Blog

Blog

COVID-19 Scam Roundup – May 11, 2020

Digital attacks continue to exploit coronavirus 2019 (COVID-19) as part of their malicious operations. On May 5, 2020, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) along with the United Kingdom's National Cyber Security Centre (NCSC) published a joint alert in which they revealed that they had...
Blog

Spike in Snake Ransomware Activity Attributed to New Campaign

Security researchers attributed a spike in Snake ransomware activity to a new campaign that's targeted organizations worldwide. Snake ransomware first attracted the attention of malware analysts in January 2020 when they observed the crypto-malware family targeting entire corporate networks. Shortly after this discovery, the threat quieted down. It...
Blog

Tripwire Patch Priority Index for April 2020

Tripwire's April 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, and VMware. Up first on the patch priority list this month is a patch for VMware vCenter Server. This patch resolves an information disclosure vulnerability. This patch has highest priority as proof-of-concept code to exploit the...
Blog

The MITRE ATT&CK Framework: Discovery

The Discovery tactic is one which is difficult to defend against. It has a lot of similarities to the Reconnaissance stage of the Lockheed Martin Cyber Kill Chain. There are certain aspects of an organization which need to be exposed in order to operate a business. https://www.youtube.com/watch?v=NDT2qnpvKTk In fact, all of the techniques at this...
Blog

Getting Zoom Security Right - 8 Tips for Family and Friends

If you’ve read a newspaper or watched the news in the past few weeks, you’ll notice one common topic that all the major news outlets are discussing… COVID-19. Right now, many companies are trying to provide employee guidance during this worldwide pandemic, as governments ask those who can to work from home in an effort to slow the spread. Zoom, a...
Blog

Taking Over IoT Devices with MQTT

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...
Blog

Increase in Ransomware Demand Amounts Driven by Ryuk, Sodinokibi

The Ryuk and Sodinokibi ransomware families both contributed to an increase in the ransom amounts demanded by attackers over the past quarter. Coveware found that the average ransom amount demanded by ransomware attacks in Q1 2020 was $111,605. This amount was a third higher than what it had been in the final quarter of the previous year. It was...
Blog

COVID-19 Scam Roundup – May 4, 2020

Malicious actors continue to abuse coronavirus 2019 (COVID-19) as a lure to profit off of innocent people. Indeed, Arkose Labs found that 26.5% of all transactions recorded in Q1 2020 were fraud and abuse attempts—a 20% increase over the previous quarter and the highest attack rate ever observed by the security firm's researchers. It's therefore...
Blog

Phishers Increasingly Incorporating reCaptcha API into Campaigns

Security researchers observed that digital attackers are increasingly incorporating the reCaptcha API into their phishing campaigns. Barracuda Networks explained that malicious actors are starting to outfit their phishing attempts with reCaptcha walls so that they can shield their landing pages from automated URL analysis tools as well as add a...
Blog

Newly-discovered Android malware steals banking passwords and 2FA codes

Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware -...
Blog

Chegg Confirmed Data Breach of Employee Records

American education technology company Chegg confirmed a data breach in which malicious actors stole some of its employee records. As reported by TechCrunch, digital attackers succeeded in stealing 700 records associated with current and former Chegg employees. Those records contained individuals'...
Blog

National Poetry Month – Cybersecurity Edition

April is National Poetry Month, a time when we can celebrate poets and their craft. To join in the celebrations, we at the State of Security asked employees at Tripwire and in the wider infosec community to create and share some of their favorite cybersecurity-related poems with us. Here are some of our favorites from Twitter: https://twitter.com...
Blog

The MITRE ATT&CK Framework: Credential Access

There’s no doubt about it, attackers want your credentials more than anything, especially administrative credentials. Why burn a zero-day or risk noisy exploits when you can just log in instead? If you were to break into a house, would you rather throw a brick through a window or use a key to the front door? https://www.youtube.com/watch?v...
Blog

Cloud Under Pressure: Keeping AWS Projects Secure

Amazon Web Services (AWS) allow organizations to take advantage of numerous services and capabilities. As the number of available options under the cloud infrastructure of the company grows, so too do the security risks and the possible weaknesses. AWS Project owners need to take extra precautions by following some platform-specific advice. Amazon...
Blog

Operators of Shade Ransomware Publish 750K Decryption Keys

The operators of Shade ransomware published the decryption keys for 750,000 of their victims in an effort to help them recover their data. The authors of Shade used a GitHub post to make decryption keys available to all of its remaining victims (approximately 750,000). They also used the posting to provide a bit of context about their decision: We...
Blog

Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls

British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to Sophos, the attack chain began when digital attackers exploited a zero-day SQL injection vulnerability to achieve RCE on some firewall products. They abused this...