In their attempt to extort as much money as quickly as possible out of companies, ransomware gangs know some effective techniques to get the full attention of a firm's management team. And one of them is to specifically target the sensitive information stored on the computers used by a company's top executives, in the hope of finding valuable data...

Tripwire's December 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Pulse Secure, and Oracle. First on the patch priority list this month are two vulnerabilities that have recently been included within the Metasploit exploit framework. One is a vulnerability in Pulse Secure Desktop Client and the other is a...

A popular joke among technologists says that it’s always DNS, even when it initially didn’t seem that way. DNS issues come in many shapes and forms, including some often-overlooked security issues. DNS (short for the Domain Name System) continues to be described as “the phonebook of the Internet,” but many people, including most readers of this...

Last year, I wrote about the Verizon Payment Security Report saying it was ”Not Just for PCI.” Verizon liked that post enough to include its introduction in this year’s version. This recognition was a wonderful surprise. Like last year’s report, the 2020 publication goes well beyond PCI in its information and recommendations. While PCI DSS forms...

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. In...

Over the last few years, the idea of patching systems to correct flaws has graduated from an annoying business disruption to a top priority. With all of the notorious vulnerabilities that can wreak total havoc, the time it takes to patch becomes a minor inconvenience when weighed against both the technical challenges and possible regulatory...

It is always unfortunate when the garage door is left open when you leave for an extended period of time. This has happened to me a couple of times. By leaving the garage door open, I was inviting unwanted guests into the garage. An unwanted guest can be animals looking for a meal and spreading trash all over. It could also be another person that...

As a cybersecurity professional, how numb have you become to vendors who try to scare you with frightening statistics in an effort to sell you a new product? It is understandable that a vendor has to present as much information in a limited amount of attention-grabbing time, so their doomsday technique makes some sense. Perhaps the vendors’ approach...

OVAL is the Open Vulnerability Assessment Language, which uses XML based documents to define vulnerabilities based on characteristics of a host system. It can also be used to gather information about the host. When an OVAL file is evaluated, it generates a report file with the results of the vulnerability evaluation or a system characteristics file...

As I mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

Con la llegada de COVID-19 las organizaciones de todo el mundo fueron obligadas a hacer la transición de sus empleados a trabajar desde casa, en un momento en que la infraestructura de red de las organizaciones es más compleja que nunca. Esta complejidad no es única de los entornos de IT. De hecho, las máquinas y los procesos de producción también...

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their...

As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus— ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number of high-profile targets. For those of you who didn’t keep up with all of the developments in the ransomware space, we’ve broken down...

2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front and center. In this piece, we take a...

Unfamiliar territory As a security analyst, engineer, or CISO, there are so many aspects of the field that require immediate attention that one cannot possibly know everything. Some of the common areas of security knowledge include topics such as where to place a firewall, configuration and patch management, physical and logical security, and...

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their...

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study...

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term...

We’ve previously discussed best practices for securing Microsoft Azure and Amazon Web Services but, this time, we are going to turn our attention to Google Cloud Platform. Google Cloud Platform (GCP) is growing at an impressive 83 percent year over year but generally receives less focus than AWS and Azure. We can use some of our best practice cloud...