Resources

Blog

Lenovo Customers File Class-Action Lawsuit Over Superfish Adware

Last week, a Lenovo customer filed a class-action lawsuit against the Chinese technology manufacturing company and its Superfish adware, charging both with having invaded customers’ privacy and made money off of analyzing their web browsing habits. In her lawsuit, plaintiff Jessica N. Bennet of California states that she traced a number of spam...
Blog

10 Notorious Cyber Criminals Brought to Justice – No. 2

Last week, we investigated the story of Dmitry Olegovich Zubakha, a Russian hacker who breached Boeing’s computer networks and launched a series of distributed denial of service (DDoS) attacks against Amazon, eBay and Priceline. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Roman Valerevich...
Blog

The Trouble with (Asset) Identity

Have you ever had your identity stolen? Or perhaps an identity crisis? I hope for your sake the answer is "no." However, if it's yes, you are in good company. Computing devices, which I'll loosely refer to as "assets," often change their identity, and at times even have it stolen (as a side note, NIST has a much broader definition of asset more...
Blog

How Will Facebook's 'ThreatExchange' Impact the Security Industry?

Facebook is all about sharing. Users can share thoughts, photos and videos but now, Facebook is trying their hand at a new type of sharing: security threats. Last week, Facebook announced a new platform, called ThreatExchange, for organizations and security professionals to easily exchange cybersecurity threat information. The platform is currently...
Blog

Reflecting on Trust: SuperFish is Super Fishy

In his 1983 Turing Award acceptance speech, "Reflections on Trusting Trust”, Ken Thompson popularized the concept of a compiler backdoor where the compiler not only inserts a backdoor during compilation of a program but also compiles in the code that inserts the backdoor when compiling itself. The core idea of his speech is that we can only trust...
Blog

Security In The Year 2020

We now appreciate the revelation that went public in February 2015 that international hackers circumvented what was supposed to be robust systems and defences, and managed to get away with an estimated $1 billion from a spectrum of around 100 banks located in 30 countries in what has been described as systemic cybercrime. With orchestration, the...
Blog

The Startup Problem

Last month, Michal Nemcok blogged about the lack of security in the Progressive Insurance diagnostic monitoring dongle. By hacking the monitoring device, someone may be able to gain access to and change the behavior of the car, itself. Now, this is serious stuff – vulnerabilities that might impact the operation of the thing that carries your body...
Blog

A "Cyber" Study of the U.S. National Security Strategy Reports

In early February, the White House released its 2015 National Security Strategy (NSS). Each NSS report is symbolic to the extent that it reveals the security issues the acting U.S. president intends to focus on for the coming months and years. While not constituting “hard,” actionable strategies, these documents help to articulate the future...
Blog

Advanced Threat Actor Linked to NSA Uses Spyware to Infect the Disk Drive Firmware of Foreign Targets

A security firm has released a report in which it discusses how an advanced threat actor has been lodging malicious software into foreign target computers’ firmware for more than a decade. According to the report published by Kaspersky Labs, the threat actor, known as “The Equation Group,” uses multiple malware platforms on par with Regin, Stuxnet,...
Blog

Three Keys to a Successful Cybersecurity Defense Program

I’ve been a finance professional for more than 25 years and spent the last 15 years in senior finance roles, mostly as a CFO of both public and private companies. Like many of you, I am often invited by business groups and professional service providers to attend thinly veiled networking events to get the attention of “C” suite officers of both...
Blog

iOS 8 Custom Keyboards – A Hacker’s Best Friend?

I’ve been an iPhone user for quite a while... starting with the iPhone 4, I upgraded to the 4S, the 5, and, now, the 6. With the iPhone 6, I’ve spent a good deal of time investigating the features of iOS 8, something I didn’t do when I upgraded my iPhone 5 because it was already setup and ready to go. One of the features I discovered allows for...
Blog

Haskell Confirms Security Breach in Debian Builds

Haskell, an advanced purely functional programming language, has confirmed a security breach in its Debian Builds component. According to an advisory recently posted to Haskell’s blog, “`deb.haskell.org` is currently offline due to [its] hosting provider suspecting malicious activity.” The project’s security teams stated on February 14th that they...
Blog

10 Notorious Cyber Criminals Brought to Justice – No. 3

Last week, we investigated the story of Vladmir Drinkman, a Russian hacker who assisted Albert Gonzalez, another notorious hacker, in breaching a number of American retailers and using customers’ stolen payment card credentials to unlawfully withdraw money from ATM machines around the world. With only three hackers remaining, Tripwire now continues...
Blog

Report: 16 Million Mobile Devices Infected by Malware at the End of 2014

A new report indicates that the current malware infection rate for mobile devices is 0.68 percent, leading researchers to believe that at least 16 million devices were infected with malware at the end of 2014. Published by the Motive Security Labs division of the French telecommunications equipment company Alcatel-Lucent, the report found that...