Blog

Blog

Improving Cyber Security Literacy in Boards & Executives

The recent Anthem hack that may have compromised 80 million people’s personal health information reveals just how mainstream data breaches have become in recent years. In response to this rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect...
Blog

VERT Vuln School: Stack Overflow 101

I still remember my first time reading AlephOne’s ‘Smashing the Stack for Fun and Profit’ – despite not having the proper knowledge to understand it at the time, it put the security bug in my head. It was truly a consciousness raising experience to get that first glimpse of my computer’s inner workings. One thing I did understand from it, loud and...
Blog

Unconventional Security Conventions

In the face of the current wave of cyber threats, the U.S. government announced this week in Washington DC that as part of the Homeland Security initiative the current administration is creating a new agency called the Cyber Threat Intelligence Integration Centre (CTIIP) to monitor cybersecurity threats by acquiring, pooling and analysing any...
Blog

Facebook Introduces Social Sharing Platform for Cybersecurity Threats

Facebook announced on Wednesday the launch of a new platform for companies to easily exchange information regarding cybersecurity threats, such as malware and phishing attacks that could be impacting users. The world’s largest social network introduced the program, called ThreatExchange, as “an API-based clearinghouse for security threat information...
Blog

DDoS Attack Brings Down Dutch National Government Websites

A distributed denial of service (DDoS) attack brought down the Dutch national government’s websites yesterday, officials confirm. “The Public and Communications office, part of the Ministry of General Affairs, in conjunction with Centric/Prolocation and the National Cyber Security Center (NCSC), are evaluating the attack,” the government said in a...
Blog

VERT Threat Alert: February 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-601 on Wednesday, February 11. MS15-009 Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE Multiple Elevation of Privilege...
Blog

Microsoft Patches Dangerous Group Policy Vulnerability

In February’s Patch Tuesday, Microsoft issued an update to fix a privately reported critical vulnerability in Group Policy that could allow potential attackers to achieve remote code execution (RCE) in domain networks. If successfully exploited, an attacker could gain complete control of a vulnerable system, install programs, view data and even...
Blog

11 Essential Bug Bounty Programs of 2015

With cybercrime and major hacking incidents reaching epidemic proportions, the importance of locating application-layer vulnerabilities is rising. Developers and companies are constantly striving to scan their code and improve code integrity in the early development stages, but no application is completely vulnerability-free and external scrutiny...
Blog

Threat Intelligence: Reduce the Gap

Major cyber security incidents continue to hit the headlines. Security and privacy are top concerns for IT and security professionals, especially after 2014’s highly publicized data breaches. Companies around the globe were victim to malware, stolen data and exploited vulnerabilities. Big companies weren’t immune to this, with Target, JPMogan Chase,...
Blog

Drones: Security Concern or Useful Resource?

Drones have been talked about quite a bit in the news over the past couple of years—whether it’s the use of unmanned aerial vehicles (UAV) by the military or the viral video showing Amazon’s proposal for speedy drone delivery, the devices have really grabbed people’s attention. Now, many are buying their own personal drones and most are looking at...
Blog

The Voice of the CISO: Interview with Robb Reck

Last week, we interviewed Brian Engle, the Chief Information Security Officer and Cybersecurity Coordinator for the State of Texas, and discussed with him the importance of communication in shaping cybersecurity as an ongoing management concern that businesses everywhere need to appreciate. As part of our ongoing “The Voice of the CISO” series, we...
Blog

10 Notorious Cyber Criminals Brought to Justice – No. 4

Last week, we investigated the story of Vladislav Anatolievich Horohorin, a Ukrainian hacker who was well known online for managing several web forums where cyber criminals could dump and sell users’ stolen payment card credentials. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladmir...
Blog

Chipotle Website & Twitter Account Hacked

Chipotle's website and official Twitter account were compromised late Saturday evening and into Sunday morning. The website was redirected on Saturday around 6PM (PST) to Chipotle's official twitter account @chipotletweets and was then unresponsive. The Chipotle domain's technical and administrative contacts for the domain have been updated with a...
Blog

How Anthem Could Be Breached

According to the Associated Press, the attackers who targeted and exfiltrated more than 80 million customer records from Anthem Inc, were able to commandeer the credentials of at least five different employees. We know from Anthem themselves that at least one admin account was compromised, as the admin himself noticed his credentials being used to...
Blog

The Year of The Hack

It seems only fitting that 2014 should have ended with the much publicized hacking of Sony as the American public was inundated all year with one sensational account after another of damaging data security breaches. Those surrounding Target, UPS, K-Mart, Staples, Dairy Queen and Home Depot have certainly received the full attention of the media, as...
Blog

Microsoft Packing More CVEs into Fewer Security Bulletins

Patch Tuesday, the unofficial day on which Microsoft regularly releases security updates for its software products, has long been a staple of the information security community. On the second (and sometimes fourth) Tuesday of every month, Microsoft releases a unique set of security bulletins that provide patches for a range of new Common...