Resources

Blog

Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud

By Zoë Rose on Tue, 08/18/2020

“Send it to the cloud” has been the increasingly common response over the years for dealing with the issue of how to handle massive amounts of data. On one side, I understand it. Another infrastructure owned by a third party who has teams dedicated to implementing security by design, continuous testing and validation – this all sounds attractive. ...

Blog

Carnival Reveals It Detected a Ransomware Attack on Its Systems

By David Bisson on Tue, 08/18/2020

British-American cruise operator Carnival Corporation & plc revealed it had detected a ransomware attack on some of its IT systems. In a regulatory filing submitted to the U.S. Securities and Exchange Commission (SEC), Carnival revealed that it had detected a ransomware attack on August 15. A...

Blog

Security Execs’ Advice on Overcoming the Challenges of Remote Work

By Joe Pettit on Mon, 08/17/2020

At the outset of the global coronavirus 2019 (COVID-19) pandemic, many organizations decided to enforce social distancing by requiring that their employees begin working from home. This decision changed the fundamental way in which many employees were accustomed to working. It also created new security challenges for organizations that had larger...

Blog

From Customer to Employee – A Tripwire Journey

By Joe Pettit on Mon, 08/17/2020

Tripwire is very much household name within the cybersecurity community. It's been around from the early days of creating intrusion detection software that would later be known as File Integrity Monitoring (FIM) all the way through to deploying a portfolio of products that focuses on SCM, Vulnerability Management, Asset Management, Industrial...

Blog

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

By David Bisson on Mon, 08/17/2020

Malicious actors launched credential stuffing attacks that targeted Canada's GCKey service and Canada Revenue Agency (CRA) accounts. On August 15, the Treasury Board of Canada Secretariat announced that the Government of Canada was in the process of responding to a series of credential stuffing...

Blog

SCM: Understanding Its Place in Your Organization’s Digital Security Strategy

By David Bisson on Sun, 08/16/2020

Digital attackers can compromise a system in a matter of minutes. But it generally takes organizations much longer to figure out that anything has happened. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that more than half of large organizations took days or even months to detect a security incident....

Blog

NCSC Shut Down 300K URLs Linked to Investment Scams in 4 Months

By David Bisson on Fri, 08/14/2020

The National Cyber Security Centre (NCSC) revealed it had shut down more than 300,000 URLs that linked to investment scams in a four-month period. In a news bulletin published on August 14, NCSC warned users to be on the lookout for investment scams. Many of these ruses began with fake news articles...

Blog

Integrating the Risk Management Framework (RMF) with DevOps

By Anastasios Arampatzis on Thu, 08/13/2020

Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to the...

Blog

CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page

By David Bisson on Thu, 08/13/2020

The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages. On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A): The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber...

Blog

Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

By Tripwire Guest Authors on Wed, 08/12/2020

It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many...

Blog

Google App Engine, Azure App Service Abused in Phishing Campaign

By David Bisson on Wed, 08/12/2020

A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims' Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link "https://bitly[.]com/33nMLkZ" distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain "https:/...

Blog

Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

By Editorial Staff on Wed, 08/12/2020

Cloud misconfigurations are no laughing matter. In its "2020 Cloud Misconfigurations Report," DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% of IaaS issues go unreported...

Blog

Managing Information Security Skepticism by Changing Workplace Culture

By Tripwire Guest Authors on Tue, 08/11/2020

Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals! Naturally, it’s hard for people to get behind something...

Blog

VERT Threat Alert: August 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/11/2020

Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed...

Blog

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

By David Bisson on Tue, 08/11/2020

Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their...

Blog

The Importance of Content for Security Tools like Tripwire

By Editorial Staff on Mon, 08/10/2020

Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning...

Blog

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

By David Bisson on Mon, 08/10/2020

Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that...

Blog

The State of Civil Aviation Cybersecurity

By Anastasios Arampatzis on Sun, 08/09/2020

Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly...

Blog

Emotet Botnet Named 'Most Wanted Malware' for July 2020

By David Bisson on Fri, 08/07/2020

The Emotet botnet earned the title of "most wanted" malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm's Global Threat Index for that month. Emotet launched...

Blog

The Center for Internet Security (CIS) Use Cases and Cost Justification

By Michael Betti on Thu, 08/06/2020

Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “This is a football.” In football, as in life and IT Security, starting with the basics is the most important step...

Taking Care of Your Data Responsibilities in a Shared Responsibility Model in the Cloud

Carnival Reveals It Detected a Ransomware Attack on Its Systems

Security Execs’ Advice on Overcoming the Challenges of Remote Work

From Customer to Employee – A Tripwire Journey

Credential Stuffing Attacks Targeted GCKey, CRA Accounts

SCM: Understanding Its Place in Your Organization’s Digital Security Strategy

NCSC Shut Down 300K URLs Linked to Investment Scams in 4 Months

Integrating the Risk Management Framework (RMF) with DevOps

CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page

Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods

Google App Engine, Azure App Service Abused in Phishing Campaign

Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud

Managing Information Security Skepticism by Changing Workplace Culture

VERT Threat Alert: August 2020 Patch Tuesday Analysis

New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers

The Importance of Content for Security Tools like Tripwire

Phishers Send Out Fake cPanel Security Vulnerabilities Advisory

The State of Civil Aviation Cybersecurity

Emotet Botnet Named 'Most Wanted Malware' for July 2020

The Center for Internet Security (CIS) Use Cases and Cost Justification

Contact Information

Privacy Policy

Cookie Policy

Impressum