Resources

Blog

Fortnite Says It Will Reward Users Who Enable 2FA With Free Emote

The Fortnite team announced it will reward users who enable two-factor authentication (2FA) on their accounts with a free emote. On 23 August, the makers of the popular online video game revealed an incentive to help users boost their account security: in exchange for enabling 2FA on their accounts, gamers would receive the Boogiedown emote for free...
Blog

Guide to Securing Your Mobile App against Cyber Attacks

Thanks to the advent of technology, the number of mobile phone users are increasing day by day. You'll be shocked to hear that by 2019, this number will cross the 5 billion mark! While mobile phones may have made our life easier, they have also opened up domains for many cybercriminals who are adapting and using new methods to profit from this...
Blog

Criminal Claims They Stole 20K British Pharmacy Chain Customers' Data

A computer criminal claims to have stolen the personal data and account information of 20,000 British pharmacy chain customers. On 21 August, certain customers of UK health and beauty retailer Superdrug received an email warning them about the "possible disclosure of [their] personal data." It wasn't long before that notice began making the rounds...
Blog

Inside the Judicial Challenges of When Ransomware Strikes a City

Earlier this year, the City of Atlanta suffered a ransomware attack on the city’s computer systems. The attack affected more than one-third of Atlanta's 424 essential programs, close to 30 percent of which were “mission critical” functions. While most of the visible damage has been remedied, the effects of the attack will be felt for a long time....
Blog

A 'How To' for Asset Tagging

The systems in your environment are extremely important assets. Storing intellectual property, customer information, financial information, business automation, etc. If any of these systems are breached or become unavailable, there is a business and financial impact. You’ve installed Tripwire Enterprise agents on these systems to ensure that you...
Blog

Microsoft Seized Six Fake Domains Mimicking U.S. Political Organizations

Microsoft seized six fake domains that mimic the websites of prominent political organizations located in the United States. On 20 August, the Redmond-based tech giant revealed that its Digital Crimes Unit (DCU) had successfully executed a court order to take control of six fake domains created by Fancy Bear. Also known as "Strontium" and "APT28,"...
Blog

ICS Security in the Age of IT-OT Convergence

March 15, 2018, was a momentous day for U.S. homeland security officials. On that date, the Department of Homeland Security (DHS) and the Federal Bureau of Investigations (FBI) for the first time ever attributed digital attacks on American energy infrastructure to actors associated with the Russian government. Their joint technical alert (TA)...
Blog

ITIL, Problem Management and Tripwire Enterprise

I’ve written about ITIL and Tripwire Enterprise, offering a secure approach to managing your Change Management processes, but ITIL’s guidelines offer more than just recommendations around ensuring changes happen as expected. Problem management is another key area where Tripwire Enterprise can help you on your ITIL journey. ITIL sensibly focuses on...
Blog

Hackers steal $13.5 million from Indian bank in global attack

Hackers planted malware on an automated teller machine (ATM) server belonging to an Indian bank as part of a criminal scheme which saw the theft of nearly 944 million rupees (US $13.5 million) in a co-ordinated attack across 28 countries last weekend. India's Cosmos Bank, based in the western city of Pune, suffered an attack which saw hackers use...
Blog

Sextortion Scams Using Redacted Phone Numbers to Demand Payment

Sextortion scammers are now using potential targets' redacted phone numbers in an attempt to trick them into submitting payment. Perhaps after having obtained a list that ties people's phone numbers and email addresses together, scammers are sending out sextortion emails that use redacted phone numbers to lure in victims. Here's an example, as...
Blog

Caller ID Spoofing – What It Is and What to Do About It

What is Caller ID? Caller identification (Caller ID) is a service that allows the receiver of a phone call to determine the identity of the caller. Caller ID is initially sent over at the start of the phone call and identifies the incoming caller before the receiver answers the phone. Caller ID is not associated with the actual phone number but is...
Blog

“Accelerate” Review: What Makes a High Performer of Software Development and Delivery

The last book campaign was on “The Phoenix Project,” which is an easy-to-read story about a fictional company’s transformation into the world of DevOps. “Accelerate” is nothing like that, and if you’re a sucker for raw data like I am, then you may enjoy it more. “Accelerate” details the results of a multi-year study analyzing company’s software...
Blog

Log Management for Government Agencies: What You Need to Know

Without a doubt, log management should be part of the core of any IT security platform of a government agency. It has a role in not only security but also in operations and compliance requirements. Logging can provide situational awareness of things happening within an environment by keeping track of events recorded in the logs of the different...
Blog

VERT Threat Alert: August 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-792 on Wednesday, August 15th. In-The-Wild & Disclosed CVEs CVE-2018-8373 A vulnerability exists within the scripting engine in Internet Explorer. An attacker exploiting this vulnerability...
Blog

'Hack the Marine Corps' Bug Bounty Program Announced by DoD

The U.S. Department of Defense (DoD) and HackerOne together announced the creation of a new bug bounty program called "Hack the Marine Corps." On 12 August, DoD kicked off its new vulnerability disclosure initiative at DEF CON 26 in Las Vegas, Nevada with a live hacking session. For the launch event,...