Resources

How to Pick the Right Solution for FISMA SI-7 Compliance
Blog

How to Pick the Right Solution for FISMA SI-7 Compliance

By Megan Freshley on Mon, 03/11/2019
It can be hard to know how to best allocate your federal agency’s resources and talent to meet FISMA compliance, and a big part of that challenge is feeling confident that you’re choosing the right cybersecurity and compliance reporting solution. A Few FISMA SI-7 Basics So what sorts of specifications do you need to look for, and why? While the...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Vulnerabilities in Two Smart Car Alarm Systems Affected 3M Vehicles

By David Bisson on Fri, 03/08/2019
Two smart car alarm systems suffered from critical security vulnerabilities that affected upwards of three million vehicles globally. Researchers at Pen Test Partners independently assessed the security of products developed by Viper and Pandora, two of the world's largest and most well-known vendors of smart car alarms. With both systems, they...
Blog

International Women’s Day: Brexit, Skills-Gap and #BalanceforBetter in the Cybersecurity Industry

By Editorial Staff on Thu, 03/07/2019
This year’s International Women's Day 2019 theme of #BalanceforBetter is a positive call-to-action to drive gender balance across the world. This year’s campaign states that “the race is on” for a gender-balanced boardroom and gender balance amongst employees. I admire the #IWD2019’s rallying call to put on our running shoes. With the economic uncertainty of Brexit looming, we certainly need to...
Blog

The Election Fix: Upgrading Georgia’s Electronic Voting Machines

By Craig Young on Wed, 03/06/2019
Electronic voting systems are touted as a modern solution for fast and accurate vote tallies, but without appropriate safeguards, these systems run the very serious risk of eroding public confidence in election results. In Georgia, we’ve been using the iconic AccuVote TSX machines from Diebold for as long as I’ve lived here. The way it works with this system is that voters are given a ‘smart’ card...
Shifting Left Is a Lie... Sort of
Blog

Shifting Left Is a Lie... Sort of

By Former Tripwire Employee on Wed, 03/06/2019
It would be hard to be involved in technology in any way and not see the dramatic upward trend in DevOps adoption. In their January 2019 publication “Five Key Trends To Benchmark DevOps Progress,” Forrester research found that 56 percent of firms were ‘implementing, implemented or expanding’ DevOps. Further, 51 percent of adopters have embraced...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Various Membership Plans Offered by Jokeroo Ransomware-as-a-Service

By David Bisson on Wed, 03/06/2019
The Jokeroo ransomware-as-a-service (RaaS) offers various membership plans through which would-be digital criminals can become affiliates. In his analysis of the ransomware-as-a-service, Bleeping Computer creator and owner Lawrence Abrams found that Jokeroo differs from similar platforms in that it offers at least three different membership tiers....
Why Is Penetration Testing Critical to the Security of the Organization?
Blog

Why Is Penetration Testing Critical to the Security of the Organization?

By Cory Plummer on Tue, 03/05/2019
A complete security program involves many different facets working together to defend against digital threats. To create such a program, many organizations spend much of their resources on building up their defenses by investing in their security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM) and log...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

New CryptoMix Clop Ransomware Variant Claims to Target Networks

By David Bisson on Tue, 03/05/2019
A new variant of the CryptoMix Clop ransomware family claims to target entire networks instead of individual users' machines. Security researcher MalwareHunterTeam discovered the variant near the end of February 2019. In their analysis of the threat, they noticed that the ransomware came equipped with more email addresses than previous versions of...
Tripwire Patch Priority Index for August 2022
Blog

Tripwire Patch Priority Index for February 2019

By Lane Thames on Mon, 03/04/2019
Tripwire's February 2019 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 23 vulnerabilities, including fixes for Memory Corruption, Elevation of Privilege, Spoofing, Security Feature...
Fine-Tuning Cybersecurity with the ATT&CK Framework
Blog

Fine-Tuning Cybersecurity with the ATT&CK Framework

By Lane Thames on Mon, 03/04/2019
This Thursday, March 7, 2019, I’ll be facilitating a Learning Lab titled Fine Tuning Your Cyber-Defense Technologies with the ATT&CK Framework at the 2019 RSA Conference in San Francisco, CA. This will be my fourth time speaking at RSA, and this will be my second time facilitating a learning lab, which I'm happy about. I really enjoy the learning...
Coinhive, the in-browser cryptomining service beloved by hackers, is dead
Blog

Coinhive, the in-browser cryptomining service beloved by hackers, is dead

By Graham Cluley on Thu, 02/28/2019
If you think back to last year, Coinhive was everywhere. The service offered any website an arguably legitimate way of generating income that didn't rely upon online adverts. And plenty of well-known sites, such as Showtime, Salon.com and The Pirate Bay, were happy to give it a go. Rather than making money through ads that might irritate you or...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Ring Doorbell Fixes Flaw that Allowed Attackers to Spy on, Inject Footage

By David Bisson on Thu, 02/28/2019
Ring Doorbell has patched a flaw that allowed attackers to spy on and inject their own application footage, thereby undermining users' home security. Researchers at Dojo, Bullguard's Internet of Things (IoT) security team, discovered the vulnerability while performing an independent security assessment of the smart doorbell. They began their...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

New 'Farseer' Malware Designed to Spy on Windows Users

By David Bisson on Wed, 02/27/2019
Researchers have uncovered a new family of malware called "Farseer" that's designed to conduct surveillance against Windows users. Discovered by Palo Alto Networks, Farseer works by using a technique known as "DLL sideloading" to drop legitimate, signed binaries to the host. These binaries usually consist of trusted applications that don't raise...
Trends in Industrial Control Systems Cybersecurity
Blog

Trends in Industrial Control Systems Cybersecurity

By Anastasios Arampatzis on Wed, 02/27/2019
With connectivity to the outside world growing, cyber attacks on industrial computers constitute an extremely dangerous threat, as these types of incidents can cause material losses and production downtime for a whole system. Moreover, industrial enterprises knocked out of service can seriously undermine a region’s social welfare, ecology and...
Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack
Blog

Online Bidding Phishing Schemes Targeting U.S. Government Contractors

By David Bisson on Tue, 02/26/2019
A couple of phishing schemes are currently targeting contractors who do business with two U.S. federal government agencies. Anomali Labs uncovered a malicious server hosting the two schemes in late February 2019. The first scheme begins when users visit transportation[.]gov[.]bidsync[.]kela[.]pw, a suspicious-looking subdomain which contains the...
Do Security Cameras Undermine your Authentication?
Blog

Do Security Cameras Undermine your Authentication?

By Tripwire Guest Authors on Tue, 02/26/2019
For various reasons, many executives and senior team members with privileged status on the network and/or access to financial assets oftentimes need to access corporate IT systems from a public place outside the office. What is very common in these types of places is that they’re covered with security cameras. Such devices are a must-have for...