There's bad news for any Windows users who were thinking that the recently-announced FREAK vulnerability wasn't something they had to particularly worry about. When first announced, it was thought that the newly-discovered flaw in SSL/TLS was limited to Apple's Safari and Google's Android web browsers, opening the possibility of hackers and...

An interesting dialogue came up in my security circles that I believe outlines a fundamental disconnect within organizations developing software products. We have all heard that communication is key, but are the conversations happening at the proper levels to expose a product’s security requirements? The conversation went something like this:(Sales...

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true. My hypothesis is that compliance and...

Attackers altered the domain name system (DNS) records for Lenovo.com on Wednesday, allowing them to spoof the computer manufacturer’s website and gain access to the company’s MX mail server records. Following the attack, users who visited Lenovo’s company page saw a teenager’s slideshow, with the song “Breaking Free” from Disney’s High School...

Updated Tuesday, Feb. 24, 2015, 2:11 PM: Added content for Tripwire Enterprise customers to find Samba in their environment. A major vulnerability (CVE-2015-0240) has been discovered in Samba, which is a widely used and distributed SMB/CIFS Linux/Unix application for interoperability with Microsoft Windows. Samba provides integration of Linux...

Known as one of the largest bank heists ever, cybercriminals successfully exfiltrated nearly $1 billion dollars from dozens of banks and financial institutions around the world. After an extensive investigation, the verdict of these ongoing sophisticated attacks was traced to Carbanak malware. According to security firm Kaspersky Labs, Carbanak...

Canada's largest Bitcoin exchange Cavirtex announced it will soon be shutting down its operations after a suspected security breach. In a statement made earlier this week, the Calgary-based company said it believed the compromise occurred on an older version of its database on February 15, which...

In his 1983 Turing Award acceptance speech, "Reflections on Trusting Trust”, Ken Thompson popularized the concept of a compiler backdoor where the compiler not only inserts a backdoor during compilation of a program but also compiles in the code that inserts the backdoor when compiling itself. The core idea of his speech is that we can only trust...

We now appreciate the revelation that went public in February 2015 that international hackers circumvented what was supposed to be robust systems and defences, and managed to get away with an estimated $1 billion from a spectrum of around 100 banks located in 30 countries in what has been described as systemic cybercrime. With orchestration, the...

I’ve been a finance professional for more than 25 years and spent the last 15 years in senior finance roles, mostly as a CFO of both public and private companies. Like many of you, I am often invited by business groups and professional service providers to attend thinly veiled networking events to get the attention of “C” suite officers of both...

The recent Anthem hack that may have compromised 80 million people’s personal health information reveals just how mainstream data breaches have become in recent years. In response to this rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect...

Facebook announced on Wednesday the launch of a new platform for companies to easily exchange information regarding cybersecurity threats, such as malware and phishing attacks that could be impacting users. The world’s largest social network introduced the program, called ThreatExchange, as “an API-based clearinghouse for security threat information...

In February’s Patch Tuesday, Microsoft issued an update to fix a privately reported critical vulnerability in Group Policy that could allow potential attackers to achieve remote code execution (RCE) in domain networks. If successfully exploited, an attacker could gain complete control of a vulnerable system, install programs, view data and even...

Drones have been talked about quite a bit in the news over the past couple of years—whether it’s the use of unmanned aerial vehicles (UAV) by the military or the viral video showing Amazon’s proposal for speedy drone delivery, the devices have really grabbed people’s attention. Now, many are buying their own personal drones and most are looking at...

Last week, we interviewed Brian Engle, the Chief Information Security Officer and Cybersecurity Coordinator for the State of Texas, and discussed with him the importance of communication in shaping cybersecurity as an ongoing management concern that businesses everywhere need to appreciate. As part of our ongoing “The Voice of the CISO” series, we...

Last week, we investigated the story of Vladislav Anatolievich Horohorin, a Ukrainian hacker who was well known online for managing several web forums where cyber criminals could dump and sell users’ stolen payment card credentials. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladmir...

The U.S. Chamber of Commerce and 16 other business lobbies have sent a letter to Washington officials urging them to oppose China’s new cyber security regulations. In the letter, technology vendors argue that China’s new regulations would require them to hand over their source code and adopt China’s encryption algorithms, measures which could...

On any journey we take as we progress through life, occasions will arise when we arrive at a juncture where we recognise that somewhere way-back, we may have taken a wrong turn, which has brought us to a less than ideal place – an imposition which I believe we find ourselves in today with mitigating cyber crime and its associated threats. So, first...

In today’s corporations, information security managers have a lot on their plate. While facing major and constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company’s assets and mitigate risks as best as possible. To address this, they have to formulate policies to establish desired practices that...

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. According to Eugene Kaspersky, CEO of...