Blog

Blog

VERT Threat Alert: July 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th. In-The-Wild & Disclosed CVEs CVE-2020-1463 A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a malicious...
Blog

5 Risks You Need to Remember When Securing Your Containers

Containers are on the rise. As reported by GlobalNewswire, Allied Market Research estimated that the application market would grow from its 2016 value of $698 million to $8.20 by 2025. With a compound annual growth rate of 31.8% between 2018 and 2025, this increase would largely reflect both the surge in popularity in application container...
Blog

TrickBot Malware Warning Victims of Infection by Mistake

Security researchers observed some variants of the TrickBot malware family mistakenly warning victims that they had suffered an infection. Advanced Intel's Vitali Kremez traced the mistake to "password-stealing grabber.dll." This module is responsible for stealing browser credentials and cookies from Google Chrome, Microsoft Edge and other web...
Blog

VPNs: What Do They Do, and What Don’t They Do?

Virtual Private Networks, or VPNs, are not exactly a new technology. When I started my career in IT about 15 years ago, VPN tunnels were the standard way we connected remote offices by extending private networks over the public Internet. Recently, as workforces continue to decentralize due to the rise of Cloud Computing as well as the current...
Blog

Conti Ransomware Deemed a Possible Successor of Ryuk

Security researchers found evidence that the Conti ransomware strain could be a possible successor to the Ryuk crypto-malware family. Vitali Kremez, strategic advisor for SentinelLabs, analyzed both Conti and Ryuk. He found that the former appeared to be based on the code of the latter's second version. He also observed Conti to be using the same...
Blog

Joker Spyware Infiltrated Google Play, Abused Old Trick to Target Users

Security researchers detected a new variant of the Joker spyware family that had infiltrated Google Play and had begun abusing an old trick to target users. Check Point Research found that the authors of Joker, a dropper and premium dialer spyware, had once again modified their creation's code so that the malware would bypass the Play Store's...
Blog

MITRE ATT&CK July 2020 Update: Sub-Techniques!

The highly anticipated structural update to the MITRE ATT&CK framework was released July 8th, 2020. After a quiet first half of the year, it appears the ATT&CK team has been putting in lots of work into some significant redesign of the framework’s structure. This update introduces a new layer of abstraction: sub-techniques. ATT&CK is a taxonomy of...
Blog

I Have Antivirus; I’m Protected, Right? Mis-steps Customers Make with their Security and Vulnerability Tools

I’ve worked in the IT field for over 30 years. 20 of those years have been spent in the network security field, employed by some of the largest names in the industry. But to my family, I’m still just the guy who “works with computers”. Many of my family are not computer savvy, which is a nice way of saying I had to teach them where the power button...
Blog

EDP Renewables Notifies Landowners of Ransomware Attack

Renewable energy company EDP Renewables notified its landowners of a ransomware attack that it suffered in the spring of 2020. In a sample notification letter received by the Attorney General's Office of Vermont, EDP Renewables informed its landowners that its information systems had suffered a...
Blog

Using “Update.exe” as a Case Study for Robust OT Cybersecurity

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS...
Blog

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above...
Blog

Trickbot Malware Using Screen Resolution Checks as Anti-VM Tactic

Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). Digital security firm MalwareLab came across a sample of the trojan that checked to see whether a computer's screen resolution was either 800x600 or 1024x768. It then terminated if it found that the screen resolution...