In the last few days, I have seen multiple articles on ransomware in my news feeds (including a shameless reference back to our own post on The State of Security ). As I read these, it occurred to me that there is an ironic similarity between these schemes and legitimate companies. The criminals running these malware and ransomware schemes have to be honest and deal in good faith with their...

If your organization decides to put their corporate files – or their customers’ files – onto someone else’s computer, i.e., implement cloud computing , what security effort should those organizations undertake to ensure the safety of their data? That is the question that we find our customers looking to Tripwire to help them answer. As a Tripwire field sales engineering manager, I am increasingly...

Britain has announced a number of initiatives to boost its cyber security defenses and counter threats, including a £165 million investment in cyber security startups. Chancellor George Osborne introduced the ‘Defense and Cyber Innovation Fund’ on Tuesday during a speech at GCHQ – the headquarters of Britain’s spy agency. Osborne also announced the UK’s plans to double its public spending on...

Security researchers have identified a new phishing email scam that is targeting customers of the DHL global delivery service. Analysts with the Comodo Antispam Labs team reveal in a blog post that the phishing email purports itself to be sent from DHL Worldwide and uses the subject line "DHL Shipping Delivery Tracking Number" to support this falsehood. In reality, however, the scam is sent from...

In September, Black Hat Europe announced an interesting talk that entitled “Even the LastPass will be stolen, deal with it” . As reported in an earlier article , it was anticipated (based on the description on the conference announcement) that the “Remember Password” option was the likely attack vector. The presentation was delivered last week, and as reported on the French news site 01net.com...

Given the number and sophistication of threats stalking today's digital landscape, it is incumbent on organizations to improve their cyber resiliency. However, this task is not as easy as it sounds. Our network environments have evolved far beyond the confines of what antivirus solutions or firewalls alone can protect. The Internet of Things (IoT) and smart appliances, among other recent...

A security firm has discovered that tens of thousands of tablets sold on Amazon.com and elsewhere came pre-loaded with the Cloudsota Trojan. Chinese mobile Internet security company Cheetah Mobile has published a post about its findings. In it, it highlights the complaints of many customers regarding these tablets' poor quality of manufacture, with one buyer stating that he received "a horribly...

It is rare that the good guys help criminals, but that is exactly what the folks at BleepingComputer.com have done. Let it be stated in no uncertain terms that they should be applauded and thanked for doing so. The problem, as reported on the BleepingComputer site , is that there is yet another variant of ransomware that is circulating online. This ransomware, however, has a fatal mistake in the...

Blondes vs brunettes, Kirk or Picard, and the Oxford comma... these are some of the most burning issues that people just can't agree on. And another is whether iPhones are better than Android phones. Both sides have their fervent fans and supporters, and are capable of making convincing arguments to back their point of view. But now a new study (registration required) argues that when it comes to...

According to the Tor Project, the FBI paid researchers at Carnegie Mellon University to launch an attack on the service last year in an effort to expose some of its users. The anonymizing service has written a blog post about its findings: "The Tor Project has learned more about last year's attack by Carnegie Mellon researchers on the hidden service subsystem," begins the post . "Apparently these...

There are important security lessons for CEOs following the embarrassing revelation that a teenager hacked into the personal email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson. This isn't the first nor will it be the last time that people hack into accounts using a variety of techniques; it illustrates the lengths to which amateurs and bad actors will go. In...

On Tuesday, a federal court charged three men with having hacked JP Morgan Chase back in 2014, a breach that resulted in the theft of 83 million people's personal information. The 23-count indictment unsealed by the United States District Court Southern District of New York indicts three men--two Israeli citizens and an American citizen--on charges of identity theft, computer fraud, and other...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult MS15-121 Extremely Difficult MS15-120 No Known Exploit MS15-112 MS15-113 MS15-114 MS15-115 MS15...

Few Internet technologies are relied upon as heavily as TLS/SSL, yet it has been widely known for years that this fundamental security protocol does not do enough to effectively protect communications. The most visible failing of TLS is the reliance on public key infrastructure (PKI) in which every certification authority (CA) becomes a potential single point of failure. Between CAs improperly...

What does it take to succeed as an information security professional? There are many paths to a successful infosec career, many top jobs in the industry , and many different types of people can excel in the field. Indeed, diversity is fundamental to good security. To be effective, security requires contributions from people of different backgrounds and personalities with various interests and...

Some think it’s where sexual deviants access child pornography or where devoted drug users go to purchase their substance of choice; others see it quite differently as a marketplace completely void of personal information – the first of its kind. On the "deep web" lies the Silk Road . It’s an anonymous online market, a place few have visited. That being said, at one point in time, it was the...

A hacker group known as the Armada Collective is currently targeting secure email services with prolonged blackmail distributed denial-of-service (DDoS) attack campaigns. Last week, Geneva-based encrypted email service ProtonMail announced that it had been temporarily knocked offline by a DDoS attack . After issuing a post explaining what it was doing to correct the ongoing downtime, the email...

I’ve attended a number of conferences, and each event always comes with its unique responsibilities. If I go as an attendee, I’m generally taking notes to share information; if I go as a speaker, I’m on stage at some point talking; and if I go to help marketing, I’m at our booth shaking hands and explaining what Tripwire VERT does. All of these are great experiences, but none of them compare to...

EMC and a Connecticut-based hospital have agreed to pay the state $90,000 to resolve an investigation dating back to 2012 regarding the theft of a laptop containing unencrypted patient data. According to an “ Assurance of Voluntary Compliance ” agreement signed by both companies, the laptop was stolen from the home of an employee of EMC Corporation, whom was contracted by Hartford Hospital on a...

A security firm has uncovered a new strain of ransomware that is seeking to extort money from websites powered by the Linux operating system. On Thursday, Russian antivirus company Dr. Web added the malware, known as "Linux.Encoder.1," to its virus database. A description of the ransomware was created the following day: "Once launched with administrator privileges, the Trojan loads into the memory...