A security researcher successfully compromised a Facebook server only to discover that someone had already been there. Bug bounty hunter Orange Tsai explains in a blog post that after poking around some Class C IP addresses of "vpn.tfbnw.com," an internal domain for Facebook, he came across a special server with the name "files.fb.com." The...

The Massachusetts Institute of Technology (MIT), famed as one of the top tech schools in the country, introduced an “experimental” bug bounty program this week. The private, Cambridge-based research university is among the first academic institutions to announce a program designed to encourage finding...

2016 is shaping up to be the year of ransomware. Cyber-attacks are on the rise, with companies losing control of their critical assets. And the problem isn’t going away. Could your company fall victim to these malicious attacks? Everyone is vulnerable, but the good news is that there are simple steps you can take today using security tools you already...

I was on a security panel recently where we were asked to define the Internet of Things (IoT). This term is as vague as it is broad. It can be argued that it includes almost any “thing” that can be part of a network. I was not happy with any of our answers, including my own, so I spent some time thinking about it. When I was asked this question at a...

As a child, I loved taking things apart. I was always overly precocious and immensely curious—so much so, that I was frequently disciplined for “breaking” things. Years later, as a young adult—I would find myself taking things apart again—only this time, I was a divorced mother of three and going back to college, where the taking-apart part inspired...

Sports fanatics using the CBS Sports app or mobile site recently may have had their personal information exposed to online theft, researchers say. According to mobile security firm Wandera, both the Android and iOS versions of the app were found transferring users’ names, email addresses, account...

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-666 on Wednesday, April 13th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Millions of users are open to attacks that can quietly compromise machines by exploiting a weakness in some of Firefox's most popular browser extensions. On Thursday, Boston University PhD Ahmet Buyukkayhan and Northeastern University Professor William Robertson presented their research on the attacks at Black Hat Asia in Singapore. Black Hat Asia...

Transport Layer Security (TLS) is the unsung champion and defender of all good citizens of the Internet. Rather like some invisible, altruistic Marvel superhero, it works tirelessly behind the scenes each and every day helping to protect the things we need and like to do online. Along with its now atrophied predecessor Secure Sockets Layer (SSL), it...

Security experts have discovered vulnerabilities in a database where the U.S. State Department stores visa information. Reuters writes that the State Department first learned of the security flaws following an internal review of its computer systems several months ago. In a report, security experts...

It’s been a month since Hollywood Presbyterian Medical Center joined the ranks of Premera Blue Cross, Anthem, CareFirst BCBS, and a considerable number of other healthcare institutions that have experienced recent hacks where personal patient data might have been exposed. While it may have played out like the plot of a bad "cyber"-thriller movie,...

If there is one truth about today's threat landscape, it is that nothing remains the same. Such dynamism rests partially with the sheer volume of threats circulating the web. Multiple reports indicate that bad actors are developing as many if not more threats than security personnel have time to remediate. Indeed, in the second quarter of 2015 alone...

Verizon Enterprise Solutions – a B2B division of the telecommunications company that provides data breach response services – is reportedly facing a breach of its own. According to a report by investigative journalist Brian Krebs, a database containing the contact information of approximately 1.5...

The scourge of ransomware is by far today’s biggest computer security concern. By stepping into the crypto realm, cybercrooks have thrown down the gantlet to antivirus labs around the globe that are still mostly helpless in the face of this challenge. While many experts have been busy reverse-engineering obtained ransomware samples and posting...

In the information security space, there’s no shortage of insight that says increased technology and hardware are needed to combat the loss of information from expensive IT infrastructure. However, the real problems often lie in fallible human beings who’ve been entrusted to maintain the infrastructure and are failing to do so. Meanwhile, it’s...

Google has patched three security issues in Chrome 49, the most recent version of its popular web browser. On Tuesday, the United States Computer Emergency Readiness Team (US-CERT) released a bulletin announcing the tech giant's latest round of patches."Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows,...

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-660 on Wednesday, March 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...

Tripwire isn't a patch management company, so why we conducted an extensive survey on patch fatigue is a worthwhile question to ask. The fact is, we spend a lot of time talking about and working with patches, even though we never actually deploy one for a customer. We spend so much time on patching because we're a vulnerability management vendor....

The US Department of Defense (DoD) announced last week the first ever cyber bug bounty program in the history of the federal government, inviting vetted hackers to test the security of the department’s network, website and applications. Dubbed “Hack the Pentagon,” the agency said its pilot bug bounty program is modeled after similar competitions...

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical. Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses...