Resources

Blog

China Denies Responsibility for U.S. Federal Data Breach

China has denied responsibility for a data breach at the U.S. federal government that is believed to have compromised the personal information of former and current employees. According to a statement released by the U.S. Office of Personnel Management (OPM), the federal agency that is responsible for screening and hiring workers as well as...
Blog

What's Left Behind: Oracle TNS Listener Log Files After an IP360 Scan

Ever looked at the messages in the Oracle listener logs generated by Tripwire IP360 scans and wondered what was going on? The most common one you see probably looks something like this: 01-JUN-2015 12:39:37 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189 TNS-01189: The listener could not authenticate the user TNS-01169: The listener has not...
Blog

New York Becomes First State to Set Bitcoin Trading Regulations

New York’s Superintendent of Financial Services Benjamin Lawsky announced on Wednesday a new set of rules and regulations for businesses accepting, selling or buying virtual currencies. Following nearly a two-year-long effort, Lawsky introduced the first-ever comprehensive framework – known as BitLicense – in a speech at the BITS Emerging Payments...
Blog

IT Security: Evolving to a Risk-Based Approach

As news of information breaches and personal data theft become more prevalent and popular in the press, technologists are witnessing and taking part in the rapid evolution of the once neglected realm of cybersecurity. Hopefully, this process results in an integrated, enlightened solution to what is a very complicated puzzle. Moving Beyond a Fear...
Blog

Here's What You Missed at BSides London 2015

The Security BSides concept is brilliant. After being founded in 2009, it’s spread like wildfire. There are now dozens of regional events that take place around the world, and if you take a look at their website, you’ll more than likely find one not too far away. For any of you that don’t know, the principles behind the idea are simple: Expand...
Blog

Pro-ISIS Hackers Are Targeting News Outlets, Says Security Firm

A security firm has issued a warning that sympathizers of the Islamic State extremist terrorist group (ISIS) are increasingly targeting news media outlets of all sizes. According to a report published by network security company FireEye, what distinguishes these attacks is the fact that all sizes of media outlets are being targeted by sympathizers...
Blog

Infosecurity Europe – Day 1 Highlights

With a reported 17,000 people flocking to Europe's largest security conference this week, there is no doubt that the industry is expanding vastly. Here, you’ll find hundreds of vendors, a variety of workshops and a range of sessions for professionals in the field, no matter what level. From technical insights to business risks, the events is a great...
Blog

Computer Criminals Brought to Justice - Twin Russian Hackers

Last week, Tripwire explored the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that scans Photobucket users’ private photo albums in search of naked selfies. We now report on a pair of twin Russian hackers who allegedly gained unauthorized access to more than 7,000 Russian bank accounts using social engineering...
Blog

Data Breach Via Unencrypted Laptop Strikes U.S. Healthworks

U.S. Healthworks, an urgent care and occupational health service provider, has begun notifying patients of a possible data breach after an unencrypted laptop issued to one of its employees was stolen. According to the company's breach notification letter: "On April 22, 2015, we learned that a laptop issued to one of our employees had been stolen...
Blog

Radio Killed the Security of Things: RF Jammers & Crime

We hear a lot about the Internet of Things, where devices are increasingly connecting to the Internet. However, in addition to these devices being connected to the Internet, they are also increasingly connecting to each other or controlled using various radio frequencies. These radio frequencies often use proprietary or insecure protocols and often...
Blog

A Look at the Real Social Engineers

Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating. The fire inside me I have for knowledge has been doused in petrol by stories of complex crimes, and this has educated me and forced me in to some real life studies. Over the years, I have delved quite...
Blog

Top Phishing Targets Account For Over 75% of Attacks, Survey Finds

A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide. The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing...
Blog

Prioritizing Patches: A Risk-Based Approach

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...
Blog

Nine Reasons There Should Be No Bulk Phone Metadata Collection

Section 215 of the USA PATRIOT Act will expire on June 1, 2015, unless congress extends it. It is important to note that this is NOT the entire USA Patriot Act as many politicians have claimed with their fearmongering. Section 215 needs to expire if we want to protect our privacy rights, and to support international business growth; our national...
Blog

Attacker Used Hola Free VPN as Denial of Service Botnet

An anonymous message board was the alleged target of several denial of service (DoS) attacks launched by the free VPN service Hola earlier this week. Israeli-based Hola is one of the most popular free virtual private network (VPN) providers today. It boasts seven million users of its Chrome extension alone. However, according to Frederick Brennan,...
Blog

Wifiphisher: Automating Phishing Attacks Against WiFi Networks

Although wireless communication technologies have matured to a great extent, their related communication protocols and stack implementations are still encumbered by a number of well known security problems. WiFi (802.11) management packets are not cryptographically protected against eavesdropping, modification or replay attacks. WEP, WPA and WPA2...