Resources | Tripwire

Resources

2014: The Year of the Breach – Part 2

Blog

Blog

2014: The Year of the Breach – Part 2

By David Bisson on Sun, 01/04/2015

In anticipation of the New Year, Tripwire recently published an article that surveyed some of the better-known data breaches that occurred in 2014. We now present Part 2 of our two-part series, “2014: The Year of the Breach.” Home Depot (September) – On September 18 th , Home Depot acknowledged that it had suffered a data breach. The attackers gained entry to the perimeter of the retailer’s...

Why Companies Have Little Incentive to Invest in Information Security

Blog

Blog

Second Member of Hacker Group ‘Lizard Squad’ Allegedly Arrested

By David Bisson on Fri, 01/02/2015

British authorities have allegedly arrested another member of the hacker group ‘Lizard Squad.’ The Daily Dot recently broke the story after it received an email from Vinnie Omari , a 22-year-old member of the hacker group. “They took everything,” Omari explained in the email, which allegedly also contained an image of the British authorities’ search warrant for his home. “Xbox one, phones, laptops...

Ingredients for Architecting the Security of Things

Blog

Blog

Ingredients for Architecting the Security of Things

By Mitch Thomas on Thu, 01/01/2015

One of Tripwire's many strengths is our ability to collect security data and build meaning from it. Meanwhile, the rapidly emerging Internet of Things (IoT) poses some juicy problems to tackle in this regard. I recently came across an interesting article titled 4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 1 of 2 by Brian Oulton. After reading it through, these...

Blog

Phishing Frenzy: The Good, The Bad and How You Can Protect Yourself

By David Bisson on Sun, 11/09/2014

Some scammers are truly gifted in the art of deception, whereas others are downright terrible. Here are some tips to help us discern a bad phish from a good one.

Blog

8-Year-Old CEO Reuben Paul Proves that Kids Are the Future of Cybersecurity

Mon, 10/27/2014

Interview with Reuben and his father, Mano Paul, to discuss his accomplishments, his vision and his future.

Blog

Apple To Add New Security Alerts Following iCloud Hack

Fri, 09/05/2014

In response to the recent debacle that exposed multiple celebrities by hackers breaking into their personal Apple accounts and leaking private images on the web, Apple has stated it plans to launch additional security alerts warning users of possible intrusion.

Blog

Vulnerability Management: Just Turn It Off! Part III

Mon, 08/18/2014

Four unnecessary risks that often appear in even the most secure networks, and step-by-step instructions on how to immediately address these considerable risks that can be hurting the security of our environment.

Blog

Vulnerability Management: Just Turn It Off! Part II

Wed, 08/06/2014

Our last post in the “Turn It Off!” blog series discussed some of the most common and yet unnecessary features that can make your environment more vulnerable, including JBoss JMX consoles, server banners and the Apache HTExploit. These risks are often encountered by our Vulnerability and Exposure Research Team (VERT), even on well-defended networks and many of which have been around for quite some...

Blog

Danger USB! Could a flash drive’s firmware be hiding undetectable malware?

By Graham Cluley on Fri, 08/01/2014

You see that USB stick in your hand? The one that your anti-virus software claims is squeaky-clean and free of any malicious code? Well, maybe it’s not quite as simple as that.

Blog

Detection Script for CVE-2014-0224 (OpenSSL CCS Injection)

By Craig Young on Fri, 06/06/2014

Download a Python based detection script for CVE-2014-0224 here.

Blog

The 36th Article About VPN Split Tunneling

Tue, 04/08/2014

I have done is the most comprehensive meta-analysis on the security world’s view of VPN split tunneling. Will it change my IT team’s mind? Let’s find out…

Blog

NETGEAR Wireless Router Configuration Guide

Mon, 03/31/2014

This guide assumes that the reader has a NETGEAR branded wireless router and knows it’s address on the network. If you have forgotten the administrative password for your device, it may be necessary to perform a factory reset as outlined in this NETGEAR knowledge base article and then to login with the default password. Please note that while performing these steps, a malicious web page could...

Blog

Majority of SOHO Wireless Routers Have Security Vulnerabilities

By Tripwire Guest Authors on Mon, 02/24/2014

Tripwire has announced the results of an extensive analysis of security vulnerabilities in Small Office/Home Office (SOHO) wireless routers.

Blog

Six Tips to Improve Your Router’s Security

By Craig Young on Fri, 02/21/2014

To minimize wireless attacks, here are six basic router tips anyone should include in their security strategies/training protocols.

Blog

Friends Don’t Let Friends Mix XSS and CSRF

By Craig Young on Sun, 02/16/2014

In preparation for my upcoming talk at BSides SF about finding vulnerabilities, I would like to share today some insights regarding two common types of vulnerabilities which leverage web browser in two unique ways. The goal of these vulnerabilities is quite different however. One is used to run untrusted code while the other is used to hijack authentication. The combined effect of these issues can...

Blog

Why the Security Stack Has Ten Layers, Not Seven

By Tripwire Guest Authors on Wed, 01/15/2014

The next item to tackle is the overall security architecture – and this includes several things. But let me first state the disclaimer that of course it is imperative that the correct governance and policies are in place and that technology can’t replace those things. But, it is also clear that however sophisticated, no paper document or process design will block an attack in the meantime until...

Blog

Stolen Target Credit Cards and the Black Market: How the Digital Underground Works

Sat, 12/21/2013

With the Target data breach, many are wondering how criminals can profit from the use of the stolen credit cards. Here's how they do it.

Blog

Bruce Schneier on Breaking Free from “Feudal Security”

Thu, 03/07/2013

“We live in a world where we’re ceding a lot of our power to other companies,” said Bruce Schneier ( @schneierblog ), security blogger and author of “Liars and Outliers” in our conversation at the 2013 RSA Conference in San Francisco. Schneier was referring to companies such as Google and Facebook that control our data as well as companies that control our devices, such as Apple. “These companies...

Blog

Penetration Testing with Smartphones Part 1

Fri, 11/30/2012

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network remotely. Companies focus most of the security spending and policies on keeping hackers out remotely, from firewalls and other security hardening appliances, software and tools. However, given the proliferation of mobile devices in the workplace and use of Wi-Fi...

Blog

15 Tips to Improve Your Infosec Risk Management Practice

By Tripwire Guest Authors on Mon, 10/15/2012

Tips from six CSOs/CISOs from varied industries who have actually applied risk-based security management to their business.