The King is dead. Long live the King!

In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174.

Facebook United

Facebook was a mess. The independence it dangled to close acquisition deals with Instagram and WhatsApp turned the company into a tangle of overlapping products. Every app had its own messaging and Stories options. Economies of scale were squandered. Top innovators led mature products already bursting at the seams with features while new opportunities went unseized.

Fighting SOC Alert Overload With Effective Threat Intelligence

Key Takeaways

  • Threat intelligence isn’t just a silo in security and has advantages to bring to many different roles in your organization.
  • Teams triaging alerts in security operations centers (SOCs) are overwhelmed with event data that has no context.
  • Threat intelligence packaged correctly for the SOC analyst can make them 10 times more productive.

The concept of threat intelligence and its potential usefulness to any business that’s serious about cybersecurity is not difficult to grasp. The more you know about potential attacks, how you might be attacked, and what those attacks will target, the better equipped you are to defend and align your resources effectively.

What is a Chief Security Officer? Understanding this critical role

A CSO is a departmental leader responsible for information security, corporate security or both. That’s the simplest answer to the question “What is a CSO?”, and one that our founding editor Derek Slater offered up to readers way back in 2005 — heck, if there’s one website you ought to be able to trust to tell you what a CSO is, it’s CSOonline. But of course, no one-sentence answer can encapsulate the complexity of a job like this, and not everyone with the CSO title has the same set of responsibilities.

Microsoft Patch Tuesday, May 2018 Edition

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness.

Written testimony of USCG for a House Transportation and Infrastructure Subcommittee on Coast Guard and Maritime Transportation hearing titled “Blue Technologies: Use of New Maritime Technologies to Improve Efficiency and Mission Performance”

2167 Rayburn House Office Building

Good morning Mr. Chairman and distinguished Members of the Committee. It is my pleasure to be here today to discuss the Coast Guard’s efforts to pursue technologies and solutions that have the greatest potential to enhance the service’s acquisition and mission execution.

VERT Threat Alert: May 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th.In-The-Wild & Disclosed CVEsCVE-2018-8120This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According to Microsoft, the newest OS releases aren’t affected but this is being actively exploited on Windows 7, Windows Server 2008, and Windows Server 2008 R2.Microsoft has rated this as a 4 on the Exploitability Index (Not affected).Note: Microsoft has rated this as a 0 (Exploitation Detected) on older software releases.CVE-2018-8174A vulnerability in VBScript could allow attackers to execute code in the context of the logged in user. This vulnerability could be exploited via certain web browsers or Microsoft Office documents Microsoft has reported active exploitation of this vulnerability.Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected).CVE-2018-8170A privilege escalation vulnerability affecting Windows 10 versions 1703 and 1709 as well as Windows Server, version 1709 has been publicly disclosed. A malicious application could take advantage of a flaw in the way the Windows kernel image handles objects in memory in order to execute code with higher privileges.Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).CVE-2018-8141According to Microsoft, this vulnerability only impacts Windows 10 Version 1709 and Windows Server, version 1709 and could lead to information disclosure. While this vulnerability alone will not allow for system compromise, it could provide useful information that would further enable compromise.Microsoft has rated this as a 4 on the Exploitability Index (Not affected).Note: Microsoft has rated this as a 2 (Exploitation Less Likely) on older software releases.CVE Breakdown by TagWhile historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Other InformationIn addition to the Microsoft vulnerabilities included in the May Security Guidance, a security advisory was also made available.May 2018 Adobe Flash Security Update [ADV180007]Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-16. This includes a fix for CVE-2018-4944.

Alarm Fatigue And The Danger To Cybersecurity

Alarms and alerts surround us every day. From the moment our clocks wake us up in the morning, we rely on alarms for many things. But what happens when those alarms and alerts malfunction? What does it do to us and how does that affect our day to day life?