Resources

Blog

DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks

According to the 2015 Information Security Breaches Survey, a PwC study that I recently analyzed in an article for The State of Security, the number of denial of service (DoS) attacks has either dropped or remained stagnant for most UK corporations over the past year. Apparently, this decline has not stopped certain malicious actors from getting...
Blog

Germany Drops Merkel NSA Phone Tapping Probe

Germany has dropped an investigative probe into the alleged tapping of Angela Merkel's cellphone by the National Security Agency (NSA). According to BBC News, the office of federal prosecutor Harold Range said that not enough evidence had been obtained to justify legal action. Germany's decision to drop the probe marks the end of an incident that...
Blog

Data Location and Risk Haunt IT Pros' Dreams, Reveals Study

Today’s evolving online threat landscape is challenging enterprises to make changes that will enhance their security. The threat of a data breach, for instance, is leading many organizations to invest in measures that will help protect their data. Even so, what intelligence is guiding these decisions remains uncertain. It is therefore an opportune...
Blog

UK Surveillance Powers Need 'Clean Slate,' Says Reviewer

An independent reviewer in the United Kingdom has called for a new "comprehensive" law to help define security services' online surveillance powers. According to BBC News, David Anderson QC, an independent reviewer of terrorism legislation, stated that a "clean slate" is needed in the approach to surveillance powers used by security services to...
Blog

Why It’s Not Too Soon to Learn From The OPM Hack

Speculation is rife. The OPM hack will become a fascinating story if we ever actually learn the details – how exactly did attackers penetrate and exfiltrate millions of federal employee records? What weaknesses did they exploit, and how did they escalate access? More to the point, what protections could have or should have prevented the penetration...
Blog

iOS Mail bug makes it easy to steal victims' passwords

I would wager that most people who have an iPhone or iPad use the default Apple iOS Mail application, rather than a third-party app, to read their email. And if you're one of those people, you could be at risk from an unpatched vulnerability that could allow hackers to convincingly trick you into handing them your passwords. As The Register...
Blog

VERT Threat Alert: June 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expect to ship ASPL-618 on Wednesday, June 10th. MS15-056 Internet Explorer Information Disclosure Vulnerability CVE-2015-1765 Multiple Elevation of...
Blog

Ransomware Nearly Doubled in Q1 2015, Reports McAfee Labs

According to a report issued by Intel Security Group's McAfee Labs, ransomware has experienced a 165% increase in the first quarter of 2015. McAfee Labs Threats Report: May 2015 reveals that this increase has been fueled in part by the impression of underground criminals that victims in rich countries seem to be the most willing to make ransom...
Blog

MalumPoS Malware Targeting the Hospitality and Retail Industries

A security firm has identified MalumPoS, a new type of point-of-sale (PoS) malware that is targeting businesses in the hospitality, food and beverage, and retail industries. According to a blog post published by global security software company Trend Micro, the authors of MalumPoS designed the malware to collect data from PoS systems running Oracle®...
Blog

China Denies Responsibility for U.S. Federal Data Breach

China has denied responsibility for a data breach at the U.S. federal government that is believed to have compromised the personal information of former and current employees. According to a statement released by the U.S. Office of Personnel Management (OPM), the federal agency that is responsible for screening and hiring workers as well as...
Blog

What's Left Behind: Oracle TNS Listener Log Files After an IP360 Scan

Ever looked at the messages in the Oracle listener logs generated by Tripwire IP360 scans and wondered what was going on? The most common one you see probably looks something like this: 01-JUN-2015 12:39:37 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189 TNS-01189: The listener could not authenticate the user TNS-01169: The listener has not...
Blog

New York Becomes First State to Set Bitcoin Trading Regulations

New York’s Superintendent of Financial Services Benjamin Lawsky announced on Wednesday a new set of rules and regulations for businesses accepting, selling or buying virtual currencies. Following nearly a two-year-long effort, Lawsky introduced the first-ever comprehensive framework – known as BitLicense – in a speech at the BITS Emerging Payments...
Blog

IT Security: Evolving to a Risk-Based Approach

As news of information breaches and personal data theft become more prevalent and popular in the press, technologists are witnessing and taking part in the rapid evolution of the once neglected realm of cybersecurity. Hopefully, this process results in an integrated, enlightened solution to what is a very complicated puzzle. Moving Beyond a Fear...
Blog

Here's What You Missed at BSides London 2015

The Security BSides concept is brilliant. After being founded in 2009, it’s spread like wildfire. There are now dozens of regional events that take place around the world, and if you take a look at their website, you’ll more than likely find one not too far away. For any of you that don’t know, the principles behind the idea are simple: Expand...
Blog

Pro-ISIS Hackers Are Targeting News Outlets, Says Security Firm

A security firm has issued a warning that sympathizers of the Islamic State extremist terrorist group (ISIS) are increasingly targeting news media outlets of all sizes. According to a report published by network security company FireEye, what distinguishes these attacks is the fact that all sizes of media outlets are being targeted by sympathizers...
Blog

Infosecurity Europe – Day 1 Highlights

With a reported 17,000 people flocking to Europe's largest security conference this week, there is no doubt that the industry is expanding vastly. Here, you’ll find hundreds of vendors, a variety of workshops and a range of sessions for professionals in the field, no matter what level. From technical insights to business risks, the events is a great...
Blog

Computer Criminals Brought to Justice - Twin Russian Hackers

Last week, Tripwire explored the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that scans Photobucket users’ private photo albums in search of naked selfies. We now report on a pair of twin Russian hackers who allegedly gained unauthorized access to more than 7,000 Russian bank accounts using social engineering...