A recent article by The Financial Times argues that boards should be looking to employ younger directors to tackle the cyber security “problem." Meanwhile, the EU has unveiled the proposed Network and Information Security Directive. Think about the psychology here, really… The more we raise the bar and levels of expectations, given the volume of...

If your doctor walks into the exam room for your annual physical and listens to your heart, takes a quick look at your throat, and then gives a clean bill of health without asking many questions, a quick interaction might make you feel good if you’re not worried about your health. However, if you haven’t been feeling well, or if you are at risk for...

Earlier this fall, a contributor to The State of Security explained that one of the greatest privacy and security challenges confronting our smartphones today are the apps we choose to install. He noted in his post how app developers often make money by harvesting data from users' devices and in turn selling this information to marketers. They also...

Adobe has patched 79 "critical" vulnerabilities affecting Flash Player in its December 2015 security bulletin. The alert, which bears the vulnerability identifier APSB15-32, warns that all platforms are affected by the flaws. This includes Windows and Macintosh regarding the Flash desktop version 19.0.0.245 and earlier, as well as the Google Chrome,...

Last month, Microsoft released a report on the advanced threat group Fancy Bear. This alert, as noted by security blogger Graham Cluely, explains how the group—otherwise known as "Sofacy," "Sednit," "STRONTIUM," and "APT 28"—stalks mailing lists, social media sites, and public forums in search of potential victims from whom it can steal login...

CVSSv3 was released this past summer and a number of vendors, including Tripwire, are beginning to adopt it both internally and within their tools. I wanted to talk about some of my favourite (and not-so-favourite) aspects of CVSSv3. Up first, we have the addition of Scope. I have a bit of a love-hate relationship with the notion of Scope. I think...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-648 on Wednesday, December 9th.Ease of Use (published exploits) to Risk TableAutomated Exploit Easy Moderate Difficult MS15-131 MS15-135 Extremely...

Earlier this fall, researchers struck a significant blow against the Angler Exploit Kit. Security blogger Graham Cluley explains in a blog post how analysts with Cisco’s Talos Security Intelligence and Research Group analyzed the exploit kit and traced one of the primary locations for its proxy servers back to Limestone Networks located in Dallas,...

There are often (quite rightly) concerns raised about operating system vulnerabilities on smartphones, and the need for users to patch their devices with the latest software. But the truth is that probably a bigger risk to the typical mobile user are the actual apps that they choose to run on them. Have they been coded reliably, are they taking...

The NERC Critical Infrastructure Protection standards are the most effective tools for securing the electrical supply today. If you think that's a controversial statement, let me explain why I make it. Cybersecurity in the context of the electrical supply is synonymous with reliability. The cyber-risks to electric utilities are ultimately risks to...

This open source, crowdfunded router boasts a unique set of features, including the ability to update its own security and analyze the traffic between the Internet and the host network. Based on the Latin word for "tower", the Turris Omnia router is open source and runs OpenWrt, a free operating system that not only provides Omnia's users with the...

*Updated 12/7/2015 – NOTE: The WeMo attack vector described in this article was resolved with WeMo firmware release 2.00.8643. Customers are encouraged to install the latest update immediately. There were many activities hosted at SecTor 2015. My favorite activity was the Internet of Things Hack Lab sponsored by Tripwire. The term Internet of...

Just in time for the holiday shopping season, cybercriminals have developed a destructive new form of ransomware that targets the websites of online retailers. According to independent security journalist Brian Krebs, fraudsters have been leveraging the malware – dubbed ‘Linux.Encoder.1’ – to essentially hold a site’s files, pages and images for...

The emergence of IoT is especially pronounced in the workplace. Indeed, as revealed by a recent Tripwire survey, 63 percent of executives anticipate they will need to adopt "smart" things and other IoT devices due to the pressures exerted by business efficiency and productivity. Such enthusiasm notwithstanding, security has not kept up with the...

Yes, targeted attacks - especially those perpetrated by an adversary with considerable resources, such as a foreign state - may incorporate zero-day vulnerabilities, but often they begin with something as simple as a phishing message tricking your staff into handing over their passwords. That's a lesson you learn from a new report published by...

Security researchers with IBM have named "onion-layered" security incidents one of the top cybercrime trends they are observing in Q4 2015. In their report IBM X-Force Threat Intelligence Quarterly, 4Q 2015, the researchers explain that an onion-layered security incident involves a second, more damaging and sophisticated attack that follows an...

If your organization decides to put their corporate files – or their customers’ files – onto someone else’s computer, i.e., implement cloud computing, what security effort should those organizations undertake to ensure the safety of their data? That is the question that we find our customers looking to Tripwire to help them answer. As a Tripwire...

In September, Black Hat Europe announced an interesting talk that entitled “Even the LastPass will be stolen, deal with it”. As reported in an earlier article, it was anticipated (based on the description on the conference announcement) that the “Remember Password” option was the likely attack vector. The presentation was delivered last week, and as...

Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study ...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...