Last week, Tripwire explored the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that scans Photobucket users’ private photo albums in search of naked selfies. We now report on a pair of twin Russian hackers who allegedly gained unauthorized access to more than 7,000 Russian bank accounts using social engineering...

U.S. Healthworks, an urgent care and occupational health service provider, has begun notifying patients of a possible data breach after an unencrypted laptop issued to one of its employees was stolen. According to the company's breach notification letter: "On April 22, 2015, we learned that a laptop issued to one of our employees had been stolen...

We hear a lot about the Internet of Things, where devices are increasingly connecting to the Internet. However, in addition to these devices being connected to the Internet, they are also increasingly connecting to each other or controlled using various radio frequencies. These radio frequencies often use proprietary or insecure protocols and often...

The recent ‘Logjam’ attack shows that a well-funded intelligence agency might be able to crack 1024-bit Diffie Hellman keys (at least if the same group is used by many systems). When using RSA, cracking 1024-bit keys may not be beyond the most powerful adversaries either. There are two solutions to this problem. The first is to simply use longer...

Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating. The fire inside me I have for knowledge has been doused in petrol by stories of complex crimes, and this has educated me and forced me in to some real life studies. Over the years, I have delved quite...

A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide. The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing...

Approximately 1.25 million personal records were compromised by hackers in a recent targeted attack, confirmed the organization that manages Japan's universal public pension system. According to the Wall Street Journal, hackers succeeded in compromising the names and pension numbers of 31,000 people in the attack, as well as the names, pension...

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...

Section 215 of the USA PATRIOT Act will expire on June 1, 2015, unless congress extends it. It is important to note that this is NOT the entire USA Patriot Act as many politicians have claimed with their fearmongering. Section 215 needs to expire if we want to protect our privacy rights, and to support international business growth; our national...

An anonymous message board was the alleged target of several denial of service (DoS) attacks launched by the free VPN service Hola earlier this week. Israeli-based Hola is one of the most popular free virtual private network (VPN) providers today. It boasts seven million users of its Chrome extension alone. However, according to Frederick Brennan,...

Debit and credit card transactions are part of our daily lives. Very few people use cash nowadays as it is way more convenient to use a payment card for a purchase. Most of these transactions are performed through a standalone Point-of-Sale (POS) device, an Electronic Cash Registry (ECR) or through a Virtual Terminal (VT). Even though there is a...

Although wireless communication technologies have matured to a great extent, their related communication protocols and stack implementations are still encumbered by a number of well known security problems. WiFi (802.11) management packets are not cryptographically protected against eavesdropping, modification or replay attacks. WEP, WPA and WPA2...

A Facebook Messenger location tracking tool that lets you creepily track the movements of other Facebook users and plot them on a map.

A judge has ordered Yahoo, Inc. to face a class action lawsuit alleging that the company violated users’ privacy by scanning email messages for advertising purposes. In her 44-page decision, Judge Lucy Koh of the US District Court of Northern California explains that Yahoo is alleged to have scanned the contents of messages sent to Yahoo! Mail...

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand...

I’m happy to report that the first ever Tripwire VERT capture the flag contest was a huge success. With competitors registered from across the globe, our vulnerable application saw thousands of connections coming from dozens of unique addresses along with a non-stop flood of flags, questions,and...

Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age. Before we get into the detail,...

Earlier this month, several media outlets ran a story claiming that a new type of malware could be used to destroy victims’ computers. These stories might have fared well in views, but their fear, uncertainty, and doubt (FUD) have proven useful to no one. Fortunately, a number of security experts including Graham Cluley were quick to correct the...

The Internal Revenue Service has confirmed a data breach of 100,000 taxpayers' account information. According to a statement posted on the IRS website, criminals allegedly used sensitive information stolen from non-IRS sources to gain unauthorized access to taxpayers' accounts. To access the site, the criminals made use of stolen Social Security...

It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and...