Researchers have discovered a critical vulnerability (CVE-2015-0235) in the Linux GNU C Library (glibc) that could potentially allow attackers to execute code on servers and gain remote control of Linux machines, without the necessary system credentials. This flaw is found in most versions of Linux, in which a buffer overflow can be exploited by...

Five cyber criminals down; five to go. Last week, we learned about Lin Mun Poo, a Malaysian hacker who at one time infiltrated a prominent U.S. financial institution as well as a contractor for the Department of Defense. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladislav Anatolievich...

We’ve looked at the Tripwire IP360 Scoring System and how risk is commonly used in two different scenarios, so I figured it was worthwhile to dive into the other complex element of Tripwire’s scoring: skill. Skill is a term that, even within the IP360 Scoring System, has evolved over the years and it’s worth looking at the evolution of the word in...

I started getting involved in learning about the STIX (more here) and TAXII standards in earnest last year. These emerging standards enable effective sharing of cyber threat data in automated ways between different products, people and organizations. In many ways, that makes me a newcomer to these emerging standards; by that point in time The MITRE...

Hacker Halted is an IT security conference with the intention of educating the attendees in security and ethics. Last year, the conference was held in Atlanta on October 16-17. What VERT Presented at Hacker Halted VERT presented an implementation of a protocol independent fuzzer, which was built using python. We developed a fuzzer because we...

Recently, Tripwire reported on the launch of ‘Silk Road Reloaded,’ the newest iteration of the Silk Road underground market where users can purchase drugs and fake IDs. The fact that Silk Road has returned is a testament to users’ ongoing ability to purchase illegal goods online, not to mention merchants’ ability to sell these products. After all,...

The United States and the UK have announced that they will be creating “cyber cells,” intelligence units which will share information and conduct simulated cyber attacks in an effort to enhance the security cooperation between the two countries. “We have got hugely capable cyber defences,” UK Prime Minister David Cameron said about the agreement. ...

At Tripwire, we have recently seen increasing interest from our customers in being able to match up file changes found by our products with threat intelligence that comes from a variety of external sources. We have run into a common issue here when we have gotten down to the implementation details, and so I write this post as a plea to all the new,...

A hacker has defaced the websites of a number of French municipalities with a message in support of the Wednesday attacks against the satirical French magazine Charlie Hebdo, a massacre which killed 12 including two police officers. The front pages of the hacked sites were seen to display the “black flag of Islam,” which has become a symbol of the...

I just walked out of room 716 at SecTor here in Toronto, where I shared details on my Raspberry Pi Pico project. I’m happy that I was finally able to share this and even happier to announce that the GitHub repo is now open to the public. I won’t walk you through the code, but you can reach out to me if you have questions. So, what is the repo? As...

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average...

A 40-year-old man could face up to 10 years in prison, after admitting in a US District Court to sabotaging his former employer's computer systems. Casey K Umetsu, of Honolulu, Hawaii, has pleaded guilty to charges that he deliberately misdirected a financial company's email traffic and prevented customers from reaching its website in a failed...

I’m delighted to share that I will be speaking for the first time at SecTor this year. The talk will be in Theatre 1 at 1:15pm on October 5th. In the session Neither Pointless Nor Boring: Pop It And Lock It Down With CIS Controls, I will be discussing the latest version of CIS Controls. There are 18 Controls in Version 8. We will review these before...

A 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison. Sebastien Raoult, a French national, was arrested at Rabat international airport in Morocco on May 31 2022, while trying to take a flight to...

It’s another new year and hence another occasion to predict how the cybersecurity landscape will evolve in 2023. Once again, it will be challenging, as most every year is, and could wind up being an unusually difficult 12 months because of multiple headwinds. One is that it has become clear that a huge increase in remote working is here to stay, if...

As the world grows increasingly digital and dependent on the internet, cyberthreats are constantly evolving to clash with newer and more rigid security features. Despite cybercriminals’ propensity for finding new and innovative ways to take advantage of their targets, however, there are also tactics that have been in use since the early days of the...