by zlata | Mar 19, 2018 | Blog
New DHS alert on breaches of the power grid and other control systems Issue Disabling safety or security controls invalidate risk assessment and mitigation. It won’t matter if the control was disabled by a hacker or by an employee. New information is surfacing about...
by zlata | Mar 12, 2018 | Blog
Dofoil trojan variant used to install cryptocurrency-mining malware Issue Microsoft’s Windows Defender Research group identified a new variant of the Win32/Dofoil remote access trojan which installed a cryptocurrency miner for Electroneum (ETN) coin. Impact The...
by zlata | Mar 5, 2018 | Blog
Widespread SSL Certificate Revocation Disrupting Internet Transport Encryption with Further Disruption Planned for April and October On Wednesday, Trustico (a Symantec reseller) triggered the revocation of roughly 23,000 SSL/TLS certificates, in advance of April and...
by zlata | Feb 26, 2018 | Blog
Increased attacker focus on exposed cloud services, specifically AWS Simple Storage Service (S3) Buckets Issue Amazon’s cloud-based Simple Storage Service Buckets, colloquially referred to as “S3 Buckets”, have been a recent focus of attackers and security...
by zlata | Feb 20, 2018 | Blog
Theft of Newtek domains is a reminder to stay vigilant Issue Last week a web services company (Newtek) responsible for hosting over 100,000 e-commerce based websites and email servers had three of its core domains stolen. These domains originally hosted software...
by zlata | Feb 12, 2018 | Blog
Smart devices add exposure and threat during a breach and are a source of intelligence and forensic data during incident response. Issue A common challenge in any incident response is figuring out how access was gained, which vulnerability or exploits were used, and...
