Today’s VERT Alert addresses the Microsoft July 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-733 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2017-8584 In a Patch Tuesday first, we have a HoloLens code execution vulnerability. This vulnerability impacts Windows 10 and...

I’ve been studying the security designs of various embedded devices for the past couple of years. This research has led me to uncover dozens of critical flaws in internet-connected devices ranging from enterprise NAS devices and access points to countless consumer products like wireless routers, home automation controllers, security cameras and more...

Docker – a platform for OS-level virtualization instances known as containers – has become a hugely popular infrastructure technology. Flexible containerization is completely changing the way we build and maintain applications at scale, with analyst group RedMonk identifying the large enterprise market as a key driving force. Towards the end of...

Supply chain functions are moving towards automation and integration. For instance, take the use of cloud computing, robotics and artificial intelligence in improving productivity and customer service. In fact, not a single day goes by when we don’t come across headlines about the shipping and logistics industry, like Clearpath or DHL, developing...

As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts,...

The role of cyber security in modern business is hard to overstate. Almost all business processes are automated to a degree and thus need to be thoroughly protected from any potential tampering. Vendors use anti-malware and anti-reverse engineering techniques to protect their products, but they can’t possibly weed out every vulnerability. One...

In our first article, we defined a ransomware attack and its impact on non-profit organisations, and we made some recommendations for preventing such attacks. In this article, we look at ransomware in more depth to provide a better understanding of how to build cyber resilience. There is a growing threat to cyber-security in various dimensions but...

While attending the RSA show in February, I met Kevin (@KevinMitnick) and obtained a copy of The Art of Invisibility, which I immediately read. Due to the great many references to Kevin’s past, I thought it would be informative and worthwhile to read Ghost in the Wires. It’s also listed on the Tripwire 10 must-read books for information security...

A year ago, I wrote an article entitled Starting Your Career In Information Technology. As your career goes on, you may find yourself traveling down different routes than you originally planned. This article is a follow-up, designed to give an idea of what cyber security has become for me after I transitioned to it from networking. To begin, I was...

Foundational Controls may not sound like the sexiest subject in IT but arguably, it’s the most critical – and for good reason. Quite simply, without these fundamental controls in place and knowledge of what is on your network, your organization will find it incredibly difficult to manage a breach and effectively remediate. It’s very much the vogue at...

A South Korean web hosting company has paid more than one million dollars in ransom after suffering an Erebus ransomware infection. The ransomware, which has been around since September 2016 and reemerged in February 2017, struck NAYANA on 10 June. Those responsible for the attack demanded 550 Bitcoins or approximately US$1.62 million. The web...

We all look forward to summer and its promise of fun-filled vacations. But in our haste to momentarily escape the daily grind, many of us overlook key elements of our digital security. Computer criminals don't take vacations, after all. Digital threats follow us everywhere we go, which is why we can never let our guard down no matter how many sun...

Women and non-males are in various important cybersecurity roles. They're writing secure code, they're researching malware, they're educating end users, they're studying in school, and sometimes they're in important government positions like my last subject, Heather Butler. Gwen Betts' job is a bit different. She approached me on Twitter, telling me...

News travels fast in the information security community, and the combination of politics, cloud and cybersecurity make for a rapidly moving headline. You’ve no doubt read about the disclosure of 198 million records by a political data analytics firm by now. This isn’t a case of malicious hacking, but of misconfiguration. These records were simply...

Cyberattacks in the healthcare industry have been on the rise, the latest being the WannaCry attack that affected 20 percent of NHS facilities in the UK. A study (PDF) by the Ponemon Institute in 2016 revealed that healthcare organizations have experienced approximately one cyberattack every month. Healthcare organizations are a lucrative target...

Cyber crime is no longer the province of the computer super-geek. In fact, it can almost be said to have gone mainstream with exploit lists, downloadable network tools and scripts – even hacking IT support – all available online at bargain prices. As with any threat to our homes and businesses, knowing the nature of the threat we face helps us to...

Don’t think security impacts sales? Think again. A secure web environment ensures the protection of customer data, but it also makes for a fast and optimized website that drives conversions. An unsecured web environment will be slow, frequently unresponsive, and even dangerous. Opening your first online store is an exciting milestone, and security...

Today’s VERT Alert addresses the Microsoft June 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-729 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs CVE-2017-8543 According to Microsoft’s Security Guidance, they are aware of in-the-wild exploitation against CVE-2017-8543, a code...

Part of Ukraine's capital, Kiev, lost power on December 17-18, 2016, due to a digital attack. The operation, which occurred nearly one year after BlackEnergy targeted western Ukrainian power company Prykarpattyaoblenergo with KillDisk malware, pushed networks and Supervisory Control and Data Acquisition (SCADA) systems at utility Ukrenergo "outside...

I saw yet another security talent shortage article this weekend and thought: it’s just another sad cyb song wrecking my brain. New college graduates and people in career transitions who are struggling to land an entry-level role email me almost daily asking some variation of this question: If there is such a shortage, why are companies refusing to...