Tripwire’s May 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, SaltStack, and VMware.Up first on the patch priority list this month are patches for VMware vCenter Server and SaltStack Salt. The Metasploit exploit framework has recently integrated exploits for VMware vCenter Server (CVE-2020-3952) and Sal

What is NetWalker?NetWalker (also known as Mailto) is the name given to a sophisticated family of Windows ransomware that has targeted corporate computer networks, encrypting the files it finds, and demanding that a cryptocurrency payment is made for the safe recovery of the encrypted data.Ransomware is nothing new. Why should I particularly care about NetWa

Over the last few weeks, most organisations have had to transition to enable their employees to work remotely. The key focus has been on business continuity during this trying time. Unfortunately, business continuity isn’t so easy. Keeping the day-to-day operations of the business running has been one of the hardest IT challenges that most organisations have

Once an attacker has established access and pivoted around to the point of gathering the necessary data, they will work on exfiltration of that data. Not all malware will reach this stage.Ransomware, for example, usually has no interest in exfiltrating data. As with the Collection tactic, there’s little guidance on how to mitigate an attacker exfiltrating da

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.What benefits have those organizations experienced in achieving compliance, for instance?

Samsung has released a security update for its popular Android smartphones which includes a critical fix for a vulnerability that affects all devices sold by the manufacturer since 2014.On its Android security update page Samsung thanks researcher Mateusz Jurczyk of Google Project Zero for the discovery of the vulnerability that could – he claims ̵

It will be rare that an attacker exploits a single system and does not attempt any lateral movement within the network. Even ransomware that typically targets a single system at a time has attempted to spread across the network looking for other victims. More often than not, an attacker will gain an initial foothold and start to pivot across systems looking

Newly-discovered zero-day vulnerabilities may generate the biggest headlines in the security press, but that doesn’t mean that they’re necessarily the thing that will get your company hacked.This week, US-CERT has published its list of what it describes as the “Top 10 Routinely Exploited Vulnerabilities” for the last three years.The l

Government officials said that a glitch in the State of Illinois’ Pandemic Unemployment Assistance (PUA) program exposed thousands of people’s Social Security Numbers (SSNs) and other private data.Jordan Abudayyeh, a spokesperson for Illinois Governor J. B. Pritzer, sent a statement to WBEZ on May 16. In it, she revealed that the Illinois Departm

The Collection tactic outlines techniques an attacker will undertake in order to find and gather the data they need to meet their actions on objectives.I see most of these techniques as being useful for describing what a piece of malware or threat actor is up to rather than looking to them for guidance on how to mitigate and detect their actions.Mitigation a

For just under 90 minutes last Thursday, hackers were able to compromise the systems of cryptocurrency lending platform BlockFi, and gain unauthorised access to users’ names, email addresses, dates of birth, address and activity history.In an incident report published on its website, BlockFi was keen to stress that the hacker’s activity had been

In a previous post by my colleague Irfahn Khimji, he spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on how to best configure operating systems to minimize the attack surface. The CIS calls these “benchmarks.”Man

What’s this Maze thing I keep hearing about?Maze is a particularly sophisticated strain of Windows ransomware that has hit companies and organizations around the world and demanded that a cryptocurrency payment be made in exchange for the safe recovery of encrypted data.There’s been plenty of ransomware before. What makes Maze so special?Like oth

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms.According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware – suggesting th

Building an effective and resilient organization on a budget isn’t a small task. When it comes to cybersecurity budgets, there are many different aspects that need to be considered. Thankfully, alignment with industry best practice and recognized security frameworks adds a small amount of clarity to this challenge.When presenting the webcast “It’s all