Don’t forget to subscribe to the newsletter to receive this in your inbox as soon as we write them!

While everybody has been discussing the Coronavirus and the elections we have been focused on providing you with the best application security guidance and news out there. 

The March edition of this newsletter brings two new ReThink articles and a variety of interesting articles that I’ve found this month. The threat landscape is evolving. Attackers continue to use novel attack vectors and techniques to gain access to networks and systems. 

We are starting to see attackers pivoting from ransomware to other types of attacks that can do more damage and result in higher success (payment) rates. Attackers do this by gaining access, then persistence on a network, expanding their reach quietly, then exfiltrating interesting data to an offsite location. Once that is done they can perform other extortion type attacks including deletion, encryption, and public disclosure of sensitive data. These trends have resulted in the weaponization of more attack vectors beyond what we’ve seen in the past. Defending your network, applications, and users has never been more pressing.


Recent ReThink Articles

Joe spent the last few weeks exploring the darkweb to uncover the tools and techniques that attackers use to gain access to illicit information. He also shared how attackers buy and sell data once they’ve breached a system. It’s fascinating to see how various types of are being sold on the black market, what their market value is, and how easy it is to make these transactions.

Exploring the Darkweb  

Jason wrote a piece about how important it is to focus on people first when we want to make a security impact within the enterprise. It’s easy to get wrapped up in the latest tool or vendor solution, especially as you walk the halls of RSA and listen to vendor claims, or read the latest white paper that claims it can solve all of your security problems. Remember we’ve been here before. A holistic solution involving people, tools, network and application security is our only chance to defend against the types of threats and risks we see today.

It’s Always About People  

More Security Headlines

I’ve started to use WARP from CloudFlare. This enables a number of powerful network security features to help protect your mobile devices. It uses their DNS system over TLS and adds a layer of VPN to their network. This encrypts all requests (including DNS requests) and all traffic. They’ve focused on making it performant reducing the speed and battery life overhead normally associated with similar solutions. Oh, and their base version is free.

WARP is here (sorry it took so long)

Imagine what an attacker could do with 5 months of unfettered access to your network. That’s the question that Citrix had to grapple with recently. This aligns with what I think of as the current generation of more advanced attackers. Gone are the days of dropping ransomware and leaving. The threat to your company is wider and deeper than ever before.

Hackers Were Inside Citrix for Five Months | Krebs on Security

Puerto Rico Lost $2.6M in a phishing scam. Phishing is still a very real attack vector. Train your users, enable 2FA, and put risk based solutions in place to protect yourself. This example underscores that attackers will target the softest targets first with no thought of who it may affect.

Official: Puerto Rico govt loses $2.6M in phishing scam

Researchers have found many Cisco devices are vulnerable to attacks which may allow an attacker to breach networks, execute remote code, exfiltrate data, or gain access to devices and intercept data. This is a major security flaw that needs to be addressed quickly. There are no workarounds for many of these issues. Disabling or upgrading the device is the only solution.

CDPwn: 5 Zero-Days in Cisco Discovery Protocol | Armis

Students from Harvard did some interesting research to collate data breaches from Darknet data dumps and other sources to create a more complete picture of individual users. They found they were able to trivially aggregate this information to increase the risk of a data breach significantly.

Imperiled information | Harvard

A (US born) Raytheon Engineer was arrested for taking US defense secrets to China. This highlights how difficult it is to protect information. At some point you have to trust users with sensitive data. DLP vendors will tell you that they can help, but just ask your nearest Security Researcher the myriad ways of exfiltrating data from a network and you’ll understand the extent of the issue. We have to protect our data at an appropriate level based upon the value of that data to attackers.

Raytheon engineer arrested for taking US missile defense secrets to China |

Please subscribe to our newsletter. Each month we send out a newsletter with news summaries and links to our last few posts. Don’t miss it!