Blog

Blog

Cyberthon 2020: Valuable Discussions, For a Worthy Cause.

Thank you to everyone who joined us for our virtual charity event, Cyberthon 2020 on the 9th June. Given our company started out over 20 years ago as a piece of freeware pioneering many of the early approaches in intrusion detection, there has always been a strong seam of altruism running through Tripwire. This extends far beyond providing open...
Blog

Industrial Cybersecurity - From HVAC Systems to Conveyor Belts

Tripwire's General Manager of Industrial Cybersecurity, Kristen Poulos, discusses the risks that come with the increasing number of connected devices operating on the plant floor and throughout facilities. In this episode, Kristen shares how IT can partner with OT to protect the safety, productivity, and quality of operations. https://open.spotify.com...
Blog

Extortionists Preying on Site Owners with Fake Website Hacking Scam

Researchers found that extortionists are targeting website owners with a scam in which they claim to have hacked their site and extracted a database. WebARX observed that the ploy first makes itself known to website owners when they receive a ransom message from the attackers. In a sample note analyzed by the web application security platform, the...
Blog

10 Essential Bug Bounty Programs of 2020

In 2019, the State of Security published its most recent list of essential bug bounty frameworks. Numerous organizations and government entities have launched their own vulnerability reward programs (VRPs) since then. COVID-19 has changed the digital security landscape, as well. With that in mind, it’s time for an updated list. Here are 10 essential...
Blog

SNAKE Ransomware Affected Enel Group's Internal Network

Italian multinational energy company Enel Group suffered a SNAKE ransomware infection that affected its internal network. According to a statement issued by Enel Group, the ransomware attack first registered with the energy company on June 7 when its internal IT network suffered a disruption. A spokesperson for the company said that officials...
Blog

Babylon Health App Leaked Patients' Video Consultations

Babylon Health, makers of a smartphone app that allows Brits to have consultations with NHS doctors, has admitted that a "software error" resulted in some users being able to access other patients' private video chats with GPs. The data breach came to light after one user, Rory Glover, tweeted that he was shocked to find the app's "GP at Hand"...
Blog

Trickbot Using Fake Black Lives Matter Voting Campaign for Distribution

Security researchers came across an attack email that leveraged a fake Black Lives Matter voting campaign to distribute Trickbot malware. Digital security firm Abuse.ch found that the attack email pretended to originate from a sender known as "Country administration." Building on its subject line "Vote anonymous about Black Lives Matter," the attack...
Blog

Ragnar Locker Partnered with Maze Ransomware Cartel

The actors behind Ragnar Locker partnered with the Maze ransomware gang as a means of extorting victims whose unencrypted data they had stolen. On June 8, the operator of the "Ransom Leaks" Twitter account revealed that Maze ransomware had begun using its infrastructure to share data leaks perpetrated by Ragnar Locker. https://twitter.com...
Blog

The MITRE ATT&CK Framework: Command and Control

Most malware these days has some level of Command and Control. This can be to exfiltrate data, tell the malware what instructions to execute next, or download encryption keys in the case of ransomware. In each case of command and control, the attacker is accessing the network from a remote location. Having insight into what is happening on the network...
Blog

VERT Threat Alert: June 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft. CVE Breakdown by...
Blog

U.S. Utilities Targeted with FlowCloud Malware by LookBack Attackers

The digital attackers responsible for distributing LookBack malware targeted U.S. utility providers with a new threat called "FlowCloud." Proofpoint first observed threat actors attempting to spread FlowCloud in mid-July 2019. At that time, the security firm detected phishing campaigns whose attack emails employed subject lines such as “PowerSafe...
Blog

How ExpertOps Can Help You Address the Infosec Skills Gap

Are you struggling to hire skilled digital security talent in 2020? If so, you’re not alone. According to a Tripwire study on the infosec skills gap, 82% of security experts said that their teams were understaffed; nearly the same proportion (83%) indicated that they were feeling more overworked going into 2020 than they were a year prior. It doesn...
Blog

Zorab Ransomware Disguised as STOP Djvu Ransomware Decryptor

A security researcher discovered a new ransomware strain called "Zorab" masquerading as a decryptor for STOP Djvu ransomware. Michael Gillespie, creator of the Ransomware ID service, spotted Zorab being distributed as a decryptor for the STOP Djvu family. A relatively common ransomware strain, STOP Djvu was involved in various digital attacks over...
Blog

Using AWS Session Manager with Enhanced SSH and SCP Capability

Last year, Amazon Web Services announced new capabilities in the AWS Systems Manager Session Manager. Users are now capable of tunneling SSH (Secure Shell) and SCP (Secure Copy) connections directly from a local client without the need for the AWS management console. For years, users have relied on firewalls and bastion hosts in order to securely...