There are important security lessons for CEOs following the embarrassing revelation that a teenager hacked into the personal email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson. This isn't the first nor will it be the last time that people hack into accounts using a variety of techniques; it illustrates the lengths to which amateurs and bad actors will go. In...

On Tuesday, a federal court charged three men with having hacked JP Morgan Chase back in 2014, a breach that resulted in the theft of 83 million people's personal information. The 23-count indictment unsealed by the United States District Court Southern District of New York indicts three men--two Israeli citizens and an American citizen--on charges of identity theft, computer fraud, and other...

Today’s VERT Alert addresses 12 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-643 on Wednesday, November 11th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult MS15-121 Extremely Difficult MS15-120 No Known Exploit MS15-112 MS15-113 MS15-114 MS15-115 MS15...

Few Internet technologies are relied upon as heavily as TLS/SSL, yet it has been widely known for years that this fundamental security protocol does not do enough to effectively protect communications. The most visible failing of TLS is the reliance on public key infrastructure (PKI) in which every certification authority (CA) becomes a potential single point of failure. Between CAs improperly...

What does it take to succeed as an information security professional? There are many paths to a successful infosec career, many top jobs in the industry , and many different types of people can excel in the field. Indeed, diversity is fundamental to good security. To be effective, security requires contributions from people of different backgrounds and personalities with various interests and...

Some think it’s where sexual deviants access child pornography or where devoted drug users go to purchase their substance of choice; others see it quite differently as a marketplace completely void of personal information – the first of its kind. On the "deep web" lies the Silk Road . It’s an anonymous online market, a place few have visited. That being said, at one point in time, it was the...

A hacker group known as the Armada Collective is currently targeting secure email services with prolonged blackmail distributed denial-of-service (DDoS) attack campaigns. Last week, Geneva-based encrypted email service ProtonMail announced that it had been temporarily knocked offline by a DDoS attack . After issuing a post explaining what it was doing to correct the ongoing downtime, the email...

I’ve attended a number of conferences, and each event always comes with its unique responsibilities. If I go as an attendee, I’m generally taking notes to share information; if I go as a speaker, I’m on stage at some point talking; and if I go to help marketing, I’m at our booth shaking hands and explaining what Tripwire VERT does. All of these are great experiences, but none of them compare to...

EMC and a Connecticut-based hospital have agreed to pay the state $90,000 to resolve an investigation dating back to 2012 regarding the theft of a laptop containing unencrypted patient data. According to an “ Assurance of Voluntary Compliance ” agreement signed by both companies, the laptop was stolen from the home of an employee of EMC Corporation, whom was contracted by Hartford Hospital on a...

A security firm has uncovered a new strain of ransomware that is seeking to extort money from websites powered by the Linux operating system. On Thursday, Russian antivirus company Dr. Web added the malware, known as "Linux.Encoder.1," to its virus database. A description of the ransomware was created the following day: "Once launched with administrator privileges, the Trojan loads into the memory...

We read about hacks of social media accounts all the time, but what’s the point of it? How can someone benefit from hacking a personal social media account, especially a non-celebrity, when there are so many other things to hack? Go steal from a bank or something, right? This article is going to look at a few reasons why a social media account is hacked. The goal is for you to understand why you...

A woman has lost $825 she won betting on the 2015 Melbourne Cup after she posted a photo of herself holding the winning ticket on Facebook. According to The Daily Mail , a woman named Chantelle placed a $20 bet on the 100-to-1 shot Prince of Penzance at this year's Melbourne Cup, Australia's most prestigious Thoroughbred horse race. "I've never bet before," Chantelle said in an interview, "so me...

In the early morning hours of Monday, November 1 st , the Kansas City Royals won the 2015 major league baseball World Series . To be sure, the team secured its championship against the expectations of most. In the fifth game, the Royals trailed behind the New York Mets 0-2. Everyone expected that the Mets would win, but then things changed. At the top of the ninth inning, the Royals scored two...

For decades, the field of computer security has evolved as a cat-and-mouse game between security researchers and malware authors. When the former devises new methods to detect malicious programs, the latter incorporates into their software dormant functionality scenarios and a variety of other evasive techniques – four of which are now particularly common among malware samples – to counteract them...

Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users. Now attention has been turned on to another piece of software that can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote device. But, unlike DroidJack, OmniRAT doesn't limit...

ProtonMail, a Switzerland-based encrypted email service, recently suffered an "extremely powerful" distributed denial-of-service (DDoS) attack that has temporarily knocked it offline. On Tuesday, ProtonMail tweeted out that it was experiencing a DDoS attack and that it anticipated some of its services would become temporarily unavailable. The email provider has since been working with its data...

A blind spot is defined as “an area where a person's view is obstructed.” As a longstanding professional in the industry, seeing the rhetoric change over the years, from Information Security, through Information Assurance and now to “cyber security,” what is occurring is the creation of a significant and worrying blind spot. Sadly, what people appear to be hearing is “something, something...

You can hack a toaster, a TV and a car ... but a mainframe? Isn’t everything on Windows and Linux? Who still uses mainframes (specifically IBM’s flagship System Z running Z/OS)? They’re obsolete, specialized and cumbersome, just like the stuff that runs on them: TSO, JES, Walker, CICS, VTAM, MVS, IMS. And they’re pretty much sequestered from all the fun and games on the Internet – or so you would...

The UK telecommunications provider TalkTalk has made headlines in recent weeks following a breach against its website. Initially, the incident was believed to have compromised the personal and financial information of as many as four million TalkTalk customers. However, these estimates have since been revised as a result of an ongoing investigation led by London's Metropolitan Police. To clarify...

After just a few hours with a shiny new Nexus 5X running the latest version of Android 6.0 AKA “Marshmallow” release , a few behaviors have already caught my attention as welcomed security and privacy changes for the user-experience. (A few other items have caught my interest as points of potential vulnerability, but I’ll leave that for another day.) The first thing I noticed is that NFC was...