Blog

Blog

Keeping Your Privileged Users Aware

You know you’ve got them. Employees with nearly unfettered access to every nook and cranny of your organization’s network, devices and servers. While often a necessity in the digital age, privileged users represent a huge cybersecurity risk that you should not overlook. Employees who hold the “keys to the kingdom” are an appealing target for hackers...
Blog

VERT Vuln School – SQL Injection 103

Reminder: VERT Vuln School guides are published for educational purposes only. In our last post, we demonstrated how an attacker could leverage a classical SQL injection vulnerability in a web application to leak database information (by reflecting the result of the database queries onto the web application itself). In this post, we are going to...
Blog

MarsJoke Ransomware Made into Laughing Stock by Decryption Tool

MarsJoke ransomware once posed a serious threat to users, but not as much now that researchers released a decryption tool. Kaspersky Lab's Anton Ivanov, Orkhan Mamedov, Fedor Sinitsyn said they created the decryptor by exploiting a flaw in the ransomware's code. Specifically, MarsJoke uses a function "rand()" to randomly generate an array of...
Blog

$1.5 Million Reward Announced for Remote Jailbreak of iOS 10

A company is offering to pay 1.5 million USD to anyone who submits a remote jailbreak for Apple's iOS 10. On Tuesday, the exploit broker Zerodium made the announcement on Twitter: https://twitter.com/Zerodium/status/781516292901789696 Zerodium is well known for offering bug bounty rewards whose value dwarfs those offered by Apple, Google, and other...
Blog

Meet Sp@mLooper, the Bot that Will Spam Spammers Back for You

Everyone hates scams. That's because everyone's a target. As we all know, social media websites like Facebook, Twitter and LinkedIn are rife with fraudsters. Most of those scammers just want a few hundred dollars or access to their target's account. But some want more. Some try to steal their victim's identity, while others attempt to exploit a...
Blog

The Number One Reason Enterprises Fail to Attain Cyber Resilience

In my last blog post, I discussed the five levels of preparedness for cybercrime and remarked on the sad fact that the majority of enterprises are at the reactive or compliant levels. I also discussed that reacting to cybercrime is driven by attempting to deliver security, which is predominantly built upon an over-reliance on prevention capabilities...
Blog

Linux Security – The Next Big Target for Cyber Criminals

As the cyber security threats continue to evolve and expand upon both consumers and companies, we observe a shift from the traditional Trojans and Worms to more complex malware that can truly devastate a system. The contemporary viruses execute their payloads in stages and can dynamically affect different parts of the target system. The biggest...
Blog

Europol Warns of the Top 8 Cybercrime Trends in 2016

A new report released by Europol's European Cybercrime Center (EC3) warns of the eight main cybercrime trends that investigators have seen impact a growing number of citizens and businesses this year. The 2016 Internet Organised Crime Threat Assessment (IOCTA) found that the volume, scope and...
Blog

Why Is Endpoint Protection a Big Deal in ICS Environments?

In a previous blog post, ICS: Next Frontier For Cyber Attacks blog, I spoke about the cybersecurity posture of industrial control systems (ICS) and the enormous implications for such attacks. For industrial organizations, it means downtime and lost business. For individuals, it means potential safety issues and lost services. For society, it means...
Blog

Odin File Virus Ransomware Is Here!

Do you remember the .Zepto Ransomware? Of course, you do. Well, you can more or less put it in the rear-view mirror. However, there is very little in the way of actual reasons for celebration. A new threat is on the rise! It’s been tentatively called .Odin File Virus. It changes your files’ extensions to match the name of the one-eyed god from the...
Blog

Project Springfield Fuzzing Tool Set to Help Customers Find Security Bugs

Microsoft has announced the release of Project Springfield, a fuzzing tool which helps customers find security bugs in software before the hackers do. According to the Redmond-based company, the service is designed to help developers find security vulnerabilities proactively. As a result, they don't need to undertake the costly effort of releasing a...
Blog

The Right Way to Respond to a Data Breach

Cybersecurity has become a board level discussion, and worries about cybersecurity breaches are part of what keeps C-suite execs and BOD members up at night. So much so that many organizations have started to adopt the mentality that they’ve likely been breached already and they just don’t know it yet. It’s what’s known as the “assume breach”...
Blog

Hackers Can't Break This Style of Coding, Confirm Researchers

On April 7, 2014, the world first learned about the Heartbleed vulnerability. A small flaw in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520), Heartbleed enables an attacker to unravel the encryption measures in systems protected by vulnerable OpenSSL software, which some at the time...
Blog

Yahoo Says 500M Users' Account Info Stolen by State-Sponsored Actor

Yahoo says a state-sponsored actor stole the account information for at least 500 million of its users in a breach that occurred back in late-2014. On 22 September, Yahoo CISO Bob Lord confirmed that the hack might have compromised several pieces of its users' account information: "We have confirmed that a copy of certain user account information...