It seems like everyday you see a new report about a massive data leak caused by someone accidentally exposing files stored in AWS S3 Buckets to everyone on the Internet. Many may remember Verizon’s infamous snafu that leaked data records for six million of their customers due to a misconfiguration in their S3 buckets. Since then, there have also been...

An oil transportation company discovered someone had installed Monero-mining software on its systems without its authorization. On 14 December, Vladimir Rushailo, vice president of the Russian state-owned transport monopoly Transneft, revealed that the company had found that one of its computers had automatically downloaded software designed to mine...

We want more of the CIA Triad. No, this has nothing to do with the US government agency. It stands for “confidentiality, integrity, and availability.” What it alludes to is the idea of protecting access to privileged information (confidentiality), asserting that the information hasn’t been tampered with (integrity), and that the information can be...

A new attack framework known as "Triton" is targeting industrial control systems (ICS) in an attempt to cause operational disruption and/or physical consequences. FireEye recently detected an incident at a critical infrastructure organization in which an attacker gained access to a Distributed Control System (DCS) that allows human operators to...

The media has been filled with news of identity theft, hacks, and other security woes as of late. In recent months, Uber was hacked, people had their financial information stolen by credit card skimmers, and one woman lost $59,000 to a fake police website. Such incidents cause people’s stomachs to churn. They wonder how to keep their data secure and...

A first pass look at the issue of net neutrality might not immediately bring to mind concerns around cybersecurity, but we shouldn’t ignore the logical security implications of fundamentally reclassifying the Internet. Let’s level set a little bit, for net neutrality doesn’t appear to be a simple issue for most, but it’s actually not that...

No-one responsible for computer security should forget what happened in October 2016. The Mirai botnet launched an attack on the internet, the scale of which had never been seen before. By unleashing a massive distributed denial-of-service (DDoS) attack on DNS service company Dyn, Mirai managed to knock out significant chunks of the internet -...

Compliance with NERC regulations begin with defining your organization’s policies, promoting them in the workplace, and reinforcing positive efforts. A key takeaway to transforming your compliance philosophy into a culture of compliance is by standardizing processes to meet requirements and engaging everyone to participate. Success begins with an...

A new ransom-based email scam campaign is demanding that all recipients either meet the sender's demands and pay up or die. On 11 December, Spiceworks user Dave Lass shared the campaign with other members of the professional IT industry network. The scam doesn't waste any time in attempting to frighten the recipient. It begins with the subject line ...

On 11 May 2017, President Donald Trump signed an executive order that provides guidance on strengthening the United States' digital security. The directive makes clear that each head of a U.S. federal agency or government department is ultimately responsible for managing their organization's risk. It also emphasizes their use of a specific document...

Today’s VERT Alert addresses the Microsoft December 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-756 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs This month, no Microsoft vulnerabilities have been publicly disclosed or are being actively exploited. There are, however, a...

Vulnerability Description A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 v1.5 padding...

The National Capital Poison Center (NCPC) in Washington, DC has published notice of a ransomware attack it suffered back in 2017. According to the news release (PDF), the critical health resource detected a ransomware infection on its systems in October 2017. It then launched an investigation into the matter with the assistance of a third-party...

Last time, I had a chat with Kristen Kozinski. She's an expert on web development security, and she also has a pretty cool website for end user security education called Don't Click on That. This time, I have a very special interview with Jelena Milosevic. She's a nurse who has made it her mission to educate people about the cybersecurity problems...

A criminal stole "a significant amount of data" in a hacking attack that targeted one of the busiest airports in Australia. According to The West Australian, the breach occurred in March 2016 when a Vietnamese man named Le Duc Hoang Hai abused a third-party contractor's credentials to access the systems at Perth Airport, the fourth busiest airport...

I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment...

Ransomware had a good year in 2017. For the first time ever, we saw several "cryptoworm" variants self-propagate across vulnerable workstations around the world. We also witnessed more traditional ransomware families cause remarkable damage to victimized organizations as well as strains that embraced novel tools and techniques. Here are 10 of the...

A security breach at bicycle-sharing operation oBike has exposed the personal information of users in Singapore and 13 other countries. A spokesperson for the company said the data leak "stemmed from a gap in our [application programming interface] that allowed users to refer a friend to our platform." With the oBike app, users can send invitation...

As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...