Blog

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Texas School District Lost $2.3M to Phishing Email Scam

By David Bisson on Mon, 01/13/2020
A school district in Texas announced that it lost approximately $2.3 million after falling victim to a phishing email scam. On January 10, the Manor Independent School District (MISD) published a statement on Twitter and Facebook in which it revealed that it was investigating a phishing email scam that cost it $2.3 million. https://twitter.com...
Blog

CISA on Iran’s Cyber Threat: It’s Time to Review Your Cyber Security Posture!

By Zane Blomgren on Sun, 01/12/2020
Following the recent U.S. operation in Iraq which resulted in the killing of Iranian General Qassem Soleimani, Iran warned that it will retaliate. Although the international community and both involved countries have taken steps to deescalate the crisis, it is always prudent to stay alert and continually update your cybersecurity programs regardless of whether the opponent is a state actor or just...
Introducing the New MITRE ATT&CK Framework for Industrial Control Systems
Blog

Introducing the New MITRE ATT&CK Framework for Industrial Control Systems

By Editorial Staff on Sun, 01/12/2020
On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks. Recent high-profile...
Industrial Control Systems
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

DSG Retail Limited Fined £500K by ICO Following Malware Attack

By David Bisson on Fri, 01/10/2020
The UK Information Commissioner's Office (ICO) fined DSG Retail Limited £500,000 following a malware attack that affected millions of the retailer's customers. As the result of an investigation, the ICO learned that the DSG Retail Limited had suffered a security incident in which an attacker installed malware on 5,390 tills at Currys PC World and...
Man jailed for using webcam RAT to spy on women in their bedrooms
Blog

Man jailed for using webcam RAT to spy on women in their bedrooms

By Graham Cluley on Thu, 01/09/2020
A British man has been jailed for two years after police caught him using a notorious Remote Access Trojan (RAT) to hijack the webcams of young women, and spy upon them. 27-year-old Scott Cowley, of St Helens, Merseyside, was arrested last November as part of an international investigation into purchasers of the Imminent Monitor RAT. Imminent...
Tripwire Patch Priority Index for August 2022
Blog

Tripwire Patch Priority Index for December 2019

By Lane Thames on Thu, 01/09/2020
Tripwire's December 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Citrix, Microsoft, Django, and Adobe. Critical Vulnerabilities: Up first on the patch priority list this month is a critical arbitrary code execution vulnerability for the Citrix ADC application. In particular, Citrix ADC and Citrix Gateway (formerly...
Citrix NetScaler CVE-2019-19781: What You Need to Know
Blog

Citrix NetScaler CVE-2019-19781: What You Need to Know

By Craig Young on Wed, 01/08/2020
Just before the holidays, Citrix announced that their Citrix Application Delivery Controller (ADC) and Citrix Gateway are prone to a vulnerability which can allow remote unauthenticated attackers to execute code on vulnerable gateways. This led to a wave of alarming headlines about “80,000 firms” being exposed to hacking due to this flaw. What’s...
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

SNAKE Ransomware Targeting Entire Corporate Networks

By David Bisson on Wed, 01/08/2020
Security researchers have observed samples of the new SNAKE ransomware family targeting organizations' entire corporate networks. Discovered by MalwareHunterTeam and analyzed by Vitali Kremez, SNAKE is written in Golang and contains a high level of obfuscation. Upon successful infection, the ransomware deletes the machine's Shadow Volume Copies...
From Good to Great - Building on ICS Security Basics
Blog

From Good to Great - Building on ICS Security Basics

By Anastasios Arampatzis on Tue, 01/07/2020
Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your...
Industrial Control Systems
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: Citrix NetScaler/ADC Critical Flaw (CVE-2019-19781)

By Craig Young on Tue, 01/07/2020
Vulnerability Description Citrix has indicated that an unauthenticated attacker can exploit this flaw to perform arbitrary code execution. Although details from Citrix are minimal, VERT’s research has identified three vulnerable behaviors which combine to enable code execution attacks on the NetScaler/ADC appliance. These flaws ultimately allow the...
Using “Update.exe” as a Case Study for Robust OT Cybersecurity
Blog

Navigating ICS Security: The Value of Frameworks

By Zoë Rose on Mon, 01/06/2020
Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is the Network and Information...
Industrial Control Systems
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp

By Lamar Bailey on Sun, 01/05/2020
ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been. Prioritizing Asset Assessment The biggest change at this level is the focus on the breadth of assessment going...
Vulnerability & Risk Management
CIP-003-7: Transient Cyber Assets and Removable Media in 2020
Blog

CIP-003-7: Transient Cyber Assets and Removable Media in 2020

By Editorial Staff on Sun, 01/05/2020
Standard CIP-003 exists as part of a suite of Critical Infrastructure Protection (CIP) Standards related to cybersecurity that require the initial identification and categorization of BES Cyber Systems and require organizational, operational, and procedural controls to mitigate risk to BES Cyber Systems. The purpose of the standard is to specify...
PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Travelex Temporarily Disabled All Its Systems Following a Malware Attack

By David Bisson on Fri, 01/03/2020
Foreign exchange company Travelex announced that it had temporarily disabled all of its systems following a malware attack. Twitter user Izzy Fergus first noticed something was wrong when she attempted to visit travelex.co.uk and saw a runtime error message. When she reached out to the company on Twitter, Travelex UK informed her that it was...
How to Achieve Compliance with NIS Directive
Blog

How to Achieve Compliance with NIS Directive

By Anastasios Arampatzis on Thu, 01/02/2020
Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to...
Tripwire Enterprise and Zero Trust
Blog

Tripwire Enterprise and Zero Trust

By Chris Hudson on Thu, 01/02/2020
Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and explore how you can leverage File Integrity Monitoring (FIM) and Security Configuration Management (SCM)...
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
Blog

Landry's Notifies Customers of Payment Card Incident

By David Bisson on Thu, 01/02/2020
Dining, hospitality and entertainment corporation Landry's notified customers of a security incident that might have affected their payment card data. On December 31, Landry's revealed that it first learned of the incident after it detected unauthorized activity on the payment processing systems for...