A new variant of the SamSam ransomware family requires direct involvement from attackers in order to execute its malware payload. Uncovered by Malwarebytes, new versions of SamSam require attackers to execute a batch file that's responsible for loading up a .NET runner. They do so by manually entering a password as the file's command-line parameter...

The State of Security's countdown of the FBI’s 10 most-wanted black-hat hackers is nearly over. Just two criminals remain. At number two is Evgeniy Mikhailovich Bogachev, the leader of a cybercrime ring responsible for writing and promulgating Gameover Zeus. On 22 August 2012, a federal grand jury in Nebraska indicted Bogachev on several charges,...

In the midst of some of the most interesting times in geopolitical history, Tripwire wanted to see how the infosec community is currently feeling about nation-state attacks. It thus decided to conduct a survey while at Infosecurity Europe 2018 in London. Specifically, Tripwire surveyed 416 attendees to see what the future of nation-state attacks...

Welcome to the second installment of #TripwireBookClub, where we look at Serious Cryptography, published by No Starch Press. This was a book I was interested in because I don’t spend a lot of time digging into crypto these days, and the book seemed like a good dive into the topic. Serious Cryptography: A Practical Introduction to Modern Encryption...

A South Korean cryptocurrency exchange suffered a heist in which thieves made off with approximately $32 million in stolen assets. On 20 June, Bithumb disclosed the hack in a statement published to its website: We noticed that between last night and today early morning, about 35,000,000,000 KRW worth cryptocurrencies have been stolen. However, this...

GDPR has been in effect since May 25th, 2018. The purpose of the regulation is twofold: to enhance the privacy of an EU citizen’s related information and to strengthen the powers of the data protection institutions and regulators to act against any organization breaches the new rules. But is GDPR alone the panacea for fighting cybercrime and data...

Last time, I had the opportunity of speaking with Avi. Avi’s not a woman, but they’re a badass hacker with a natural intuition for cybersecurity that has been put to excellent use. This time, I had the pleasure of speaking with Susan Ballestero. She has unique experience with working in a security operations center and being an information security...

A disgruntled employee at Tesla has caused “extensive and damaging sabotage,” according to the company’s CEO Elon Musk. In an email sent to employees late Sunday night, Musk revealed an employee had broken into the company’s computer systems in an effort to disrupt operations. The message, as first reported by CNBC, stated the employee made direct...

A cancer center received an order to pay $4.3 million in a settlement for HIPAA violations that involved multiple data breaches. (Source: Houston Chronicle) On 18 June, the United States Department of Health and Human Services (HHS) announced in a press release that one of its Administrative Law...

Industrial control systems (ICS) first proliferated at a time when cybersecurity didn’t weigh heavily on organizations’ minds. Since then, there have been two significant developments in the industry. First, cybersecurity has become a mission-critical concern for businesses everywhere. Second, there’s been a shift to new network technologies that...

The commoditization of personal data in recent years has created huge opportunities for anyone with the skills to collect, catalogue and correlate every aspect of our lives. For many years now, there has been a war between browser vendors and unscrupulous advertisers looking for tricks to uniquely identify users and track their movements across...

Chilean bank and financial services company Banco de Chile said that a virus infiltrated its computer systems and stole $10 million. On 9 June, Banco de Chile's general manager Eduardo Ebensperger provided some insight about the attack to La Tercera. A translation by Google is provided below: We found some strange transactions in the SWIFT system ...

Recently, researchers from The New York Institute of Technology and the Stevens Institute of Technology computer science department released a paper about using a relatively new machine learning technique to make computers 18-24 percent better at guessing your passwords than ever before. In this article, we’ll covert: The historical context in...

Mobile platforms and the internet have brought about massive potential and real value to many companies. This evolution has made mobile enterprise systems an essential business function, becoming a top priority for any company serious about its growth. The ability of mobile technology to improve productivity and efficiency and drive greater ROI is...

Organizations stand to gain a lot from transitioning to a DevOps software development model. Switching to DevOps leads to quicker problem solving, increased employee engagement, and more time for innovation. That's assuming a transition is successful, however. Enterprises can run into various problems along the way, including inadequately measured...

Yes, Apple is toughening up the security of iPhones with iOS 12. Yes, the steps Apple is taking will make it harder for law enforcement agencies to thwart iPhone security. But no, that's not the reason Apple is doing it. To understand better, let's take a little history lesson. Back in 2016, Apple CEO Tim Cook opposed court requests that his company...

Creating a thorough and effective security program is difficult enough when your data is stored on-premises. But most organizations and agencies straddle hybridized on-prem and cloud environments—or they’re cloud-native entirely. This complicates the role of cybersecurity teams who now need tools that can traverse multiple environments without...

Network security is an issue that is increasingly important as businesses and even households shift more workflow processes and key tasks to the network and into the cloud. While some users may find it a challenge to protect even a single digital device, keeping an entire network secure can be a tall order for even the most tech-savvy users. From...

Federal authorities have arrested dozens of alleged fraudsters in an international takedown of Business Email Compromise (BEC) schemes. According to the Department of Justice, a total of 74 individuals were arrested, including 43 in the US, 29 in Nigeria, and three in Canada, Mauritius and Poland. The operation – dubbed Operation Wire Wire – was...

If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring file hashes. And FIM has staying power. It’s still around, and there are still new deployments. There aren’t a lot of...