Resources

Blog

Ryuk Ransomware Deployed Two Weeks After Initial Trickbot Infection

Several attack campaigns waited two weeks after achieving a successful Trickbot infection before they deployed Ryuk ransomware as their final payload. SentinelOne came across the attacks as the result of monitoring an attack server employed by Trickbot's handlers. In the process, they discovered data for three separate attacks that occurred in the...
Blog

NitroHack Modifies Windows Discord Client into Infostealing Trojan

Security researchers discovered a new malware threat called "NitroHack" that modifies the Discord client for Windows into an infostealing trojan. MalwareHunterTeam observed malicious actors abusing DM's from infected Discord users as a distribution vector. Specifically, they leveraged those accounts to inform a victim's friends that they could...
Blog

Copied master key forces South African bank to replace 12 million cards

Fraudsters stole more than $3.2 million from the banking division of South Africa's post office, after - in a catastrophic breach of security - employees printed out the bank's master key. According to South African media reports, the security breach occurred in December 2018 when a copy of Postbank's digital master key was printed out at a data...
Blog

Amazon Web Services Mitigated a 2.3 Tbps DDoS Attack

Amazon Web Services (AWS) said that it mitigated a distributed denial-of-service (DDoS) attack with a volume of 2.3 Tbps. In its "Threat Landscape Report – Q1 2020," AWS Shield revealed that its team members had spent several days responding to this particular network volumetric DDoS attack. In Q1 2020, a known UDP reflection vector, CLDAP...
Blog

The COVID-19 Pandemic Dominates the Cybersecurity World

Cybersecurity is not a static world. You can say that it is a social system, it affects and is affected by its surrounding environment. For example, back in 2018, it was the GDPR that shook the foundations of security and privacy by making the protection of our personal data a fundamental human right. But that was then. What is shaping today’s...
Blog

Odd Protest-Themed Spam Messages Targeted Atlanta Police Foundation

Security researchers came across a series of odd protest-themed spam email messages that appeared to target the Atlanta Police Foundation. SANS' Internet Storm Center observed that the spam messages first appeared to be instances of an extortion scam campaign. With "Crime Research Center" as the sender, the emails claimed in their messages that...
Blog

The MITRE ATT&CK Framework: What You Need to Know

The MITRE ATT&CK Framework has gained a lot of popularity in the security industry over the past year. I have spent a lot of time researching the hundreds of techniques, writing content to support the techniques, and talking about the value to anyone who will listen.What is the MITRE ATT&CK Framework?For those who are not familiar, ATT&CK is the...
Blog

Sextortionists Using Social Engineering Tactics to Collect Victims' Data

Security researchers observed sextortionists leveraging social engineering techniques to steal their victims' personal information. SANS' Internet Storm Center (ISC) discovered that sextortionists had begun creating profiles for young women on dating websites. They used those profiles and the stated interest of finding "good times" to connect with...
Blog

Cyberthon 2020: Valuable Discussions, For a Worthy Cause.

Thank you to everyone who joined us for our virtual charity event, Cyberthon 2020 on the 9th June. Given our company started out over 20 years ago as a piece of freeware pioneering many of the early approaches in intrusion detection, there has always been a strong seam of altruism running through Tripwire. This extends far beyond providing open...
Blog

Industrial Cybersecurity - From HVAC Systems to Conveyor Belts

Tripwire's General Manager of Industrial Cybersecurity, Kristen Poulos, discusses the risks that come with the increasing number of connected devices operating on the plant floor and throughout facilities. In this episode, Kristen shares how IT can partner with OT to protect the safety, productivity, and quality of operations. https://open.spotify.com...
Blog

Extortionists Preying on Site Owners with Fake Website Hacking Scam

Researchers found that extortionists are targeting website owners with a scam in which they claim to have hacked their site and extracted a database. WebARX observed that the ploy first makes itself known to website owners when they receive a ransom message from the attackers. In a sample note analyzed by the web application security platform, the...
Blog

10 Essential Bug Bounty Programs of 2020

In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list. Here are 10 essential...
Blog

SNAKE Ransomware Affected Enel Group's Internal Network

Italian multinational energy company Enel Group suffered a SNAKE ransomware infection that affected its internal network. According to a statement issued by Enel Group, the ransomware attack first registered with the energy company on June 7 when its internal IT network suffered a disruption. A spokesperson for the company said that officials...
Blog

Babylon Health App Leaked Patients' Video Consultations

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a "software error" resulted in some users being able to access other patients' private video chats with GPs. The data breach came to light after one user, Rory Glover, tweeted that he was shocked to find the app's "GP at Hand"...
Blog

Trickbot Using Fake Black Lives Matter Voting Campaign for Distribution

Security researchers came across an attack email that leveraged a fake Black Lives Matter voting campaign to distribute Trickbot malware. Digital security firm Abuse.ch found that the attack email pretended to originate from a sender known as "Country administration." Building on its subject line "Vote anonymous about Black Lives Matter," the attack...
Blog

Ragnar Locker Partnered with Maze Ransomware Cartel

The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen. On June 8, the operator of the "Ransom Leaks" Twitter account revealed that Maze ransomware had begun using its infrastructure to share data leaks perpetrated by Ragnar Locker. https://twitter.com...