In early August, Tripwire security analyst Travis Smith conducted a presentation at Black Hat USA on combining open source and commercial security tools to correlate and build context on security events. As part of his presentation, Travis introduced Tripwire’s Automated Reconnaissance and Deep Inspection System (TARDIS), a framework that ties...

In part one of this article, we reviewed how the Nigerian Prince scam is no longer the primary email scam in use, being replaced by more clever and devious methods. The article also examined some of the emotional and personal aspects of the second most popular Internet scam, known as the “urgent wire-transfer” scam, as reported by the FBI’s Internet...

If Microsoft calls a vulnerability "critical," warns that it affects all versions of Windows, and is prepared to issue a patch outside of its normal Patch Tuesday monthly schedule, you should sit up and listen. Today, Microsoft has issued an advisory about a zero-day vulnerability, dubbed CVE-2015-2502, that could allow an attacker to hijack control...

Hacker Eric Croker has been charged with helping to illegally gain access to more than 77,000 computers through an online hacking forum, Darkode. Crocker, 39, of New York, who pleaded guilty on Monday in a U.S. District Court, was among 12 people charged in July when the hacker forum known as “The best malware marketplace on the net” was taken down...

This two-part article will examine the two most popular Internet scams today, and the motivators that make them work. At a recent Cyber Security Symposium hosted by the District Attorney’s office in New Haven, Connecticut, an FBI Agent from the Internet Crime Complaint Center (IC3) gave a presentation in which he revealed the top two Internet crimes...

A June 2015 report reveals that perceptions on the impact of 50 different security issues are worsening across the board. This is one of the latest reports released by the Index of Cyber Security, a sentiment-based measure which helps evaluate the level of risk posed by a number of security threat areas to corporations, governments, and other...

Adobe has now settled claims for its 2013 data breach in which 38 million users had been affected. On August 13, 2015, it was reported that they have paid an undisclosed sum to users and faced $1.1 million in legal fees. The breach was first confirmed back in October 2013 when Adobe had been the victim of a long-term network breach that exposed...

Nine individuals have been charged by the United States Department of Justice (DOJ) with hacking into three separate newswires, stealing yet-to-be-published press releases, and passing this stolen information to approximately two dozen individuals who then traded on the bulletins before their public release. The Securities and Exchange Commission ...

It's a matter of fact that incidents will happen, and now more than ever, organizations have to be prepared to avoid being held liable. Small- and medium-size organizations (SME), however, cannot and will not spend too much money on Business Continuity Management (BCM) and Incident Management. The majority of SMEs that experience a serious incident,...

Like more than a few others, I experienced the infosec outrage against Mary Ann Davidson, Oracle's Chief Security Officer, before I actually read the now-redacted blog post. After taking the time to read what she actually wrote (still available through Google's web cache), I think there’s more discussion to be had than I’ve seen so far. First, it...

Security researchers have found a cross-site scripting (XSS) vulnerability on the Salesforce website, that could be exploited by malicious hackers to conduct phishing attacks and hijack the accounts of users. The researchers at Elastica report that they uncovered the weakness on one of Salesforce's subdomains, admin.salesforce.com. Specifically, the...

Prior to the release of Oracle 10g, the TNS Listener – by default – was not secured with a password. In the default state, anyone who could access the TNS Listener remotely could issue commands to it, including shutting it down. The TNS Listener had two security settings: 'OFF,' the default state without a password set, and 'ON' when a password was...

A new report reveals that current blacklists are failing to identify approximately 90% of suspicious IP addresses. The report, "Two Shady Men Walk Into a Bar: Detecting Suspected Malicious Infrastructure Using Hidden Link Analysis," is the culmination of an effort led by threat intelligence firm Recorded Future to illustrate how mentions of...

During my talk at DEF CON 23 last week, I discussed my experience developing USB based trojans and highlighted the fact that attempts to patch these vulnerabilities have done little to mitigate the risks associated with this attack vector. The revelation of CVE-2015-0096, which is a continuation of CVE-2010-2568, was believed to have been patched by...

I am not one for quotes and ‘Facebook philosophy’ memes but recently, I was reminded of my favourite quote on a certain social media platform: “The only true wisdom is in knowing you know nothing.” – Socrates The pursuit of education can convert a criminal into a solicitor; it can envelop minds and...

Many see endless possibilities in facial recognition technology, an optimism which has all ready led to a number of applications for this emerging form of identification and verification. For example, local and state police departments, not to mention the Federal Bureau of Investigations, have spent the past few decades incorporating recognition...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-628 on Wednesday, August 12th. MS15-079 Multiple Memory Corruption Vulnerabilities MULTIPLE Multiple ASLR Bypass Vulnerabilities ...

Security researchers have uncovered a zero-day deserialization vulnerability that allows for arbitrary code execution in 55% of Android devices. For their presentation at USENIX WOOT '15, researchers Or Peles and Roee Hay at IBM Security explain that their vulnerability (CVE-2015-3825) can be exploited in the context of many apps and can be used to...

Noise is a problem. As information security practitioners, we've been dealing with the problem of the signal-to-noise ratio for a long time. The solution hasn't really changed, but the landscape certainly has. Ultimately, what drives noise down and elevates signal is, context. For his presentation at Black Hat USA, Travis Smith, a fellow Tripwirian,...

The 18th annual Black Hat USA conference gathered thousands of professionals, researchers and enthusiasts to discuss not only the industry’s current trends and threats but also what we, as a community, can do to improve the security of ourselves, and of those around us. With over 100 briefings to choose from, this year’s presentations discussed a...