Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals. An effective security dashboard provides personnel,...

The styles associated with Sakawa scammers have been highlighted in previous articles, but today I would like to describe the anatomy of a scam for people to be aware of just how they complete these wicked assaults on our inboxes. This could serve as a guide for Sakawa, but is intended to give insight. Nothing is new here – these guides are passed...

The one-month countdown is on and I figured it was time for a reminder that Tripwire VERT will be at SecTor in the Expo area running an IoT Hack Lab. If you aren’t considering attending SecTor, you really should be. Even if you don’t want to attend the full conference, there’s an Expo Only admission that is free on their website until the start of...

Android users are being warned of a newly discovered type of malware that has recently infected hundreds of thousands of devices each day. Security researchers at Android developer Cheetah Mobile claim to have found a virus – dubbed ‘Ghost Push’ – being packaged in seemingly legitimate applications downloaded from non-Google app stores. “This is the...

A security firm has announced a one million dollar bounty in reward for anyone who submits exploits and jailbreaks for Apple's iOS 9 mobile operating system. In a blog post published on Monday, Zerodium officially unveiled "The Million Dollar iOS 9 Bug Bounty". "Apple iOS, like all operating system, is often affected by critical security...

Over the last year we've seen the healthcare industry become a motivating target for malicious actors attempting to take advantage of stolen healthcare data. This is a unique sector and completely different from organizations within the retail, financial or any other vertical for that matter. The difference here is when network connectivity and...

UPDATE 9/23/15: VERT has released a script based on FireEye's nping command to report if a host is affected or not. The script is available on the Tripwire VERT GitHub here. For IP360 customers, a variant of this is available as a custom rule. Please contact Tripwire Support or view the TechNote in TCC for details. I’ve always been a big fan of...

Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers. According to The Register, insurers using Systema Software allegedly posted the names, addresses, phone numbers, medical records, and other personal information in the clear...

My first few blog entries were written at a time when I had had a couple of prowler incidents at my house, and I wrote about how I installed security counter measures. After all this time, I was out maintaining the motion sensors, and it occurred to me I hadn't taken a look at my network security around the house lately and should put in some...

Finnish security and privacy company F-Secure recently published a white paper exploring the activities of 'The Dukes,' a group of hackers that has been targeting Western-based governments think tanks, and other organizations for at least the past seven years. According to F-Secure's research, the group is known primarily for its use of advanced,...

ICS networks have a lot of considerations. Policies and processes can hamper success. But they are far more defensible than IT networks. — Robert M. Lee (@RobertMLee) September 15, 2015 Sometimes a tweet can catch your attention in interesting ways. Robert's use of the term 'defensible' to describe ICS networks got me thinking about what makes an...

A new report claims that in 2013, a group of China-based hackers switched their attention from targeting victims in Asia-Pacific to stealing terabytes of confidential data from US high-tech firms and government contractors. The report, "Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors", claims that...

Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack, which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to...

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset...

A recent report by Panda Security revealed a record high in the creation of new malware samples, reaching more than 21 million new threats over the course of just three months. In the second quarter of 2015, the Spanish security firm saw an average of 230,000 new types of malware each day – an increase of 43 percent compared to the same period last...

A Russian hacker has pleaded guilty to stealing 160 million credit cards numbers and to attacking several large American companies. On Tuesday, Vladmir Drinkman, 34, admitted in federal court in Camden, New Jersey that he and four other individuals conspired to steal credit card numbers from Heartland Payment Systems Inc., 7-Eleven Inc., and the...

Content loading... More than half (55 percent) of information security professionals anticipate cybersecurity will factor as a key issue in the 2016 U.S. Presidential race. Last month, as part of Black Hat USA 2015, Tripwire conducted a survey of 210 information security professionals. Of those respondents, more than a third (39 percent) revealed...

All too often, I find that vendors discount the risks associated with attack vectors involving cross-site request forgery (CSRF). Naturally, remediation of vulnerabilities involving user-interaction should generally take a back seat to those that are exposed to completely remote/unauthenticated exploitation, but that doesn’t mean it is OK to simply...

Modern cryptography, including elliptic curve cryptography, is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today's cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum...

In 1985, around the time that the Internet was just beginning to take shape, there were six top-level domains (TLDs) in existence. These were ".com", ".net", ".org", ".gov", ".mil", and ".edu". Along with some 100 country codes, those TLDs led the evolution of the web for over a decade. But then things changed. As the Internet continued to expand in...