Researchers have discovered two new utilities that are closely associated with the wiper malware used to disrupt the computer networks of Sony Pictures Entertainment last year. After phishing for employees' login information, the attackers responsible for the breach used a strain of wiper malware known as "Destover" to wipe the files off of company...

Just in time for the holiday shopping season, cybercriminals have developed a destructive new form of ransomware that targets the websites of online retailers. According to independent security journalist Brian Krebs, fraudsters have been leveraging the malware – dubbed ‘Linux.Encoder.1’ – to essentially hold a site’s files, pages and images for...

The emergence of IoT is especially pronounced in the workplace. Indeed, as revealed by a recent Tripwire survey, 63 percent of executives anticipate they will need to adopt "smart" things and other IoT devices due to the pressures exerted by business efficiency and productivity. Such enthusiasm notwithstanding, security has not kept up with the...

Security researchers have spotted a type of malware that uses social engineering to trick users into enabling it to automatically install apps on their Android devices. Michael Bentley, the head of research and response at mobile cybersecurity firm Lookout, has published a blog post in which he explains how a so-called "trojanized adware" known as...

Throughout October this year, many tips for National Cyber Security Awareness Month focused on the password problem, including the usual warnings about weak passwords and the same password used in multiple places (known as “password re-use”). Every one of those tips (including more than one written by me) advises the use of a password manager to...

Yes, targeted attacks - especially those perpetrated by an adversary with considerable resources, such as a foreign state - may incorporate zero-day vulnerabilities, but often they begin with something as simple as a phishing message tricking your staff into handing over their passwords. That's a lesson you learn from a new report published by...

Security researchers with IBM have named "onion-layered" security incidents one of the top cybercrime trends they are observing in Q4 2015. In their report IBM X-Force Threat Intelligence Quarterly, 4Q 2015, the researchers explain that an onion-layered security incident involves a second, more damaging and sophisticated attack that follows an...

Thanksgiving is a time for reflection. It provides us with a space for acknowledging all those many people and life experiences that one way or another enrich our lives, year after year. With the spirit of Thanksgiving in mind, we have gathered together the comments of some of the industry's leading professionals on who they are thankful for fueling...

In the last few days, I have seen multiple articles on ransomware in my news feeds (including a shameless reference back to our own post on The State of Security). As I read these, it occurred to me that there is an ironic similarity between these schemes and legitimate companies. The criminals running these malware and ransomware schemes have to be...

If your organization decides to put their corporate files – or their customers’ files – onto someone else’s computer, i.e., implement cloud computing, what security effort should those organizations undertake to ensure the safety of their data? That is the question that we find our customers looking to Tripwire to help them answer. As a Tripwire...

Britain has announced a number of initiatives to boost its cyber security defenses and counter threats, including a £165 million investment in cyber security startups. Chancellor George Osborne introduced the ‘Defense and Cyber Innovation Fund’ on Tuesday during a speech at GCHQ – the headquarters of Britain’s spy agency. Osborne also announced the...

Security researchers have identified a new phishing email scam that is targeting customers of the DHL global delivery service. Analysts with the Comodo Antispam Labs team reveal in a blog post that the phishing email purports itself to be sent from DHL Worldwide and uses the subject line "DHL Shipping Delivery Tracking Number" to support this...

In September, Black Hat Europe announced an interesting talk that entitled “Even the LastPass will be stolen, deal with it”. As reported in an earlier article, it was anticipated (based on the description on the conference announcement) that the “Remember Password” option was the likely attack vector. The presentation was delivered last week, and as...

Given the number and sophistication of threats stalking today's digital landscape, it is incumbent on organizations to improve their cyber resiliency. However, this task is not as easy as it sounds. Our network environments have evolved far beyond the confines of what antivirus solutions or firewalls alone can protect. The Internet of Things (IoT)...

A security firm has discovered that tens of thousands of tablets sold on Amazon.com and elsewhere came pre-loaded with the Cloudsota Trojan. Chinese mobile Internet security company Cheetah Mobile has published a post about its findings. In it, it highlights the complaints of many customers regarding these tablets' poor quality of manufacture, with...

It is rare that the good guys help criminals, but that is exactly what the folks at BleepingComputer.com have done. Let it be stated in no uncertain terms that they should be applauded and thanked for doing so. The problem, as reported on the BleepingComputer site, is that there is yet another variant of ransomware that is circulating online. This...

Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study ...

According to the Tor Project, the FBI paid researchers at Carnegie Mellon University to launch an attack on the service last year in an effort to expose some of its users. The anonymizing service has written a blog post about its findings: "The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden...

There are important security lessons for CEOs following the embarrassing revelation that a teenager hacked into the personal email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson. This isn't the first nor will it be the last time that people hack into accounts using a variety of techniques; it illustrates the...

On Tuesday, a federal court charged three men with having hacked JP Morgan Chase back in 2014, a breach that resulted in the theft of 83 million people's personal information. The 23-count indictment unsealed by the United States District Court Southern District of New York indicts three men--two Israeli citizens and an American citizen--on charges...