One of the unpleasant realities of having a ubiquitous and very public online profile through social media is the risk of attracting an unwanted “follower” or “friend” who turns into an online-troll or stalker. Over the past few weeks, I’ve been contacted by a number of folks on “what to do” when bad things start happening online. Whether you...

No matter how well-designed it is, a security program will never prevent every digital attack. But an assault need not escalate into a data breach. Organizations can reduce the likelihood of a major incident by investing in key security controls. One such fundamental security component is FIM. Short for "file integrity monitoring," FIM helps...

A new survey revealed that only one in four utility companies (28 percent) have plans to execute a major security project in the next two years. BRIDGE Energy Group released the findings of its 2017 BRIDGE Index Grid Operations survey, which polled over 20,000 utility employees across North America, uncovering alarming statistics that suggest...

Google's CAPTCHA service now allows human users to pass through and access a website without seeing the "I'm not a robot" checkbox. The CAPTCHA provider, known as No CAPTCHA reCAPTCHA, uses an "advanced risk analysis engine" to separate users from bots. The service has developed numerous challenges since it first launched. But it all started with a...

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself and, you will succumb in every battle.” –Sun Tzu, “Attack by Stratagem” #18 Art of War Cybersecurity media is awash...

Payment solutions provider Verifone is reportedly investigating a breach of its internal computer networks dating back to mid-2016 that may have affected a number of businesses running its point-of-sale (POS) terminals. According to a report by investigative journalist Brian Krebs, the payments giant said the extent of the breach is limited to its...

Do you own an internet-connected DVR, CCTV or IP camera? You may want to check who manufactured it, as proof-of-concept code has been released capable of automating attacks against devices made by Dahua Technology. The firm has issued a security bulletin after a vulnerability researcher claimed that he had uncovered what he believed to be a backdoor...

An ongoing spear-phishing campaign is using malicious Microsoft Word documents to install two PowerShell backdoors on victims' machines. FireEye as a Service (FaaS) first detected the operation in February 2017. The campaign appears to be targeting individuals who've played a part in submitting financial statements and other documents to the U.S....

The shortest month of 2017 was relatively slow in terms of ransomware activity, but it gave rise to several disconcerting tendencies in the cybercrime ecosystem. Crypto infections that steal sensitive information along the way, top-notch Android ransomware utilizing dropper techniques, low-cost Ransomware-as-a-Service platforms – all of these took...

An Android trojan has infected a version of Facebook Lite so that it can try to secretly steal users' device information. Facebook Lite is a version of the popular social messaging Android app that uses less data than the regular version. It's also designed for 2G networks, which helps the app work on networks with slow or unstable web connections....

The Clifford Stoll’s interesting story of stalking the wily hacker back in the 80s was probably the first time deception was used for catching a hacker. Since then, the technology has changed a lot, but the concept of honeypots and deception in general has remained the same. Despite the undeniable and important role that honeypots have in proactive...

The digital landscape is beset with challenges that threaten businesses and individual users alike. Even so, most organizations aren't prepared to face them. For example, 70 percent of IT professionals told Tripwire at Black Hat USA 2016 they lack confidence in their organization's ability to address security risks associated with the Internet of...

Everyone agrees that RSA Conference is a mainstay of information security. Every year, the event attracts tens of thousands of security professionals from around the world. As such, it's the perfect place for companies to gain a snapshot of the digital security landscape. That’s why Tripwire has made a tradition of capturing attendees’ thoughts on key...

One might think that the security industry is beefing up its message with profanity and far-fetched stories, and you may regard all of it – to an extent – as scare mongering. The latest attack on the smart "HUE Light Bulbs" by Philips puts this views to rest, I hope. Apparently, modern smart light bulbs are equipped with secure communication...

Many IT decision makers look at assets as hardware, but really they should consider why they have the hardware in the first place. These decision makers remember the very significant investments they made in servers, PCs, firewalls, and so on in order to deploy that new CRM or Electronic Medical Records System. They think of the tens of thousands of...

A new tech support scam is using website elements to trick users into thinking their browser has loaded a Microsoft support page. Like other ruses of the sort, this ploy begins when malicious ads redirect a user to a fake tech support web page. The first thing they see is a pop-up alert warning them that "a virus and spyware" have compromised their...

Information security, cybersecurity, IT security, and computer security are all terms that we often use interchangeably. I know that I do. I've written a lot about those areas for the past several years. I notice that sometimes I switch between the terms in an article simply to avoid repeating the same phrases over and over again in my prose. Very...

NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times. The software's widespread popularity (it claims to have been "the industry's standard WordPress gallery plugin" since 2007) makes it an seemingly obvious choice for website owners looking to add image galleries to...

Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an area where security is far from ‘figured...

File Integrity Monitoring solutions have been around for a few decades now, with one purpose in mind: to monitor changes to files on the endpoint. However, there is more to integrity monitoring than just looking at files. Over the past year or so, whilst working with Tripwire, I have met a large number of people who define FIM (File Integrity...