Blog

Blog

SYNful Knock: Opening the Door on Industry Ignorance

UPDATE 9/23/15: VERT has released a script based on FireEye's nping command to report if a host is affected or not. The script is available on the Tripwire VERT GitHub here. For IP360 customers, a variant of this is available as a custom rule. Please contact Tripwire Support or view the TechNote in TCC for details. I’ve always been a big fan of...
Blog

Systema Software Investigates Data Breach that Exposed 1.5M Users' Details

Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers. According to The Register, insurers using Systema Software allegedly posted the names, addresses, phone numbers, medical records, and other personal information in the clear...
Blog

Exploring Third Party Risks to Network Security

My first few blog entries were written at a time when I had had a couple of prowler incidents at my house, and I wrote about how I installed security counter measures. After all this time, I was out maintaining the motion sensors, and it occurred to me I hadn't taken a look at my network security around the house lately and should put in some...
Blog

Seven Years of Cyber Espionage: F-Secure Unveils 'The Dukes'

Finnish security and privacy company F-Secure recently published a white paper exploring the activities of 'The Dukes,' a group of hackers that has been targeting Western-based governments think tanks, and other organizations for at least the past seven years. According to F-Secure's research, the group is known primarily for its use of advanced,...
Blog

Defensibility: Comparing OT and IT Environments

ICS networks have a lot of considerations. Policies and processes can hamper success. But they are far more defensible than IT networks. — Robert M. Lee (@RobertMLee) September 15, 2015 Sometimes a tweet can catch your attention in interesting ways. Robert's use of the term 'defensible' to describe ICS networks got me thinking about what makes an...
Blog

Banks Allowed to Bring Class Action Suit Against Target for 2013 Breach

Earlier this week, a U.S. judge ruled that banks can proceed with a class action suit filed against Target for a data breach that occurred in 2013. A U.S. District Court judge in St. Paul Minnesota affirmed Target's negligence in the data hack, which compromised upwards of 40 million credit cards. This decision enables the $5 million class action to...
Blog

Cyber Liability Insurance's Data Problem: Mining for Destruction

Cyber liability insurance is becoming an increasing necessity for businesses and could easily become a requirement similar to E&O insurance not just for large corporations, but also small- to medium-sized businesses. The challenge, however, is understanding how much coverage, as well as the scope of the coverage organizations need to properly offset...
Blog

Over 21 Million New Types of Malware Created in Q2 2015, Report Finds

A recent report by Panda Security revealed a record high in the creation of new malware samples, reaching more than 21 million new threats over the course of just three months. In the second quarter of 2015, the Spanish security firm saw an average of 230,000 new types of malware each day – an increase of 43 percent compared to the same period last...
Blog

Russian Hacker Pleads Guilty to Stealing 160M Credit Cards

A Russian hacker has pleaded guilty to stealing 160 million credit cards numbers and to attacking several large American companies. On Tuesday, Vladmir Drinkman, 34, admitted in federal court in Camden, New Jersey that he and four other individuals conspired to steal credit card numbers from Heartland Payment Systems Inc., 7-Eleven Inc., and the...
Blog

Smart Cross-Site Request Forgery (CSRF)

All too often, I find that vendors discount the risks associated with attack vectors involving cross-site request forgery (CSRF). Naturally, remediation of vulnerabilities involving user-interaction should generally take a back seat to those that are exposed to completely remote/unauthenticated exploitation, but that doesn’t mean it is OK to simply...
Blog

Will Quantum Computers Threaten Modern Cryptography?

Modern cryptography, including elliptic curve cryptography, is being used extensively for securing our internet payments, banking transactions, emails and even phone conversations. The majority of today's cryptographic algorithms are based on public-key encryption, which is considered to be secure against attacks from modern computers. Quantum...
Blog

Most Suspicious TLDs Revealed by Blue Coat Systems

In 1985, around the time that the Internet was just beginning to take shape, there were six top-level domains (TLDs) in existence. These were ".com", ".net", ".org", ".gov", ".mil", and ".edu". Along with some 100 country codes, those TLDs led the evolution of the web for over a decade. But then things changed. As the Internet continued to expand in...
Blog

Sakawa Scams Spread to the UK

Earlier this year, I focused on the emerging trend of Sakawa scams originating from the west coast of Africa. If you've never heard this term before, there is some learning for you to do! Sakawa, or JuJu, scams are a subsection of traditional online cyber crime. Whilst many scams originating from all over the world could be classed as 'sakawa,' the...
Blog

Board Talk: How to Improve Your Board's Cyber Security Literacy

With security breaches such as Sony, WHSmith and Ashley Madison hitting the headlines every week, the level of security awareness among the general public has never been higher. You could therefore be forgiven for thinking that (at least theoretically) it would be an easy task to impress the importance of information security matters on a board of...
Blog

Malware Capable of Bypassing CAPTCHA Systems Found in Google Play

Security researchers have spotted a sophisticated type of malware that is capable of bypassing CAPTCHA authentication systems in the Google Play Store. According to a blog post written by Bitdefender security researcher Liviu Arsene, the malware, which has been identified as Android.Trojan.MKero.A, seems to have somehow found its way into legitimate...