Blog

Blog

Cloud Services: Your Rocket Ship Control Board

The move to the cloud—in many ways—is a return to the early days of computing. When I took my first computer class in 1978, we used an IBM system/360 system time share. We rented out time on a remote system, sent our jobs over a modem to a computer at a university and got back the results of the program run. Today, we’re using the cloud, which is...
Blog

Privileged Access Management Issues? Enter Tripwire Password Manager

So, you have 2,000 network devices in your environment and everyone is telling you that you have to rotate all 2,000 device passwords every 30, 60 or 90 days (at a minimum). How are you going to manage this? The task seems monumental and time-consuming! If nothing is done, then your security/compliance posture will worsen due to reusing passwords...
Blog

Unpatched Vulnerabilities Caused Breaches in 27% of Orgs, Finds Study

In May 2019, Verizon Enterprise released the 12th edition of its Data Breach Investigations Report (DBIR). Researchers analyzed a total of 41,686 security incidents, of which there were 2,013 data breaches, for the publication. More than half (52 percent) of those reported breaches involved some form of hacking. The report listed the most prominent...
Blog

Tripwire Patch Priority Index for May 2019

Tripwire's May 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. First and most importantly this month are the patches available to resolve the BlueKeep (CVE-2019-0708) Remote Desktop Services remote code execution vulnerability. As noted by Microsoft: [This] remote code execution vulnerability...
Blog

Revisiting the Risk Management Framework in Light of Revision 2

It doesn’t seem very long ago that I was writing about the newly released Risk Management Framework (RMF) and explaining the value of NIST SP 800-37 to our clients. With RMF Revision 2 just recently published in December of 2018, I thought it would be a good time to revisit the RMF and to highlight some of its key updates. Overall, the new version...
Blog

Dolos DNS Rebinder: What You Need to Know

Although DNS rebinding attacks have been known for over a decade now, they are only recently receiving attention as a practical attack surface. In the last year, quite a few popular products have been shown to lack DNS rebinding protections, and as a result, someone could operate them remotely using a malicious web site. Manufacturers have made a...
Blog

HiddenWasp malware seizes control of Linux systems

Security researchers have discovered a new strain of malware called "HiddenWasp" that they believe is being used in targeted attacks to seize control of Linux systems and open backdoors for remote hackers. According to a blog post by researchers at Intezer, the malware borrows from existing malware code publicly available on the internet including...
Blog

Journey to OSCP - 10 Things You Need to Know

"OSCP is not about clearing the exam. It’s all about working deeply on labs." --Ramkisan Mohan (Check out his detailed guide to OSCP Preparation) I began my OSCP journey in the late fall of 2018. So far, I've rooted 23+ machines in the PWK labs, and I am still plugging away, hoping to get as many as possible, learn as much as possible and, of course...
Blog

How to Secure Your Information on AWS: 10 Best Practices

The 2017 Deep Root Analytics incident that exposed the sensitive data of 198 million Americans, or almost all registered voters at the time, should remind us of the risks associated with storing information in the cloud. Perhaps the most alarming part is that this leak of 1.1 terabytes of personal data was avoidable. It was simple negligence. The...
Blog

Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot

Digital criminals have begun abusing a secure tunneling service to deliver samples of the Lokibot banking malware family. My Online Security came across an instance of this campaign when they received an email pretending to originate come from BBVA Banco Continental, a Spanish bank. The email leveraged the lure of a fake payment transfer to trick...
Blog

What’s Going on at Infosecurity 2019: Tripwire Edition

It seems like only yesterday that we were packing up the Tripwire stand after another fantastic year at Infosec and here I am (literally) counting down the days until the doors open for Infosecurity Europe 2019! The Tripwire team is always excited to get on the show floor and have great conversations with clients and partners, meet new people and of...
Blog

Free Decryptor Released for GetCrypt Ransomware

Security researchers have released a tool that enables victims of GetCrypt ransomware to recover their affected files for free. On 23 May, web security and antivirus software provider Emsisoft announced the release of its GetCrypt decrypter. This utility asks victims of the ransomware to supply both an encrypted copy and the original version of a...
Blog

Endpoint Security: It’s a Whole New World

Once upon a time, endpoint security was just a hall monitor. It watched for known bad files identified with a simple signature and sent you an alert when the file was blocked. To be safe, it would scan every machine daily, an intrusive activity that slowed down machines and sped up the heart rates of affected users and hapless analysts at help desks. Those days are gone, my friend. Those days are...
Blog

Data on millions of Instagram accounts spills onto the internet

A security researcher has discovered a publicly-accessible database containing the details of millions of Instagram users, including their contact information. As TechCrunch reports, Anurag Sen discovered the database of more than 49 million records - exposed for anyone to access via the internet, no password required, on an unprotected Amazon Web...
Blog

Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction

A Windows laptop infected with six high-profile computer viruses has surpassed a value of one million dollars in public auction bids. For a project called "The Persistence of Chaos," contemporary internet artist Guo O. Dong and security firm Deep Instinct infected a Samsung NC10-14GB 10.2-Inch Blue Netbook (2008) running Windows XP SP3 with six...
Blog

One Year Later: First GDPR Execution Overview Reveals There’s Still Work to Do

It’s been nearly a year since the European Union’s General Data Protection Regulation (GDPR) became enforceable. In that span of time, news outlets have reported various stories largely concerning the regulation and its penalties scheme. In January 2019, for instance, the world learned that France’s data protection regulator CNIL had fined Google 50 million euros for "lack of transparency,...