Blog

Blog

Millions of WordPress Websites at Risk from in-the-wild Exploit

What's happened? A widespread vulnerability has been found in WordPress, that impacts millions of websites running the popular blogging software and content management system. What's the vulnerability? It's a cross-site scripting (XSS) vulnerability inside the popular JetPack plugin. and the default Twenty Fifteen theme installed on all WordPress...
Blog

Six Steps to Protect Your SMB Against a Data Breach

The number of data breaches increased 27.5% in 2014, making measures against these types of security incidents increase significantly among large companies. What about small businesses? Do they really stand a chance against hackers and security incidents? Being a small company might make you think no hacker will bother stealing your data. But, just...
Blog

Top 10 Information Security Conferences

Recently, we compiled a list of the top 10 highest paying jobs in information security in an effort to help individuals navigate this exciting field as a career choice. That being said, we would be remiss if we stopped there. Information security is continuously evolving, so knowing which events offer the best opportunities for learning new ideas...
Blog

Why You Need a Disciplined Response to Digital Forensics

With acceptance that the prospect of unauthorised incursion, hacks and/or compromise of corporate, and personal systems is to now be expected, it would seem to make good sense to accommodate mechanisms with which the organisation may respond to such manifestation as and when they are encountered. It is this awareness which is driving many reputable...
Blog

Stop Sending Me Threat Intelligence in Email

I've been talking to many different organizations recently about their sources of threat intelligence, and one thing I've heard numerous times is that some of the most timely, valuable threat intelligence they are receiving is via email. I’ve even heard that we’ve made some progress with STIX, as sometimes STIX content is attached to the emails...
Blog

Computer Criminals Brought to Justice – Konstantin Simeonov Kavrakov

Last week, Tripwire explored the story of Austin Alcala, a teenager who penetrated a number of American videogame corporations and the United States military as a member of an international hacking group. We now report on the story of Konstantin Simeonov Kavrakov, a Bulgarian hacker who is responsible for having infiltrated Bill Gates’ bank account...
Blog

Top Critical Skill In Information Security: Be Humble

"The more I learn, the more I realize how much I don't know.” – Albert Einstein Being involved in information security is intimidating. Not just because you are dealing with complex technology with serious implications if you fail, but everyone around you is going to be smarter than you. Even your adversaries. Especially your adversaries. Get...
Blog

Hard Rock Casino Credit Card Breach Undetected for 7 Months

The Hard Rock Casino in Las Vegas has been hit with malware leading to the compromise of credit card data, names and addresses at restaurant, bar and retail locations. The compromise did not affect the hotel or casino transactions. At this time, no details regarding the specific malware or other specifics regarding the compromise were provided....
Blog

FBI Assists Rutgers University Investigate Second DoS Attack in a Month

The Federal Bureau of Investigation (FBI) is assisting Rutgers University investigate the source of a second targeted attack that has crippled the university’s Internet in the past month. “The Federal Bureau of Investigation is assisting the university with its search,” agency spokeswoman Celeste Danzi explained on Wednesday. ...
Blog

RSA 2015 Keynote: Don't Be Afraid of the Bumps in the Night

Thirty thousand people; five hundred vendors; a clan of security practitioners seeking out safety in their ecosystem; a tribe of knowledge pursuing the opportunity to share best practice and thought leadership to increase likelihood of survival... my first RSA. Amit Yoran’s Keynote suggests that an evolution out of the Dark Ages of Security is...
Blog

The Insecurity of Open Source is Not Poisoning the Well

In ages past, invading armies would poison the water source – usually a well – of a city in order to reduce the fighting capability of the enemy or to force the populace of a city under siege to surrender. This method was usually successful because an invader could have a devastating effect on a very large population with minimal yet targeted effort...
Blog

This Hacker has Implanted a Chip in his Body to Exploit your Android Phone

Plenty of people these days are prepared to augment their bodies with face furniture, piercings, rings and tattoos. But would you implant a chip in your hand to show how easy it is to exploit an Android phone? That's what former US navy petty officer Seth Wahle did, in an attempt to demonstrate how business networks could be compromised. Wahle took...
Blog

Cybersecurity Issues – Is Continuous Monitoring Enough?

Continuous monitoring is poised to do for information security what cloud deployment did for global productivity. Continuous monitoring not only has a role to play in preventing large-scale data breaches but it can also help compliance-sensitive organizations save money by facilitating long-term compliance continuity and reducing annual audit...
Blog

The Four Most Common Evasive Techniques Used by Malware

Earlier this month, Lastline, a security firm that focuses on real-time analysis of advanced malware, issued a new report on the evolving landscape of evasive malware. Co-founder and chief scientist at Lastline Christopher Kruegel published the report as part of his presentation for RSA Conference 2015 entitled, “Evasive Malware Exposed and...