The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource...

Security researchers found several clues linking the WebNavigator web browser to well-known search hijackers. A Chromium-based browser, WebNavigator promises users that it'll simplify their web browsing experience by providing "quick access" to their bookmarks. The browser also claims to yield quick search results by starting up with Windows and by...

Digital attack attempts in industrial environments are on the rise. In February 2020, IBM X-Force reported that it had observed a 2,000% increase in the attempts by threat actors to target Industrial Control Systems (ICS) and Operational Technology (OT) assets between 2018 and 2020. This surge eclipsed the total number of attacks against...

One significant negative implication of technology's continual evolution is proportional advancement in nefarious internet activities, particularly cyber attacks. The past few years have seen a rising sophistication in cyber attacks at levels never experienced before. The worst fact is that attacks will likely only continue to get more advanced. To...

Zoom released new security features to help its users counter disruptive meeting intrusions, otherwise known as "Zoombombing." Matt Nagel, security & privacy PR lead at the American communications technology company, announced in a blog post on November 16 that Zoom had released two new anti-Zoombombing features over the previous weekend. The...

The Lazarus group leveraged a supply chain attack to target users located in South Korea with custom malware. On November 16, ESET disclosed that the Lazarus group conducted its supply chain attack by abusing WIZVERA VeraPort. This application helps users in South Korea manage the installation of additional computer security software when they...

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance. Even so,...

Recently, the Securities and Exchange Commission’s exam division issued a Risk Alert (the “Alert”) where it carried out several targeted cybersecurity investigations. The agency is now concerned with how there’s been an increase in a specific type of hack known as “credential stuffing.“ This cyberattack involves using stolen credentials to log into...

The number of successful ransomware attacks on the education sector increased 388% in the third quarter of 2020. According to Emsisoft, the education sector reported 31 ransomware incidents in Q3 2020. That's a 388% increase over the 8 incidents that occurred in the previous quarter. Nine of the 31 ransomware attacks disclosed in the third quarter...

An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to...

One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with...

For those that have been in the industry for more than a couple of years, you will remember when Microsoft retired the very powerful and well-documented security bulletins back in 2017. At the time, we felt that it was a severe reduction in the availability of information; Microsoft was suddenly communicating much less information. Yesterday, they...

The cybersecurity industry is more well-informed than most, but even so, misconceptions arise and spread, helped along by the fact that the rise in cybersecurity incidents has led to substantial “pop culture” intrigue with all things cybersecurity. One of the more harmful of these misconceptions is the conflation of “hacker” and “attacker,” terms...

Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions. In-The-Wild & Disclosed CVEs CVE-2020-17087 ...

A Ukrainian citizen received a nine-year prison sentence for a scheme in which he tried to steal $10 million from Microsoft. On November 9, the U.S. District Court in Seattle handed down the sentence to Volodymyr Kvashuk, 26, a Ukrainian citizen who was residing in Renton, Washington. According to...

Policy compliance within the information security space can be an exhausting concept to wrap our heads around. Writing a policy document, publishing it to staff and then staying hands-on to ensure it is followed in perpetuity is easily seen as an arduous, if not an impossible, task. Policies set the basis for every successful information security...

Computer manufacturing company Compal Electronics announced that it had suffered a security incident involving some of its systems. Qingxiong Lu, deputy manager director of Compal, told United News Network on November 9 that the company had experienced a security incident. In his explanation of the event, Qingxiong identified that the incident had...

As I had mentioned previously, this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...

In August 2020, the Cybersecurity and Infrastructure Security Agency (CISA) released its strategy to ensure the security and resilience of 5G infrastructure in the United States. Roughly every 10 years, the next generation of mobile communication networks is released, bringing faster speeds and increased capabilities. The fifth generation (5G) of...