Resources

Blog

Companies are more prepared to pay ransoms than ever before

A new report, which surveyed 1200 IT security professionals in 17 countries around the world, has shone a light on a dramatic rise in the number of organisations willing to pay ransoms to extortionists. The ninth annual Cyberthreat Defense Report (CDR), produced by CyberEdge Group, shows that not only has there been a substantial increase in the...
Blog

Tripwire Patch Priority Index for March 2022

Tripwire's March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework.First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any...
Blog

What Is the Role of Incident Response in ICS Security?

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories. Muhstik Botnet Targeting Redis Servers Using Recently...
Blog

Your Guide to the NIST Cybersecurity Framework

To put the impact of cybercrime into perspective, let’s examine some important, and startling, numbers: Data breach costs increased from $3.86 million to $4.24 million in 2021. Every 39 seconds, there is an attack. About 90% of healthcare organizations have fallen victim to at least one breach within the past three years. The bottom line?...
Blog

Out of Band (OOB) Data Exfiltration via DNS

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate...
Blog

World Backup Day: Simplicity and Patience is Key

A few months ago, a popular cybersecurity news organization posted an urgent notice on social media seeking help to recover their data after their blog was deleted. They announced that they had no backups and they were desperately trying to contact the site administrator to restore their blog collection. This was as maddening as it was...
Blog

What is Bundesamt für Sicherheit in der Informationstechnik (BSI)?

Have you ever confused your acronyms? Perhaps you have laughed when someone has had to explain some of the acronyms used in text messages. Business, and especially technology acronyms are almost as plentiful as text acronyms. There are few things as embarrassing as being in a business meeting, and mistaking one acronym for another. This happened...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 21, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 21, 2022. I’ve also included some comments on these stories. Misconfigured Firebase Databases Exposing Data In...
Blog

What Is Multi-Factor Authentication, and What Does It Have to Do with You?

Security isn’t a simple matter of caring or spending time reading manuals or being told what you can or can’t do. Security is understanding how to view the world from a different perspective: instead of functional does it work, viewing it as how can I break it. In our personal lives, it's how can someone misuse this? Be it our social media pictures,...
Blog

AvosLocker ransomware - what you need to know

What is this AvosLocker thing I’ve heard about? AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. In March 2022, the...
Blog

EDoS: The Next Big Threat to Your Cloud

What is EDoS? Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s...
Blog

The Obsession with Faster Cybersecurity Incident Reporting

Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 14, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories. Most Orgs Would Take Security Bugs Over Ethical Hacking...
Blog

How to Combat Asset Blindness in OT Security

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols.This complicates asset discovery and makes it difficult to establish a consistent cybersecurity governance approach. Combating asset...