Resources

SIA-Previously-NESA-Standard-Ensures-Security-of-UAEs-Cyberspace
Blog

NESA Standard Ensures Security of UAE’s Cyberspace

By Christy Cherian on Wed, 09/18/2024
To allay dependence on oil revenue and expand the private sector, the United Arab Emirates (UAE) has committed, in recent years, to establishing a knowledge-based economy. Consequently, they have become a formidable competitor in Information Communication Technology (ICT). As the ICT industry has grown, so have government agencies to regulate it, namely the Signals Intelligence Agency, formerly...
Cybersecurity
Compliance
Common Phishing Attacks and How to Protect Against Them
Blog

Common Phishing Attacks and How to Protect Against Them

By Kirsten Doyle on Wed, 09/11/2024
Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can take many forms and has evolved to become more sophisticated, making it imperative for individuals and...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Tripwire VERT Security Update
Blog

VERT Threat Alert: September 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/10/2024
Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data...
Vulnerability & Risk Management
VERT Research
SOX Compliance in the Age of Cyber Threats
Blog

SOX Compliance in the Age of Cyber Threats

By Steven Sletten on Tue, 09/10/2024
Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which those organizations can only achieve through robust cybersecurity measures. As such, an effective...
Cybersecurity
Compliance
SOX
Navigating Change: Three Levels to Filter Out the Noise in Tech Environments
Blog

Navigating Change: Three Levels to Filter Out the Noise in Tech Environments

By Kirsten Doyle on Tue, 09/03/2024
Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is truly important.Effectively filtering through this noise through effective change management is critical for maintaining...
Cybersecurity
File Integrity & Change Monitoring
tripwire_vert_patch_priority_index
Blog

Tripwire Patch Priority Index for August 2024

By Lane Thames on Mon, 09/02/2024
Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project,...
Vulnerability & Risk Management
Cybersecurity
Guardians of the Files: Tracing the Evolution of File Integrity Monitoring
Blog

Guardians of the Files: Tracing the Evolution of File Integrity Monitoring

By Kelsey Arhart on Mon, 09/02/2024
File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system's current state to a known, trusted baseline and flagging any discrepancies. It is key for identifying security breaches, preventing data tampering, and maintaining compliance...
Cybersecurity
File Integrity & Change Monitoring
How Automation and AI are Transforming GRC Management
Blog

How Automation and AI are Transforming GRC Management

By Joseph Chukwube on Tue, 08/27/2024
There is no doubt that we now live in an AI-driven, automation-powered world. Across industries and markets, leaders and professionals are achieving the utility of AI in their processes. The same applies to Governance, Risk, and Compliance (GRC) management, but when one looks at the actual implementation, the data shows that there's still a long way to go.According to one recent report, only 21%...
Cybersecurity
Compliance
Global Cyber Insurance Premiums Decline Despite Ransomware Surge
Blog

Global Cyber Insurance Premiums Decline Despite Ransomware Surge

By Josh Breaker-Rolfe on Mon, 08/26/2024
Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is remarkably unpredictable compared to long-established insurance policies such as those for housing or health.Typically, when cybercrime – or, more...
Vulnerability & Risk Management
Cybersecurity
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

By David Henderson on Thu, 08/15/2024
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Cybersecurity
Compliance
NIST
Updates and Evolution of the NIST Cybersecurity Framework: What’s New?
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

By Josh Breaker-Rolfe on Wed, 08/14/2024
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Cybersecurity
Compliance
NIST
Tripwire VERT Security Update
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/13/2024
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Vulnerability & Risk Management
VERT Research
Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy
Blog

Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy

By Michael Betti on Wed, 08/07/2024
If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...
Compliance
PCI DSS
Fortra Datasheet
Datasheet

Tripwire Enterprise and IBM i

Many of the world's largest companies rely on IBM i operating on IBM Power Servers as their strategic platform for business-critical activities such as retail, distribution, logistics, banking, manufacturing planning, healthcare, insurance, hospitality management, government administration, and legal case management. Given the widespread use of the IBM i operating system, advanced cybersecurity...
File Integrity & Change Monitoring
Security Configuration Management
tripwire_vert_patch_priority_index
Blog

Tripwire Patch Priority Index for July 2024

By Lane Thames on Tue, 08/06/2024
Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...
Vulnerability & Risk Management
Cybersecurity
Fortra Webinar
On-Demand Webinar

FIM Isn’t Just for Files Anymore

Mon, 08/05/2024
File integrity monitoring was invented by Tripwire’s founder over 25 years ago and has evolved over time to become one of the most important security controls — so critical, in fact, that it’s required by major compliance standards like the Payment Card Industry Data Security Standard (PCI DSS). But what a lot of cybersecurity professionals aren’t familiar with is how FIM has expanded to include a...
File Integrity & Change Monitoring
Cybersecurity: The Unsung Hero of SOX Compliance
Blog

Cybersecurity: The Unsung Hero of SOX Compliance

By Kirsten Doyle on Mon, 08/05/2024
The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age,...
Compliance
SOX
Re-Extortion: How Ransomware Gangs Re-Victimize Victims
Blog

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

By Kirsten Doyle on Tue, 07/30/2024
Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...
Vulnerability & Risk Management
Cybersecurity
Navigating PCI DSS 4.0: Your Guide to Compliance Success
Blog

Navigating PCI DSS 4.0: Your Guide to Compliance Success

By Kirsten Doyle on Mon, 07/29/2024
The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....
Compliance
PCI DSS
MitM Attacks: Understanding the Risks and Prevention Strategies
Blog

MitM Attacks: Understanding the Risks and Prevention Strategies

By Tripwire Guest Authors on Mon, 07/22/2024
As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use to take over our online communications.The best way to stay safe online is with a better understanding of the problems caused by these digital attacks and...
Vulnerability & Risk Management
Cybersecurity