Blog

Blog

Yahoo to Face Privacy Class-Action Lawsuit Over Scanned Emails

A judge has ordered Yahoo, Inc. to face a class action lawsuit alleging that the company violated users’ privacy by scanning email messages for advertising purposes. In her 44-page decision, Judge Lucy Koh of the US District Court of Northern California explains that Yahoo is alleged to have scanned the contents of messages sent to Yahoo! Mail...
Blog

Cyber Security Skills: The Hot New Must-Have IT Skill Set

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand...
Blog

Tripwire VERT Capture the Flag: Official Summary, Part 1

I’m happy to report that the first ever Tripwire VERT capture the flag contest was a huge success. With competitors registered from across the globe, our vulnerable application saw thousands of connections coming from dozens of unique addresses along with a non-stop flood of flags, questions,and...
Blog

Digital Forensics and the Futuristic Scene-of-Crime

Over the years, I have written multiple articles on the subject of digital or cyber forensics and the importance it serves in supporting the modern world with regards to corporate and government incident response, first responder engagements, and more general aspects of scene-of-crime management in the digital age. Before we get into the detail,...
Blog

Rombertik: A Master of Evasive Malware Techniques

Earlier this month, several media outlets ran a story claiming that a new type of malware could be used to destroy victims’ computers. These stories might have fared well in views, but their fear, uncertainty, and doubt (FUD) have proven useful to no one. Fortunately, a number of security experts including Graham Cluley were quick to correct the...
Blog

IRS Confirms Data Breach of 100,000 Tax Accounts

The Internal Revenue Service has confirmed a data breach of 100,000 taxpayers' account information. According to a statement posted on the IRS website, criminals allegedly used sensitive information stolen from non-IRS sources to gain unauthorized access to taxpayers' accounts. To access the site, the criminals made use of stolen Social Security...
Blog

Mobile Banking Security Concerns on the Rise for Financial Institutions

It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and...
Blog

Scareware Minecraft Apps Downloaded by Millions of Android Users

A security firm has revealed that upwards of 2.8 million users have downloaded scareware masquerading as legitimate Minecraft apps off of Google Play Store. According to a blog post written by Lukas Stefanko, a Malware Researcher for ESET, 30 malicious applications pretending to be cheats for the popular computer game wereuploaded to Google Play...
Blog

Microsoft and the Software Lifecycle

For some reason, Europe’s ‘The Final Countdown’ was playing in my head as I sat and pondered this write-up. I suppose that’s fitting given that we are about to cross the 60-day mark until Windows Server 2003 goes End-of-Life. The concept of product EOL can be confusing, especially given the frequent cross-contamination that exists within Microsoft...
Blog

Data Breach Affects Thousands of Bergen County Patients

Thousands of patients have been alerted that their medical records were potentially stolen in a data breach that affected at least three hospitals located in Bergen County, New Jersey. According to officials, an employee of Medical Management LLC, a healthcare billing company located in North Carolina, allegedly stole the names, Social Security...
Blog

LogJam: Who is the Man-in-the-Middle?

While we're all collectively struggling with how to internalize Logjam, a high-profile vulnerability that doesn't have a catchy logo, I'd like to take those who are interested aside for a moment to consider how we might talk about the threat this vulnerability poses. I'll start with some basics, but if you want more technical details, the Tripwire...
Blog

Vote Now for Europe's Most Popular Security Blogs!

We at Tripwire would like to encourage everyone to vote for their favorite security blogs in the third annual EU Security Blogger Awards 2015! Tripwire is especially proud to have been named a finalist for five categories in this year's awards among numerous other respected publications and professionals. The State of Security is in the running for...
Blog

Microsoft Patching: Don't Forget to Read the Fine Print

During my career, I have built and managed hundreds of production-level client and server systems, and nothing can be more worrisome than when it comes time to apply patches and upgrades to software. Why? Because things can, and often times, do go wrong during patch and upgrade cycles. According to a few reports, it is possible that system...
Blog

Data Breach Hits Telstra's Pacnet, Exposes Customer Data

Telstra's Pacnet has begun contacting its customers following the discovery of a data breach that compromised its corporate IT servers on which customer data is stored. Several high-profile Pacnet customers, including the Australian Federal Police and other government agencies, were exposed by the breach. It is unclear at this time whether the...
Blog

LogJam: Researchers Identify Another Web Encryption Vulnerability

A new potentially high-impact vulnerability called LogJam has been revealed by researchers, which has similarities to the FREAK (CVE-2015-0204) vulnerability disclosed a few months ago, whereby a man-in-the-middle attack can be implemented to weaken the encryption between client and server. Like FREAK, the LogJam vulnerability takes advantage of...
Blog

More Top Conferences in Information Security – Readers' Choice Edition

Last week, we published a list of the top 10 conferences in information security. In our article, we strove to include some of the biggest events in the industry. But realizing that we likely missed a few, we invited you – our readers – to write in and let us know of the conferences you feel should have made the list. Thank you to those who provided...