Signal patched a code injection vulnerability that by some means of exploitation enabled attackers to achieve remote code execution. The security team for the encrypted communications app, a program which has been available for both Android and iOS since November 2015, published a fix for the bug just hours after first being contacted by a group of...

This week in Tripwire’s countdown of the FBI’s 10 most-wanted black-hat hackers, we name three hackers bound together in digital crime: Wen Xinyu, Huang Zhenyu and Sun Kailiang. The suspects made headlines in May 2014 when the United States Department of Justice indicted five suspected Chinese nationals for allegedly committing economic and cyber...

One of the most dangerous threats to your business in 2018 is a data leak. Hackers can sell your information on the black market or simply destroy it. This could ruin your business overnight if you are not careful. So, you should use the best practices below to ensure you avoid leaks in 2018. Phishing If you haven't trained your people on phishing...

Last time, I spoke with Valerie Thomas. She specializes in SCADAs and industrial control systems; she enlightened me on their cybersecurity aspects. This time, I got to speak with Leila Powell. Her background in astrophysics taught her how to manage data to better understand the effectiveness of security controls. Kim Crawley: Hi, Leila! Please tell...

Some Chili's restaurant locations suffered a data security incident that might have compromised customers' payment card details. Brinker International, a Dallas-based multinational hospitality industry company which operates 1,600 Chili's restaurants, said it learned of the incident on 11 May. It provided additional details about the event in a...

Penetration tests are an essential tool in ensuring that your computer systems are secure from known threats, and it’s important to carry them out on a regular basis or after any significant changes have been made. Forewarned is forearmed, and knowing about common pitfalls can ensure your tests run smoothly and avoid any delays or additional costs. ...

Last week, I introduced the DevOps model for software development and discussed the advantages this type of approach has over more traditional methods. Its benefits, which include collaboration between operations and development teams as well as a better overall project creation for customers, explain why so many organizations are transitioning to...

Scammers designed a phishing website and encrypted it with the Advanced Encrypted Standard (AES) in their attempts to steal unsuspecting users' Apple IDs. Researchers at Trend Micro came across the phishing campaign on 30 April. It all began when they received an email designed to look like it came from Apple. The email warned recipients that Apple...

In recent months, the encryption debate has heated up once again. Most recently, some shock waves were sent across the industry when ThreatWire reported a new tool, known as GrayKey, which could decrypt the latest versions of the iPhone. Fortunately, that tool is only available to law enforcement agencies... for now. The point to be noted is that if...

This month's Patch Tuesday bundle of updates from Microsoft included a fix for a critical vulnerability that has been actively exploited by at least one hacking gang in targeted attacks. The vulnerability, dubbed CVE-2018-8174, is a remote code execution flaw in the Windows VBScript Engine. It affects the latest version of Internet Explorer and any...

Developers have found that a fake version of a popular Bitcoin Wallet comes equipped with the ability to steal users' seeds. On 9 May, the Electrum team published a document on GitHub calling out "Electrum Pro" as "stealware" and "bitcoin-stealing malware." According to the developers, the individuals behind Electrum Pro took control of "electrum...

With the advent of increased cyber security related threats, the majority of attacks point to one target, and that is the human element. Examine any survey relating to cyber security threats faced by organizations from ransomware to phishing, and these attacks all have one target in common: the human element is necessary to trigger the attack....

I am very proud to contribute to both Tripwire’s the State of Security and to be a regular Peerlyst poster. Peerlyst is a very important online platform for cybersecurity professionals. It’s my pleasure to speak with Limor Elbaz, Peerlyst’s CEO and founder. She shared with me some excellent insight about what inspired her to start Peerlyst and what...

Containers are revolutionizing the way that organizations deploy applications. These technologies are packages, notes Amazon Web Services (AWS), that enable teams to run applications and their code, configurations and dependencies in resource-isolated processes. As such, they allow for reduced environmental dependencies, support for micro-services...

Today’s VERT Alert addresses Microsoft’s May 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-777 on Wednesday, May 9th. In-The-Wild & Disclosed CVEs CVE-2018-8120 This privilege escalation vulnerability affecting Win32k could allow an attacker to execute code in kernel mode. According...

With continued debate around responsible disclosure and increased attention around security research techniques, Tripwire wanted to get a pulse on what the community considers responsible practices today. In surveying 147 attendees at the RSA Conference in San Francisco a couple weeks ago, we found out a number of interesting perspectives. Most...

Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla is the second...

In my last interview, I spoke with Jen Fox. She’s a Senior Security Consultant who specializes in compliance. This time, I had the pleasure of speaking with Valerie Thomas. She has a lot of expertise in both penetration testing and industrial cybersecurity. Kim Crawley: Please tell me about your cybersecurity role and how you got there. Valerie...

Romania has extradited two of its citizens to the United States for a phishing scheme they allegedly used to rob Americans of over $18 million. Byung J. “BJay” Pak (Source: U.S. Department of Justice) On 4 May, the U.S. Attorney's Office for the Northern District of Georgia announced the extradition...

Software development has changed significantly in recent years. This transformation is, in part, a response to challenges resulting from the traditional waterfall software development model. Under the old process, a software company receives a deadline for creating a product that's ready to roll out to customers. The firm activates its team of...