A hacker has defaced the websites of a number of French municipalities with a message in support of the Wednesday attacks against the satirical French magazine Charlie Hebdo , a massacre which killed 12 including two police officers. The front pages of the hacked sites were seen to display the “black flag of Islam,” which has become a symbol of the militant Islamic group ISIS, as well as the...

In December of 2011, Tripwire published a list of security’s top 25 influencers . More than three years later, we are pleased to announce a new list for 2015 -- The Infosec Avengers! For each influencer whom we have selected, we include their Twitter handle, blog URL and reasoning for selecting them. We also include their answer for what infosec-related superpower they would choose to have. This...

Ever heard the phrase 'Loose lips sink ships?' If an attacker (or anyone else) wants to know what’s going on in an organization, all they need to do is go to lunch. Hitting the popular restaurants and cafes around the target location is a no-risk method for gathering data. If two or more coworkers are together for any length of time it’s almost inevitable that they will “talk shop.” The larger the...

I was just reading an article about an FBI investigation of whether US banks are attacking their cyber attackers in an attempt to fight back. Along similar lines, we recently saw reports of Sony taking an offensive position by DDOS-ing sites hosting its content . The question of whether it makes sense to attack your cyber attackers isn't new — this has been a debate in the infosec community for...

There's little doubt that effectively remediating vulnerabilities is an important part of a comprehensive information security strategy. Vulnerabilities in desktops, servers, laptops and infrastructure are commonly involved in intrusions and incidents. For example, the Chthonic malware designed to steal banking details, exploits a known Microsoft Office vulnerability (CVE-2014-1761). While there's...

On any given day, my inbox is a flurry of activity that would make a January snow squall in Canada feel like a light breeze with the occasional flake. Like a snowflake, each email is unique but many share common themes. One of these themes is my favourite discussion topic: vulnerability scoring. I was inspired to further discuss this issue after the POODLE vulnerability (CVE-2014-3566), which has...

The largest inflight Internet provider Gogo is under fire after a Google Chrome security engineer took to Twitter her discovery of the service issuing fake SSL certificates. During a recent flight, Adrienne Porter Felt ( @__apf__ ) noted that while accessing Google sites, the SSL certificate was actually being issued by Gogo – an “unstrusted issuer “ – instead of Google. hey @Gogo , why are you...

Only one percent of consumers believe using a third-party mobile payment provider, such as Apple Pay or Google Wallet, is a safe way to pay for in-store purchases, reveals Tripwire, Inc . This past holiday season, One Poll and Dimensional Research conducted a consumer survey of over 2,011 consumers in the United States and UK. The survey’s findings include the following: Over a quarter (26 percent...

In anticipation of the New Year, Tripwire recently published an article that surveyed some of the better-known data breaches that occurred in 2014. We now present Part 2 of our two-part series, “2014: The Year of the Breach.” Home Depot (September) – On September 18 th , Home Depot acknowledged that it had suffered a data breach. The attackers gained entry to the perimeter of the retailer’s...

British authorities have allegedly arrested another member of the hacker group ‘Lizard Squad.’ The Daily Dot recently broke the story after it received an email from Vinnie Omari , a 22-year-old member of the hacker group. “They took everything,” Omari explained in the email, which allegedly also contained an image of the British authorities’ search warrant for his home. “Xbox one, phones, laptops...

One of Tripwire's many strengths is our ability to collect security data and build meaning from it. Meanwhile, the rapidly emerging Internet of Things (IoT) poses some juicy problems to tackle in this regard. I recently came across an interesting article titled 4 Big Trends that Impact Industrial Automation and What To Do About Them, Part 1 of 2 by Brian Oulton. After reading it through, these...