Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step...
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Phishing Campaign Leads Users to Site Disguised as Email Scanner

By David Bisson on Thu, 08/06/2020
A phishing campaign tricked users into visiting a website that masqueraded as an email scanner in an effort to steal their account credentials. Kaspersky Lab found that the campaign began with a scam email containing a fake virus alert. This email claimed to originate from an organization's "Email Security Team," but it actually originated from a...
National Cybersecurity Authority (NCA): What You Need to Know
Blog

National Cybersecurity Authority (NCA): What You Need to Know

By Ehab Nour on Wed, 08/05/2020
In its Vision 2030 development plan, Saudi Arabia included a National Transformation Program whose purpose is to diversify the Kingdom’s income away from the oil industry. One of the core tenets of that program is to enable the growth of the private sector by developing the digital economy. Specifically, Saudi Arabia set out its intention to...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

FBI: Continued Use of Windows 7 Poses Security Risks Given EOL Status

By David Bisson on Wed, 08/05/2020
The Federal Bureau of Investigations (FBI) warned of the security risks that organizations face if they continue to use the Windows 7 operating system despite its end of life (EOL) status. In a private industry notification published on August 3, the FBI explained that it had witnessed computer criminals exploiting operating systems that had...
Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues
Blog

Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues

By Craig Young on Wed, 08/05/2020
The mechanical lock is perhaps the most fundamental, tangible, and familiar layer of security in our daily lives. People lock their doors with the expectation that these locks will keep the bad people out, but there’s a common adage in the security industry that locks are only good at keeping honest people honest. This is perhaps truer than ever in...
Acceso Remoto Seguro: Por que es importante y por que hay que hacerlo bien
Blog

Secure Remote Access: Why It’s Important and How to Do It Right

By Editorial Staff on Tue, 08/04/2020
COVID-19 forced organizations all over the world to transition their employees to a work-from-home policy. That change came at a time when organizations’ connected infrastructure is more complex than ever. Such complexity doesn’t just extend across IT environments, either. Indeed, machines and production processes are also becoming increasingly...
Why Privacy Matters in Cybersecurity
Blog

Sharpening Your Defenses With MITRE ATT&CK’s New Sub-Techniques

By Editorial Staff on Mon, 08/03/2020
Jen Burns, lead cybersecurity engineer at MITRE, walks us through the MITRE ATT&CK© Framework and discusses some important changes brought by a July 2020 update. She then highlights what the security community can expect to see in a couple of upcoming updates before sharing how individuals can get involved with the MITRE ATT&CKFramework going...
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Belarus Announces Arrest of GandCrab Ransomware Distributor

By David Bisson on Mon, 08/03/2020
Government officials in Belarus announced they had arrested an individual on charges of having helped to distribute GandCrab ransomware. On July 30, the Ministry of Internal Affairs (MIA) of the Republic of Belarus revealed that it had arrested a 31-year-old resident of Gomel in cooperation with the...
Tripwire Patch Priority Index for August 2022
Blog

Tripwire Patch Priority Index for July 2020

By Lane Thames on Mon, 08/03/2020
Tripwire's July 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, F5 Networks, Cisco, and Oracle. Up first on the patch priority list this month are patches for F5 Networks and Cisco for vulnerabilities that have been integrated into various Exploits. Metasploit has recently added exploits for F5 Networks' BIG...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials

By David Bisson on Fri, 07/31/2020
Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims' Microsoft credentials. Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access...