Resources

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

By Andrew Swoboda on Mon, 08/22/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

By Andrew Swoboda on Tue, 08/16/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for...
Vulnerability & Risk Management
VERT Research
A 5 Step Checklist for Complying with PCI DSS 4.0
Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

By Tripwire Guest Authors on Mon, 08/15/2022
In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...
Compliance
PCI DSS
Product Video

AAA: Getting Roadside Assistance from Tripwire

Mon, 08/15/2022
Tim Masey, Director of Enterprise Information Security at AAA, shared his company’s PCI journey: beginning with a small implementation of Tripwire, then running into roadblocks by Management for the expansion of products, and eventually moving forward with the implementation of Tripwire’s policy driven dashboards, rules and tasks for over 500 servers.
Compliance
PCI DSS
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Compliance
PCI DSS
SOX
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Compliance
PCI DSS
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Compliance
PCI DSS
Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough. Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat intelligence just...
Incident Detection & Investigation
Datasheet

Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft,...
Compliance
PCI DSS
Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Compliance
NERC CIP
NIST
PCI DSS
SOX
Datasheet

Tripwire’s Solutions for Automated, Continuous PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments secure the cardholder environment to prevent credit card fraud, cyber threats, and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting, and storing credit card data to minimize the theft,...
Compliance
PCI DSS
Datasheet

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

As a security professional, you’re tasked with protecting your organization against attacks, detecting threats, identifying vulnerabilities and hardening configurations. But in an increasingly crowded marketplace, how do you choose the right cybersecurity partner? From experience and technical innovation to security expertise, Fortra's Tripwire stands out from the competition. Here are 10 reasons...
Vulnerability & Risk Management
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Security Configuration Management
Case Study

Payment Processor for Businesses

As a recognized leader in the payment processing sector, this company offers its clients hundreds of secure payment methods across multiple platforms, around the globe. Onan average day it processes tens of millions of mobile, online and in-store transactions in 100+ currencies. After experiencing a security incident that was quickly contained, the company took the opportunity to revamp its...
Compliance
PCI DSS
Product Video

Watch a Demo of Tripwire Enterprise

Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Compliance
CIS Controls
NIST
PCI DSS
VERT Threat Alert: September 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: August 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/09/2022
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022

By Andrew Swoboda on Mon, 08/08/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories. Windows 11 Smart App Control blocks files used to...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022

By Andrew Swoboda on Mon, 08/01/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories. SonicWall fixed critical SQLi in Analytics and GMS...
Vulnerability & Risk Management
VERT Research
VERT Threat Alert: September 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: July 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/12/2022
Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Vulnerability & Risk Management
VERT Research
PCI 4.0: The wider meanings of the new Standard
Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...
Compliance
PCI DSS