Resources

Blog

Thousands of Uber Credentials For Sale on the Dark Web

Uber credentials of thousands of users were spotted for sale on an underground marketplace for as low as $1 per stolen username and password. According to a report by Ars Technica, the logins are being offered by two separate vendors on AlphaBay – an online black market operating on the Tor network. ...
Blog

The CSI Effect: Cyber

I know that I am not the target demographic for CSI: Cyber. Just as I assume anyone who does anything remotely related to law enforcement isn't interested in watching a cop procedural, I don't generally watch shows that feature “hackers” – not just because my perspective might make the viewing experience frustrating, but because “hacking” is...
Blog

GitHub Hit With Massive DDoS Attack, China Allegedly Involved

The popular coding website GitHub was hit with a massive denial-of-service (DDoS) attack late Thursday night, with some users experiencing intermittent service outages. According to security researcher and blogger Anthr@x, the ongoing attack, which intensified on and off for more than 24 hours, appeared to originate from the Chinese web services...
Blog

Potential Consequences of Hacking Tutorials on the Web

When I was about 10 years old, I read a book about Kevin Mitnick, Pengo and Robert Morris. While their exploits seemed very interesting, each story ended in jail time or at the very least, derailment of career goals. My unsophisticated Internet searching circa the early 2000s led me to the same conclusion. Hacking was a neat skill to have but the...
Blog

TeslaCrypt Ransomware Encrypts Video Game Files

A new type of ransomware is encrypting victims’ video game files in addition to targeting other documents stored on their computers. According to Bleeping Computer, the ransomware strain, dubbed “TeslaCrypt,” was first discovered by Fabian Wosar of Emsisoft earlier this year. TeslaCrypt mimics other ransomware, including CryptoLocker, in that it...
Blog

Applying a Stress-Test to Your IT Infrastructure

Banks regularly undergo mandatory stress tests. These tests are clearly defined, and the results are used to determine how well each bank can maneuver through an economic calamity. If we apply the basic blueprint of a financial stress test to an IT infrastructure, we can loosely define it as: “An analysis conducted under unfavorable scenarios which...
Blog

Streamers on Twitch Breach: Game Over or Restart?

While I work in security, when it’s quitting time, I’m a gamer through and through. My home is littered with consoles from Sega Genesis and NES to PS3 and Xbox One. My last two PC purchases have been strictly gaming machines, and I even bought a game pad for my iPhone because I enjoy playing (and streaming) Asphalt 8. This year, I’ve casually...
Blog

Ransomware Holds School District’s Computer Systems Hostage

Ransomware has disabled a New Jersey school district’s computer systems, with the attackers demanding hundreds of Bitcoins as ransom to restore access to files seized in the attack. In a post published to the district’s website, officials at Swedesboro-Woolwich School District explain that the incident, which occurred on March 22nd, thus far...
Blog

Computer Criminals Brought to Justice – Aleksei Shushliannikov

Earlier this month, Tripwire announced Computer Criminals Brought to Justice, a continuation of its 10 Notorious Computer Criminals Brought to Justice series, by investigating the story of a young man who was recently arrested in connection with the 2014 hack of the U.S. Department of Defense. This week, we continue our series with Aleksei...
Blog

VERT Vuln School: Format String Attacks 101

The printf() family of functions (printf(), fprintf(), sprintf(), etc.) are surprisingly powerful and, if not properly used, can expose a class of vulnerabilities called format string attacks. These attacks can be very bad because with a well-crafted format string, an attacker could write an arbitrary value into an arbitrary memory location. This...
Blog

Facebook Might Have Exposed Your Phone's Private Photos

Another serious privacy vulnerability has been found on Facebook, which could have put at risk the private photos of millions of users. The problem lies in Facebook Photo Sync, an opt-in feature that the social network introduced in late 2012, which meant any photos you took on your iPhone or Android device would automatically sync up with your...
Blog

Thousands of Android & iOS Apps Still Vulnerable to FREAK Flaw

A recent study found that more than 2,000 apps in the Apple App Store and Google Play Store are still vulnerable to FREAK – a widespread security flaw discovered earlier this month. Attackers exploiting the vulnerability can intercept HTTPS connections between vulnerable users and servers, thus forcing them to use weakened encryption, which can then...