Resources

Blog

If the Data Breach Doesn't Kill Your Business, the Fine Might

When you hear about a data breach in the news, it's usually related to a major company or social media network that has been targeted. The erroneous conclusion would be that the hackers only focus on exploiting security flaws in large organizations, but the opposite is true. The reality is that cybercrime is deadly to small businesses, with 60% closing operations within six months of an attack....
Blog

Attackers Using Excel 4.0 Macro Dropper to Spread ServHelper Backdoor

Digital attackers are using an Excel 4.0 macro dropper to infect unsuspecting users with a new variant of the ServHelper backdoor. In summer 2019, researchers at Deep Instinct detected a new attack campaign launched by digital threat group TA505. This operation began by attempting to trick users into opening an attached Excel document. When a user...
Blog

Tripwire Patch Priority Index for March 2019

Tripwire's March 2019 Patch Priority Index (PPI) brings together the top vulnerabilities for March 2019. First on the patch priority list this month are patches for Microsoft's Browser, Scripting Engine and VBScript. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Security Feature Bypass and...
Blog

Google Introduces New 2-Step Verification Options for G Suite Accounts

Google has introduced new methods, an updated user interface and other changes through which 2-step verification (2SV) will work for G Suite accounts. On 26 March, Google announced three changes that will affect admins and end users of G Suite customers when they use 2SV going forward. The first change concerns updated user interfaces for 2-step...
Blog

Turning Data into Metrics: A Vulnerability Management Story

One of the main issues I find across the information security industry is that we constantly need to justify our existence. Organizations have slowly realized they need to spend on IT to enable their businesses. Information security, on the other hand, is the team that is constantly preventing the business from freely doing as they please. IT is...
Blog

What is Zombie POODLE?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a write-up on the GOLDENDOODLE attack. Although not POODLE per se, Zombie POODLE is in...
Blog

TLS CBC Padding Oracles in 2019

*UPDATE: Padcheck source is now available on GitHub: https://github.com/Tripwire/padcheck* Since August, I’ve spent countless hours studying CBC padding oracle attacks toward the development of a new scan tool called padcheck. Using this tool, I was able to identify thousands of popular domains which could be targeted by an active network adversary ...
Blog

What is GOLDENDOODLE Attack?

This post is one in a series of posts describing TLS CBC padding oracles I have identified on popular web sites. The other posts in this series include an overview of CBC padding oracles, a walkthrough of how I came to develop a new CBC padding oracle scanner, and a write-up on the Zombie POODLE attack. GOLDENDOODLE is the name I’ve given for...
Blog

Ransomware Hit Garage Used by Canadian Internet Registration Authority

A parking garage used by employees of the Canadian Internet Registration Authority (CIRA) suffered a ransomware infection. At the end of their morning commute on 27 March, employees of CIRA arrived at a parking garage maintained by Precise Parklink. The garage typically uses Precise Parklink's "Automated Parking Revenue Control System" to verify...
Blog

Popular Web Browser's Hidden Ability Threatens 500M Google Play Users

A popular web browser's hidden ability poses a serious risk to more than 500 million Google Play users and their Android devices. Malware analysts at Doctor Web recently observed that UC Browser, a web browser developed by the Alibaba-owned Chinese mobile Internet company UCWeb, can secretly download and execute new libraries and modules from third...
Blog

Women and Nonbinary People in Information Security: Magda Chelly

This is now my third year of interviewing women in information security for Tripwire’s The State of Security. My experience has been amazing so far. I have learned so much from so many people – a few of whom were transgender and one nonbinary. In response to this diversity of viewpoints, I decided to rename my spring 2019 series to be more inclusive...
Blog

Tripwire Patch Insanity: The Challenge

Welcome to Tripwire Patch Insanity! Comprised of 26 vulnerabilities divided into two conferences and four divisions, the goal of this tournament is to declare which named vulnerability is king of Patch Insanity! The original list of named vulnerabilities was taken from Hanno Böck’s named vulnerabilities repo. Any entries that did not have published...
Blog

When Is a Data Breach a Data Breach?

A data breach remains a common headline in the news cycle. A different company, website or social network reports a security issue almost daily. If it feels like using the internet has become a risky endeavor, the feeling is accurate. But what exactly classifies an event as a data breach? The world wide web is littered with different security gaps...
Blog

Is the Private or Public Cloud Right for Your Business?

It wasn’t a very long time ago when cloud computing was a niche field that only the most advanced organizations were dabbling with. Now the cloud is very much the mainstream, and it is rare to find a business that uses IT that doesn’t rely on it for a part of its infrastructure. But if you're going to add cloud services to your company, you will...