The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS says that it is launching the "Hack DHS" bug bounty program to "identify potential cybersecurity vulnerabilities within certain DHS...

In September 2021, Tripwire released its annual report to examine the actions taken by the U.S. federal government to improve cybersecurity. The report also looks at non-government organizations so that we may catch a glimpse of the differing views and approaches of each, which makes for interesting (and revealing) insights. The results of such...

On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges. If you are currently working to identify instances of this vulnerability,...

It seems that the most popular topics in cybersecurity for the last year have been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to...

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th. In-The-Wild & Disclosed CVEs CVE-2021-43890 Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This...

Cybersecurity is such a broad subject that many times, an organization can become stifled when trying to develop a full cybersecurity program. Some organizations that have already put a cybersecurity program in place can also unpleasantly discover gaps in their efforts, making the entire venture seem moot. One way to effectively get started, as well...

Phishing attempts over text messages are becoming more prevalent. I received an SMS text message that contained a phishing attempt for a Canadian Bank. The message implied that I have received a new notification with this bank and I should visit the provided link. I usually do not click on any links, but I decided to see what would happen when I...

Tripwire recently conducted a series of surveys and interviews to understand IT professionals who manage security for their company. The cybersecurity landscape is constantly changing, new challenges are rapidly emerging, and new threats have surfaced, especially throughout the pandemic. We were curious to know some of the struggles that security...

The Australian government is looking to pass the Security Legislation Amendment (Critical Infrastructure) Bill 2020, an overhaul which is aimed to help Australian businesses fend off cyberattacks. The Bill expands the business sectors that were previously defined as critical infrastructure by adding, amongst others, Food and Grocery, Finance and...

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access...

Take a glance on social media on any given day, and we'll hear from commentators stating how there is a (cyber) skills gap and that it must be addressed if we are to meet the challenges we are all increasingly facing. Let's be clear about something before we continue. If we are saying that there is a skills gap, then there are organizations out...

According to Germany's Federal Office for Information Security (BSI), the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels have reached red alarm levels. Threat level increased BSI published their annual report “The State of IT Security in Germany in...

In this episode, Lisa Forte, partner at Red Goat Cybersecurity, discusses what happens when organizations go unprepared for an inevitable cyber breach. She explains how practicing your breach plan is the best line of defense in preparing your strategy. https://open.spotify.com/episode/2JUS5UGeDwa1fIe5dzeYyl?si=hTjjNB7NTQGGgTmW0q5ZwQ Spotify:...

In 2020, just under half the UK workforce worked from home at least some of the time, according to the Office of National Statistics. In the United States, a survey by Upwork found that over a quarter of professionals expect to work fully remotely within the next five years. Working from home has been propelled into the mainstream by the COVID-19...

Because it encompasses the lazy days of summer, Q3 is often a slower roll in the world of privacy — and July and August did not disappoint. Those of us following the privacy space got a much-needed break. However, as August wrapped up, Washington resumed its busy state of affairs, Europe returned to business as usual, and it quickly became clear...

Finland's National Cyber Security Centre (NCSC-FI) has issued a warning about malicious SMS messages that have been spammed out to mobile users, directing iPhone owners to phishing sites and Android users to download malware. The messages are written in Finnish but without the customary accented characters. In some instances, the messages pose as a...

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that...

Tripwire's November 2021 Patch Priority Index (PPI) brings together important vulnerabilities for open-source software components and Microsoft. First on the patch priority list this month are patches for Open Management Infrastructure (CVE-2021-38648, CVE-2021-38647), Eclipse Jetty (CVE-2021-28164), and ExifTool (CVE-2021-22204). Exploits for...

Tuesday, November 30th, is National Computer Security Day. Although this special day has been around since 1988, many people are not only unaware of it, but are still also unaware of some of the basic security required for protecting their computing devices. The rise of remote work has stretched the security perimeters of all corporations, and...

In this blog series, I will be putting the spotlight on useful Ghidra features you may have missed. Each post will look at a different feature and show how it helps you save time and be more effective in your reverse engineering workflows. Ghidra is an incredibly powerful tool, but much of this power comes from knowing how to use it effectively. ...