During my talk at DEF CON 23 last week, I discussed my experience developing USB based trojans and highlighted the fact that attempts to patch these vulnerabilities have done little to mitigate the risks associated with this attack vector. The revelation of CVE-2015-0096, which is a continuation of CVE-2010-2568, was believed to have been patched by...

ICANN, the organisation which oversees the internet's domain name system, regulating web addresses and working with registrars around the world, has revealed that it has fallen victim to a hacker attack during which the details of users who had created profiles on the organisation's public website were exposed. Email addresses (which act as...

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program. According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company's bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth...

The Internet of Things is gradually but very surely creeping in to impact every sphere of modern life. And that goes as much for people as for business, as much for new industries as for incumbent sectors. This network of physical objects has the ability to play havoc with security and is significantly increasing the challenge of securing Industrial...

In the financial industry, business success and sustainability depends on the health of information systems. Damage to a firm’s information systems can tarnish its reputation, compromise its data, as well as result in legal fines and penalties. Large firms often depend on thousands of such systems interconnected via the internet, which raises a...

Back in April, the London-based insurance market Lloyd's reported a 50 percent increase in the number of data breach insurance submissions filed in the first three months of 2015 as compared to last year. This development challenges some of the arguments offered by leading experts in the field of information security that seek to explain why more...

The Bundesrat of Germany – the country’s Federal Council – passed legislation last week requiring critical infrastructure businesses and institutions to implement more robust information security standards. According to reports, the new law will affect more than 2,000 essential service providers, including transportation, health, water, utilities,...

Donald Trump doesn't appear to be having the best of times. Not only has the business tycoon and (now) Republican presidential candidate been dumped by Macy's, Univision and NBC over his comments on Mexican immigrants, but he is now possibly having to deal with the aftermath of a hacker attack too. Criminal hackers may have added to the headaches of...

In the beginning, there were stack buffer overflows everywhere. Overflowing data on the stack made for a quick and easy way to subvert a program to run code provided by an attacker. Initially, this meant simply overwriting the saved return address on the stack with the location of shellcode typically on the stack and perhaps prefaced by a NOP sled,...

Most of us in the cybersecurity industry are familiar with a recent “tweet heard around the world.” Yes, I’m referring to the infamous tweet that caused Chris Roberts to be removed from a United Airlines flight. This incident has undoubtedly generated much criticism aimed at both Roberts and the airline industry. I am not writing this article to...

An independent reviewer in the United Kingdom has called for a new "comprehensive" law to help define security services' online surveillance powers. According to BBC News, David Anderson QC, an independent reviewer of terrorism legislation, stated that a "clean slate" is needed in the approach to surveillance powers used by security services to...

New York’s Superintendent of Financial Services Benjamin Lawsky announced on Wednesday a new set of rules and regulations for businesses accepting, selling or buying virtual currencies. Following nearly a two-year-long effort, Lawsky introduced the first-ever comprehensive framework – known as BitLicense – in a speech at the BITS Emerging Payments...

It’s been a tough few weeks for those of us that are responsible for patching vulnerabilities in the companies we work at. Not only do we have the usual operating system and application patches, we also have patches for VENOM and Logjam to contend with. The two aforementioned vulnerabilities are pretty serious and deserve extra attention. But, where...

It's been almost a year since what some analysts consider the first successful major threat to mobile banking, known as Svpeng, hit the United States. Spreading via a text message campaign, the Svpeng malware went after Android phones. While Svpeng didn’t steal mobile banking credentials, it did detect the presence of certain mobile banking apps and...

Last week, we explored the story of Konstantin Simeonov Kavrakov, a Bulgarian who hacked Bill Gates’ bank account and stole thousands of dollars. We now report on the story of Valérie Gignac, a Canadian woman who is believed to have hacked users’ webcams and subsequently harassed them. According to a statement published by the Royal Canadian Mounted...

The number of data breaches increased 27.5% in 2014, making measures against these types of security incidents increase significantly among large companies. What about small businesses? Do they really stand a chance against hackers and security incidents? Being a small company might make you think no hacker will bother stealing your data. But, just...

Recently, we compiled a list of the top 10 highest paying jobs in information security in an effort to help individuals navigate this exciting field as a career choice. That being said, we would be remiss if we stopped there. Information security is continuously evolving, so knowing which events offer the best opportunities for learning new ideas...

Last week, Tripwire explored the story of Austin Alcala, a teenager who penetrated a number of American videogame corporations and the United States military as a member of an international hacking group. We now report on the story of Konstantin Simeonov Kavrakov, a Bulgarian hacker who is responsible for having infiltrated Bill Gates’ bank account...

You know what I don’t want to talk about any more? Responsible disclosure. The problem is that, as old as that discussion is for information security, it and the adjacent topics, remain relevant for many other industries. There’s a good chance you caught the media coverage of a recent incident...

In ages past, invading armies would poison the water source – usually a well – of a city in order to reduce the fighting capability of the enemy or to force the populace of a city under siege to surrender. This method was usually successful because an invader could have a devastating effect on a very large population with minimal yet targeted effort...