Resources

Blog

VERT Threat Alert: April 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a...
Blog

30 Ransomware Prevention Tips

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious...
Blog

Tripwire and Fortra: Helping Secure IT and OT Environments Better than Ever

When I was younger, you could add a second processor to a computer, but it didn’t double the workload it handled. Natural inefficiencies meant that 1+1 was approximately 1.5 or maybe 1.75 times the workload. Today, multiprocessing and multithreading is so common that even the Windows calculator takes advantage of the benefits. So, when I look at the...
Blog

Securing your Digital Life: MFA, Password Managers and Risk

In security, there are always tensions; the balancing act between security, convenience, and functionality. While these three, often competing interests cause many people to become frustrated, there are some simple steps that can ease the security struggle: Any Multi-Factor Authentication (MFA) is better than no MFA. Any password manager is...
Blog

Tripwire Patch Priority Index for March 2023

Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This vulnerability has...
Blog

Distributed Energy Resources and Grid Security

As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart energy devices can be useful for consumers to have more control over...
Blog

5 Secure Ways to Avoid Crypto Theft in 2023

The rise in popularity of cryptocurrencies has brought about significant concerns regarding wallet vulnerabilities and digital theft among individuals and businesses transacting in the market. While the meteoric rise in the value of cryptocurrency has attracted legitimate investors, it has also caught the attention of malicious actors who are...
Blog

The impact of Quantum Computing on cybersecurity

Quantum computers can solve highly complex problems faster than any of its predecessors. We are currently in a period of a quantum revolution. Many organizations are currently investing in the quantum computer industry, and it is predicted that the quantum computing market may increase by 500% by 2028. Due to their powerful computing capabilities,...
Blog

How to Secure Your Mobile Device: 8 Tips for 2023

The rapidly changing technology and portability of mobile devices have forced people to rely heavily on those products. With their increased functionalities, mobile devices carry out a number of our day-to-day activities, such as surfing the web, booking appointments, setting up reminders, sharing files, instant messaging, video calling, and even...
Blog

Motivations for Insider Threats: What to Watch Out For

While a majority of discourse in the cybersecurity industry is focused on external threats – malicious hacking, phishing, and the like – the fact is that internal actors are just as capable of causing damage to an enterprise, if not more so. An insider threat may have access to resources or areas of the network that someone outside the organization...
Blog

VERT Reads All About It - Cybersecurity News March 27, 2023

The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: WordPress forced the patching of WooCommerce Plugin The WooCommerce Plugin is subject to a privilege escalation vulnerability where an unauthenticated attacker could gain admin...
Blog

5 Key Components of Cybersecurity Hardening

Hardening in Cybersecurity Cybersecurity hardening is a comprehensive approach to keeping your organization safe from intruders, and mitigating risk. By reducing your attack surface, vulnerability is reduced in tandem. Hardening (or system hardening) considers all flaws and entry points potentially targeted by attackers to compromise your system....
Blog

VIN Cybersecurity Exploits and How to Address Them in 2023

Cybersecurity is no longer the exclusive domain of computers, servers, and handheld devices. As wireless connectivity grows, it makes many daily activities more convenient, but it also means that cars may be vulnerable to cyberattacks. Connected, Autonomous, Shared and Electric vehicles are starting to dominate the auto market, but they often carry...
Blog

Ransomware Risk Management: A Cybersecurity Framework Profile

How big is Ransomware? The San Francisco 49ers, confirmed a ransomware attack, Cisco was attacked by the Yanluowang ransomware gang, and Entrust was attacked by Lockbit. And that’s just a handful of ransomware accounts noted in 2022. On the surface, ransomware is relatively easy for any criminal to perpetrate, however, those who develop this...
Blog

Key Findings: UK Cybersecurity Breaches Survey 2022

The cybersecurity landscape is continuously evolving. It has led businesses to question how they are protecting themselves and their consumers from data breaches. Since 2014, the Department for Digital, Culture, Media and Sport (DCMS) has commissioned the Cybersecurity Breaches Survey of the UK to understand what protections are in place, and...
Blog

Don’t fail an audit over a neglected annual policy review

When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed...