Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2020

A Review of Ransomware in 2020

As if dealing with COVID-19 were not enough, 2020 turned out to be a banner year for another troublesome strain of virus— ransomware. Malicious actors grew more sophisticated, daring and brutal. They also hit a number of high-profile targets. For those of you who didn’t keep up with all of the developments in the ransomware space, we’ve broken down some of the most important events and trends of the year here.

Hacking Christmas Gifts: Remote Control Cars

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

Don't Let Your Stored Procedures Lack Integrity

As a security analyst, engineer, or CISO, there are so many aspects of the field that require immediate attention that one cannot possibly know everything. Some of the common areas of security knowledge include topics such as where to place a firewall, configuration and patch management, physical and logical security, and legal and regulatory concerns.

Privacy in 2020 and What to Expect for the Year Ahead

2020 was dominated by news of the pandemic and anchored by reality that we all found ourselves in – entire families logging in remotely, trying to keep school and work feeling “normal.” While we tested the limits of what a home office could sustain, the privacy and security of a fully remote world was put front and center. In this piece, we take a look at a few privacy highlights that will likely impact your business and look ahead to see what’s in store for 2021.

Hacking Christmas Gifts: Artie Drawing Robot

If high-tech gadgets are on your holiday shopping list, it is worth taking a moment to think about the particular risks they may bring. Under the wrong circumstances, even an innocuous gift may introduce unexpected vulnerabilities. In this blog series, VERT will be looking at some of the Internet’s best-selling holiday gifts with an eye toward their possible security implications.

Card-Not-Present Fraud: 4 Security Considerations for Point of Sale Businesses

As the retail world’s center of gravity shifts to the cloud, payment card fraud has followed suit. According to Verizon’s retail vulnerabilities study, attacks against e-commerce applications are by far the leading cause of retail data breaches. This trend mirrors similar outcomes in other industries, like food service. A complimentary Verizon study finds remote attacks against food service operators on the rise, as well.

Continue Clean-up of Compromised SolarWinds Software

Last week, the United States Cybersecurity & Infrastructure Security Agency (CISA) advised on initial steps to take in response to the SolarWinds software that was compromised by advanced persistent threat actors. While federal agencies were under a deadline to complete certain actions, this issue will require continued clean-up and longer-term efforts to mitigate the threat.

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

Every website on the Internet is somewhat vulnerable to security attacks. The threats range from human errors to sophisticated attacks by coordinated cyber criminals. According to the Data Breach Investigations Report by Verizon, the primary motivation for cyber attackers is financial. Whether you run an eCommerce project or a simple small business website, the risk of a potential attack is there.

Tripwire Retail Security 2020 Survey: Key Findings

As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season.

Could Universities' Use of Surveillance Software Be Putting Students at Risk?

Life for university students has changed massively during the coronavirus pandemic, as it has for all of us. While some in-person lectures and seminars are still taking place, there has been a big shift to remote learning. This has, perhaps understandably, led to concerns about how well students are engaging with this way of studying. Many universities have sought to address this by turning to remote monitoring tools to track students’ online activities.

5 Key Security Challenges Facing Critical National Infrastructure (CNI)

Digital threats confronting Critical National Infrastructure (CNI) are on the rise. That’s because attackers are increasingly going after the Operational Technology (OT) and Industrial Control Systems (ICS) that shareholders use to protect these assets.

Secure Your Journey to the Cloud with Tripwire Configuration Manager

Tripwire can help you make your journey to the cloud more secure based on industry standards and best practices like the Center for Internet Security’s 20 CIS Controls. In this presentation, we highlight the cloud capabilities from Tripwire you might not already be aware of. See a guided demo of Tripwire Configuration Manager, and learn about common use cases around issues such as public vs private cloud storage security and multi-cloud compliance.

Survey: 78% of Retailers Took Additional Security Precautions Ahead of the 2020 Holidays

Coronavirus 2019 (COVID-19) stopped many things in 2020. While in-store holiday shopping may be greatly reduced for some, there’s still a lot of shopping happening online. Near the end of November 2020, Statista revealed that holiday retail sales were expected to grow approximately 3.6% over the previous year. And Adobe Analytics reported that online sales would likely rise 33% to a record $189 billion.

From a Single Pane of Glass, to Functional Dashboards to Manage Cyber Risk

For the longest time, or as far as I can remember, the holy grail of all networking platforms has been the need for a single pane of glass, that single source of all information that you would need to be most effective. So, what is a single pane of glass?

8 Key Insights from the 2020 (ISC)2 Cybersecurity Workforce Study

2020 has been a very interesting year for the global workforce, with the vast majority of organizations having to rapidly transition to a remote workforce with little to no prior notice thanks to the COVID-19 pandemic. The 2020 (ISC)2 Cybersecurity Workforce Study looks at the effect of this transition to remote work and how organizations have fared. It also analyzes the impact of the pandemic and the resultant transition to remote work on cybersecurity professionals.

Cloud Security: Messy Blobs and Leaky Buckets

Moving to the cloud means a lot more than just moving your servers and applications to the cloud; it’s also about the data – and data always has a target on it. A lot of IT departments are finding that it’s easier to meet the “five nines” (99.999%) of uptime and availability by going outside their organization and letting AWS, Microsoft, or Google handle the infrastructure and personnel needed to meet those requirements.

3 Mobile App Security Recommendations for National App Day

On December 11, 2017, Platinum Edge Media and its founder CJ Thompson created National App Day as a way to celebrate how apps have inspired us and changed our culture. The Registrar at National Day Calendar went on to proclaim National App Day to be observed annually. We can’t truly appreciate the impact that apps have on our lives without an idea of how to use these programs securely.

Goodbye to Flash - if you're still running it, uninstall Flash Player now

It’s time to say a final “Goodbye” to Flash. (Or should that be “Good riddance”?) With earlier this week seeing the final scheduled release of Flash Player, Adobe has confirmed that it will no longer be supporting the software after December 31 2020, and will actively block Flash content from running inside Flash Player from January 12 2021.

12 Essential Tips for Keeping Your Email Safe

Hey, did you get that sketchy email? You know, the one from that malicious hacker trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh. A hypothetical scenario, but one that plays out every day in organizations across the globe — a very real scenario that provides a good reason to take a deep dive into the topic of email security. Here are some more good reasons.

4 Things a Good Vulnerability Management Policy Should Include

Organizations face an ever-evolving threat landscape. With this in mind, it is imperative that organizations keep an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities that may lead to a breach. A good vulnerability management policy should contain the following.

Key OT Cybersecurity Challenges: Availability, Integrity and Confidentiality

Organisations are still underestimating the risks created by insufficiently secured operational technology (OT). One current example comes from Germany. According to a report by heise.de, external security testers consider it “likely” that a successful serious cyberattack against the publicly owned water company Berliner Wasserbetriebe could lead to a complete failure of the German capital’s waste water management.

Thoughts from the NCSC 2020 Annual Review

The National Cyber Security Centre (NCSC) released its annual review of 2020. If you are unfamiliar with the NCSC, part of their mission is that they are “dedicated to making the United Kingdom the safest place in the world to live and work online.” This is a lofty goal, and since the first report, issued in 2016, the NCSC remains steadfast in its vision. This year’s report, which spans the period from September 2019 through August 2020, contains many interesting insights.

How to Protect Your Business From Multi-Platform Malware Systems

The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to hide their true origins.

FERC Releases Staff Report on Lessons Learned from CIP Audits

In October, the Federal Energy Regulatory Commission (FERC) released its “2020 Staff Report Lessons Learned from Commission-Led CIP Reliability Audits.” The report summarizes the Commission’s observations from Critical Infrastructure Protection (CIP) audits performed in conjunction with staff from Regional Entities and the North American Electric Reliability Corporation (NERC).

A Look at the Computer Security Act of 1987

Computer security regulations have come a long way from their early beginnings. Even before the Federal Information Security Management Act (FISMA), there was the Computer Security Act of 1987 (CSA). The Computer Security Act was enacted by the 100th United States Congress in response to a lack of computer security protection measures, and a strong need for internal computer security governance for U.S. Federal agencies. Although the U.S.