Blog

Blog

Planetary Ransomware Victims Can Now Recover Their Files for Free

Security researchers have released a decryptor that enables victims of the Planetary ransomware family to recover their files for free. Released by Emsisoft, this decryptor requires a victim to have a copy of the ransom note. It's not hard to find. Planetary ransomware, which earns its name for its use of planet-related file extensions including "...
Blog

How to Evade Detection: Hiding in the Registry

MITRE Corporation’s ATT&CK framework is a living, curated repository of adversarial tactics and techniques based on observations from actual attacks on enterprise networks. It’s a valuable trove of information for security analysts, threat hunters and incident response teams. Today, I’m going to look at a particular method for evading detection,...
Blog

Vulnerability Management: Myths, Misconceptions and Mitigating Risk

Vulnerability Management is a much-talked-about practice in the IT security industry. Whether it is the debate on vulnerability scoring, how to implement a suitable vulnerability management program based on your own resources or even trying to convince leadership a vulnerability management solution alone won't solve all your cybersecurity issues,...
Blog

Unsecured databases found leaking half a billion resumes on the net

Barely a day goes by anymore without another report of sensitive data being left accessible to anyone on Elasticsearch servers or MongoDB databases that have not been properly configured. Today is no different. As ZDNet reports, researchers have discovered several exposed servers that belong to Chinese recruitment firms. Security experts Devin...
Blog

Bayer Reveals Its Detection and Containment of Digital Attack

German multinational pharmaceutical and life sciences company Bayer AG has revealed that it detected and contained a digital attack. As reported by Reuters, Bayer discovered the installation of malicious software on its systems in early 2018. It then quietly monitored and analyzed the malware through...
Blog

3 Stages to Mounting a Modern Malware Defense Program

You would be hard-pressed these days to remain ignorant of the growth of ransomware incidents experienced by organizations large and small. We’ve seen a ton of press around these events, from CryptoLocker to WannaCry. The impact of this type of malware is newsworthy. The landscape of malware is changing, however. While ransomware is still a...
Blog

Are the Robots Getting Better at Image Recognition?

I was logging into an account today and was presented with a CAPTCHA that struck me as quite odd. Normally, the CAPTCHA images are as clear as ever. However, look at these images below: The sample image of the car at the top right is fairly clear, yet the selection choices are so highly pixelated...
Blog

Malware Actors Using New File Hosting Service to Launch Attacks

Bad actors are leveraging a new file hosting service in order to launch attack campaigns involving FormBook and other malware. Near the end of March, researchers at Deep Instinct observed a new FormBook attack. The infection chain for this campaign began with a phishing email that contains a malicious attachment. In the sample analyzed by Deep...
Blog

Vulnerability Management Metrics: The Final Frontier

In Part 1 of this series, we looked at some of the metrics that an executive team would want to see to identify how the business risk is trending. It is very important to keep in mind that if the business does not see the information security program as effective and efficient, they will not continue to invest in information security projects. In...
Blog

Women and Nonbinary People in Information Security: Ashanti

Last week, I had a very informative chat with my friend, CISO and cybersecurity policy expert Magda Chelly. I learned a lot about the Chief Information Security Officer role from her. This week, I spoke to Ashanti, who’s a security-minded Rust developer. She also enjoys making music, but she’s not the pop star who worked with Ja Rule. Her path in...
Blog

If the Data Breach Doesn't Kill Your Business, the Fine Might

When you hear about a data breach in the news, it's usually related to a major company or social media network that has been targeted. The erroneous conclusion would be that the hackers only focus on exploiting security flaws in large organizations, but the opposite is true. The reality is that cybercrime is deadly to small businesses, with 60% closing operations within six months of an attack....
Blog

Attackers Using Excel 4.0 Macro Dropper to Spread ServHelper Backdoor

Digital attackers are using an Excel 4.0 macro dropper to infect unsuspecting users with a new variant of the ServHelper backdoor. In summer 2019, researchers at Deep Instinct detected a new attack campaign launched by digital threat group TA505. This operation began by attempting to trick users into opening an attached Excel document. When a user...
Blog

Tripwire Patch Priority Index for March 2019

Tripwire's March 2019 Patch Priority Index (PPI) brings together the top vulnerabilities for March 2019. First on the patch priority list this month are patches for Microsoft's Browser, Scripting Engine and VBScript. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Security Feature Bypass and...
Blog

Google Introduces New 2-Step Verification Options for G Suite Accounts

Google has introduced new methods, an updated user interface and other changes through which 2-step verification (2SV) will work for G Suite accounts. On 26 March, Google announced three changes that will affect admins and end users of G Suite customers when they use 2SV going forward. The first change concerns updated user interfaces for 2-step...
Blog

Turning Data into Metrics: A Vulnerability Management Story

One of the main issues I find across the information security industry is that we constantly need to justify our existence. Organizations have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly preventing the business from freely doing as they please. IT is...
Blog

What is Zombie POODLE?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a write-up on the GOLDENDOODLE attack. Although not POODLE per se, Zombie POODLE is in...
Blog

TLS CBC Padding Oracles in 2019

*UPDATE: Padcheck source is now available on GitHub: https://github.com/Tripwire/padcheck* Since August, I’ve spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary ...
Blog

What is GOLDENDOODLE Attack?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a write-up on the Zombie POODLE attack. GOLDENDOODLE is the name I’ve given for...
Blog

Ransomware Hit Garage Used by Canadian Internet Registration Authority

A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink's "Automated Parking Revenue Control System" to verify...