Blog

Blog

DYN Restores Service after DDoS Attack Downed Twitter, Spotify, Others

UPDATED 21/10/2016 11:15 EDT DYN has restored service after a distributed denial-of-service (DDoS) attack against its DNS infrastructure took down Spotify, Twitter, and a host of other sites. The internet performance management company published a statement on its status page explaining that a DDoS attack was responsible for the service interruption...
Blog

The White House Meets WestWorld: The “Future of Artificial Intelligence” in the United States

Perhaps completely in sync with the tremendous press surrounding the new HBO hit series WestWorld, the Obama White House issued a press release on October 11, 2016, entitled "The Future of Artificial Intelligence" along with a lengthy report “National Artificial Intelligence ('A.I') Research and Development Strategic Plan” (PDF, hereinafter the ...
Blog

Building For The Cloud at Home

This post will touch briefly on the "why" of reproducible builds, but it is primarily a quick and dirty "how to" when building for Amazon Web Services. If you're not familiar with the concept, reproducible builds (sometimes referred to as "verifiable builds”) are a methodology of building software in such a way that the path from the source code to...
Blog

4 Reasons to Get Your Master’s Degree in Cyber Security

There is a severe talent shortage in the cyber security field. In fact, it’s one of the few fields with a negative unemployment rate, and analysts are estimating that there will be 1.5 million cyber security job openings by 2019. So, if you have been considering entering the field or advancing your career within the industry, this is an opportune...
Blog

Macro Malware Employs Password Protection to Evade Analysis

A type of macro malware campaign has incorporated password protection into its attack emails in order to serve up ransomware. The campaign begins with an email that comes with an attached document bearing the .dot extension. It's password-protected, and the only way a recipient can open it is to enter in the password provided by the sender in the...
Blog

Takeaways from the 2017 PwC Global State of Information Security Survey

Organizations around the world are taking a more innovative approach to managing threats in today’s digital era, reveals the 19th annual Global State of Information Security Survey (GSISS). This year’s study – produced by PwC in conjunction with CIO and CSO – includes the responses of more than 10,000 business and IT security executives from over...
Blog

Hackers Stole Data and Personal Information from Nuclear Research Center

Hackers stole nuclear research data and personal information off of a computer at the University of Toyama’s Hydrogen Isotope Research Center. According to university officials, the hackers posed as a Tokyo university student to deliver a malware-laden document to a teaching member at the center, which conducts research on hydrogen, deuterium, and...
Blog

VERT Goes to Japan

Last week, I had the opportunity to travel to Tokyo, Japan to visit the Tripwire Japan office. I also had time to tour the city a bit with my colleague Lane Thames and his wife Linda. While the flights were long, the experience was absolutely worth it. The subway system, while pretty crazy to look at via map, was easy to navigate with the help of...
Blog

Ghost Push malware continues to haunt Android users

Android users are being reminded to only install apps from the official Google Play store or trusted third parties, after new research has revealed an alarming number of devices continue to be infected by a notorious family of malware. Security researchers at Cheetah Mobile Security claim that it is responsible for most of the Android infections...
Blog

Red Team v. Blue Team? They Are In Fact One – The Purple Team

Some people hate the red team. They think of them as the adversary, and at the extreme, people worry that their jobs are on the line. If any holes are found, network defenders worry it could be a mark on their competency. However, this should not be the case. Although it does not come across this way initially, the red team is leveraged to help the...
Blog

Computer Crime Never Pays, and These 5 Stories Prove It

It's no secret that some computer crime can generate a lot of money. For example, the author of Cerber ransomware relies on an affiliate system to distribute their creation. The malware developer collects only a fraction of the ransom payments, the average value of which usually amounts to around one Bitcoin. But even with just 0.3 percent of...
Blog

Hacker grabs over 58 million customer records from data storage firm

At least 58 million people have had their personal information published on the internet - including their names, dates of birth, email and postal addresses, job titles, phone numbers, vehicle data, and IP addresses - after a hacker stole a massive unsecured database. And, if you think that sounds bad, there may be yet more hacked data still to be...
Blog

POS Malware Infection Responsible for Data Breach at Vera Bradley

Vera Bradley has notified its customers that a point-of-sale (POS) malware infection at some of its retail store locations caused a data breach. The American handbag design company says the incident affected some payment cards used at several of its retail store locations between 25 July 2016 and 23 September 2016. There's no evidence to suggest the...
Blog

Targeted Attack Caused "Disruption" at Nuclear Plant, Confirms IAEA Chief

The chief of the International Atomic Energy Agency (IAEA) has confirmed a targeted attack caused "some disruption" at a nuclear power plant. Yukiya Amano, director of the IAEA, said the attack was not destructive, a term which some have used to describe the 2014 Sony hack because actors destroyed corporate data and denied employees access to some...
Blog

Eight Years of Hell, But No End in Sight for Victim of Cyber Stalker

Bad actors are continuously looking for ways to prey upon web users. Sometimes they turn to ransomware and other malicious software like remote access trojans to extort victims. Other times, they leverage the web's great wealth of information to hone in on a particular target, stalk their digital presence, and endeavor to make their lives a living...
Blog

Defeating Cybercrime with Awareness and Good Habits

Information security is a growing problem even in the protected, static environment of the business office. The challenges of securely accessing and storing data while traveling, however, are particularly acute, but they are manageable with (1) a high-level of awareness coupled with (2) a few good habits. Awareness Forget about hackers in the...
Blog

VERT Threat Alert: October 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 10 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-693 on Wednesday, October 12th. EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLE Automated Exploit Easy ...