Resources

Blog

More than 600K User Accounts Exposed in DaFont Database Theft

A hacker compromised more than 600,000 users' accounts when they stole a database operated by the font sharing site DaFont. In early May 2017, the currently unnamed hacker stole a site database containing 699,464 usernames, email addresses, and hashed passwords after hearing of other attacks launched against it. As they told ZDNet in an interview: ...
Blog

Shining Light on The Shadow Brokers

The summer of 2016 was a tumultuous ride for those of us in the security community. Less than a year ago, nobody had ever heard of The Shadow Brokers or Anna-Senpai but the same month (August 2016), these two – as yet unidentified persons or groups – made it clear that we are in the midst of a massive paradigm shift regarding threats to our society....
Blog

New Loki Variant Can Steal Credentials from 100+ Software Tools

A new variant of Loki Bot is capable of stealing credentials from over 100 software tools assuming they are installed on an infected machine. The malware's updated form leverages social engineering techniques to trick a user into running it. Specifically, it masquerades as a PDF sample that Dropbox couldn't successfully open. A user who clicks on...
Blog

Zomato Hacked! Database of 17 Million Users Stolen

Restaurant search website Zomato has announced that it has suffered a major security breach, resulting in the theft of a user database containing 17 million users' names, email addresses and passwords. The news comes as it is reported that a hacker calling themselves "nclay" is claiming to offer the database for sale on the dark web. ...
Blog

The Impact of Ransomware on Non-Profit Organisations

Social engineering is the exploitation of human error to deceive end users. Ransomware is a type of malware (malicious software) often used in social engineering attacks. When attacked with ransomware, businesses are literally held for ransom while being denied the ability to carry out their usual business operations. The UK Government has recently...
Blog

WannaCelebrate - How to Protect Against WannaCry Ransomware

This post was updated on May 17, 2017, at 12:20 PM PDT. Over the past few days, there has been a lot of buzz around the WannaCry ransomware campaign. For those in the trenches dealing with how to address wave after wave of attacks, it's not as simple as the unhelpful motto of "patch your systems." Most medium and enterprise businesses cannot trust...
Blog

Back to Basics: Combating Zero-Days with Common Sense

The past few months have accelerated the struggle between cybercriminals and those that defend against them. It seems that once again we are back on the defensive—as fast as law enforcement can arrest the bad guys, more and increasingly vicious cyber-attacks are unleashed. It’s been ugly, heartbreaking, and in some cases demoralizing. Even though...
Blog

Compliance: Thoughts of a Newbie

When I started at Tripwire just over five months ago, I never really thought about compliance and why it’s critical. To me, it was something that companies went through and dare I say it, it seemed a bit boring. But the more time I spend at Tripwire, the more I understand why business compliance requirements are so important and how they help us as...
Blog

Brooks Brothers Alerts Customers of Year-Long Payment Card Breach

Brooks Brothers announced on Friday that it recently learned of a potential credit card breach, affecting customers who shopped in-store over the past year. In a press release, the men’s clothing retailer – which operates more than 400 stores worldwide – said potentially compromised information included cardholder names, account numbers, card...
Blog

WannaCry Poses Healthcare Risks in Today's Interconnected World

Patients turned away. Ambulances diverted. Doctors and nurses locked out of patient files and unable to deliver care. On Friday, 45 National Health Service (NHS) organizations in the UK and Scotland and over 200,000 other victims in 150 countries fell prey to the WannaCry ransomware. The threat spread quickly, infecting vulnerable Microsoft systems...
Blog

DocuSign Warns Users of Targeted Email Malware Campaign after Breach

DocuSign is warning customers and users to be on the lookout for targeted emails containing malware after a data breach affected one of its systems. On 15 May, the provider of electronic signature technology disclosed the security incident in an update posted to its website: "...[T]oday we confirmed that a malicious third party had gained temporary...
Blog

Why You Should Not Pay WannaCry Ransomware

If you’ve been infected with WannaCry, you're probably not getting your files back if you pay. About three days ago, a ransomware campaign named “Wannacry” began. If you looked only at what mainstream media is telling you, this was malware written by genius programmers who know what they are doing and is one of the most sophisticated and profitable...
Blog

Women in Information Security: Thaís

As a woman who works in cybersecurity, I know that there are many amazing women in my field. Last time, I had the pleasure of speaking with Cheryl Biswas, who works as a corporate cybersecurity consultant. This time, I spoke to Thaís. She's been educated on two different continents in both physics and computer science! Now she's doing some pretty...
Blog

WhatsApp Scam Offers Users Free Netflix for a Year

Fraudsters have launched a new scam campaign where they offer WhatsApp users one year of free membership access to Netflix. An attack begins when a user receives a message about gaining free access to the streaming service from one of their WhatsApp contacts. The message appears to come from the Netflix domain. But careful inspection of the...
Blog

10 High-Profile Malware Families of 2017

Each year, the United Nations observes the International Day of Families on May 15. It's a day that focuses on the role families play in cultivating education and lifelong learning. By emphasizing the importance of caregivers, the International Day of Families encourages parents to teach their children about sustainable development, human rights,...
Blog

An InfoSec Intern Roadmap

The college year is rapidly coming to a close, and for many students who are in their early college years, an internship is usually part of the summer plans. With the growing interest in cyber security and infosec, as well as the increased availability of cyber security programs in many higher education establishments, some students are entering the...
Blog

Ransomware Attack – Am I Safe Against “WannaCry”?

On Friday May 12th, the headlines were all about how the NHS UK trusts had been impacted by a severe cyber-attack. The attack was related to a strain of ransomware called “Wana Decrypt0r 2.0”, also known as Wannacryptor, WannaCry or wncry. As the news unfolded, reports revealed the NHS had not been the victim - other organizations around the world...
Blog

WannaCryptor Ransomware Strikes NHS Hospitals, Telefonica, and Others

Within a matter of hours, an updated version of WannaCryptor ransomware struck hospitals belonging to the National Health Service (NHS), Telefonica, and several other high-profile targets. News of the attacks first broke on the morning of 12 May, when a doctor operating under the pseudonym "B" broke posted the following message on Twitter: https:/...