Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we...
Blog
AI/ML Digital Everest: Dodging System Failure Summit Fever
By Sandy Dunn on Mon, 04/08/2024
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors.
Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks...
Blog
Tripwire Patch Priority Index for March 2024
By Lane Thames on Wed, 04/03/2024
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.
First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog....
Blog
Managed Cybersecurity Services Secure Modern Environments
By Troy Thompson on Mon, 03/25/2024
In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground.
Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored...
Datasheet
What Makes Fortra’s Tripwire Different
Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Blog
Critical insights into Australia’s supply chain risk landscape
By Anirudh Chand on Tue, 03/19/2024
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies.
From July to December 2023, 483 data...
Blog
VERT Threat Alert: March 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE Breakdown by Tag
While...
Blog
#TripwireBookClub – Black Hat GraphQL
By Tyler Reguly on Mon, 03/04/2024
The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks. The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.”
As someone who works primarily with REST APIs, I was...
Blog
Tripwire Patch Priority Index for February 2024
By Lane Thames on Mon, 03/04/2024
Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024...
Blog
VERT Threat Alert: February 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 02/13/2024
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-21351
This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses...
Blog
3 Tips for Enterprise Patch Management
By Lane Thames on Tue, 02/13/2024
With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components...
Blog
Tripwire Patch Priority Index for January 2024
By Lane Thames on Mon, 02/05/2024
Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian.
First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. For...
Blog
Tips for Ensuring HIPAA Compliance
By Tripwire Guest Authors on Wed, 01/17/2024
Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private.
At the heart of this privacy challenge...
Blog
Why Therapists need Data Protection and Cybersecurity
By Gary Hibberd on Tue, 01/16/2024
Cybersecurity in Mental Healthcare - The Overlooked Risk
Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to.
It should be noted...
Blog
Critical flaw found in WordPress plugin used on over 300,000 websites
By Graham Cluley on Mon, 01/15/2024
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control.
Security researchers Ulyses Saicha and Sean Murphy found two critical flaws in the POST SMTP Mailer plugin.
The first flaw made it possible for attackers to reset the plugin's authentication API key and view...
Blog
VERT Threat Alert: January 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 01/09/2024
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE Breakdown by Tag
While...
Blog
Tripwire Patch Priority Index for December 2023
By Lane Thames on Tue, 01/09/2024
Tripwire's December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024...
Blog
How to Reduce Your Attack Surface
By Tripwire Guest Authors on Mon, 01/08/2024
What is an Attack Surface?
An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain...
Blog
The History of Patch Tuesday: Looking back at the first 20 years
By Tyler Reguly on Tue, 12/19/2023
One of the most critical aspects of cybersecurity is ensuring that all software is kept up to date with the latest patches. This is necessary to cover any vulnerabilities that cybercriminals could take advantage of in order to infiltrate an organization and launch an attack. With the volume of updates and the effort needed to install and configure...