According to a tech consultant, Facebook collects all writing that is entered into a text box and sends it to its servers regardless of whether a user chooses to publish it. In a post published on his blog, Príomh Ó hÚigínn explains that Facebook sends an HTML post request containing the text a user writes. He observed this network traffic using...

Security researchers presenting at this week's RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone. Skycure's Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot. And it doesn't even...

A security researcher has found that hackers used phishing emails to penetrate Sony Picture Entertainment’s computer networks last fall. Stuart McClure, CEO of computer security firm Cylance, says he analyzed a downloaded database of Sony emails and in the process discovered a pattern of phishing attempts. “We started to realize that there was...

Last month, I participated in the Tripwire VERT cybersecurity Capture the Flag contest organized for infosec students with some awesome prizes: BSides Las Vegas & DEF CON 23 travel packages and more… I’m in! Even though I didn’t get that far, it was a great learning experience! The CTF started on March 27 when I got an email from the organizers with...

We at Tripwire are very excited that RSA Conference 2015 is finally upon us. Not only are we looking forward to all of the attendees who will join us at Booth 3301 over the course of RSA, but we are also eager to hear all of the keynote speakers. Acknowledging this excitement, we decided to sit down with Steven Fox, one of the conference’s keynote...

A report published by the Partnership for Public Service and Booz Allen Hamilton reveals that an insufficient cyber security workforce is hampering the United States’ efforts to properly defend its networks. According to the report, non-competitive pay and strict hiring practices are aggravated by a lack of pipelines that value computer security...

Have you ever received unwanted calls from auto-dialers and telemarketers at a time when you did not want to be called? Has an auto-dialer or telemarketer ever tried to scam you? Have you noticed that the numbers of certain incoming calls don’t seem accurate? If you have answered yes to any of these questions, you might have seen a spoofed caller ID...

It’s that time of year, again, when the brightest minds in the business gather to talk all things cyber in the city of San Francisco. To start off the busy week ahead, BSidesSF kicked off day one with some great speakers and intriguing presentations. For those of you that didn’t make it out, here’s a short and sweet recap of some of today’s talks....

The Internet of Things (IoT) is a buzzword that many use to describe a not-so-distant reality in which devices and machines talk to one another. To some, however, the potential of IoT extends well beyond the mere notion of a “smart,” interconnected world. Included in this group of observers is Jeremy Rifkin, an author, political advisor and social...

If, on Tuesday, you find yourself in San Francisco, with access to RSA, then I know how you should spend your time from 1PM PST. Alex Cox, Ken Westin, and I will be introducing our panel: Killing the Kill Chain: Disrupting the Cyber Attack Progression. Instead of talking about how you can preemptively stop an attack, we plan to show you. With Ken...

A new dark web market has appeared, focused on the selling of 0-day exploit code. The market is called "TheRealDeal Market," and although still in its infancy, there are already a few exploits listed. One exploit claims to target the recent MS15-034 Microsoft IIS Remote Code Execution vulnerability and comes with reverse shell and research...

Modern organizations that depend on SaaS have been increasingly adopting Identity Providers or single sign-ons (SSOs) in order to federate authentication back to home directory services. Most SSOs support SAML or OAuth, and a growing number of SaaS companies are jumping on board to eliminate the liability of storing customer password hashes....

According to a collection of leaked Sony emails and documents, the popular television show Doctor Who is projected to be made into a Hollywood blockbuster in the next few years. In a leaked email sent to Sony Pictures Entertainment chief executive Michael Lynton, president of international production Andrea Wong reveals that she spoke to Danny Cohen...

The Verizon 2015 Data Breach Investigations Report has always had a conversational, quirky style to share some pretty technical information about the security breach data it analyzes. So if you’re wondering what Prince has to do with vulnerability management, just know that when you read the full report, you’ll understand – a lot of song titles are...

Numbers, statistics, pie charts and survey results are everywhere – especially in the information security space. Nevertheless, have you ever finished reading a vendor whitepaper or a research institution’s annual security report and the data presented just made your spidey sense tingle? You are probably sensing a manipulation of statistics, an age...

Network Forensics is a branch of Digital Forensics that deals with the capture, storage and analysis of network traffic. Incident handlers working on computer incident response and security operations teams around the world engage in this type of analysis in order to answer the “Five Ws” in relation to incidents: [W]ho did it? [W]hat happened? ...

In the first installment of this blog post, I took you through how I completed level 1 of Tripwire Vulnerability and Exposure Research (VERTs) Capture the Flag contest. Now, I’ll show you how I finished level 2 and successfully completed the challenge. Level 2 Going to the link above results in a registration page (pictured below), which requires...

We have seen a number of nation-states beginning to use black hat hacking tools and espionage tactics in an effort to steal intellectual property from corporations, target retailer customer databases, and monitor the electronic communications of entire national populations for terrorist threats. This development, as well as the risk of cyber attacks...

A computer espionage gang has sent a rival advanced persistent threat (APT) group a spear phishing email in what might be the first reported instance of an APT-on-APT attack. In February of last year, Naikon, one of the most active APT groups in the Asian region, launched a spear phishing email campaign. Another APT group, Hellsing, was one of its...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-610 on Wednesday, April 15th. MS15-032 Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE Internet Explorer ASLR Bypass...