Undersea Cables and Cyber Physical Risks.
Consider how disruption to submarine cables might adversely affect the security requirements and availability of your network connections.
Cyber Insurance and the Attribution Conundrum
Claiming on cyber insurance policies is soon to depend on attack attribution. What does this mean for CISOs and insurers?
Emerging trends from a year of cybersecurity threats
What are the emerging trends in cybercrime based on the threats of the past year? Martin Lee identifies supply chain, cryptomining and biometrics as key issues that deserve our attention.
Shellshock Exploits in the Wild
This post was authored by Joel Esler & Martin Lee. The recently discovered Bash vulnerability (CVE-2014-6271) potentially allows attackers to execute code on vulnerable systems. We have already blogged about the issue and provided more technical detail in a further blog. The rapid release of IPS signatures for our platforms allowed us to follow very […]
Another Major Vulnerability Bashes Systems
Vulnerabilities that permit remote network attacks against ubiquitous software components are the nightmares of security professionals. On 24 September the presence of a new vulnerability, CVE-2014-6271 in Bash shell allowing remote code execution was disclosed.
A Collection of Cryptographic Vulnerabilities.
The rustic origins of the English language are evident in the words left to us by our agricultural ancestors. Many words developed to distinguish groups of different animals, presumably to indicate their relevant importance. A ‘flock’ of sheep was more valuable than a single sheep, a ‘pack’ of wolves posed more danger than a single […]
IE Zero Day and VGX.dll
Update 5-1-2014: We can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog. The recent discovery of a new Internet Explorer zero-day exploit underlines how exposed web browsers are to vulnerabilities for which a patch is yet to be released. Cisco is […]
Coordinated Website Compromise Campaigns Continue to Plague Internet
This post is co-authored with Levi Gundert and Andrew Tsonchev. Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’. Update 2014-03-22: This post’s focus relates […]