Security researchers presenting at this week's RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone. Skycure's Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot. And it doesn't even matter if targeted devices are trying to...

A security researcher has found that hackers used phishing emails to penetrate Sony Picture Entertainment’s computer networks last fall. Stuart McClure , CEO of computer security firm Cylance , says he analyzed a downloaded database of Sony emails and in the process discovered a pattern of phishing attempts. “We started to realize that there was constant email around Apple ID email verification...

Last month, I participated in the Tripwire VERT cybersecurity Capture the Flag contest organized for infosec students with some awesome prizes: BSides Las Vegas & DEF CON 23 travel packages and more… I’m in! Even though I didn’t get that far, it was a great learning experience! The CTF started on March 27 when I got an email from the organizers with a link , the rules and the following format: “In...

We at Tripwire are very excited that RSA Conference 2015 is finally upon us. Not only are we looking forward to all of the attendees who will join us at Booth 3301 over the course of RSA, but we are also eager to hear all of the keynote speakers. Acknowledging this excitement, we decided to sit down with Steven Fox , one of the conference’s keynote speakers, and explore the ideas that will shape...

A report published by the Partnership for Public Service and Booz Allen Hamilton reveals that an insufficient cyber security workforce is hampering the United States’ efforts to properly defend its networks. According to the report, non-competitive pay and strict hiring practices are aggravated by a lack of pipelines that value computer security talent, not to mention the absence of a government...

Have you ever received unwanted calls from auto-dialers and telemarketers at a time when you did not want to be called? Has an auto-dialer or telemarketer ever tried to scam you? Have you noticed that the numbers of certain incoming calls don’t seem accurate? If you have answered yes to any of these questions, you might have seen a spoofed caller ID. Anyone can spoof a phone number and make it...

It’s that time of year, again, when the brightest minds in the business gather to talk all things cyber in the city of San Francisco. To start off the busy week ahead, BSidesSF kicked off day one with some great speakers and intriguing presentations. For those of you that didn’t make it out, here’s a short and sweet recap of some of today’s talks. It was definitely a tough choice between the two...

The Internet of Things (IoT) is a buzzword that many use to describe a not-so-distant reality in which devices and machines talk to one another. To some, however, the potential of IoT extends well beyond the mere notion of a “smart,” interconnected world. Included in this group of observers is Jeremy Rifkin , an author, political advisor and social activist who recently keynoted the CeBit...

If, on Tuesday, you find yourself in San Francisco, with access to RSA , then I know how you should spend your time from 1PM PST. Alex Cox, Ken Westin , and I will be introducing our panel: Killing the Kill Chain: Disrupting the Cyber Attack Progression. Instead of talking about how you can preemptively stop an attack, we plan to show you. With Ken acting as our moderator, translator and all...

A new dark web market has appeared, focused on the selling of 0-day exploit code. The market is called "TheRealDeal Market," and although still in its infancy, there are already a few exploits listed. One exploit claims to target the recent MS15-034 Microsoft IIS Remote Code Execution vulnerability and comes with reverse shell and research information associated with it. According to the...

Modern organizations that depend on SaaS have been increasingly adopting Identity Providers or single sign-ons (SSOs) in order to federate authentication back to home directory services. Most SSOs support SAML or OAuth, and a growing number of SaaS companies are jumping on board to eliminate the liability of storing customer password hashes. Although an SSO-integrated SaaS solution solves a...

According to a collection of leaked Sony emails and documents, the popular television show Doctor Who is projected to be made into a Hollywood blockbuster in the next few years. In a leaked email sent to Sony Pictures Entertainment chief executive Michael Lynton, president of international production Andrea Wong reveals that she spoke to Danny Cohen, the director of BBC Television, regarding the...

The Verizon 2015 Data Breach Investigations Report has always had a conversational, quirky style to share some pretty technical information about the security breach data it analyzes. So if you’re wondering what Prince has to do with vulnerability management, just know that when you read the full report, you’ll understand – a lot of song titles are used to help give the detailed analysis a little...

Numbers, statistics, pie charts and survey results are everywhere – especially in the information security space. Nevertheless, have you ever finished reading a vendor whitepaper or a research institution’s annual security report and the data presented just made your spidey sense tingle? You are probably sensing a manipulation of statistics, an age-old talent that has been going on for a very long...

Network Forensics is a branch of Digital Forensics that deals with the capture, storage and analysis of network traffic. Incident handlers working on computer incident response and security operations teams around the world engage in this type of analysis in order to answer the “Five Ws” in relation to incidents: [W]ho did it? [W]hat happened? [W]here (in the virtual realm) did this occur? [W]hen...

In the first installment of this blog post , I took you through how I completed level 1 of Tripwire Vulnerability and Exposure Research (VERTs) Capture the Flag contest. Now, I’ll show you how I finished level 2 and successfully completed the challenge. Level 2 Going to the link above results in a registration page (pictured below), which requires a username, a password, as well as a "display name...

We have seen a number of nation-states beginning to use black hat hacking tools and espionage tactics in an effort to steal intellectual property from corporations, target retailer customer databases, and monitor the electronic communications of entire national populations for terrorist threats. This development, as well as the risk of cyber attacks against critical national infrastructure and...

A computer espionage gang has sent a rival advanced persistent threat (APT) group a spear phishing email in what might be the first reported instance of an APT-on-APT attack. In February of last year, Naikon, one of the most active APT groups in the Asian region, launched a spear phishing email campaign . Another APT group, Hellsing, was one of its targets. Hellsing is a relatively small threat...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-610 on Wednesday, April 15th. MS15-032 Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE Internet Explorer ASLR Bypass Vulnerability CVE-2015-1661 MS15-033 Microsoft Office Memory Corruption...

The Android operating system has overthrown the mobile ecosystem, and has taken no prisoners. You can barely walk down the street these days, without seeing consumers completely glued to the screens of their devices. This is the age of instant, unadulterated access to the Internet, email, music and social networking. And Android has become that leading gateway . This rise in the mobile...