Blog

Blog

Spam Campaign Leveraged RTF Documents to Spread Infostealers

A spam campaign leveraged malicious RTF documents to distribute notorious infostealers including Agent Tesla and Lokibot. While digging through a few other spam campaigns, Lastline observed unusual use of the C# compiler from the command line in some samples. Its researchers performed additional analysis and found that the samples belonged to the...
Blog

Tripwire Patch Priority Index for January 2020

Tripwire's January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware and Linux. Exploit Alert: Metasploit Up first on the Patch Priority Index this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect...
Blog

Email Attackers Abusing Coronavirus Outbreak to Spread Emotet

Security researchers observed email attackers abusing the coronavirus outbreak to infect concerned users with the Emotet trojan. IBM X-Force found that the attack emails appeared to originate from a Japanese disability welfare service provider. Those emails informed recipients that officials had learned of a developing coronavirus outbreak in Japan...
Blog

Helping Healthcare Organizations Mature their Cybersecurity Practices

Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event...
Blog

Why Asset Visibility Is Essential to the Security of Your Industrial Environment

Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS...
Blog

Assessment Frameworks for NIS Directive Compliance

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP). The NIS Directive sets three primary objectives:to...
Blog

Quick Guide to Modern Security Configuration Management

Security configuration management is the cybersecurity process of ensuring systems are properly configured to meet security and compliance standards, reducing cyber risk in the process. The practice of detecting and remediating misconfigurations combines elements of integrity monitoring, configuration validation, vulnerability assessment, and system remediation. "The reliability of (Tripwire...
Blog

UK High Court Approves Freezing Injunction on $1M Ransomware Payment

The UK High Court of Justice approved a freezing injunction on over $1 million paid by an English insurance company to ransomware actors. The Honorable Mr. Justice Bryan announced his approved judgement in a decision released for publication by the High Court of Justice on January 17, 2020. As relayed in the judgement, a Canadian insurance company...
Blog

Change Is Inevitable: Tripwire File Analyzer

One of the only things that is constant in life is change. It’s the same with cybersecurity. There are different types of changes to consider. Changes that we accept Changes that are good Changes that are bad A lot of changes in our everyday life are out of our control. It can be hard to discover, monitor and even react to change. However,...
Blog

On Authorization and Implementation of Access Control Models

There are dozens of implementations of authorization mechanisms. When there are complex requirements dictated by business processes, authorization mechanisms may often be implemented incorrectly or, at least, not optimally. The reason for that, in my opinion, is the low attention of both the customer and developers to this aspect in the initial...
Blog

Payment Cards Exposed in Wawa Breach Offered for Sale on Dark Web

Digital criminals posted customers' payment card details exposed in the 2019 Wawa data breach for sale on a dark web marketplace. In December 2019, the Joker's Stash first announced what it called the "BIGBADABOOM-III" breach. Advertisements posted by the dark web marketplace announced that the breach included over 30 million payment card details...
Blog

What "Attack Surface" Means in 2020

Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...
Blog

Zoom Bug Potentially Allowed Attackers to Find and Join Active Meetings

Updated 01/29/20 with statement from Zoom spokesperson Remote conferencing services provider Zoom patched a vulnerability that could have allowed an attacker to find and join active meetings. Check Point explained that the issue stemmed from the way in which Zoom secured certain meetings: If you use Zoom, you may already know that Zoom Meeting...
Blog

5 Ways Your Organization Can Ensure Improved Data Security

Each year on January 28, the United States, Canada, Israel and 47 European countries observe Data Privacy Day. The purpose of Data Privacy Day is to inspire dialogue on the importance of online privacy. These discussions also seek to inspire individuals and businesses to take action in an effort to respect privacy, safeguard data and enable trust....
Blog

Navigating ICS Security: Having your Action Plan Ready

Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade. When working within a cybersecurity...
Blog

Plights of the Round Table – Strategic Lessons from the Casino

In Part 1 of the Plights of the Round Table, the executive staff of Camelot was working on the strategic plan for the following year. Morgan, the CEO, needs to decide how to spend her limited budget for the best interest of Camelot. Lana, the VP of Sales, thinks they should invest in horses for their knights. Susan, the CISO, would rather the money go to upgrading the castle wall and building a...
Blog

Ransomware: The average ransom payment doubled in just three months

A new report into the state of ransomware at the tail end of 2019 has revealed that things aren't getting any better. In Q4 of 2019, according to the new study published by security firm Coveware, the average ransom payment more than doubled – reaching $84,116, up from $41,198 in Q3 of 2019. Coveware's report says that this reflects how some...
Blog

Shlayer Trojan Accounted for 30 Percent of Detections for macOS in 2019

The Shlayer trojan accounted for approximately 30 percent of all of Kaspersky Lab's malware detections for the macOS platform in 2019. Kaspersky Lab revealed on Securelist that Shlayer has been the most common threat to target its macOS userbase for the past two years. During that time, one in 10 of the security firm's macOS solutions encountered...