Blog

Blog

10 Notorious Cyber Criminals Brought to Justice – No. 1

In the fall of 2014, Tripwire published a series on the 10 Most Wanted Hackers by the FBI. Each of those articles revealed the extent to which cyber crime has become more sophisticated and threatens online users’ information now more than ever. Given this growing threat, it is understandable that some might feel disheartened by the challenges...
Blog

Is It Time to Trust The Cloud?

Outsourcing critical aspects of our lives is nothing new. We trust banks to safeguard our money, even though many of us do not trust bankers. We trust taxi cab drivers with our lives, even if we do not know their first name. We do this not out of ignorance but because we trust the overall system that these components work within. With the...
Blog

Scammers Target TalkTalk Customers Following Data Breach

Cyber criminals are phishing for customers’ sensitive information following a data breach at TalkTalk, a UK Internet service provider. In an email sent to its four million customers, TalkTalk confirmed that “in a small number of cases,” scammers might have compromised customers’ information. “We have now become aware that some limited, non...
Blog

Is Compliance Bad for Security?

Companies like mine, and consultants like me, have long been instructed and expected to pass on the mantra that the solution to security is compliance with standards and that being in compliance means you are secure. Having worked in the industry for more than a decade, I know that this is demonstrably not true. My hypothesis is that compliance and...
Blog

Attackers Hijack Lenovo Domain, Spoof Website and Intercept Company Emails

Attackers altered the domain name system (DNS) records for Lenovo.com on Wednesday, allowing them to spoof the computer manufacturer’s website and gain access to the company’s MX mail server records. Following the attack, users who visited Lenovo’s company page saw a teenager’s slideshow, with the song “Breaking Free” from Disney’s High School...
Blog

Demystifying iOS Enterprise Certificates

For the past several months, the major threats to mobile security, especially within large enterprises, have relied on exploiting one thing—iOS Enterprise Certificates. With this part of Apple’s framework seemingly a significant source of danger, we’re taking a look at iOS Enterprise certificates from a mobile security perspective. By examining...
Blog

Prohibiting RC4 Cipher Suites

If you’ve been following the drafts of this RFC, then nothing here will surprise you. The first draft was published on July 21, 2014, and, a short seven months later, RFC 7465 has been published. It’s a great idea for an RFC that I’d like to see used more frequently, but more on that in a moment. If you’re unfamiliar the term RFC, it stands for...
Blog

Forget Blackhat – The Best Hacking Movies of All Time

As someone who spends way too much time in Internet land, especially around the data protection and hacking crowd that I come across running a VPN review site, I wind up talking about hacker movies often. With Blackhat, starring Chris Hemsworth, stirring up interest in hacking movies again, we had a bit of a debate around the office. Not all hacker...
Blog

Report: Nearly Half of Known Attacks Leverage Old Vulnerabilities

According to a recent report, companies are failing to properly patch and update their systems despite the disclosure of threatening vulnerabilities. The 2015 Cyber Risk Report (PDF) produced by HP analyzing last year’s threat landscape found that as many as 44 percent of breaches were the result of attackers leveraging a patched two- to four-year...
Blog

Samba Vulnerability CVE-2015-0240 Detection & Remediation

Updated Tuesday, Feb. 24, 2015, 2:11 PM: Added content for Tripwire Enterprise customers to find Samba in their environment. A major vulnerability (CVE-2015-0240) has been discovered in Samba, which is a widely used and distributed SMB/CIFS Linux/Unix application for interoperability with Microsoft Windows. Samba provides integration of Linux...
Blog

VERT Threat Alert: Samba Remote Code Execution

Vulnerability Description All versions of Samba from 3.5.0 to 4.2.0rc4 are vulnerable to an unexpected code execution vulnerability in the smbd file server daemon. Exposure & Impact A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow...
Blog

Carbanak Malware: How Financial Institutions Can Fight the Epidemic

Known as one of the largest bank heists ever, cybercriminals successfully exfiltrated nearly $1 billion dollars from dozens of banks and financial institutions around the world. After an extensive investigation, the verdict of these ongoing sophisticated attacks was traced to Carbanak malware. According to security firm Kaspersky Labs, Carbanak...
Blog

Executive Cyber Intelligence Report: February 23, 2015

This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal,...
Blog

Lenovo Customers File Class-Action Lawsuit Over Superfish Adware

Last week, a Lenovo customer filed a class-action lawsuit against the Chinese technology manufacturing company and its Superfish adware, charging both with having invaded customers’ privacy and made money off of analyzing their web browsing habits. In her lawsuit, plaintiff Jessica N. Bennet of California states that she traced a number of spam...
Blog

10 Notorious Cyber Criminals Brought to Justice – No. 2

Last week, we investigated the story of Dmitry Olegovich Zubakha, a Russian hacker who breached Boeing’s computer networks and launched a series of distributed denial of service (DDoS) attacks against Amazon, eBay and Priceline. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Roman Valerevich...
Blog

The Trouble with (Asset) Identity

Have you ever had your identity stolen? Or perhaps an identity crisis? I hope for your sake the answer is "no." However, if it's yes, you are in good company. Computing devices, which I'll loosely refer to as "assets," often change their identity, and at times even have it stolen (as a side note, NIST has a much broader definition of asset more...