Today’s VERT Alert addresses Microsoft’s March 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-769 on Wednesday, March 14th. In-The-Wild & Disclosed CVEs CVE-2018-0808 This publicly disclosed CVE could lead to a successful denial of service against ASP.NET Core web applications due to...

A hacking attack at a New York-based outpatient center might have breached the medical records of approximately 135,000 patients. St. Peter's Ambulatory Surgery Center The incident occurred on 8 January 2018 when St. Peter’s Surgery & Endoscopy Center (the “Center”) discovered that an unauthorized...

As certain as the changing of the seasons, the drive toward autonomous cars is gaining pace. Changes in the car industry clearly demonstrate that the way we use our vehicles is evolving. In an increasingly connected world, our cars are becoming an important part of our lifestyle. But a question mark keeps hanging over the process. Are we, and the...

This article is part 3 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats (human behavior) to the modern enterprise. Over the course of this series, we’ve broadly examined the dangerous but highly-overlooked cybersecurity threat of malicious insiders. As...

Digital threat detection isn't as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems. At the same time,...

Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users. The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in...

Bitcoin is so far the most successful cryptocurrency. Nevertheless, just like other cryptocurrencies, Bitcoin has seen prices drop dramatically for the past few months. Price volatility remains one of the most significant challenges facing all cryptocurrencies, as they try to navigate a tricky ecosystem towards being recognized as a world currency....

Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers...

A cryptocurrency exchange says a large-scale phishing campaign was behind abnormal trading activity that affected some of its users. The trouble started on 7 March when some Binance users posted to Reddit about problems involving their accounts' alternative coin amounts. Here's what one person said: Binance just sold all my alts at market rate and...

Cloud computing has revolutionized the way businesses operate, and it is growing exponentially. The main advantages provided by this technology include cost optimization where there is no need for a capital expenditure upfront anymore and costs being further reduced by using economies of scale where a large number of organizations are sharing...

At least 400,000 servers are thought to be running a vulnerable program that can be tricked by a remote hacker into running malicious code. The problem is in versions of the open-source Exim message transfer agent (MTA). Exim, which was initially developed at the University of Cambridge, may not be a program familiar to the average computer user,...

A video game developer gave customers a $5.00 discount off their next purchase after discovering a data breach that affected two of its online stores. Nippon Ichi Software, a Japanese developer and publisher of video games, claims in an email sent out to customers that it identified the breach on 26 February. The incident involved the addition of a ...

On January 12, 2018, GSA (General Services Administration) posted a request for public comment regarding updates to the General Services Administration Acquisition Regulation that will include new cybersecurity compliance and reporting requirements for federal contractors that access data on unclassified systems. Two regulations in particular will...

It's confirmed that some locations of the Applebee's restaurant chain suffered a point-of-sale (POS) breach involving customers' payment card data. On 2 March, RMH Franchise Holdings (RMH) issued a notice of data incident on its website. The statement explains how RMH, a franchisee of Applebee's...

Two significant ransomware attacks occurred in the first half of 2017. The first outbreak took place on May 12, 2017, when WannaCry leveraged a known Windows exploit to infect hundreds of thousands of vulnerable computers around the world, including 34 percent of UK National Health Service (NHS) trusts. Less than two months later, NotPetya abused...

This article is part 2 of 3 in the “Insider Enterprise Threats” series, outlining effective policies and practices for combating insider cyber security threats to the modern enterprise. In the first part of this series, we examined the seriously-overlooked threat posed by malicious insiders – employees, contractors, and more – and discussed user...

Colorado's Department of Transportation (CDOT) has suffered an infection from another variant of the same ransomware family that attacked it just days earlier. On 1 March, a variant of SamSam ransomware targeted employees at CDOT. The attack didn't hamper the Department's Traffic Operations Center,...

A massive data breach at the U.S. Marine Corps Forces Reserve has leaked the personal information of more than 20,000 Marines and civilians. According to reports, the compromised data included highly sensitive information, such as truncated Social Security numbers; bank electronic funds transfer and bank routing numbers; truncated credit card...

Data exposure reports have reached a dizzying pace in the past few months, and the security community has been focused on the risk from multiple angles. Now, a new study from HTTPCS gives us new insight into rates of vulnerable S3 configurations. HTTPCS scanned s3.amazonaws.com addresses looking for storage “buckets” and logged data on those that...