Resources

Blog

Everything You Need to Know About CI/CD and Security

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the key concepts. CI/CD adds continuous automation and monitoring throughout...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware...
Blog

Key Points from the IBM Cost of a Data Breach Report 2022

The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis such as: Extended Detection and...
Blog

How to Prevent High Risk Authentication Coercion Vulnerabilities

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. In an Active Directory environment, this is commonly done through the use of an NTLM hash. When a user wants to access a network resource, such as a file share, their password is hashed and sent...
Blog

Why Does Medical Imaging Equipment Need Better Cybersecurity?

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients,...
Blog

Privacy in Q2 2022: US, Canada, and the UK

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking...
Blog

Black Hat USA 2022: Key Highlights

Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd - after the seemingly endless pandemic hiatus, the cyber industry had come out in force. The mood was one of enthusiasm, and the entire place reverberated with the vibrancy of reunion. It was a great event for the industry - and for Fortra - and a few...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless...
Blog

Email and cybersecurity: Fraudsters are knocking

Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for "about a month before it becomes a problem". Can you imagine that now? A month without email? Emails are a necessary evil According...
Blog

The State of Security: SIEM in 2022

The world of enterprise cybersecurity is exceedingly dynamic. In a landscape that is ever-changing, security professionals need to combat a class of evolving threat actors by deploying increasingly sophisticated tools and techniques. Today with enterprises operating in an environment that is more challenging than ever, Security Information and Event...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for...
Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...
Blog

Ransomware attack blamed for closure of all 7-Eleven stores in Denmark

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Initially, 7-Eleven's Danish division did not say that ransomware was responsible for its problems, simply describing the incident as...
Blog

Cyber Threats – The New Norm in Data Security

“Data: We have never had so much of it, and it has never been so challenging to protect.” These are some of the opening words in the new survey published by ISMG and Fortra in the ‘Data Security Survey 2022’. The survey explores how COVID19 has permanently changed how CISOs approach Data Security. It is an important study because it recognises...
Blog

VERT Threat Alert: August 2022 Patch Tuesday Analysis

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...