Resources

Blog

Three Vulnerabilities in SIMATIC HMI Devices Patched by Siemens

Siemens, a leading producer of systems for power generation and transmission as well as medical diagnosis, has patched three vulnerabilities affecting a variety of SIMATIC HMI devices. The multinational technology company was first alerted to the vulnerabilities, among them two Schneider kits and a number of remote and local exploits, by the...
Blog

Security Slice: Confessions of a Professional Cyber Stalker – Part One

Tripwire senior security analyst, and frequent security slice guest, Ken Westin, recently gave a popular presentation at DEF CON 23 called “Confessions of a Professional Cyber Stalker.” In his presentation, Ken discussed the various technologies and methods he has developed to track criminals, which has led to at least two dozen convictions. Listen...
Blog

Threat Modeling 101: Ten Common Traps Not to Fall Into

As part of Tripwire’s Threat Intelligence University webcast series, we recently had the pleasure of hosting industry expert and renowned author Adam Shostack who shared with us how threat modeling can effectively drive security through your product, service or system. Shostack has championed several security start-ups and previously led Microsoft’s...
Blog

Four Common Scenarios for Dormant Functionality in Malware

Malware is continually evolving to meet the challenges posed by security researchers and antivirus software. Recently, malicious programs have begun to incorporate evasive behaviors, which include four of the most common anti-detection techniques: 1) environmental awareness, 2) confusing automated tools, 3) timing-based evasion, and 4) obfuscating...
Blog

Agora, the dark web's biggest marketplace, shuts over Tor privacy fears

Where would the dark web be without Tor? Probably in the bright, uncomfortable spotlight of law enforcement if it doesn't find an alternative method of cloaking itself. Agora, the dark web site that grabbed the dubious honour of being the world's most popular online drugs marketplace following the shut down of Silk Road and Silk Road 2.0, has...
Blog

FireEye Intern Pleads Guilty to Selling Dendroid Malware on Darkode

A former intern at FireEye has pleaded guilty to selling the Dendroid malware on the underground web forum Darkode. According to The Register, Morgan Culbertson, 20, of Pittsburgh recently pleaded guilty to his crimes before a Pittsburgh federal judge. "I committed the crime, so I am responsible," Culbertson told Senior U.S. District Judge Maurice...
Blog

Exploiting the Social Media Security Conundrum

It is 2015, and social media is everywhere. It is embedded in your smartphone, and its logos are printed on nearly every product packaging. A few years ago, having an online presence by way of a website for a company was enough. Today, consumers expect a company to have a presence on the App Store, Play Store and every social media platform out...
Blog

What Does it Mean to Wipe a Drive?

At a recent press conference, U.S. Presidential candidate Hillary Clinton was asked if she wiped the drive that came out of her now infamous personal e-mail server. She responded: “What, like, with a cloth?” Please note that I will never make a public political comment. That is not my area of interest. I would like to take a moment, however, to...
Blog

Report: Phishing Scams Cost Companies Millions Per Year

The average organization could potentially spend up to $3.7 million per year responding to phishing attacks, says a new report issued by the Ponemon Institute. The study, which surveyed nearly 400 IT professionals at companies with employees ranging from less than 100 to more than 75,000, found that the majority of phishing costs (48 percent) are...
Blog

Ticking the Box Is Not Enough

Up until this month, I wasn't aware of Ashley Madison's site or the nature of the services they offered – what may be described ‘RaaS’ (Relationships as a Service). However, since this organisation has come to my attention, I have conducted research and completed interviews for BBC TV, the radio, news publications, and a host of other agencies,...
Blog

VoIP Scam Lands Three Men in Jail

An electronic scam involving the use of purchased Voice over Internet Protocol (VoIP) airtime has resulted in three British men receiving jailtime. On Friday, August 21, Ross Faulkes, from Brighton; Mark Thompson, from Worthing; and David Robinson, from Bournemouth, were sentenced to three years, four years, and five years in jail, respectively, by...
Blog

A Shopping Cart Is Not Just For Groceries

With billions of transactions occurring online every day, business today truly occurs without boundaries. Clients, partners, merchants and other associates all need to access your network—or your cloud—to make purchases, discover information, or use applications. While these new classes of users are critical for sustaining a competitive edge, your...
Blog

Rutgers University Hires Three Security Firms to Pentest Its Network

Rutgers University has hired three security firms to test its network for vulnerabilities following a series of targeted attacks during the 2014-2015 academic year. According to The Washington Times, FishNet Security, Level 3 Communications, and Imperva will be working with Rutgers to enhance the university's security as classes resume for the 2015...
Blog

BSides: Broadening the Horizons of Information Security

Earlier this month, security professionals from all over the world flooded to Las Vegas, Nevada, for Black Hat USA and DEF CON. As two of the largest and most respected events in information security, it is no surprise that they are a preferred choice for security experts and product vendors alike, year after year. Those conferences are indeed...
Blog

Asymmetric Network Defense: It’s 1904 All Over Again

Every network security manager fights an escalating and asymmetric war against adversaries aiming to penetrate networks or disrupt services hosted there. Symantec reported that major attacker-caused data breaches rose almost 25 percent last year, while Verisign reported almost a 300 percent increase in average DDoS attack size. Asymmetries abound:...
Blog

Google Ordered to Pull Links to 'Right to be Forgotten' Stories

The UK data protection watchdog has stated Google must remove all links to articles which were initially removed from search results under the ‘right to be forgotten’ ruling. The Information Commissioner's Office issued the order on August 18, and has given Google 35 days to remove the links. However, Google has the right to appeal the notice to the...
Blog

How Fraudsters Are Using P2P Money Transfer Services

From phishing attacks to ransomware to malicious advertisements, fraudster's methods for obtaining and exploiting our information are varied and, for the most part, well-known among today’s avid Internet users. Even among the less avid Internet users, security is now more of a concern than it used to be after the numerous giant hacks that have...