On 11 May 2017, President Donald Trump signed an executive order that provides guidance on strengthening the United States' digital security. The directive makes clear that each head of a U.S. federal agency or government department is ultimately responsible for managing their organization's risk. It also emphasizes their use of a specific document...

Today’s VERT Alert addresses the Microsoft December 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-756 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs This month, no Microsoft vulnerabilities have been publicly disclosed or are being actively exploited. There are, however, a...

Vulnerability Description A team of researchers, including Tripwire VERT’s Craig Young has announced that TLS stacks from at least 8 different vendors are vulnerable to a well-known 19-year-old protocol flaw. The problem is that these implementations allow an attacker to identify whether or not a chosen ciphertext has proper PKCS#1 v1.5 padding...

The National Capital Poison Center (NCPC) in Washington, DC has published notice of a ransomware attack it suffered back in 2017. According to the news release (PDF), the critical health resource detected a ransomware infection on its systems in October 2017. It then launched an investigation into the matter with the assistance of a third-party...

Last time, I had a chat with Kristen Kozinski. She's an expert on web development security, and she also has a pretty cool website for end user security education called Don't Click on That. This time, I have a very special interview with Jelena Milosevic. She's a nurse who has made it her mission to educate people about the cybersecurity problems...

A criminal stole "a significant amount of data" in a hacking attack that targeted one of the busiest airports in Australia. According to The West Australian, the breach occurred in March 2016 when a Vietnamese man named Le Duc Hoang Hai abused a third-party contractor's credentials to access the systems at Perth Airport, the fourth busiest airport...

I’ve spent a lot of time in the depths of aging industrial power plants and the control houses of transmission substations. I’ve walked the aisles of countless steel cabinets taking inventory of the gear used to protect and control what’s been described as the most complex system on earth. Within these cabinets can be found a smattering of equipment...

Ransomware had a good year in 2017. For the first time ever, we saw several "cryptoworm" variants self-propagate across vulnerable workstations around the world. We also witnessed more traditional ransomware families cause remarkable damage to victimized organizations as well as strains that embraced novel tools and techniques. Here are 10 of the...

A security breach at bicycle-sharing operation oBike has exposed the personal information of users in Singapore and 13 other countries. A spokesperson for the company said the data leak "stemmed from a gap in our [application programming interface] that allowed users to refer a friend to our platform." With the oBike app, users can send invitation...

As part of a three-part series on incorporating security into the container environment, I've talked all about containers and how to inject security into the pipeline. Let's now discuss tips on how to secure the container stack. What Do I Mean by "Stack"? What I’m calling the stack, in this case, refers to all of the layers or components involved...

Today’s cybersecurity executives have a lot of choices in how they wish to purchase and consume products and services. The traditional approach of a large up-front capex investment in perpetual licenses works for some organizations, but many are looking towards managed services to reduce their up-front costs and move the overhead of managing the...

NiceHash has temporarily ceased operations following a security breach in which a criminal gained unauthorized access to its Bitcoin wallet. The trouble started on 6 December when users of NiceHash, a service which enables people to exchange computing resources known as hashing power to mine for Bitcoin and other cryptocurrencies, began reporting...

November didn’t shape up to be revolutionary in terms of ransomware, but the shenanigans of cyber-extortionists continued to be a major concern. The reputation of the Hidden Tear PoC ransomware project hit another low as it spawned a bunch of new real-life spinoffs. The crooks who created the strain dubbed Ordinypt should be really ashamed of...

A criminal who infected the computer systems of Mecklenburg County with ransomware has demanded a ransom payment of $23,000 for the decryption key. On 5 December, the government for Mecklenburg County, North Carolina informed its Twitter followers that it was "experiencing a computer-system outage." https://twitter.com/MeckCounty/status...

With more than 174 million Americans shopping over the Thanksgiving holiday weekend, it’s looking to be a busy holiday season for retailers this year. As shoppers continue hunting for the perfect gift over the next couple weeks, it’s important to remember that cyber criminals will likely be on the hunt as well. How prepared are retailers to deal...

Enterprise access point maker Ruckus once again patched up command injection vectors that could completely compromise both the ZoneDirector controller, as well as the Unleashed AP. One of the vulnerabilities is in fact strikingly similar to an issue in another Ruckus Web-GUI I disclosed last year. While vulnerability is essentially an inevitable...

A hacker commandeered a tourism agency's Facebook page and abused that unauthorized access to make a series of bizarre postings. Early in the morning on 4 December, the Facebook page for Explore Minnesota Tourism began publishing some unusual content. The stories consisted of fake news items with headlines such as "Detroit woman gives birth to her...

We're all hopefully familiar with the notion that criminals can phish details from unsuspecting computer users by creating copycat websites. To make a phishing page appear more legitimate a scammer might create a domain with a similar looking URL - for instance, appIe.com rather than apple.com (hint: if you didn't notice, the first "appIe" had a...

Last year, I wrote a short blog post about tools I had added to my pentesting toolbox. I’ve decided to make this type of article a yearly tradition. In this post, I highlight some of the useful tools I’ve started to use this past year. Domain Password Audit Tool First, I will shamefully promote a tool I wrote myself that will generate password...