Tom Cross Tom Cross RSS Feed

Director of Security Research

Tom is a recognized expert on Internet Security, having been a leader at IBM X-Force Research for many years, technical editor of the X-Force Trend Report, and speaker at numerous security conferences around the world including Blackhat Briefings and FIRST.

Identifying Past Heartbleed Attacks with the StealthWatch System

One of the concerns that has been raised about the Heartbleed vulnerability is that it was introduced into the OpenSSL code base several years ago, and it’s possible that some attackers were aware of it and launching attacks before it was publicly disclosed this week. This post explains how to use the Lancope StealthWatch System to identify flows associated with Heartbleed attacks. READ MORE

OpenSSL Vulnerability: Whose Hearts Should Be Bleeding?

Monday night marked the disclosure of the biggest software vulnerability so far this year, known as the “Heartbleed” bug, which affects the OpenSSL cryptographic software library. So who should be concerned about this vulnerability? In short, everyone. READ MORE

Was your network targeted by the Snake?

Information is coming out about Uroburos and we can expect its operators to scale back its use and abandon command and control points that they have been using to operate it. However, if you’ve been collecting netflow on your network, you can cross reference the IOCs from the BAE Systems report against your environment to see if you were communicating with these command and control points in the past. If you were, we suggest handling the matter with a high degree of care. READ MORE

Closing the Cyber Security Threat Intelligence Gap

American corporations want to compete with each other based on the value of the products and services they are offering. When it comes to cyber security – we should be working together. READ MORE

Operation SnowMan Currently Targeting US Military Personnel

A waterhole campaign is currently targeting US military personnel. The campaign was launched this week from the U.S. Veterans of Foreign Wars’ website and is associated with two previous APT campaigns. If your organization employs current or former US military personnel, you should check to see their systems have been compromised. READ MORE