Blog

Blog

Lessons From Teaching Cybersecurity: Week 2

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

New Attack Abused Windows Error Reporting Service to Evade Detection

Security researchers came across a new attack that abused the Windows Error Reporting (WER) service in order to evade detection. Malwarebytes observed that the attack began with a .ZIP file containing “Compensation manual.doc.” The security firm reasoned that those responsible for this attack had likely used spear-phishing emails to distribute the...
Blog

Tripwire Patch Priority Index for September 2020

Tripwire's September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions. Up first on the patch priority list this month is a very high priority vulnerability, which is called "Zerologon" and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that...
Blog

Zero Trust Architecture: What is NIST SP 800-207 all about?

“Doubt is an unpleasant condition, but certainty is an absurd one.” Whilst I claim no particular knowledge of the eighteenth-century philosopher Voltaire, the quote above (which I admit to randomly stumbling upon in a completely unrelated book) stuck in my mind as a fitting way to consider the shift from traditional, perimeter-focused ’network...
Blog

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn't made to cybercriminals. There's no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can...
Blog

An Order of Cybersecurity with a Side of "Hope"

This is a true story. I was sitting at breakfast the other day with my wife. As we waited for our food to arrive, four people were sitting at a socially distanced table. They were discussing how they have to restart their computers every month because of “something Microsoft does that makes me restart.” The conversation continued: Diner 1: “That’s...
Blog

Lessons From Teaching Cybersecurity: Week 1

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

NERC Publishes Practice Guide for Assessing SVCHOST.EXE

One of our customers (You know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020. North American Electric Reliability Corporation (NERC) seldom releases guidance like this, so they shouldn’t go unnoticed....
Blog

Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can be easily rolled into a larger program of Zero Trust hardening...
Blog

Understanding Cybersecurity Supply Chain Risk Management (C-SCRM)

Cybersecurity Supply Chain Risk Management (C-SCRM) deals with more than protecting an organization from cyber-attacks on third parties. It also addresses third parties to those third parties (known as “fourth parties”). Further still, a vendor to your vendor's vendor is a fifth party, then a sixth party, etc. Your SCRM should involve knowledge of...
Blog

Mount Locker Ransomware Demanding Ransom Payments in the Millions

A new ransomware strain called "Mount Locker" is demanding that victims pay multi-million dollar ransom payments to recover their data. According to Bleeping Computer, the ransomware first began making the rounds in July 2020. The malicious actors responsible for this threat took a cue from other crypto-malware gangs by stealing victims' unencrypted...
Blog

Helping Inspire the Next Generation of Cybersecurity Professionals

If you had asked 10 year old Tyler what he wanted to be when he grew up, the answer would have been a very enthusiastic, “Teacher!” Over time, however, that desire lessened as my fascination with technology grew. I ultimately ended up attending Fanshawe College to study Computer Systems Technology. I never fully abandoned that desire to teach,...
Blog

Joint “CYPRES” Report on Incident Response Released by FERC

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event. The...
Blog

Being Cyber Resilient Is Critical for the Maritime Industry

Cyber-attacks against maritime and shipping organizations are only increasing. Notwithstanding the IMO’s requirement for organizations in this sector to achieve cyber resilience by 2021, more and more entities are being crippled by malicious attacks. Maritime cyber-attacks are increasing The last victim in a long list of cyber-attacks was cruise...
Blog

Scammers Impersonating Texas Gov't Departments to Send Fake RFQs

Scammers are impersonating governmental departments within the State of Texas to send out fake Requests For Quotations (RFQs). On September 21, Abnormal Security revealed that it had spotted an attack email that impersonated the Texas Department of State Health Services. Scammers used spoofing techniques to camouflage the sender address as an...