Security researchers discovered a new malware threat called "NitroHack" that modifies the Discord client for Windows into an infostealing trojan. MalwareHunterTeam observed malicious actors abusing DM's from infected Discord users as a distribution vector. Specifically, they leveraged those accounts to inform a victim's friends that they could...

Fraudsters stole more than $3.2 million from the banking division of South Africa's post office, after - in a catastrophic breach of security - employees printed out the bank's master key. According to South African media reports, the security breach occurred in December 2018 when a copy of Postbank's digital master key was printed out at a data...

Amazon Web Services (AWS) said that it mitigated a distributed denial-of-service (DDoS) attack with a volume of 2.3 Tbps. In its "Threat Landscape Report – Q1 2020," AWS Shield revealed that its team members had spent several days responding to this particular network volumetric DDoS attack. In Q1 2020, a known UDP reflection vector, CLDAP...

Cybersecurity is not a static world. You can say that it is a social system, it affects and is affected by its surrounding environment. For example, back in 2018, it was the GDPR that shook the foundations of security and privacy by making the protection of our personal data a fundamental human right. But that was then. What is shaping today’s...

Security researchers came across a series of odd protest-themed spam email messages that appeared to target the Atlanta Police Foundation. SANS' Internet Storm Center observed that the spam messages first appeared to be instances of an extortion scam campaign. With "Crime Research Center" as the sender, the emails claimed in their messages that...

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen. What is the MITRE ATT&CK Framework? For those who are not familiar, ATT&CK is the...

Security researchers observed sextortionists leveraging social engineering techniques to steal their victims' personal information. SANS' Internet Storm Center (ISC) discovered that sextortionists had begun creating profiles for young women on dating websites. They used those profiles and the stated interest of finding "good times" to connect with...

Thank you to everyone who joined us for our virtual charity event, Cyberthon 2020 on the 9th June. Given our company started out over 20 years ago as a piece of freeware pioneering many of the early approaches in intrusion detection, there has always been a strong seam of altruism running through Tripwire. This extends far beyond providing open...

Tripwire's General Manager of Industrial Cybersecurity, Kristen Poulos, discusses the risks that come with the increasing number of connected devices operating on the plant floor and throughout facilities. In this episode, Kristen shares how IT can partner with OT to protect the safety, productivity, and quality of operations. https://open.spotify...

Researchers found that extortionists are targeting website owners with a scam in which they claim to have hacked their site and extracted a database. WebARX observed that the ploy first makes itself known to website owners when they receive a ransom message from the attackers. In a sample note analyzed by the web application security platform, the...

In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list. Here are 10 essential...

Information security (IS) and/or cybersecurity (cyber) are more than just technical terms. They’re the processes, practices and policy that involve people, services, hardware, and data. In particular, IS covers how people approach situations and whether they are considering the “what if’s” of malicious actors, accidental misuse, etc. I’m not sure...

In part one of this post, we talked about why identity access management (IAM) is important. In that discussion, we identified three types of IAM: Single Sign On Multi-Factor Authentication Privileged Access Management We discussed the different types of single sign on and some examples of what can be used to help streamline the user...

Italian multinational energy company Enel Group suffered a SNAKE ransomware infection that affected its internal network. According to a statement issued by Enel Group, the ransomware attack first registered with the energy company on June 7 when its internal IT network suffered a disruption. A spokesperson for the company said that officials...

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a "software error" resulted in some users being able to access other patients' private video chats with GPs. The data breach came to light after one user, Rory Glover, tweeted that he was shocked to find the app's "GP at Hand"...

Security researchers came across an attack email that leveraged a fake Black Lives Matter voting campaign to distribute Trickbot malware. Digital security firm Abuse.ch found that the attack email pretended to originate from a sender known as "Country administration." Building on its subject line "Vote anonymous about Black Lives Matter," the attack...

The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen. On June 8, the operator of the "Ransom Leaks" Twitter account revealed that Maze ransomware had begun using its infrastructure to share data leaks perpetrated by Ragnar Locker. https://twitter.com...

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker is accessing the network from a remote location. Having insight into what is happening on the...

Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft. CVE Breakdown by...

The digital attackers responsible for distributing LookBack malware targeted U.S. utility providers with a new threat called "FlowCloud." Proofpoint first observed threat actors attempting to spread FlowCloud in mid-July 2019. At that time, the security firm detected phishing campaigns whose attack emails employed subject lines such as “PowerSafe...