Blog

Blog

Deepfake Voice Technology Iterates on Old Phishing Strategies

As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities,...
Blog

Android Locker Variant Uses Innovative Sequence to Load Ransom Note

A new variant of a sophisticated Android locker family used an innovative sequence to load its ransom note on infected devices. On October 8, Microsoft Defender Research Team revealed that it had spotted a new Android locker variant using novel techniques to display its ransom note to its victims. This threat specifically targeted two components on...
Blog

New 'MontysThree' Toolset Used in Targeted Industrial Espionage Attacks

Researchers uncovered a new toolset they've dubbed "MontysThree" that has played a role in targeted industrial espionage attacks stretching back to 2018. In the summer of 2020, Kaspersky Lab discovered that an unknown actor had been using a modular C++ toolset called "MT3" to conduct targeted industrial espionage campaigns for years. The security...
Blog

Achieving Compliance with Qatar’s National Information Assurance Policy

Qatar is one of the wealthiest countries in the world. Finances Online, Global Finance Magazine and others consider it to be the wealthiest nation. This is because the country has a small population of under 3 million but relies on oil for the majority of its exports and Gross Domestic Product (GDP). These two factors helped to push the country’s GDP...
Blog

New Valak Variant Makes "Most Wanted Malware" List for First Time

An updated variant of the Valak malware family earned a place on a security firm's "most wanted malware" list for the first time. Check Point revealed that an updated version of Valak ranked as the ninth most prevalent malware in its Global Threat Index for September 2020. First detected back in 2019, Valak garnered the attention of Cybereason in...
Blog

Lessons From Teaching Cybersecurity: Week 2

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

New Attack Abused Windows Error Reporting Service to Evade Detection

Security researchers came across a new attack that abused the Windows Error Reporting (WER) service in order to evade detection. Malwarebytes observed that the attack began with a .ZIP file containing “Compensation manual.doc.” The security firm reasoned that those responsible for this attack had likely used spear-phishing emails to distribute the...
Blog

Tripwire Patch Priority Index for September 2020

Tripwire's September 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Apple, and various Linux distributions. Up first on the patch priority list this month is a very high priority vulnerability, which is called "Zerologon" and identified by CVE-2020-1472. It is an elevation of privilege vulnerability that...
Blog

Zero Trust Architecture: What is NIST SP 800-207 all about?

“Doubt is an unpleasant condition, but certainty is an absurd one.” Whilst I claim no particular knowledge of the eighteenth-century philosopher Voltaire, the quote above (which I admit to randomly stumbling upon in a completely unrelated book) stuck in my mind as a fitting way to consider the shift from traditional, perimeter-focused ’network...
Blog

What to do first when your company suffers a ransomware attack

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn't made to cybercriminals. There's no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can...
Blog

An Order of Cybersecurity with a Side of "Hope"

This is a true story. I was sitting at breakfast the other day with my wife. As we waited for our food to arrive, four people were sitting at a socially distanced table. They were discussing how they have to restart their computers every month because of “something Microsoft does that makes me restart.” The conversation continued: Diner 1: “That’s...
Blog

Lessons From Teaching Cybersecurity: Week 1

As I had mentioned previously, this year, I’m going back to school. Not to take classes but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Additionally, after a friend mentioned that their kid wanted to learn Python, I developed an Intro to...
Blog

NERC Publishes Practice Guide for Assessing SVCHOST.EXE

One of our customers (You know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020. North American Electric Reliability Corporation (NERC) seldom releases guidance like this, so they shouldn’t go unnoticed....
Blog

Preventing Shadow IT from Blindsiding your Zero Trust Plan

I’ve spoken before about Zero Trust approaches to security, but for many of those starting on their journey, there isn’t an obvious place to start with the model. With this post, I wanted to share an example approach I’ve seen working that many organisations already have in place and can be easily rolled into a larger program of Zero Trust hardening:...
Blog

Understanding Cybersecurity Supply Chain Risk Management (C-SCRM)

Cybersecurity Supply Chain Risk Management (C-SCRM) deals with more than protecting an organization from cyber-attacks on third parties. It also addresses third parties to those third parties (known as “fourth parties”). Further still, a vendor to your vendor's vendor is a fifth party, then a sixth party, etc. Your SCRM should involve knowledge of...
Blog

Mount Locker Ransomware Demanding Ransom Payments in the Millions

A new ransomware strain called "Mount Locker" is demanding that victims pay multi-million dollar ransom payments to recover their data. According to Bleeping Computer, the ransomware first began making the rounds in July 2020. The malicious actors responsible for this threat took a cue from other crypto-malware gangs by stealing victims' unencrypted...