In my previous article, we discussed how organizations are shifting how IT resources are deployed and managed. We covered three methods in particular: automated image creation and deployment, immutable image deployment and containers. We’ll now explore how organizations can make the best of these methods in a dynamic environment.Dealing with Change...

Digital criminals have launched a new attack campaign that they're using to target U.S. petroleum companies with the Adwind RAT. Netskope discovered the operation in the beginning of September and found that it was distributing the Adwind RAT from “members[.]westnet[.]com[.]au/~joeven/.” With this URL in mind, it's likely that the individual...

As a regular reader of Tripwire, you are aware that October is National Cyber Security Awareness Month. Way back in 2015, when the world was an entirely different place, I contributed an article that offered some tips for protecting yourself. Those tips are still relevant: Password management. This should be very old news, but the majority of...

Combining Cyber Standards – Is ‘Unified’ Always A Good Approach? The CMMC enforcement model will require a significant adjustment to the way contractors conduct government business – from procurement to execution. In Part 2 of this series, I discussed the possible impacts of having your company’s security rating made public. In Part 3, I would like...

Healthcare continues to see staggering growth in breaches to patient health information. In the first half of 2019 alone, 32 million health records were breached, compared to 15 million records in the entire year of 2018. However, this trend of growing cyber breaches in healthcare is likely to persist due to the following characteristics of the...

A malvertising actor known as "eGobbler" used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser's pop-up blocker built...

Fall is officially here, and that can only mean that SecTor is right around the corner! All summer long, I’ve been planning and prepping new ideas for this year’s IoT Hack Lab and training session. With just a few weeks to go until the conference kicks off, I’m more than a little excited about the new hacks we’ll be demonstrating, dissecting and...

Every year when I go to Black Hat USA and DEFCON, I am reminded of the constant battle between light and dark…wait…that’s Return of the Jedi…. I mean of the constant battle between infosec and the big bad hacker. And it’s not just the uber sophisticated hacks that involve fuzzing and SQL Injections (Am I showing my age there?) or any of the other...

Samples of a new malware family called "Divergent" are using both NodeJS and WinDivert in a series of fileless attack campaigns. Cisco Talos didn't identify the exact delivery method for Divergent. Even so, its researchers observed that the samples they analyzed staged and stored configuration date on the registry like other fileless malware. They...

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several...

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and--worst of all--malware designed to infect users' computers. Researchers at WordFence went public about how hackers are exploiting a...

Digital criminals used percentage-based URL encoding to help their phishing campaign evade detection by secure email gateways. In mid-September, the Cofense Phishing Defense Center came across a phishing email that originated from a compromised email account for a recognizable American brand. The message informed recipients that they had a new...

Just a few years ago, most IT environments were made up of deployed servers on which personnel installed applications, oftentimes as many as that one system could handle. They then remained and ran that way for years. In the meantime, the IT team maintained the system and updated the applications as needed. Sometimes there were test versions of those...

For the past few years, VERT has been running an IoT Hack Lab at SecTor, a security conference in Toronto, Ontario, Canada. Interested attendees (including Expo attendees, who can get a free pass using code Tripwire2019) can visit the Hack Lab with their laptop and learn how to hack various IoT devices from routers and baby monitors to more complex...

Part 2: Cyber Hygiene Made Public – A Necessary Evil? In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of having their company’s security rating made public. According to the CMMC...

Security researchers have determined that over 12,000 variants of the WannaCry ransomware family are preying upon users in the wild. Sophos attributed this rise of variants to threat actors taking the original 2017 WannaCry binary and modifying it to suit their needs. These versions have subsequently produced numerous infection attempts. In August...

After an extended delay, we’ve finally reviewed our next book for #TripwireBookClub. This time around, we looked at Practical Binary Analysis written by Dennis Andriesse and published by No Starch Press. This book is a deep dive into binary analysis, and I think that it’s best just to quote the opening paragraph of the book’s preface: “Binary analysis...

Security researchers at Palo Alto Networks have discovered a new malware threat that targets Macs in what appears to be a sophisticated attempt to raid cryptocurrency wallets. The malware, which researchers have dubbed CookieMiner, has a variety of weapons in its armory that could make it particularly worrisome for cryptocurrency investors....

A new crypto-ransomware threat called "TFlower" is targeting corporate environments via exposed Remote Desktop Services (RDS). First discovered in August, the ransomware makes its way onto a corporate network after attackers hack into a machine's exposed Remote Desktop Services. This attack vector enables bad actors to infect the local machine with...