Resources

Blog

Is a Shift Left Approach Hurting Software and Supply Chain Security?

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software...
Blog

#TripwireBookClub – Hacking APIs

Have you ever picked up a book, thinking that you’ll put everything else aside and dive in, but a month later, the book is still sitting unread on your shelf? That’s what happened to me this year. Back in June, our research team started reading Hacking APIs: Breaking Web Application Programing Interfaces by Corey Ball together and it turns out the...
Blog

Why You Need an Offensive Security Solution

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen....
Blog

Tripwire Patch Priority Index for December 2022

Tripwire's December 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge, which resolve over 25 issues including use-after-free, type confusion, insufficient data validation, insufficient policy enforcement, and other vulnerabilities. ...
Blog

Tripwire Enterprise 9.0: What you need to know

Tripwire recently announced the release of Tripwire Enterprise (TE), version 9.0, Axon Agent 3.27, and TE Agent 9.0.0. While the full list of features may be viewed on our web site, as a product manager, I wanted to take some time to introduce some of the changes in this new release. What’s new in Tripwire Enterprise 9.0? The first significant...
Blog

Cybersecurity Interview Series: Faisal Parkar of Tripwire

We often interview seasoned veterans of security to hear their insights about cybersecurity. However, even new members of Fortra’s Tripwire team have a lot to offer about the state of security. We recently had the opportunity to speak with Faisal Parkar, who works in the Tripwire Sales Engineer department. While he may be newer to Tripwire and...
Blog

CISOs and their Boards of Directors: Viewing Cyber Risk Differently

CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure. As it turns out, Chief Information Security Officers (CISOs) often don’t see eye...
Blog

What are sandboxes? How to create your own sandbox

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm...
Blog

The Future of Connected, Autonomous, Shared, and Electric (CASE) Vehicles is Upon Us.

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge...
Blog

Are passwords really as safe as we think?

Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are...
Blog

2022 in Cybersecurity – That’s a Trap

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year. Every year,...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of December 19, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of December 19th, 2022. I’ve also included some comments on these stories. NIST Recommends upgrading from SHA-1 The SHA-1...
Blog

Don't click too quick! FBI warns of malicious search engine ads

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine...
Blog

Tripwire Patch Priority Index for November 2022

Tripwire's November 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Office, Word, and Excel that resolve 8 vulnerabilities, including remote code execution, information disclosure, and security feature bypass vulnerabilities. Up next are...
Blog

Insight into The 2022 Vulnerability Management Report

This year marks the release of the first 2022 Vulnerability Management Report from Fortra. The report, which was conducted in September 2022, is based on a comprehensive survey of over 390 cybersecurity professionals with the goal of gaining insights into the latest trends, key challenges, and vulnerability management solution preferences. ...
Blog

Simple Steps to Avoid Phishing Attacks During This Festive season

There’s usually a surge in online activities during festive periods. People place gift orders and send funds to loved ones, and organizations roll out offers that reflect the spirit of the festivity. Threat actors will usually take advantage of this activity to sneak past your defenses. By convincingly impersonating any of these legitimate offers,...
Blog

Beware a Swarm of Scams this Holiday Season

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that...
Blog

National Cyber Security Centre (NCSC) annual review 2022: Highlights and thoughts

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK....