New Twist to Dridex Banking Malware

It has been discovered that an updated Dridex banking malware is using a Domain Name System trick to direct victims to fake banking websites. Even if a user types in the correct domain name for a bank, the fake website is still shown in the browser. Tim Erlin, Director of IT Security and Risk Strategy […]

A New Type of Attack called “Man in the Cloud”

A new type of attack called Man in the Cloud has been identified. It relies on common file synchronization services such as GoogleDrive and Dropbox. Imperva says that without using any exploits, they show how simple re-configuration of these services can turn them into a not-easily detectable attack tool. Security expert Tim Erlin gives his thoughts […]

Expert Comment on FBI Shuts Down Darkode Malware Marketplace

Commenting on reports that the FBI has shut down the Darkode Malware Marketplace where computer hackers bought and sold stolen databases, malicious software and other products that could cripple or steal information from computers and cellphones. Tripwire cybersecurity expert Tim Erlin provided the following comments. Tim Erlin, Director of IT Security and Risk Strategy at […]

OpenSSL High Severity Bug Patch

Tim Erlin, director of IT security and risk strategy at Tripwire offered the following comments and advice on an alert from The OpenSSL project team that they will be patching a high severity bug this Thursday, July 9: Tim Erlin, Director of IT Security and Risk Strategy at Tripwire: “This type of a pre-announcement is […]

Comments on GoPro Studio Vulnerability

A new vulnerability has been discovered in GoPro Studio, GoPro’s playback and editing tool available to millions of users. A hacker could hijack the editing tool requests sent out to the web over an unencrypted HTTP. The hacker could then send users a message offering an upgraded version of GoPro Studio and if users downloaded it, they […]

Comments on Two SSH Vulnerabilities on Cisco Virtual Appliances

2 SSH vulnerabilities have been discovered on Cisco Virtual Appliances because the virtual machines running on VMWare and KVM virtualization platforms share a default authorized SSH key. There are already patches for these vulnerabilities. The SSH keys were initially created for customer support access. If a user were to maliciously employ these keys, they would […]

Security Expert Comments on Energy Grid Vulnerability

Researchers have found  a vulnerability in the energy grid with Nova-Wind Turbine human-machine (HMI) interface, which would allow remote code execution. An advisory from ICS-CERT explains that a successful exploitation of this vulnerability can cause a loss of power for all attached systems because it allows the ID to be retrieved from the browser and […]

Major Banking Corporation Investing in Quantum Cryptography Company

The Westpac Banking Corporation has invested directly in technology security specialist QuintessenceLabs or QLabs as they are known, which is waging a high-tech war against hackers. QLabs has created quantum technology that encrypts confidential data using advanced engineering methods to create “keys” that are random and provide unhackable number combinations. The bank will use the technology to secure the devices and […]