Resources

Blog

The Insecurity of Open Source is Not Poisoning the Well

In ages past, invading armies would poison the water source – usually a well – of a city in order to reduce the fighting capability of the enemy or to force the populace of a city under siege to surrender. This method was usually successful because an invader could have a devastating effect on a very large population with minimal yet targeted effort...
Blog

This Hacker has Implanted a Chip in his Body to Exploit your Android Phone

Plenty of people these days are prepared to augment their bodies with face furniture, piercings, rings and tattoos. But would you implant a chip in your hand to show how easy it is to exploit an Android phone? That's what former US navy petty officer Seth Wahle did, in an attempt to demonstrate how business networks could be compromised. Wahle took...
Blog

Cybersecurity Issues – Is Continuous Monitoring Enough?

Continuous monitoring is poised to do for information security what cloud deployment did for global productivity. Continuous monitoring not only has a role to play in preventing large-scale data breaches but it can also help compliance-sensitive organizations save money by facilitating long-term compliance continuity and reducing annual audit...
Blog

The Four Most Common Evasive Techniques Used by Malware

Earlier this month, Lastline, a security firm that focuses on real-time analysis of advanced malware, issued a new report on the evolving landscape of evasive malware. Co-founder and chief scientist at Lastline Christopher Kruegel published the report as part of his presentation for RSA Conference 2015 entitled, “Evasive Malware Exposed and...
Blog

Computer Criminals Brought to Justice – Austin Alcala

Last time, we explored the story of Timothy Lance Lai, at one time a private tutor who was arrested for providing his former students with a keylogger, which they in turn used to change their grades. We now report on the story of Austin Alcala, a teenage hacker who infiltrated various American corporations and the United States military as a member...
Blog

Lessons Learned from RSA Conference 2015

After an action-packed week at RSA, we’re happy to say this year’s show didn’t disappoint, as it encouraged the information security community to “challenge today’s security thinking.” We saw consistent themes across many presentation topics, as well as vendors’ messaging, including one of the biggest issues seen in the recently released Verizon...
Blog

Tesla's DNS Hacked Leading to Website and Twitter Hijacks

On Saturday, the website and Twitter account of electric vehicle maker Tesla was compromised briefly, as well as CEO Elon Musk's Twitter account. The website was defaced after the DNS for TeslaMotors.com was redirected to another server hosting an image with various messages and faces of a few people. ...
Blog

Facebook Stores “Non-Posts” and Sends Unpublished Text to Its Servers

According to a tech consultant, Facebook collects all writing that is entered into a text box and sends it to its servers regardless of whether a user chooses to publish it. In a post published on his blog, Príomh Ó hÚigínn explains that Facebook sends an HTML post request containing the text a user writes. He observed this network traffic using...
Blog

How to crash any iPhone or iPad within WiFi range

Security researchers presenting at this week's RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone. Skycure's Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot. And it doesn't even...
Blog

Sony Hackers Used Phishing Emails to Breach Company Networks

A security researcher has found that hackers used phishing emails to penetrate Sony Picture Entertainment’s computer networks last fall. Stuart McClure, CEO of computer security firm Cylance, says he analyzed a downloaded database of Sony emails and in the process discovered a pattern of phishing attempts. “We started to realize that there was...
Blog

Tripwire VERT’s CTF - Level 1

Last month, I participated in the Tripwire VERT cybersecurity Capture the Flag contest organized for infosec students with some awesome prizes: BSides Las Vegas & DEF CON 23 travel packages and more… I’m in! Even though I didn’t get that far, it was a great learning experience! The CTF started on March 27 when I got an email from the organizers with a...
Blog

Interview with Steven Fox: Privacy and Its Challenges for the Future

We at Tripwire are very excited that RSA Conference 2015 is finally upon us. Not only are we looking forward to all of the attendees who will join us at Booth 3301 over the course of RSA, but we are also eager to hear all of the keynote speakers. Acknowledging this excitement, we decided to sit down with Steven Fox, one of the conference’s keynote...
Blog

U.S. Federal Cyber Security Workforce Is Inadequate, Says Report

A report published by the Partnership for Public Service and Booz Allen Hamilton reveals that an insufficient cyber security workforce is hampering the United States’ efforts to properly defend its networks. According to the report, non-competitive pay and strict hiring practices are aggravated by a lack of pipelines that value computer security...
Blog

How to Protect Yourself From Caller ID Spoofing

Have you ever received unwanted calls from auto-dialers and telemarketers at a time when you did not want to be called? Has an auto-dialer or telemarketer ever tried to scam you? Have you noticed that the numbers of certain incoming calls don’t seem accurate? If you have answered yes to any of these questions, you might have seen a spoofed caller ID...
Blog

Here's What You Missed At BSidesSF 2015 - Day 1

It’s that time of year, again, when the brightest minds in the business gather to talk all things cyber in the city of San Francisco. To start off the busy week ahead, BSidesSF kicked off day one with some great speakers and intriguing presentations. For those of you that didn’t make it out, here’s a short and sweet recap of some of today’s talks....