Blog

Blog

VERT Threat Alert: June 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expect to ship ASPL-618 on Wednesday, June 10th. MS15-056 Internet Explorer Information Disclosure Vulnerability CVE-2015-1765 Multiple Elevation of...
Blog

Ransomware Nearly Doubled in Q1 2015, Reports McAfee Labs

According to a report issued by Intel Security Group's McAfee Labs, ransomware has experienced a 165% increase in the first quarter of 2015. McAfee Labs Threats Report: May 2015 reveals that this increase has been fueled in part by the impression of underground criminals that victims in rich countries seem to be the most willing to make ransom...
Blog

MalumPoS Malware Targeting the Hospitality and Retail Industries

A security firm has identified MalumPoS, a new type of point-of-sale (PoS) malware that is targeting businesses in the hospitality, food and beverage, and retail industries. According to a blog post published by global security software company Trend Micro, the authors of MalumPoS designed the malware to collect data from PoS systems running Oracle®...
Blog

China Denies Responsibility for U.S. Federal Data Breach

China has denied responsibility for a data breach at the U.S. federal government that is believed to have compromised the personal information of former and current employees. According to a statement released by the U.S. Office of Personnel Management (OPM), the federal agency that is responsible for screening and hiring workers as well as...
Blog

What's Left Behind: Oracle TNS Listener Log Files After an IP360 Scan

Ever looked at the messages in the Oracle listener logs generated by Tripwire IP360 scans and wondered what was going on? The most common one you see probably looks something like this: 01-JUN-2015 12:39:37 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189 TNS-01189: The listener could not authenticate the user TNS-01169: The listener has not...
Blog

New York Becomes First State to Set Bitcoin Trading Regulations

New York’s Superintendent of Financial Services Benjamin Lawsky announced on Wednesday a new set of rules and regulations for businesses accepting, selling or buying virtual currencies. Following nearly a two-year-long effort, Lawsky introduced the first-ever comprehensive framework – known as BitLicense – in a speech at the BITS Emerging Payments...
Blog

IT Security: Evolving to a Risk-Based Approach

As news of information breaches and personal data theft become more prevalent and popular in the press, technologists are witnessing and taking part in the rapid evolution of the once neglected realm of cybersecurity. Hopefully, this process results in an integrated, enlightened solution to what is a very complicated puzzle. Moving Beyond a Fear...
Blog

Here's What You Missed at BSides London 2015

The Security BSides concept is brilliant. After being founded in 2009, it’s spread like wildfire. There are now dozens of regional events that take place around the world, and if you take a look at their website, you’ll more than likely find one not too far away. For any of you that don’t know, the principles behind the idea are simple: Expand...
Blog

Pro-ISIS Hackers Are Targeting News Outlets, Says Security Firm

A security firm has issued a warning that sympathizers of the Islamic State extremist terrorist group (ISIS) are increasingly targeting news media outlets of all sizes. According to a report published by network security company FireEye, what distinguishes these attacks is the fact that all sizes of media outlets are being targeted by sympathizers...
Blog

Infosecurity Europe – Day 1 Highlights

With a reported 17,000 people flocking to Europe's largest security conference this week, there is no doubt that the industry is expanding vastly. Here, you’ll find hundreds of vendors, a variety of workshops and a range of sessions for professionals in the field, no matter what level. From technical insights to business risks, the events is a great...
Blog

Computer Criminals Brought to Justice - Twin Russian Hackers

Last week, Tripwire explored the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that scans Photobucket users’ private photo albums in search of naked selfies. We now report on a pair of twin Russian hackers who allegedly gained unauthorized access to more than 7,000 Russian bank accounts using social engineering...
Blog

Data Breach Via Unencrypted Laptop Strikes U.S. Healthworks

U.S. Healthworks, an urgent care and occupational health service provider, has begun notifying patients of a possible data breach after an unencrypted laptop issued to one of its employees was stolen. According to the company's breach notification letter: "On April 22, 2015, we learned that a laptop issued to one of our employees had been stolen...
Blog

Radio Killed the Security of Things: RF Jammers & Crime

We hear a lot about the Internet of Things, where devices are increasingly connecting to the Internet. However, in addition to these devices being connected to the Internet, they are also increasingly connecting to each other or controlled using various radio frequencies. These radio frequencies often use proprietary or insecure protocols and often...
Blog

A Look at the Real Social Engineers

Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating. The fire inside me I have for knowledge has been doused in petrol by stories of complex crimes, and this has educated me and forced me in to some real life studies. Over the years, I have delved quite...
Blog

Top Phishing Targets Account For Over 75% of Attacks, Survey Finds

A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide. The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing...
Blog

Prioritizing Patches: A Risk-Based Approach

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...