Numbers, statistics, pie charts and survey results are everywhere – especially in the information security space. Nevertheless, have you ever finished reading a vendor whitepaper or a research institution’s annual security report and the data presented just made your spidey sense tingle? You are probably sensing a manipulation of statistics, an age-old talent that has been going on for a very long...

Network Forensics is a branch of Digital Forensics that deals with the capture, storage and analysis of network traffic. Incident handlers working on computer incident response and security operations teams around the world engage in this type of analysis in order to answer the “Five Ws” in relation to incidents: [W]ho did it? [W]hat happened? [W]here (in the virtual realm) did this occur? [W]hen...

In the first installment of this blog post , I took you through how I completed level 1 of Tripwire Vulnerability and Exposure Research (VERTs) Capture the Flag contest. Now, I’ll show you how I finished level 2 and successfully completed the challenge. Level 2 Going to the link above results in a registration page (pictured below), which requires a username, a password, as well as a "display name...

We have seen a number of nation-states beginning to use black hat hacking tools and espionage tactics in an effort to steal intellectual property from corporations, target retailer customer databases, and monitor the electronic communications of entire national populations for terrorist threats. This development, as well as the risk of cyber attacks against critical national infrastructure and...

A computer espionage gang has sent a rival advanced persistent threat (APT) group a spear phishing email in what might be the first reported instance of an APT-on-APT attack. In February of last year, Naikon, one of the most active APT groups in the Asian region, launched a spear phishing email campaign . Another APT group, Hellsing, was one of its targets. Hellsing is a relatively small threat...

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-610 on Wednesday, April 15th. MS15-032 Multiple Memory Corruption Vulnerabilities in Internet Explorer MULTIPLE Internet Explorer ASLR Bypass Vulnerability CVE-2015-1661 MS15-033 Microsoft Office Memory Corruption...

The Android operating system has overthrown the mobile ecosystem, and has taken no prisoners. You can barely walk down the street these days, without seeing consumers completely glued to the screens of their devices. This is the age of instant, unadulterated access to the Internet, email, music and social networking. And Android has become that leading gateway . This rise in the mobile...

Reading through the Verizon Data Breach Investigations Report (aka DBIR), the amount of information about last year's breaches is daunting. Let's look at one category of the report—Phishing. Teach a man to phish? Why did I focus on phishing? Because it is on the mind of a lot of CISOs these days. As we know, quite a few high-profile breaches have come about because of successful phishing attacks...

Verizon’s annual Data Breach Investigations Report (DBIR), published since 2008, has become one of the most anticipated information security industry reports. Think of it as the Data Breach Bible, as it dissects thousands of confirmed data breaches and security incidents from around the globe into emergent and shifting trends, providing us with insightful guidance to apply to our own security...

There has been a dramatic increase in the attention paid to the information security field due, in part, to a number of high-profile breaches. There is a much higher level of concern over what information security means, what it provides and how to approach it. The field has graduated from fringe awareness to bad mainstream TV dramas . This growth has also opened a large marketspace where vendors...

Tripwire's Vulnerability and Exposure Research Team (VERT) set up a three­ and ­a ­half day Capture the Flag (CTF) contest, where over 100 people from the academic community (mostly students, but more generally, people "affiliated with an educational institution") competed in exploiting two vulnerable web applications. The idea of a CTF is that there are hidden "flags" (which can be links...

Earlier this week, I talked to the director of security at a Fortune 500 company. The company recently suffered a breach caused by malware. This news is not earthshattering; virtually every large organization has been hacked at one time or another, with malware being a top culprit. What is surprising, though, is the company’s drastic response to the breach. After trying to detect cyber-threats...

Last week, Tripwire explored the story of Lance Ealy , a computer criminal who filed more than 150 fake tax refund requests, some of which he completed via the use of stolen Social Security numbers, back in 2013. We now report on the story of Timothy Lance Lai, a former private tutor who was arrested in the fall of 2014 for having helped some of his students hack into their schools’ computer...

Security researchers have identified flaws in a specific ransomware encryptor that allow victims to decrypt their files without having to pay in 70% of cases. The encryptor, known as Trojan-Ransom.Win32.Scraper, was first detected in an attack against Japanese users on October 24, 2014. Along with CTB-Locker, it marks a new generation of ransomware that are based on encryptor Trojans . Scraper...

Detecting and preventing malicious software from executing on critical systems has received a lot of attention in the information security industry lately. Being able to detect new applications, drivers and files is what Tripwire Enterprise excels at. However, there are quite a few options for a motivated attacker to take advantage of built in applications and tools within the operating system to...

According to security researchers, a popular Google Chrome extension with 1.2 million downloads has been collecting users’ browsing information with the purpose of selling the data to third parties. Christian Mariolini, a researcher with the computer security firm Sentor , first discovered the spyware in the Webpage Screenshot extension back in March of this year. “We monitor our customers'...

Pro-ISIS hackers have managed to take a French TV network off air, and hijack its website and Facebook page. 11 channels belonging to the French-language TV network, which broadcasts to more than 200 countries worldwide, stopped transmitting programmes after what was described as an "extremely powerful cyberattack". The TV network's director general, Yves Bigot, told the media (presumably those...

We have a problem in the security community – or maybe within the modern information age of humanity in general. That problem is we see security as a technology, policy, privacy or people issue, instead of an integrated combination thereof. However, despite standards, laws, best practices, lessons learned and new technology we continue to practice defense-in-depth wrong. We still treat security as...

AT&T has agreed to pay a $25 million penalty in a settlement with federal regulators after data breaches in several Latin American call centers exposed the personal information of nearly 280,000 U.S. customers. In a complaint released Wednesday, Federal Communications Commission (FCC) officials stated call center contractors in Mexico, Colombia and the Philippines collected sensitive account...

Having been the only UK person to attend, sit on a Panel and to have presented at the ISMG APT Summit in Atlanta , I have returned home refreshed, invigorated, and completely motivated by the multiple experiences I enjoyed with my US colleagues, who again demonstrated they do ‘git-it’ when it comes to the "cyber challenge." My own participation related to the elements of incident response, and the...