Blog

Blog

Protecting Organizations from Customized Phishing Attacks

Phishing Attack A few years ago, I myself was vished, or ‘phished,’ over the phone. The caller was someone, likely offshore in a call center, who had done a little bit of research online to find my name, my phone number, my wireless phone carrier and a few other details that they used to build rapport with me on the phone. Spoofing the customer...
Blog

10 Tenets for Cyber Resilience in a Digital World

Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by criminal and hostile state actors. The hard truth is that it is difficult to...
Blog

3 Malware Trends to Watch Out for in 2020

Malware closed out 2019 on a strong note. According to AV-TEST, malware authors’ efforts throughout the year helped push the total number of known malware above one billion samples. This development wouldn’t have been possible without the vigor exhibited by malware authors in the fall of 2019. Indeed, after detecting 8.5 million new samples in June...
Blog

DDoS Attack Potentially Targeted State Voter Registration Site, Says FBI

The FBI said that a distributed denial-of-service (DDoS) attack potentially targeted a state-level voter registration site. In a Private Industry Notification (PIN) released on February 4, the FBI said that a state-level voter registration and voter information website received a high volume of DNS requests over the period of a month. Those requests...
Blog

What Is Log Management, and Why Is It Important?

I think we all know what log management is. As discussed in a 2017 article for The State of Security, log management is about systematically orchestrating the system and network logs collected by the organization. That being said, there’s still some confusion surrounding why an enterprise would want to collect log data in the first place. There are...
Blog

Spam Campaign Leveraged RTF Documents to Spread Infostealers

A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some samples. Its researchers performed additional analysis and found that the samples belonged to the...
Blog

Tripwire Patch Priority Index for January 2020

Tripwire's January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware and Linux. Exploit Alert: Metasploit Up first on the Patch Priority Index this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect...
Blog

Email Attackers Abusing Coronavirus Outbreak to Spread Emotet

Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan. IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials had learned of a developing coronavirus outbreak in Japan...
Blog

Helping Healthcare Organizations Mature their Cybersecurity Practices

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event which...
Blog

Why Asset Visibility Is Essential to the Security of Your Industrial Environment

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS...
Blog

Assessment Frameworks for NIS Directive Compliance

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives:to...
Blog

Quick Guide to Modern Security Configuration Management

Security configuration management is the cybersecurity process of ensuring systems are properly configured to meet security and compliance standards, reducing cyber risk in the process. The practice of detecting and remediating misconfigurations combines elements of integrity monitoring, configuration validation, vulnerability assessment, and system remediation. "The reliability of (Tripwire...
Blog

UK High Court Approves Freezing Injunction on $1M Ransomware Payment

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020. As relayed in the judgement, a Canadian insurance company...
Blog

Change Is Inevitable: Tripwire File Analyzer

One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider. Changes that we accept Changes that are good Changes that are bad A lot of changes in our everyday life are out of our control. It can be hard to discover, monitor and even react to change. However,...
Blog

On Authorization and Implementation of Access Control Models

There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention of both the customer and developers to this aspect in the initial...
Blog

Payment Cards Exposed in Wawa Breach Offered for Sale on Dark Web

Digital criminals posted customers' payment card details exposed in the 2019 Wawa data breach for sale on a dark web marketplace. In December 2019, the Joker's Stash first announced what it called the "BIGBADABOOM-III" breach. Advertisements posted by the dark web marketplace announced that the breach included over 30 million payment card details...