Resources

Blog

Defending Your Kingdom with a Knight

If I were a Chess piece to protect my organisation, which piece would I be and why? It’s too easy to choose the big player piece like the King but King’s rule the Kingdom and are protected by those around them, so in my mind, they don’t do very much. So, I choose to be a Knight. In Chess, I like playing the piece. It has so many unique qualities that...
Blog

Sun Tzu & Security in 2016 – Part Two

In the first installment of this two-part article series, we took a brief look at the influence of Sun Tzu’s The Art of War and began our exploration of the theme of deception in warfare as it relates to cyber and information security. Let’s move on to another high-level theme running through the text: the importance of agility and variation in...
Blog

Why You Should Double-Check Your Vulnerability Data

Our ability to protect our systems from vulnerabilities is often only as good as the information available to us. One source, OVAL definitions, promises to “provide enterprises with accurate, consistent, and actionable information so they may improve their security.” Unfortunately, blindly trusting that this data is accurate could still leave your...
Blog

Adobe Readies Patch for "Critical" Vulnerability in Flash Player

Adobe is expected to release a patch for a "critical" vulnerability in Flash Player in its upcoming monthly security update. On Tuesday, the American multinational computer software company released a security advisory for Flash Player. In that bulletin, it discusses the vulnerability CVE-2016-4117."A critical vulnerability (CVE-2016-4117) exists in...
Blog

Overconfidence Plagues Financial IT Pros' Ability to Detect a Breach, Finds Survey

Back in February, Tripwire first unveiled its 2016 Breach Detection Survey. The study evaluated the confidence and efficacy with which IT professionals in the United States could implement seven key security controls: PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS 20 Critical Controls, and IRS 1075. Together, those controls recommend accurate...
Blog

How to Tell if Your iPhone Has Been Secretly Hacked

You know you're living in interesting times when an app designed to tell you if your iOS device has been jailbroken is outselling the likes of Minecraft and Grand Theft Auto. And that's exactly what a new app called System and Security Info has managed to do, topping the paid apps chart ahead of some of the world's most famous games. ...
Blog

VERT Threat Alert: May 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 17 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-670 on Wednesday, May 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Sun Tzu & Security in 2016 - Part One

Anyone who has read their fair share of security books, briefings, or blogs or sat through several infosec presentations by now has come across Sun Tzu, the ancient Chinese military General, strategist and philosopher. More specifically, I'm sure you've heard of his 5th century BC treatise known in the Western world as The Art of War. Outside of its...
Blog

GoDaddy Remediates Blind XSS Vulnerability

GoDaddy has remediated a blind cross-site scripting (XSS) vulnerability that attackers could have used to take over, modify, or delete users' accounts. Security researcher Matthew Bryant discovered the flaw using a tool XSS Hunter late last year. At that time, he found he could set his first and last name to an XSS payload. He opted to use a generic...
Blog

4 Reasons Why the Cloud Is More Secure Than Legacy Systems

We tend to fear what we do not understand. Especially when it comes to new technologies. We oftentimes worry… and worry some more… before finally embracing a new gadget, platform, or feature and deciding to incorporate it into our lives. Brian David Johnson, futurist at Intel, is responsible for creating models that predict how people will interact...
Blog

Understanding Prioritization - Patches and Vulnerabilities

Here at Tripwire, one of the responsibilities of VERT (Vulnerability and Exposure Research Team) is the monthly publication of our Patch Priority Index (PPI). Equal parts science and art, the PPI is released by VERT researchers who deal with vulnerabilities resolved by these patches on a daily basis. When this process first began, it prompted a very...
Blog

Kiddicare Alerts Nearly 800,000 Customers of Data Breach on Test Site

Baby retailer Kiddicare has alerted nearly 800,000 customers that a recent data breach led to the exposure of their personal information. The UK-based company notified potentially affected customers via email, stating that the compromised information included names, delivery addresses, emails and phone numbers. Kiddicare stressed that the...
Blog

Google Employees' Information Compromised via Third-Party Vendor

Google has begun notifying some of its employees that their information was compromised by one of its third-party vendors. In a sample breach notification letter Softpedia obtained from the Office of the Attorney General for the State of California, the tech giant provides some details on what transpired in the incident: "We recently learned that a...
Blog

Investment Firm Loses $495K in Spear-Phishing Attack

An investment firm recently lost $495,000 as a result of a successful spear-phishing attack against one of its employees. According to The Detroit News, an employee at Pomeroy Investment Corporation recently received a spear-phishing email in which an attacker posed as a fellow company employee and asked the recipient to transfer $495,000 to a bank...
Blog

Beyond the Checkbox: Understanding Security as a Process

As I discussed in my previous article, threat intelligence provides organizations with contextual details regarding specific threats. Such information is crucial for companies that are committed to formalizing their information security practices. By relying on multiple feeds of threat intelligence, for instance, enterprises can continuously prioritize vulnerabilities based upon their severity...
Blog

Retail IT Security: Consider More Room for Improvement

The retail industry’s critical infrastructure, point-of-sale (POS), continues to be plagued with breaches, according the recent Verizon’s 2016 Data Breach Investigations Report. Though retail as an industry depends on POS, the accommodations/hospitality sector this year took the top spot for confirmed POS-related data breaches at 95 percent. (Only 64...
Blog

Employee Terminated After Falling for W-2 Phishing Scam

An employee was fired from a company after they fell for a phishing scam involving W-2 data. The unnamed individual previously worked for Alpha Payroll, a payroll and merchant services provider that provides payment processing services to companies located all over the United States. Alpha's leadership terminated the employee following an incident...
Blog

2016 Verizon DBIR: Fix What Attackers are Targeting

The 2016 Verizon Data Breach Investigations Report (DBIR) is out, and I’m excited to announce that this year’s findings leveraged vulnerability data from Tripwire and other vendors, including our partner Kenna Security. The 2016 Verizon DBIR recommends establishing “a process for vulnerability remediation that targets vulnerabilities which attackers...