This might be hard to believe, but it is true: 59 percent of data breaches are happening not because of some smart hacker who wants to do harm to your company but because of your own employees. In order to stop these incidents, you have to focus on two things (other than investing in new technology): set your internal processes and procedures correctly, and train your employees and make them aware...

Last time, we explored the story of Timothy Lance Lai , at one time a private tutor who was arrested for providing his former students with a keylogger, which they in turn used to change their grades. We now report on the story of Austin Alcala, a teenage hacker who infiltrated various American corporations and the United States military as a member of an international hacking group. At just age...

After an action-packed week at RSA, we’re happy to say this year’s show didn’t disappoint, as it encouraged the information security community to “challenge today’s security thinking.” We saw consistent themes across many presentation topics, as well as vendors’ messaging, including one of the biggest issues seen in the recently released Verizon DBIR : people are the problem . Below are a few...

On Saturday, the website and Twitter account of electric vehicle maker Tesla was compromised briefly, as well as CEO Elon Musk's Twitter account. The website was defaced after the DNS for TeslaMotors.com was redirected to another server hosting an image with various messages and faces of a few people. The DNS may have been compromised through a phishing attack, as is usually the case; however...

It could be said that the proliferation of automation is the defining characteristic of the last 100 years. In almost every area of our lives, we’ve found a way to leverage technology to increase our efficiency, freeing us up for higher-order tasks… The things we like to do, the things that are hard, the things we’re good at. A great example of this is the evolution of personal travel. What used...

Earlier this month, an explosion at a power station in Maryland caused outages at the White House, the Capital, and the State Department. The service interruption, which affected between 10,000 and 30,000 people, was caused by a 230-kilovolt transmission conductor that broke free from its support structure, according to NBC News . As a result, the Smithsonian and other popular tourist sites in the...

According to a tech consultant, Facebook collects all writing that is entered into a text box and sends it to its servers regardless of whether a user chooses to publish it. In a post published on his blog , Príomh Ó hÚigínn explains that Facebook sends an HTML post request containing the text a user writes. He observed this network traffic using Firefox Devtools. “This is outright Orwellian, and...

Security researchers presenting at this week's RSA Conference in San Francisco, have uncovered a whole new compelling reason to switch off your phone. Skycure's Yair Amit and Adi Sharabani have demonstrated a startling vulnerability in iOS that can allow malicious hackers to crash any iOS device within range of a WiFi hotspot. And it doesn't even matter if targeted devices are trying to...

A security researcher has found that hackers used phishing emails to penetrate Sony Picture Entertainment’s computer networks last fall. Stuart McClure , CEO of computer security firm Cylance , says he analyzed a downloaded database of Sony emails and in the process discovered a pattern of phishing attempts. “We started to realize that there was constant email around Apple ID email verification...

Last month, I participated in the Tripwire VERT cybersecurity Capture the Flag contest organized for infosec students with some awesome prizes: BSides Las Vegas & DEF CON 23 travel packages and more… I’m in! Even though I didn’t get that far, it was a great learning experience! The CTF started on March 27 when I got an email from the organizers with a link , the rules and the following format: “In...

We at Tripwire are very excited that RSA Conference 2015 is finally upon us. Not only are we looking forward to all of the attendees who will join us at Booth 3301 over the course of RSA, but we are also eager to hear all of the keynote speakers. Acknowledging this excitement, we decided to sit down with Steven Fox , one of the conference’s keynote speakers, and explore the ideas that will shape...

A report published by the Partnership for Public Service and Booz Allen Hamilton reveals that an insufficient cyber security workforce is hampering the United States’ efforts to properly defend its networks. According to the report, non-competitive pay and strict hiring practices are aggravated by a lack of pipelines that value computer security talent, not to mention the absence of a government...

Have you ever received unwanted calls from auto-dialers and telemarketers at a time when you did not want to be called? Has an auto-dialer or telemarketer ever tried to scam you? Have you noticed that the numbers of certain incoming calls don’t seem accurate? If you have answered yes to any of these questions, you might have seen a spoofed caller ID. Anyone can spoof a phone number and make it...

It’s that time of year, again, when the brightest minds in the business gather to talk all things cyber in the city of San Francisco. To start off the busy week ahead, BSidesSF kicked off day one with some great speakers and intriguing presentations. For those of you that didn’t make it out, here’s a short and sweet recap of some of today’s talks. It was definitely a tough choice between the two...

The Internet of Things (IoT) is a buzzword that many use to describe a not-so-distant reality in which devices and machines talk to one another. To some, however, the potential of IoT extends well beyond the mere notion of a “smart,” interconnected world. Included in this group of observers is Jeremy Rifkin , an author, political advisor and social activist who recently keynoted the CeBit...

If, on Tuesday, you find yourself in San Francisco, with access to RSA , then I know how you should spend your time from 1PM PST. Alex Cox, Ken Westin , and I will be introducing our panel: Killing the Kill Chain: Disrupting the Cyber Attack Progression. Instead of talking about how you can preemptively stop an attack, we plan to show you. With Ken acting as our moderator, translator and all...

A new dark web market has appeared, focused on the selling of 0-day exploit code. The market is called "TheRealDeal Market," and although still in its infancy, there are already a few exploits listed. One exploit claims to target the recent MS15-034 Microsoft IIS Remote Code Execution vulnerability and comes with reverse shell and research information associated with it. According to the...

Modern organizations that depend on SaaS have been increasingly adopting Identity Providers or single sign-ons (SSOs) in order to federate authentication back to home directory services. Most SSOs support SAML or OAuth, and a growing number of SaaS companies are jumping on board to eliminate the liability of storing customer password hashes. Although an SSO-integrated SaaS solution solves a...

According to a collection of leaked Sony emails and documents, the popular television show Doctor Who is projected to be made into a Hollywood blockbuster in the next few years. In a leaked email sent to Sony Pictures Entertainment chief executive Michael Lynton, president of international production Andrea Wong reveals that she spoke to Danny Cohen, the director of BBC Television, regarding the...

The Verizon 2015 Data Breach Investigations Report has always had a conversational, quirky style to share some pretty technical information about the security breach data it analyzes. So if you’re wondering what Prince has to do with vulnerability management, just know that when you read the full report, you’ll understand – a lot of song titles are used to help give the detailed analysis a little...