Haskell, an advanced purely functional programming language, has confirmed a security breach in its Debian Builds component. According to an advisory recently posted to Haskell’s blog, “`deb.haskell.org` is currently offline due to [its] hosting provider suspecting malicious activity.” The project’s security teams stated on February 14th that they...

Last week, we investigated the story of Vladmir Drinkman, a Russian hacker who assisted Albert Gonzalez, another notorious hacker, in breaching a number of American retailers and using customers’ stolen payment card credentials to unlawfully withdraw money from ATM machines around the world. With only three hackers remaining, Tripwire now continues...

Source: Damballa State of Infections Report, Q4 2014 According to recent research, the average enterprise receives nearly 17,000 malware alerts per week; however, of these alerts, only 19 percent are considered reliable and a mere 4 percent are further investigated by security engineers. As IT...

A new report indicates that the current malware infection rate for mobile devices is 0.68 percent, leading researchers to believe that at least 16 million devices were infected with malware at the end of 2014. Published by the Motive Security Labs division of the French telecommunications equipment company Alcatel-Lucent, the report found that...

Anyone who has ever visited blog posts on the Forbes website has properly been irritated from time-to-time by its practice of displaying a "Thought of the Day" for a few seconds before it passes you onto the article that you actually wish to read. We all understand that Forbes has to make money like any other web publisher, but the "thought" (which...

It's not your identity they want, or even your credit card number. Those numbers are hard to exploit for quick cash. Banks and card companies have systems that quickly detect fraud. So, why go after an insurance company? Because it’s easy, and they can get away with really good stuff. What the Anthem hackers are after is your medical provider...

The recent Anthem hack that may have compromised 80 million people’s personal health information reveals just how mainstream data breaches have become in recent years. In response to this rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect...

Attackers can use gaps in the X-Frame Options (XFO) support on Google’s Play Store web application to remotely install malware onto users’ Android devices. “A malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal XSS (UXSS) targeting affected...

I still remember my first time reading AlephOne’s ‘Smashing the Stack for Fun and Profit’ – despite not having the proper knowledge to understand it at the time, it put the security bug in my head. It was truly a consciousness raising experience to get that first glimpse of my computer’s inner workings. One thing I did understand from it, loud and...

In the face of the current wave of cyber threats, the U.S. government announced this week in Washington DC that as part of the Homeland Security initiative the current administration is creating a new agency called the Cyber Threat Intelligence Integration Centre (CTIIP) to monitor cybersecurity threats by acquiring, pooling and analysing any...

Facebook announced on Wednesday the launch of a new platform for companies to easily exchange information regarding cybersecurity threats, such as malware and phishing attacks that could be impacting users. The world’s largest social network introduced the program, called ThreatExchange, as “an API-based clearinghouse for security threat information...

A distributed denial of service (DDoS) attack brought down the Dutch national government’s websites yesterday, officials confirm. “The Public and Communications office, part of the Ministry of General Affairs, in conjunction with Centric/Prolocation and the National Cyber Security Center (NCSC), are evaluating the attack,” the government said in a...

Today’s VERT Alert addresses 9 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-601 on Wednesday, February 11. MS15-009 Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE Multiple Elevation of Privilege...

In February’s Patch Tuesday, Microsoft issued an update to fix a privately reported critical vulnerability in Group Policy that could allow potential attackers to achieve remote code execution (RCE) in domain networks. If successfully exploited, an attacker could gain complete control of a vulnerable system, install programs, view data and even...

With cybercrime and major hacking incidents reaching epidemic proportions, the importance of locating application-layer vulnerabilities is rising. Developers and companies are constantly striving to scan their code and improve code integrity in the early development stages, but no application is completely vulnerability-free and external scrutiny...

Major cyber security incidents continue to hit the headlines. Security and privacy are top concerns for IT and security professionals, especially after 2014’s highly publicized data breaches. Companies around the globe were victim to malware, stolen data and exploited vulnerabilities. Big companies weren’t immune to this, with Target, JPMogan Chase,...

Drones have been talked about quite a bit in the news over the past couple of years—whether it’s the use of unmanned aerial vehicles (UAV) by the military or the viral video showing Amazon’s proposal for speedy drone delivery, the devices have really grabbed people’s attention. Now, many are buying their own personal drones and most are looking at...

Last week, we interviewed Brian Engle, the Chief Information Security Officer and Cybersecurity Coordinator for the State of Texas, and discussed with him the importance of communication in shaping cybersecurity as an ongoing management concern that businesses everywhere need to appreciate. As part of our ongoing “The Voice of the CISO” series, we...

Smart television sets made by Samsung may be capturing personal information spoken by their owners and subsequently transmitting it to a third-party. This warning is based off the research of The Daily Beast, which in reviewing the SmartTV supplement to Samsung’s privacy policy discovered the following sentence: “Please be aware that if your...

Last week, we investigated the story of Vladislav Anatolievich Horohorin, a Ukrainian hacker who was well known online for managing several web forums where cyber criminals could dump and sell users’ stolen payment card credentials. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladmir...