Resources
Case Study

Tripwire Helps Girl Scouts 'Be Prepared' to Meet Growing Security Needs

The Girl Scouts of the USA was founded in 1912 to empower girls and teach values by encouraging participation in a wide variety of new activities. The instantly recognizable motto of “Be Prepared” extends across every aspect of the organization, including its change and compliance management strategies. We don’t approach compliance as an isolated event or as a necessity at the time of an audit...
Phishing gang that stole over 400,000 Euros busted in Spain
Blog

Phishing gang that stole over 400,000 Euros busted in Spain

By Graham Cluley on Thu, 05/19/2022
Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects. According to police, the phishing ring defrauded some 146 victims, stealing at least 443,600 Euros from online bank accounts. Victims were tricked...
Malicious hackers are finding it too easy to achieve their initial access
Blog

Malicious hackers are finding it too easy to achieve their initial access

By Graham Cluley on Thu, 05/19/2022
It should be hard for malicious hackers to break into systems, but all too often it isn't. That's a takeaway from a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and FBI, and their counterparts in Canada, New Zealand, the Netherlands, and United Kingdom. The advisory, which is titled ...
Your social media account hasn’t been hacked, it’s been cloned!
Blog

Your social media account hasn’t been hacked, it’s been cloned!

By Tyler Reguly on Tue, 05/17/2022
A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on...
Adding visibility to the invisible: securing your automated systems
Blog

Adding visibility to the invisible: securing your automated systems

By Irfahn Khimji on Mon, 05/16/2022
Have you ever dined in a restaurant with a police officer? When choosing a table, or seating location, law enforcement professionals will often choose the seat that positions them with their back to the wall. This plays out quite humorously when a group of law enforcement professionals dine together, all racing toward that coveted “protected”...
2022 Q1 Privacy Update — A new year sparks new initiatives
Blog

2022 Q1 Privacy Update — A new year sparks new initiatives

By Tripwire Guest Authors on Mon, 05/16/2022
The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation,...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: May 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/10/2022
Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild & Disclosed CVEs Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This...
Vulnerability & Risk Management
VERT Research
Building a Strong Business Case for Security and Compliance
Blog

Building a Strong Business Case for Security and Compliance

By Fortra Staff on Mon, 05/09/2022
Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure they adhere to it to...
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 2, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 2, 2022

By Editorial Staff on Mon, 05/09/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 2, 2022. I’ve also included some comments on these stories. Microsoft Azure Vulnerability Exposes PostgreSQL Databases...
Vulnerability & Risk Management
VERT Research
The main security challenges when adopting cloud services
Blog

The main security challenges when adopting cloud services

By Tripwire Guest Authors on Sun, 05/08/2022
The popularity of cloud services has increased exponentially in recent years. The prospects of saving on capital and operational expenditures have been significant driving forces in influencing companies to adopt cloud services. Scalability and elasticity are also key drivers that encourage companies to move to the cloud. However, moving to the...
5 Potential Solutions to the Cybersecurity Talent Shortage
Blog

5 Potential Solutions to the Cybersecurity Talent Shortage

By Tripwire Guest Authors on Sun, 05/08/2022
The most relevant cybersecurity threat to most businesses may be human, not technical. A sudden wave of cybercrime paired with longstanding tech labor challenges has created a cybersecurity skills gap, leaving companies without the expertise they need.Some companies lack dedicated security staff entirely, while others have a small, overworked...
World Password Day is Dead. Long Live World Password Day!
Blog

World Password Day is Dead. Long Live World Password Day!

By Former Tripwire Employee on Wed, 05/04/2022
In 2002 I sat in a local bookstore in Jackson Hole, WY that offered a few Internet-connected computers for hourly use. After chatting with the owner and petting the resident store dog, I took a few guesses at the password protecting these computers. It took me maybe 10 attempts. It was, of course, some variation of the dog’s name. While this is a...
Blog

A Tripwire Milestone: ASPL – 1000 is here

By Tyler Reguly on Wed, 05/04/2022
When I joined nCircle as a security researcher in 2006, ASPL 117 had just been released. I missed the ASPL-100 release celebration, which included custom sweatshirts, but there was still one unclaimed shirt in the office and I brought it home, my first piece of company swag. That shirt still hangs in my closet all these years later. For those of you that are unaware, ASPL, Advanced Security...
May The Fourth Be with You: Jedi Mind Tricks and Scams
Blog

May The Fourth Be with You: Jedi Mind Tricks and Scams

By Tyler Reguly on Tue, 05/03/2022
Over the past few years, I’ve used Star Wars Day as a way to talk about two of my favourite things – Star Wars and cybersecurity. I wrote about scammers in 2020 and IoT in 2021, and I really thought I’d write about IoT again this year. After all, there’s no shortage of IoT blunders to talk about and tie into the Star Wars mythos. Instead, an article...
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022

By Editorial Staff on Mon, 05/02/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories. Homeland Security bug bounty program uncovers 122 holes...
Vulnerability & Risk Management
VERT Research