Blog

Blog

The Living Dead: Securing Legacy Industrial Systems

I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment...
Blog

10 of the Most Significant Ransomware Attacks of 2017

Ransomware had a good year in 2017. For the first time ever, we saw several "cryptoworm" variants self-propagate across vulnerable workstations around the world. We also witnessed more traditional ransomware families cause remarkable damage to victimized organizations as well as strains that embraced novel tools and techniques. Here are 10 of the...
Blog

Security Breach Exposed oBike Users' Personal Information

A security breach at bicycle-sharing operation oBike has exposed the personal information of users in Singapore and 13 other countries. A spokesperson for the company said the data leak "stemmed from a gap in our [application programming interface] that allowed users to refer a friend to our platform." With the oBike app, users can send invitation...
Blog

Securing the Entire Container Stack, Lifecycle, and Pipeline - Part 3

As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...
Blog

What Are the Benefits of Using Managed Security Services?

Today’s cybersecurity executives have a lot of choices in how they wish to purchase and consume products and services. The traditional approach of a large up-front capex investment in perpetual licenses works for some organizations, but many are looking towards managed services to reduce their up-front costs and move the overhead of managing the...
Blog

NiceHash Temporarily Ceases Operations Following Security Breach

NiceHash has temporarily ceased operations following a security breach in which a criminal gained unauthorized access to its Bitcoin wallet. The trouble started on 6 December when users of NiceHash, a service which enables people to exchange computing resources known as hashing power to mine for Bitcoin and other cryptocurrencies, began reporting...
Blog

November 2017: The Month in Ransomware

November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt should be really ashamed of...
Blog

Ransomware Attacker Demands $23K from Mecklenburg County

A criminal who infected the computer systems of Mecklenburg County with ransomware has demanded a ransom payment of $23,000 for the decryption key. On 5 December, the government for Mecklenburg County, North Carolina informed its Twitter followers that it was "experiencing a computer-system outage." https://twitter.com/MeckCounty/status...
Blog

Survey: Nearly Three-Quarters of Retail Orgs Lack a Breach Response Plan

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal...
Blog

5 Steps to a More Secure IoT Baseline

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially an inevitable...
Blog

Hacker Flooded Tourism Agency's Facebook Page with Bizarre Posts

A hacker commandeered a tourism agency's Facebook page and abused that unauthorized access to make a series of bizarre postings. Early in the morning on 4 December, the Facebook page for Explore Minnesota Tourism began publishing some unusual content. The stories consisted of fake news items with headlines such as "Detroit woman gives birth to her...
Blog

How a hack almost sprung a prisoner out of jail

We're all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites. To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL - for instance, appIe.com rather than apple.com (hint: if you didn't notice, the first "appIe" had a...
Blog

Pentest Toolbox Additions 2017

Last year, I wrote a short blog post about tools I had added to my pentesting toolbox. I’ve decided to make this type of article a yearly tradition. In this post, I highlight some of the useful tools I’ve started to use this past year. Domain Password Audit Tool First, I will shamefully promote a tool I wrote myself that will generate password...
Blog

Women in Information Security: Kristen Kozinski

Last time, I got to speak with Claudia Johnson. She's been in the tech industry for a long time, and she got into security the same way Brian Krebs did – by being attacked. Now I got to talk to Kristen Kozinski. She knows about secure code and web vulnerabilities. She also maintains a pretty nifty website for educating end users about security. Kim...
Blog

Tripwire Tuesdays: Vital Signs – Security and Compliance in Healthcare

How can healthcare organizations ensure compliance and security in the face of increasing cybersecurity challenges? In a recent Tripwire Tuesday event, a Tripwire customer shared some insights about how healthcare organizations can implement basic security hygiene – foundational controls – to mitigate risks and vulnerabilities in their environment. Influence organizational culture Healthcare...
Blog

Determining Importance with Objective Vulnerability Scoring

The holiday season is upon us, and nearly every day, my wife asks me what I want for Christmas. As a pop culture geek with interests in most fandoms, I have dozens of items that I could ask for, but the ultimate question is what do I really want to ask her to spend money on. In a perfect and very geeky world, I would likely come up with a method of...
Blog

Securing the Entire Container Stack, Lifecycle and Pipeline – Part 2

I recently introduced a three-part series about injecting security hygiene into the container environment. For the first installment, I provided some background information on what containers are and how the container pipeline works. Let's now discuss how we can incorporate security into the pipeline. Assessing s Before Production To secure the...
Blog

The Human 'Attack Surface' May Be Your Weakest Link

The term “attack surface” is security jargon for the sum of your security risk exposure. It is the aggregate of all known, unknown, reachable and potentially exploitable weaknesses and vulnerabilities across the organization. All organizations regardless of industry have an attack surface. Fortunately, awareness of weaknesses, prioritization of risk, and layered defenses can reduce the attack...
Blog

What Are the Questions to Ask When Looking for a Scalable Solution?

Looking for a scalable solution and not sure what to ask? The best way to start off is to get an understanding of what scalability means because it can vary depending on the problem(s) that are trying to be solved, the company, and who you are talking to. According to Merriam-Webster, scalability is “capable of being easily expanded or upgraded on...