Blog

Blog

Steps for Successful Vulnerability Management: Lessons from the Pitch

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck. Now that I’m older, I watch more than I play, and I’m able to appreciate the many lessons team...
Blog

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not...
Blog

The CMMC – A Palatable Enforcement Solution to DFARS Requirement?

My colleagues and I have been warning about the Department of Defense’s (DoD's) looming enforcement of DFARS clause 252.204-7012 for a while now, as many Tripwire customers handle government CUI. Inevitably, we are asked how long we think it will be until enforcement takes place. Our response is that enforcement will take place when compliance oversight is driven from the top down. Based on DoD’s...
Blog

PCASTLE Malware Attacks Targeting China-Based Systems with XMRig

A new wave of attacks involving PCASTLE malware are targeting systems located in China with the XMRig cryptocurrency miner. On 17 May, Trend Micro first observed a series of attacks that use PCASTLE, an obfuscated PowerShell script, to target mainly China-based systems with XMRig, cryptomining malware was involved in numerous attacks in 2018. The...
Blog

11 Common Tools for Your DevOps Team

DevOps is revolutionizing the way enterprises deliver apps to the market by blending software development and information technology operations. This convergence creates an assembly line for the cloud, as Tim Erlin wrote for The State of Security, by increasing the rate at which companies can develop apps and deliver them to users. 11 Common Tools...
Blog

Cloud Services: Your Rocket Ship Control Board

The move to the cloud—in many ways—is a return to the early days of computing. When I took my first computer class in 1978, we used an IBM system/360 system time share. We rented out time on a remote system, sent our jobs over a modem to a computer at a university and got back the results of the program run. Today, we’re using the cloud, which is just...
Blog

Privileged Access Management Issues? Enter Tripwire Password Manager

So, you have 2,000 network devices in your environment and everyone is telling you that you have to rotate all 2,000 device passwords every 30, 60 or 90 days (at a minimum). How are you going to manage this? The task seems monumental and time-consuming! If nothing is done, then your security/compliance posture will worsen due to reusing passwords that...
Blog

Unpatched Vulnerabilities Caused Breaches in 27% of Orgs, Finds Study

In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent...
Blog

Tripwire Patch Priority Index for May 2019

Tripwire's May 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. First and most importantly this month are the patches available to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability. As noted by Microsoft: [This] remote code execution vulnerability...
Blog

Revisiting the Risk Management Framework in Light of Revision 2

It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it would be a good time to revisit the RMF and to highlight some of its key updates. Overall, the new version...
Blog

Dolos DNS Rebinder: What You Need to Know

Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a...
Blog

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware called "HiddenWasp" that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. According to a blog post by researchers at Intezer, the malware borrows from existing malware code publicly available on the internet including...
Blog

Journey to OSCP - 10 Things You Need to Know

"OSCP is not about clearing the exam. It’s all about working deeply on labs." --Ramkisan Mohan (Check out his detailed guide to OSCP Preparation) I began my OSCP journey in the late fall of 2018. So far, I've rooted 23+ machines in the PWK labs, and I am still plugging away, hoping to get as many as possible, learn as much as possible and, of course...
Blog

How to Secure Your Information on AWS: 10 Best Practices

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was simple negligence. The...
Blog

Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot

Digital criminals have begun abusing a secure tunneling service to deliver samples of the Lokibot banking malware family. My Online Security came across an instance of this campaign when they received an email pretending to originate come from BBVA Banco Continental, a Spanish bank. The email leveraged the lure of a fake payment transfer to trick...
Blog

What’s Going on at Infosecurity 2019: Tripwire Edition

It seems like only yesterday that we were packing up the Tripwire stand after another fantastic year at Infosec and here I am (literally) counting down the days until the doors open for Infosecurity Europe 2019! The Tripwire team is always excited to get on the show floor and have great conversations with clients and partners, meet new people and of...