Today’s VERT Alert addresses 8 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expect to ship ASPL-618 on Wednesday, June 10th. MS15-056 Internet Explorer Information Disclosure Vulnerability CVE-2015-1765 Multiple Elevation of...

According to a report issued by Intel Security Group's McAfee Labs, ransomware has experienced a 165% increase in the first quarter of 2015. McAfee Labs Threats Report: May 2015 reveals that this increase has been fueled in part by the impression of underground criminals that victims in rich countries seem to be the most willing to make ransom...

A security firm has identified MalumPoS, a new type of point-of-sale (PoS) malware that is targeting businesses in the hospitality, food and beverage, and retail industries. According to a blog post published by global security software company Trend Micro, the authors of MalumPoS designed the malware to collect data from PoS systems running Oracle®...

With the advancements in technology, the networks today aren’t the same as I learned on nearly 20 years ago. We’ve evolved from wired only networks using hubs to the PC, to switched networks. Used mostly for Voice Over IP (VoIP) phones, the switched networks are still there, while our computers have now given up the wires to operate wirelessly. Yet,...

China has denied responsibility for a data breach at the U.S. federal government that is believed to have compromised the personal information of former and current employees. According to a statement released by the U.S. Office of Personnel Management (OPM), the federal agency that is responsible for screening and hiring workers as well as...

Ever looked at the messages in the Oracle listener logs generated by Tripwire IP360 scans and wondered what was going on? The most common one you see probably looks something like this: 01-JUN-2015 12:39:37 * (CONNECT_DATA=(COMMAND=VERSION)) * version * 1189 TNS-01189: The listener could not authenticate the user TNS-01169: The listener has not...

New York’s Superintendent of Financial Services Benjamin Lawsky announced on Wednesday a new set of rules and regulations for businesses accepting, selling or buying virtual currencies. Following nearly a two-year-long effort, Lawsky introduced the first-ever comprehensive framework – known as BitLicense – in a speech at the BITS Emerging Payments...

As news of information breaches and personal data theft become more prevalent and popular in the press, technologists are witnessing and taking part in the rapid evolution of the once neglected realm of cybersecurity. Hopefully, this process results in an integrated, enlightened solution to what is a very complicated puzzle. Moving Beyond a Fear...

The Security BSides concept is brilliant. After being founded in 2009, it’s spread like wildfire. There are now dozens of regional events that take place around the world, and if you take a look at their website, you’ll more than likely find one not too far away. For any of you that don’t know, the principles behind the idea are simple: Expand...

A security firm has issued a warning that sympathizers of the Islamic State extremist terrorist group (ISIS) are increasingly targeting news media outlets of all sizes. According to a report published by network security company FireEye, what distinguishes these attacks is the fact that all sizes of media outlets are being targeted by sympathizers...

With a reported 17,000 people flocking to Europe's largest security conference this week, there is no doubt that the industry is expanding vastly. Here, you’ll find hundreds of vendors, a variety of workshops and a range of sessions for professionals in the field, no matter what level. From technical insights to business risks, the events is a great...

Last week, Tripwire explored the story of Brandon Bourret and Athanasios Andrianakis, two men who developed an app that scans Photobucket users’ private photo albums in search of naked selfies. We now report on a pair of twin Russian hackers who allegedly gained unauthorized access to more than 7,000 Russian bank accounts using social engineering...

U.S. Healthworks, an urgent care and occupational health service provider, has begun notifying patients of a possible data breach after an unencrypted laptop issued to one of its employees was stolen. According to the company's breach notification letter: "On April 22, 2015, we learned that a laptop issued to one of our employees had been stolen...

We hear a lot about the Internet of Things, where devices are increasingly connecting to the Internet. However, in addition to these devices being connected to the Internet, they are also increasingly connecting to each other or controlled using various radio frequencies. These radio frequencies often use proprietary or insecure protocols and often...

The recent ‘Logjam’ attack shows that a well-funded intelligence agency might be able to crack 1024-bit Diffie Hellman keys (at least if the same group is used by many systems). When using RSA, cracking 1024-bit keys may not be beyond the most powerful adversaries either. There are two solutions to this problem. The first is to simply use longer...

Since the very first day I started working in the information security industry, I have found everything to be just so interesting and fascinating. The fire inside me I have for knowledge has been doused in petrol by stories of complex crimes, and this has educated me and forced me in to some real life studies. Over the years, I have delved quite...

A recent report detailing the latest trends in phishing attacks revealed that the top 10 targets suffered more than three-quarters of all phishing attacks observed worldwide. The study (PDF), conducted by the Anti-Phishing Working Group (APWG), examined all phishing attacks detected in the second half of 2014, including data from several phishing...

Approximately 1.25 million personal records were compromised by hackers in a recent targeted attack, confirmed the organization that manages Japan's universal public pension system. According to the Wall Street Journal, hackers succeeded in compromising the names and pension numbers of 31,000 people in the attack, as well as the names, pension...

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...

Section 215 of the USA PATRIOT Act will expire on June 1, 2015, unless congress extends it. It is important to note that this is NOT the entire USA Patriot Act as many politicians have claimed with their fearmongering. Section 215 needs to expire if we want to protect our privacy rights, and to support international business growth; our national...