Resources

Blog

How the MITRE ATT&CK Framework Can Improve Your Defenses

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...
Blog

What Is PIPEDA? And How Does It Protect You and Your Privacy?

You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) has a twitter account that shares...
Blog

Navigating Cyber Landscape of Connected and Autonomous Cars

In recent years, various attacks have been performed to highlight security concerns about evolving smart cars. In particular, remote hacks took a lot of attention in 2015 when two security researchers hijacked the car’s infotainment system and demonstrated how to manipulate smart car functions. Such attacks elevate the risks associated with the...
Blog

Beware secret lovers spreading Nemty ransomware

Digital attackers are sending around love-themed malicious emails in an attempt to infect recipients with the Nemty ransomware. If you've been kicking around in the world of IT security for more years than you'd like to admit, then you'll surely remember the ILOVEYOU virus (also known as the "Love Bug" or "Loveletter"). When the Love Bug virus...
Blog

More Than 140GB of Data Exposed by Israeli Marketing Company

An Israeli marketing company exposed more than 140GB of data by mishandling the credentials for an Elasticsearch database. A San Diego-based DevOps engineer who uses the Twitter handle 0m3n detected the disclosure after they grew tired of receiving text messages from "random phone numbers with similar messages containing links to gibberish domains."...
Blog

Tripwire Patch Priority Index for February 2020

Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are...
Blog

Red Teaming: How to Run Effective Cyber-Drills?

What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming. What is Red Teaming? The red team attacks, the blue team defends. The...
Blog

Scammers Disguise Two Domains as CDN to Cloak Credit Card Skimmer

Scammers disguised two domains as a content delivery network (CDN) in an attempt to quietly target visitors with a credit card skimmer. Malwarebytes noticed something suspicious within the website code of a Parisian boutique store. At first, the script looked like a JQuery library loaded from a third-party CDN. But the actual content of the script...
Blog

NSA Releases Cloud Vulnerability Guidance

The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls. As a guidance document, it doesn...
Blog

Attack Campaign Leveraged Coronavirus Theme to Deliver Remcos RAT

Security researchers discovered an attack campaign that abused fears surrounding the global coronavirus outbreak to deliver the Remcos RAT. Yoroi Security detected the attack campaign when its threat intelligence activities uncovered a suspicious artifact named “CoronaVirusSafetyMeasures_pdf.” In their analysis, Yoroi's researchers determined that...
Blog

DoppelPaymer Ransomware Launches Site for Publishing Victims' Data

The operators of DoppelPaymer ransomware launched a site for publishing the data of their victims who don't pay the ransom. On February 25, DoppelPaymer's handlers published a site called "Dopple leaks." A message on the site at the time of launch revealed the attackers' intention for doing so: leak the names and data of victims who refuse to meet...
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can...
Blog

The MITRE ATT&CK Framework: Impact

Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems and data. The Impact tactic describes...
Blog

Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials

Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users' Microsoft credentials. Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using CIM Finance's website to host their phishing emails, the...
Blog

NetOps vs DevOps vs DevSecOps - What's the Difference?

One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I...
Blog

How to Get Started in Digital Forensics

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response...
Blog

U.S. Department of Defense Disclosed Data Breach at DISA

The U.S. Department of Defense (DoD) warned that a data breach at the Defense Information Systems Agency (DISA) might have compromised some individuals' personal information. In a photograph of a letter obtained by Reuters, DISA CIO and Risk Management Executive Roger S. Greenwell warned recipients...