Blog

Blog

Divergent Malware Using NodeJS, WinDivert in Fileless Attacks

Samples of a new malware family called "Divergent" are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn't identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They...
Blog

Why Cybersecurity Pros Need to Be Good Storytellers

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several...
Blog

WordPress sites hacked through defunct Rich Reviews plugin

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and--worst of all--malware designed to infect users' computers. Researchers at WordFence went public about how hackers are exploiting a...
Blog

Percentage-Based URL Encoding Used by Phishers to Evade Detection

Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new...
Blog

Join Tripwire VERT at SecTor 2019

For the past few years, VERT has been running an IoT Hack Lab at SecTor, a security conference in Toronto, Ontario, Canada. Interested attendees (including Expo attendees, who can get a free pass using code Tripwire2019) can visit the Hack Lab with their laptop and learn how to hack various IoT devices from routers and baby monitors to more complex...
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3

Part 2: Cyber Hygiene Made Public – A Necessary Evil? In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC...
Blog

Building a Foundation for “Smart” Steel Factories with Fog Computing, the Cloud and Cybersecurity

Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably the Industrial Internet of Things (IIoT) and Industry 4.0 and...
Blog

Over 12,000 WannaCry Variants Detected in the Wild

Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August...
Blog

#TripwireBookClub – Practical Binary Analysis

After an extended delay, we’ve finally reviewed our next book for #TripwireBookClub. This time around, we looked at Practical Binary Analysis written by Dennis Andriesse and published by No Starch Press. This book is a deep dive into binary analysis, and I think that it’s best just to quote the opening paragraph of the book’s preface: “Binary...
Blog

TFlower Ransomware Targeting Businesses via Exposed RDS

A new crypto-ransomware threat called "TFlower" is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine's exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with...
Blog

Concerns and Challenges for Effective Cloud Security

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web...
Blog

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

Part 1: Laying the Groundwork for Achieving Certification In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance pain points: Varying standards...
Blog

Spam Campaign Targeting German Users with Ordinypt Malware

A new spam campaign is attempting to infect German-speaking users with samples of the destructive Ordinypt malware family. According to Bleeping Computer, the campaign sent spam emails masquerading as a job application from someone named Eva Richter. These messages supported this claim by using the subject line "Bewerbung via Arbeitsagentur - Eva...
Blog

COBALT DICKENS Launched New Phishing Operation against Universities

The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks' Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used...
Blog

How to Foil the 6 Stages of a Network Intrusion

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive...
Blog

What to Do If You Receive a Legitimate 'Unusual Account Activity' Notice

Sadly, it’s all too common for consumers to receive notices of “unusual account activity” these days. Yes, service providers might send out these letters after learning of a data breach that affected a large portion of their customer base. But sprawling security incidents aren’t the only motivation here for issuing these types of notifications....
Blog

Toyota Parts Supplier Loses $37 Million in Email Scam

Toyota Boshoku, a seating and interiors supplier for Toyota cars, has revealed that it was tricked into moving a large amount of money into a bank account controlled by scammers. In a statement published on its global website, Toyota Boshoku Corporation said that its European subsidiary was duped into transferring approximately four billion yen ...