Resources

Blog

FIM Hunting: How To Kill and Remove Unwanted Files

Organizations have a deep interest in detecting and preventing threats within their environments. From firewalls to file integrity monitors, there are many opportunities to catch and stop attackers in their tracks. A basic workflow for IT security revolves around prevention, detection and remediation. As a researcher in Tripwire’s Security and...
Blog

GOTPass Seeks to Replace Passwords with Images and Patterns

A new system called GOTPass could offer a alternative to multi-factor authentication by replacing passwords with images and patterns. Endgadget reports that the system, which was developed by researchers at the University of Plymouth, requires a two-step one-time setup. First, users are asked to draw a pattern on a 4x4 grid, a method of...
Blog

A Holiday Nightmare: Cryptolocker2 Delivered by PostNord Email Scams

For years, computer criminals have been targeting unsuspecting web users with post office email scams. This particular method of attack consists of a fake email in which a recognizable postal service notifies the recipient that it has failed to deliver a package to their address. The email subsequently asks that the recipient pick up the package...
Blog

Safety - Part of Information Security

In the Internet of Things (IoT) era that we have entered, it is becoming apparent to me that nothing follows a linear progression anymore. The abstract models created by start ups, which can and often do disrupt the industry, promote new ways of engaging in business that are not common sense. To illustrate this, I’ve made a list of examples that...
Blog

Hyatt Hotels Investigates Malware Found on Payment Processing Systems

Hyatt Hotels has launched an investigation after discovering malicious activity on its payment processing systems. Stephanie Sheppard, a spokeswoman for Hyatt, announced the investigation in an email to Hyatt guests on Wednesday: "Hyatt Hotels Corporation (NYSE: H) today announced that it recently identified malware on computers that operate the...
Blog

Rising Danger From SQL Injection Attacks

Almost every week, we hear about a new data breach in the news that reports about a major company losing millions of usernames, passwords, credit card numbers, banking transactions after falling victims to a cyber attack. As per a recent report released by Imperva on Web Application attacks, SQL Injection (SQLi) saw the biggest rise compared to last...
Blog

The Agent vs Agentless Debate - Part 2: The Operations Side

This is the second part of a two part blog post on the factors that can help you decide whether an agent or agentless solution will be the best fit for your organization. Part 1 provided advice from a security perspective. In part 2, I offer advice that considers the implementation and ongoing operations management. Let’s look at operational...
Blog

Do Healthcare Breaches Undermine Trust?

In the spring of 2014, the Federal Bureau of Investigations sent out a private notice to healthcare providers warning them that as a result of lax security controls in their field, the healthcare industry as a whole was more prone to "cyber intrusions" than the financial and retail sectors. Unfortunately, this threat has not changed in the past year...
Blog

The Color of the Day

Earlier this year, the FBI stated that the second most prominent scam on the internet is the wire fraud scam, whereby a CFO is sent a phishing message that is supposed to appear to come from the CEO, requesting an urgent transfer of funds. These attacks that are targeted toward the “big fish” in a company, usually the Chief Financial Officer, are...
Blog

The "Internet's Most Hated Man" Has His Twitter Hacked

Truth be told, it's not been the best of weeks for Martin Shkreli. The former hedge fund manager made himself and his firm Turing Pharmaceuticals notorious earlier this year by raising the price of an AIDS treatment drug from $13.50 to $750 per tablet. That particular stunt resulted in Shkreli being dubbed "the internet's most hated man", and you...
Blog

Phantom Squad Hacker Group Takes Down Xbox Live

The hacker group Phantom Squad has recently claimed responsibility for an alleged attack that caused problems for Xbox Live users. Earlier this month, Phantom Squad announced that they intended to take down Sony's PlayStation Network and Microsoft's Xbox Live gaming platforms for one week beginning on Christmas Day. “We are going to shut down Xbox...
Blog

Killing Phish the Sumerian Way

Circa 3000 BCE – The Sumerian language is dead. Why? Because as it’s often said, a language is just a dialect with an army, and the army had long vanished. A thousand or so years earlier, however, Sumerian was the first language to have a written form, and Sumerians wasted no time in developing tools – elaborately carved cylinder seals – to...
Blog

12 Steps to Cyber Health

A recent article by The Financial Times argues that boards should be looking to employ younger directors to tackle the cyber security “problem." Meanwhile, the EU has unveiled the proposed Network and Information Security Directive. Think about the psychology here, really… The more we raise the bar and levels of expectations, given the volume of...
Blog

Optus Investigating Breach After Data Leak on Freelancer.com

Optus, the second largest telecommunications provider in Australia, is investigating a data breach after customer data was leaked onto Freelancer.com. Australian news site Crikey reports that the breach occurred when an employee of the debt collection firm Arc Mercantile posted a spreadsheet...
Blog

Merry Malware: How to Avoid Holiday Phishing Scams

Phishing scams are a menace. According to the Verizon 2015 Data Breach Investigations Report, at least one in 10 people fall for phishing attacks. This rate of success spells trouble for businesses. Indeed, a report issued by the Ponemon Institute in August of this year found that the average organization could potentially spend up to $3.7 million...
Blog

Xi Jinping: China Should Be Able to Censor Whatever It Wants on the Web

President Xi Jinping believes that the People's Republic of China should have the right to decide what to block and censor on the web. In his opening speech for the second World Internet Conference, which opened in Wuzhen, Zhejiang province on Wednesday, the Chinese president invoked national sovereignty, a principle enshrined in the Charter of the...
Blog

Cyber Security in EMEA – A Letter from Neil Harvey

It is my privilege to have joined Tripwire as the company's Vice President of Sales for Europe, Middle East, and Africa (EMEA) earlier this Autumn. At this time, I would like to explain why ongoing developments in the security world influenced my decision to come aboard. So, let's jump right in. Why did I join Tripwire? First of all, EMEA – my area...
Blog

UK Man Arrested in Connection to VTech Hack

UK law enforcement has announced the arrest of an individual as part of its ongoing investigation into the hack against VTech, a provider of electronic learning products. On Tuesday, officers from the South East Regional Organized Crime Unit (SEROCU) published a statement in which they explain the status of their investigation. "A 21-year-old man...