Blog

Blog

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A...
Blog

What Pandemic Responses Teach Us About Cybersecurity

I’ve been working at Tripwire for over two decades, and I’ve acquired a fair bit of swag over those years: branded jackets, hats, shoes, a watch, and of course a drawer full of t-shirts. One thing I never would have predicted owning was a Tripwire-branded face mask to protect me from a global pandemic. Over the past year, I’ve worn that face mask...
Blog

Learning All About Ghidra – Inside a Class with Craig Young

I was recently tasked with reverse engineering (RE) some mobile apps. The actual task was to “learn” to RE – I don’t actually know how to do it, so it’s a good thing it’s more of a learning experience than an actual security job. And the task wasn’t really to RE apps. It was “do a security check on these mobile apps.” I’ve never done that and didn’t even know where to start. RE? Disassemble?...
Blog

Windows 11: Registry Keys, SMB Protocol, and SystemInfo

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this. Although I...
Blog

Analysis of 80 million ransomware samples reveals a world under attack

Google has released a report taking a close look at the more than 80 million ransomware samples uploaded to its VirusTotal service in the last year and a half. Each day, approximately 150,000 ransomware samples were analysed by the free VirusTotal service after being submitted by suspicious computer users, and shared with the security community to...
Blog

CIS Control 08: Audit Log Management

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of...
Blog

VERT Threat Alert: October 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via...
Blog

Contextualizing the Ransomware Threat Confronting OT Environments

Back in early June, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) published a fact sheet discussing the rising threat of ransomware to operational technology (OT) assets. This development raises several questions. Why is ransomware a threat to OT environments? And what can organizations do to protect their OT assets against...
Blog

Ada Lovelace Day: Celebrating Women's Achievements in STEM

Ada Lovelace Day is October 12th, celebrating women in STEM, which includes cybersecurity! Every year, the holiday does end up being a history of computing, as Ada was composing what we’d now consider the software for a theoretical first computer that had not been built. But that was in the 1840s. What are women doing today? Have you heard of...
Blog

SecTor Episode MMXXI: Return of The Hack Lab

I’m happy to announce that arrangements have now been finalized for the Tripwire team to return for the Tripwire VERT Hack Lab at the MTCC! We will be bringing some new hardware devices as well as a new virtualized hack target. This new virtual target, an ASUS DSL modem with recent firmware, can be compromised by applying the tools & methods we’ve...
Blog

The Changing Role of the CISO

Back in the early days of networking, many companies assigned all of the responsibilities to anyone who showed any aptitude towards operating a computer. In many companies, this was an accountant or someone else who also managed sensitive financial information. The assumption was that the person managing the corporate books was the most trustworthy...
Blog

Tripwire Patch Priority Index for September 2021

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence. First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added...
Blog

CIS Control 07: Continuous Vulnerability Management

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control...
Blog

Analysis of a Parental Control System

Canopy was advertised to me through my child’s school. The company offers a multi-platform parental control app claiming various abilities to limit and monitor use of protected devices. Access to Canopy is billed monthly and includes a compelling list of features for concerned parents: From: https:...