Hackers and cybercriminals constantly search for vulnerabilities in organizations. In recent years, they have stepped up attacks on networks that contain large amounts of personal data.

Spear-Phishing Attacks: Are They Preventable?

Phishing attacks are increasing at alarming rates. Surveys show that 71% of businesses are not prepared to manage these type of attacks. Many businesses are finding that their defenses are limited and people in the highest offices are vulnerable.

Are Employees Dodging Security?

My team regularly assists clients in battling with users trying to access non-business related sites or remote locations that may have been deemed not work appropriate. Before we blame the end-user for not respecting the rules our organizations have set, we must remember that not all end users are aware of the risks involved when they visit these nefarious locations. On top of that, not everyone is able to utilize only  business related information for the full 8 hours of the workday! But there are plenty of clean websites that usually aren’t blocked that are known clean sites and can get your mind off work for some time. We need to continue to block sites that are known bad despite the battle it may take.

When a 911 Emergency Call System Is Struck by a Cyberattack

The cyber kill chain concept is based on the military kill chain, which uses a three-stage process that covers target identification, defending against the attack and wiping out the target. Lockheed Martin started using the "kill chain" to refer to information security. It applies these same steps to cyber attackers who attempt to break into its computer network and corrupt or steal data. While the analogy may not always be a perfect one when you compare the cyber kill chain to the original military one, this concept gives you the opportunity to break a cyber attack into easily comprehensible stages.

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) - Updated (02-05-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 4120 Security Appliance
• Firepower 4140 Security Appliance
• Firepower 4150 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)
• FTD Virtual

Vulnerability Details

After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.

Cisco ASA Remote Code Execution & DOS Vulnerability

Release Date (01-29-2018) CVE#-2018-0101

Affected Products - Must have WebVPN enabled to be vulnerable

• 3000 Series Industrial Security Appliance (ISA)
• ASA 5500 Series Adaptive Security Appliances
• ASA 5500-X Series Next-Generation Firewalls
• ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
• ASA 1000V Cloud Firewall
• Adaptive Security Virtual Appliance (ASAv)
• Firepower 2100 Series Security Appliance
• Firepower 4110 Security Appliance
• Firepower 9300 ASA Security Module
• Firepower Threat Defense Software (FTD)

Vulnerability Details

This vulnerability affects an unknown function of the SSL VPN component within the ASA. The vulnerability is triggered when an attacker attempts to double free a section of memory when the VPN component is active on the ASA. An attacker could exploit this vulnerability by sending multiple, crafted XML packets to a webvpn-configured interface on the affected system.

What the security community says about a specific industry vertical usually holds true for a good percentage of what is seen in the wild. You can ask any hacker, defender, CISO, etc what industries struggle the most and there are common themes in their answers. Top of the list includes healthcare, manufacturing, government, and financial. Some of the most heavily compliance controlled and regulated are also some of the least secure. Why is this? Is it due to administrators and senior management taking compliance standards as gospel? Maybe it’s a lack of knowledgeable staff like the blind leading the blind.

Know How to Respond to a Cyber Security Incident

Organizations that fall under the purview of HIPAA have to respond quickly to a cyber attack. The Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) issued a step-by-step guide to aid organizations. As a covered entity, your organization must have a contingency plan and incident procedures in the event of a security breach.

Understanding OCR Guidance on Ransomware

With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.