Blog

Blog

A LastPass Hack with a Happy Ending

In September, Black Hat Europe announced an interesting talk that entitled “Even the LastPass will be stolen, deal with it”. As reported in an earlier article, it was anticipated (based on the description on the conference announcement) that the “Remember Password” option was the likely attack vector. The presentation was delivered last week, and as...
Blog

Rethinking Effective Endpoint Threat Protection

Given the number and sophistication of threats stalking today's digital landscape, it is incumbent on organizations to improve their cyber resiliency. However, this task is not as easy as it sounds. Our network environments have evolved far beyond the confines of what antivirus solutions or firewalls alone can protect. The Internet of Things (IoT)...
Blog

Cloudsota Trojan Found Preinstalled on Tens of Thousands of Tablets

A security firm has discovered that tens of thousands of tablets sold on Amazon.com and elsewhere came pre-loaded with the Cloudsota Trojan. Chinese mobile Internet security company Cheetah Mobile has published a post about its findings. In it, it highlights the complaints of many customers regarding these tablets' poor quality of manufacture, with...
Blog

Ethics Meets Ransomware

It is rare that the good guys help criminals, but that is exactly what the folks at BleepingComputer.com have done. Let it be stated in no uncertain terms that they should be applauded and thanked for doing so. The problem, as reported on the BleepingComputer site, is that there is yet another variant of ransomware that is circulating online. This...
Blog

Are iPhones or Androids More of a Security Risk?

Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study ...
Blog

Tor: FBI Paid Carnegie Mellon $1 Million to Expose Users

According to the Tor Project, the FBI paid researchers at Carnegie Mellon University to launch an attack on the service last year in an effort to expose some of its users. The anonymizing service has written a blog post about its findings: "The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden...
Blog

Security 101 for CEOs

There are important security lessons for CEOs following the embarrassing revelation that a teenager hacked into the personal email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson. This isn't the first nor will it be the last time that people hack into accounts using a variety of techniques; it illustrates the...
Blog

Three Men Indicted in 2014 JP Morgan Hack

On Tuesday, a federal court charged three men with having hacked JP Morgan Chase back in 2014, a breach that resulted in the theft of 83 million people's personal information. The 23-count indictment unsealed by the United States District Court Southern District of New York indicts three men--two Israeli citizens and an American citizen--on charges...
Blog

VERT Threat Alert: November 2015 Patch Tuesday Analysis

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

TLS Extended Master Secret Extension: Fixing a Hole in TLS

Few Internet technologies are relied upon as heavily as TLS/SSL, yet it has been widely known for years that this fundamental security protocol does not do enough to effectively protect communications. The most visible failing of TLS is the reliance on public key infrastructure (PKI) in which every certification authority (CA) becomes a potential...
Blog

The Security Mindset: The Key to Success in the Security Field

What does it take to succeed as an information security professional? There are many paths to a successful infosec career, many top jobs in the industry, and many different types of people can excel in the field. Indeed, diversity is fundamental to good security. To be effective, security requires contributions from people of different backgrounds...
Blog

Searching The Deep Web and The Unmapped Internet

Some think it’s where sexual deviants access child pornography or where devoted drug users go to purchase their substance of choice; others see it quite differently as a marketplace completely void of personal information – the first of its kind. On the "deep web" lies the Silk Road. It’s an anonymous online market, a place few have visited. That...
Blog

Running the IoT Hack Lab @ SecTor

I’ve attended a number of conferences, and each event always comes with its unique responsibilities. If I go as an attendee, I’m generally taking notes to share information; if I go as a speaker, I’m on stage at some point talking; and if I go to help marketing, I’m at our booth shaking hands and explaining what Tripwire VERT does. All of these are...
Blog

New Ransomware Strain Targets Websites Powered by Linux OS

A security firm has uncovered a new strain of ransomware that is seeking to extort money from websites powered by the Linux operating system. On Thursday, Russian antivirus company Dr. Web added the malware, known as "Linux.Encoder.1," to its virus database. A description of the ransomware was created the following day: "Once launched with...
Blog

What Happens to Hacked Social Media Accounts

We read about hacks of social media accounts all the time, but what’s the point of it? How can someone benefit from hacking a personal social media account, especially a non-celebrity, when there are so many other things to hack? Go steal from a bank or something, right? This article is going to look at a few reasons why a social media account is...
Blog

Woman Cheated Out of $825 After Posting Photo of Winning Ticket to Facebook

A woman has lost $825 she won betting on the 2015 Melbourne Cup after she posted a photo of herself holding the winning ticket on Facebook. According to The Daily Mail, a woman named Chantelle placed a $20 bet on the 100-to-1 shot Prince of Penzance at this year's Melbourne Cup, Australia's most prestigious Thoroughbred horse race. "I've never bet...
Blog

Down But Never Out: Security Parallels from the 2015 World Series

In the early morning hours of Monday, November 1st, the Kansas City Royals won the 2015 major league baseball World Series. To be sure, the team secured its championship against the expectations of most. In the fifth game, the Royals trailed behind the New York Mets 0-2. Everyone expected that the Mets would win, but then things changed. At the top...
Blog

DarkHotel APT Employs Just-in-Time Decryption of Strings to Evade Detection

For decades, the field of computer security has evolved as a cat-and-mouse game between security researchers and malware authors. When the former devises new methods to detect malicious programs, the latter incorporates into their software dormant functionality scenarios and a variety of other evasive techniques – four of which are now particularly...