In 2015, Tripwire partnered with FIRST Robotics to bring on summer interns from local high schools. Our goal was to teach the students about various aspects of information security on both the offensive and defensive side. The goals I set out for our interns in 2015 were a bit lofty, to say the least. I had planned on teaching them about the various...

A research team is blaming dark web sellers and websites for foolishly uploading geotagged images to underground marketplaces. Paul Lisker and Michael Rose, who are both Harvard students of CS and Government , authored a study in which they asked the following question: is it possible dark web users are unwittingly revealing their location as they...

Surveillance cameras have become a common sight pretty much anywhere you go. From banks to retail outlets and airports to malls, cameras are placed mainly to monitor the area and check for signs of security threats. This has traditionally been done with security personnel monitoring what the cameras are sending back, often in a tightly controlled...

In a prior post, I gave a broad overview of some of the challenges we face in securing unrestricted DNS resolvers. I presented a talk at BSides Las Vegas on the topic and wanted to take some time to delve into more technical details regarding some of the attacks we have seen, as well as review some mitigation strategies. You can find video of the...

A security researcher has come up with a method that would allow an attacker to bypass the iOS passcode limit on certain iPhone models. Sergei Skorobogatov's process consists of an attacker mirroring the Flash memory stored in an iPhone 5c's NAND cells. During a press conference back in March, FBI Director James Comey explained his agents could not...

In my last blog post, I introduced the topic of automation and how it can help improve security posture. In this post, we’ll be covering some of the risks automation can mitigate against. Data Breaches and Cyber Attacks A recent survey by ISACA on organization preparedness indicated that only 38% of businesses were confident they were prepared to...

FBI Director James Comey feels that covering up a computer's webcam with a piece of tape is "sensible" and "a good thing." In an interview commemorating 10 years of operation for the National Security Division (NSD), a body of the U.S. Department of Justice that leverages law enforcement, intelligence, and other government resources to respond to...

Looking at the cyberthreat landscape, millions of new devices come online every day. But there’s a shortage of qualified cybersecurity workers to protect those devices once they come online. Additionally, in almost every case, it takes minutes or less to compromise them. Simply running more vulnerability scans to collect more data and generating...

It’s hard to believe that in such a relatively short period of time, smartphones and other mobile devices, such as tablets, have become so tightly woven into both our personal and work lives. And unlike desktop or laptop computers that are usually company-owned, personally-owned mobile devices are often filled with company related apps, data, email...

Authorities confirmed that Russian hackers accessed a database containing the medical data of U.S. athletes who participated in the Rio 2016 Olympics. On 13 September, the World Anti-Doping Agency (WADA) said in a statement that a Russian cyber-espionage group known as APT28 or "Fancy Bear" gained...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-689 on Wednesday, September 14th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy...

My name is David. Now that you know my name, you should know technology is my passion. I've participated in the FIRST Robotics Competition, and I'm deeply knowledgeable about computer programming languages and software. But throughout my learning, I've always known cybersecurity would teach me and play an important part in my future career,...

We all know information drives social media. It's fairly obvious. A social media post communicates content, which allows members to engage other users. Simple, right? Well… there's more to it than that. Social media posts aren't just communicative. They're performative. Status updates, tweets, and even funny dog videos reveal something deeper about...

Shark ransomware has rebranded itself as the Atom ransomware affiliate program but has kept a favorable payment model to attract criminal customers. First detected on 15 August, 2016, Shark is a ransomware-as-a-service (RaaS) platform that allows computer criminals with low levels of technical expertise to sit at the adult table and distribute...

Confidentiality, Integrity and Availability – those are the three pillars of the CIA triad model for information security. Here's something you might not have known: in reverse order, those same pillars apply to IT Operations. Think about it. In a world of agility and enablement, the availability, integrity and confidentiality of the systems and...

AVG security researcher Jakub Kroustek has recently discovered tracks of the Cerber 3 ransomware virus marking encrypted files with the .cerber3 file extension. Unlike previous variants of Cerber, for which decryptors have been already developed, this variant contains fixes that prevent malware researchers from decrypting the files. Since this virus...

A bank's linked services went offline after a loud noise during a fire extinguishing test caused damage to hard drives stored at its main data center. On 10 September, ING Bank conducted a drill to evaluate the fire suppression system at its main data center in Bucharest, Romania. The fire...

Signing up with a social media site is fun, but it's not without its risks. Scammers prowl about LinkedIn, Twitter, Facebook and other social networking platforms looking for ways to trick users into doing something they wouldn't ordinarily do. Usually, these fraudsters are after their targets' profiles, money, or computer files. But some want...

Firewalls are staples of network security, and for years, they’ve played a part in keeping networks safe by restricting both incoming and outgoing network traffic. Along with antivirus software, they are among the oldest and most widely used cybersecurity tools. But what role should firewalls play in 2016 and beyond? One thing is clear: even though...

The Philadelphia ransomware enables attackers to offer "mercy" to their victims by choosing to decrypt their files for free. Attackers are likely distributing Philadelphia, which is a new version of Stampado, via the use of phishing emails disguised as payment notices from Brazil's Ministério da Fazenda or the Ministry of Finance. ...