Blog

Blog

UK Government Publicly Attributes NotPetya Outbreak to Russia

UK government officials have publicly attributed the NotPetya malware attacks of June 2017 to actors in the Russian government. Foreign Office Minister Lord Ahmad made his thoughts known in a statement released on 15 February: The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the...
Blog

Don’t Get BuckHacked: What Are You Doing to Keep Your AWS S3 Data Private?

Leaky AWS S3 buckets have been spilling confidential information onto the public internet for years, and now anonymous hackers have created a search engine to make finding those exposed secrets even easier. New on the scene is “BuckHacker.” The name is a portmanteau, stemming from the fact that it allows the hacking of “buckets,” which is the name for containers of data within Amazon Web Services...
Blog

Overcoming the Blame Game – Improving Security without Destroying Careers

Today, I was sitting in an awesome class being held at @BSidesHSV, and it got me thinking. The class entitled “Fundamentals of Routing and Switching for Blue and Red Teams” put on by Paul Coggin was a deep dive into layer two and layer three configurations, and possible means of compromise. The content was outstanding, and Paul did a great job communicating a very difficult topic. Throughout the...
Blog

Top 10 Mobile App Security Best Practices for Developers

App security isn’t a feature or a benefit – it is a bare necessity. One breach could cost your company not just millions of dollars but a lifetime of trust. That is why security should be a priority from the moment you start writing the first line of code. While you were busy developing the most intuitive, innovative and exciting apps, security...
Blog

6 Top Cloud Security Threats in 2018

2018 is set to be a very exciting year for cloud computing. In the fourth financial quarter of 2017, Amazon, SAP, Microsoft, IBM, Salesforce, Oracle, and Google combined had over $22 billion in their revenue from cloud services. Cloud services will only get bigger in 2018. It’s easy to understand why businesses love the cloud. It’s easier and more...
Blog

VERT Threat Alert: February 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th. In-The-Wild & Disclosed CVEs CVE-2018-0771 This vulnerability describes a Same-Origin Policy (SOP) bypass in Microsoft Edge. The SOP is designed to...
Blog

AndroRAT Exploiting Vulnerability to Escalate Privileges on Android Devices

A new variant of the Android Remote Access Tool (AndroRAT) is exploiting a vulnerability to escalate privileges on unpatched Android devices. The malware disguises itself as a utility app called "TrashCleaner" and waits for users to download it from a malicious URL. Upon running for the first time, the malicious app forces the device to install what...
Blog

Security at the Speed of DevOps

DevOps and traditional security seem to be at odds with one other. But it doesn’t have to be that way. You can make security a part of your DevOps process without sacrificing agility or security. First, let's define what DevOps is. Let's then look at how it combines with security to create DevSecOps. DevOps: A Working Definition So, what do we...
Blog

4K+ Websites Infected with Crypto-Miner after Tech Provider Hacked

Bad actors secretly infected more than 4,000 websites with the script for a crypto-miner after hacking a single technology provider. The trouble started on 11 February when Ian Thornton-Trump encountered something concerning while visiting the website for the UK Information Commissioner's Office (ICO). https://twitter.com/phat_hobbit/status...
Blog

Security Mindset: Balancing Firmness and Flexibility

Navigating the noise, complexity and uncertainties of the cybersecurity landscape demands clear thinking. But that’s no easy task. The security professional today has to be knowledgeable about the organization’s own environment, business needs and risks, compliance requirements, best practice frameworks, internal policies and procedures, and the...
Blog

New ‘UDPoS’ Malware Exfiltrates Credit Card Details via DNS Server

Researchers have identified a new strain of point-of-sale (PoS) malware that impersonates a LogMeIn service pack to steal credit card data via a DNS server. According to security firm Forcepoint, the malware – dubbed "UDPoS" – is unusual in that it generates a large amount of UDP-based DNS traffic to exfiltrate magnetic strip payment card details. ...
Blog

Cryakl Ransomware Decryption Keys Released by Belgian Federal Police

The Belgian federal police has released free decryption keys for Cryakl ransomware following an international law enforcement operation. On 9 February, the European Union Agency for Law Enforcement Cooperation (Europol) announced the release of the keys through No More Ransom. The move represents the culmination of an investigation that involved...
Blog

Cryptomining Software Discovered on Tennessee Hospital's EMR Server

A Tennessee hospital discovered cryptomining software installed on a server that hosts its electronic medical records (EMR) system. In January 2018, Decatur County General Hospital began notifying patients of a incident involving its electronic medical record systems. Its breach notification letter (PDF) reveals the hospital first learned about the...
Blog

Swisscom data breach exposes 800,000 customers

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers - most of whom were mobile subscribers. Data exposed during the breach included: Customers' first and last names Customers' home addresses Customers' dates of birth ...
Blog

Are You PCI Curious? A Short History and Beginner’s Guide

When I was a kid and we would go out to dinner, my dad would often pay using a credit card. The server would come over with an awkward, clunky device, put the credit card in it, and scan the card. By scan, I mean make an impression of the numbers on a piece of paper with a carbon receipt, which he would then sign and each party would get a copy. There were no wires, no electronic transmissions of...