Blog

Blog

Microsoft Warns XBox Live Users of MitM Attacks After Leaking Private Keys

Microsoft is warning XBox Live users of possible man-in-the-middle (MitM) attacks after accidentally leaking users' private keys. In an advisory released on December 8th, Microsoft states that a a disclosed digital certificate could lead to spoofing attacks against users. "Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for...
Blog

The Agent vs Agentless Debate – Part 1: The Security Side

Over the past 20 years, I have implemented many different security solutions – from IDS in the 90s to browser protection in 2014, and just about everything else in between. One thing that quickly became obvious during my time in information security is that security considerations are just one part of the equation for most organizations. Involving...
Blog

Monitoring The Unknown

File Integrity Monitoring (FIM) has been around for a long time. In fact, Tripwire has been a pioneer in FIM since the early 1990s when Gene Kim released the first version of Tripwire. Monitoring for change enables you to know what changes were made, who made the changes, and the changes that occurred. This allows you to easily roll back to a known...
Blog

Adobe Patches 79 'Critical' Vulnerabilities in Flash Player

Adobe has patched 79 "critical" vulnerabilities affecting Flash Player in its December 2015 security bulletin. The alert, which bears the vulnerability identifier APSB15-32, warns that all platforms are affected by the flaws. This includes Windows and Macintosh regarding the Flash desktop version 19.0.0.245 and earlier, as well as the Google Chrome,...
Blog

Fancy Bear Threat Group Deploys 'Rare' Modification of AZZY Backdoors

Last month, Microsoft released a report on the advanced threat group Fancy Bear. This alert, as noted by security blogger Graham Cluely, explains how the group—otherwise known as "Sofacy," "Sednit," "STRONTIUM," and "APT 28"—stalks mailing lists, social media sites, and public forums in search of potential victims from whom it can steal login...
Blog

What's New in CVSSv3?

CVSSv3 was released this past summer and a number of vendors, including Tripwire, are beginning to adopt it both internally and within their tools. I wanted to talk about some of my favourite (and not-so-favourite) aspects of CVSSv3. Up first, we have the addition of Scope. I have a bit of a love-hate relationship with the notion of Scope. I think...
Blog

VERT Threat Alert: December 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-648 on Wednesday, December 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

How Do You Solve a Problem Like Passwords?

I’ve been enjoying Bob Covello’s recent posts on passwords and password managers – A LastPass Hack with a Happy Ending shows how idiot simple it can be to find someone’s “hidden” password list. A surprising interchange on passwords came up in November, during a Chertoff Group Security Series panel entitled “Enough with Getting Pwned Through...
Blog

The New Privacy Paradigm

There was an interesting court case that took place back in 2010. The case involved an employee who was injured on the job and sued the employer. A few years later, the employer wanted to see how the employee’s quality of life was affected, and they requested access to the employee’s social media pages. The employee objected, asserting the right to...
Blog

Mentor to Silk Road Mastermind Arrested in Thailand

Federal authorities have confirmed that Roger Thomas Clark, the alleged mentor of Silk Road mastermind Ross Ulbricht, has been arrested in Thailand. A press release issued by the Department of Justice reveals that Clark, who went by the names "Variety Jones," "VJ," "Cimon," and "Plural of Mongoose," regularly advised Ulbricht on the ongoing...
Blog

Hacker Holds United Arab Emirates Bank to Ransom, Demands $3 Million

A malicious hacker that successfully breached the IT systems of a large bank in the United Arab Emirates (UAE) demanded nearly $3 million worth of cryptocurrency or the financial information of hundreds of its customers would be leaked online. The hacker – who goes by the alias ‘Hacker Buba’ – reportedly gained access to the bank’s systems last...
Blog

Customers' Personal Data Stolen in JD Wetherspoon Hack

Approximately 657,000 customers have had their personal information compromised in a hack against UK pub chain JD Wetherspoon. According to The Guardian, the names, dates of birth, email addresses, and mobile phone numbers of 656,723 customers were affected by the incident, which is believed to have occurred between June 15 and June 17 of this year...
Blog

Argentina – Where Hacking Is a Way of Life

This summer, a hacker known as "PhineasFisher" infiltrated the private Italian spyware firm Hacking Team, exfiltrated approximately 400GB of data from the company's servers and subsequently published the compromised information online via a torrent. One of the most stirring revelations from the leaks was the FBI's purchase of a "Remote Control...
Blog

WebEx Android App Users Told to Update ASAP, Due to Risk of Attack

There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software. But the truth is that probably a bigger risk to the typical mobile user are the actual apps that they choose to run on them. Have they been coded reliably, are they taking...
Blog

5 Key Challenges for the Industrial Internet of Things (IIoT)

The Internet of Things (IoT) is one of the most significant trends in technology today. A melding of innovations in the fields of computing and communication, IoT and its "smart" devices are poised to revolutionize not only user-machine interaction but also the way in which machines engage with one another. Already we are beginning to see the...
Blog

China Blamed for Hack into Australia's Bureau of Meteorology

China has been accused of conducting a "massive" hack against a supercomputer owned by Australia's Bureau of Meteorology (BoM). Source: Security Affairs The BoM supercomputer is the largest of its kind in Australia and passes information to several different agencies, including the Department of...
Blog

Unnecessary Risks: Vulnerabilities in ICS Devices

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...
Blog

Threat Intelligence Fundamentals

With so many disparate offerings and so much pressure to be ‘conducting’ threat intelligence, companies today risk investing a lot of time and money with little positive effect on security. Threat intelligence is the process of moving topics from ‘unknown’ to ‘known unknowns’ by discovering the existence of threats within your environment and moving...