Resources

Blog

Bad Poetry Day Highlights - The Security Edition

Friday, August 18th was Bad Poetry Day. To celebrate, Tripwire decided to ask some of it's employees and friends in the community to share some of their security poems with us. Some folks tweeted theirs out using the hashtag #tripwirebadpoetryday. Others sent them in. Here are some of our favorites: Roses are red, Violets are blue Tripwire is...
Blog

Couple Arrested for Exploiting Lowe's Website Flaw to Steal Merchandise

New Jersey law enforcement has arrested a couple for abusing a vulnerability affecting Lowe's website in order to steal merchandise. On 15 August, Ocean County Prosecutor Joseph D. Coronato and Brick Township Police Chief James Riccio announced the arrests of Romela Velazquez, 24, and Kimy Velazquez, 40. Together, the couple allegedly orchestrated a...
Blog

How Prepared Are You for the NERC CIPv5 Audit?

How prepared are you for the NERC CIPv5 audit? Maybe you’re ready to jump in with both feet, maybe you have no idea where to start, or maybe you’re somewhere in the middle. No matter where you land, there are some best practices to help you along the way. While I can’t promise to rid you of all past sins and violations, I do have pointers based on...
Blog

Hacking for Innocent Lives: Using OSINT against Online Child Predators

The Internet is a potentially dangerous place for users. This is especially so for children. Oftentimes, these younger users don't yet understand that some people harbor bad intentions. They are therefore prime targets of digital predators who would seek to prey upon them online. Information security writer Kimberly Crawley explains that there are...
Blog

Lessons to learn after hackers hijack HBO's Facebook and Twitter accounts

It's never a dull day if you're working in HBO's IT security team. One day you're dealing with the unauthorised leaking of upcoming episodes of "Game of Thrones", next you're facing multi-million dollar extortion demands from hackers who've broken into your network and stolen 1.5 terabytes data and the personal contact details of your celebrity cast...
Blog

Locky Ransomware Now Appending .Lukitus to Encrypted Files

Locky ransomware is now appending the ".lukitus" extension to victims' files after it's completed its encryption routine. On 16 August, Fortinet junior anti-virus analyst Rommel Joven came across one of Locky's newest variants. https://twitter.com/rommeljoven17/status/897766198674300928 The ransomware is making its way onto users' machines via a...
Blog

The Skills Gap Is an “Entry-Level” Problem

There is much consternation and many dismal proclamations from think tanks all the way to Twitter eggs decrying the shortage of skilled information security workers. The skills gap does exist, but it isn’t a singular chasm. It’s a series of rifts and valleys, each with different characteristics. Beyond acknowledging the gap, we need to survey its...
Blog

Shipping Company Maersk Says NotPetya Cyberattack Could Cost Up to $300M

Container shipping company A.P. Moller-Maersk says a cyberattack that disrupted its operations will come with a hefty price tag of as much as $300 million in lost revenue. The Danish conglomerate, known as the largest container ship and vessel operator in the world, announced the estimated losses in its second quarter financial report. "In the last...
Blog

5 Information Security Tips for Senior and Executive Management

In the Army, we see the basic military fundamental skills being tested on every mission and operation. Whether the operator is jumping out of C-130 to scuba submersion or securing a post in country, their basic skills are always being tested. This goes for information security professionals, as well. Your basic skills sets will be tested every day....
Blog

Facebook Password Stealer Pilfers Data from Wannabe Attackers

A "Facebook password stealer" is capable of covertly pilfering sensitive information from any wannabe attacker who uses it. On 3 August, a security researcher by the name of MalwareHunterTeam tweeted about the credential-collecting tool's hidden nature. https://twitter.com/malwrhunterteam/status/893053328057413634 The phrase "how to hack facebook...
Blog

How Is Your WHOIS?

We all get them: those notices from the ARIN WHOIS service. Whether you run a corporate website or perhaps your own blogging domain, those notices arrive reminding us to confirm our internet records. How much attention do you pay to those? Do you treat them casually, relying on the idea that everything is working so that nothing needs to be done?...
Blog

High Schooler Receives $10K Award for Reporting Bug to Google

A high school student has received a $10,000 bug bounty award for reporting a security vulnerability in Google's App Engine. Back in July, 17-year-old Ezequiel Pereira decided to use the Burp Suite graphical tool to test the web application security of Google's App Engine. He wanted to see if he could access pages protected by MOMA, a portal for...
Blog

Amber Rudd tricked by email prankster who duped White House officials

British Home Secretary Amber Rudd has been duped into sharing her personal email address with a prankster who has previously embarrassed the likes of Bank of England governor Mark Carney and Barclays boss Jes Staley, as well as Donald Trump Jr and various White House officials. Rudd, who recently courted controversy in the security industry by...
Blog

Nationwide and Subsidiary Agree to $5.5M Settlement for 2012 Data Breach

Nationwide and one of its wholly owned subsidiaries have agreed to a $5.5 million settlement for a data breach that occurred in 2012. On 9 August, the Ohio-based insurance corporation along with Allied Property & Casualty Insurance Company agreed to the "Assurance of Voluntary Compliance" (PDF) with 33 Attorneys General of Alaska, Arizona, Arkansas,...