Resources

Blog

Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy

If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...
Blog

Hurricane Season Scams: What you need to know

Cybercriminals are notorious for their opportunism. No situation is off limits: whether they exploit conflict and human suffering, blackmail vulnerable individuals by threatening to leak therapy notes, or even bring healthcare organizations to their knees, cybercriminals will stop at nothing to make a quick buck.Hurricane season is a particularly lucrative time of year for cybercriminals. Every...
Blog

Tripwire Patch Priority Index for July 2024

Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...
Blog

Cybersecurity: The Unsung Hero of SOX Compliance

The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age,...
Blog

3 Types of Bot Attacks to Guard Against

Bot attacks constitute a major danger to businesses and individuals. For five consecutive years, the percentage of global web traffic connected to bad bots has increased, reaching 32% in 2023, a 1.8% increase from 30.2% in 2022, while human traffic represented only 50.4%.These nefarious bots are designed to breach a system, access confidential files illegally, and disrupt normal operations, which...
Blog

$75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers

The staggering sum of US $75 million has reportedly been paid to a ransomware gang in what is believed to be the largest known ransom payment made by a cyber attack victim since records began. Researchers at Zscaler claim in a new report that the record-breaking figure was paid by an undisclosed Fortune 50 company to the Dark Angels ransomware group. The reported payment almost doubles the...
Blog

#TripwireBookClub - From its Origins to its Future: How AI Works

In our continuing series of book reviews, the Fortra team read How AI Works: From Sorcery to Science by Ronald T. Kneusel. The book is advertised as unraveling “the mysteries of artificial intelligence, without the complex math and unnecessary jargon.”I really enjoyed how the book began with an AI Overview. As a hot sauce fan, I found it amusing that the first example utilized a hot sauce factory....
Blog

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...
Blog

8 Daily Practices to Avoid Cybersecurity Burnout

Burnout happens when job demands such as workload, time pressure, and difficult clients are high, as well as when job resources, including quality leadership, autonomy and decision authority, recognition, and strong relationships, are lacking. The field of cybersecurity is particularly difficult, but that doesn't mean burnout is inevitable, and it doesn't mean you can't recover after experiencing...
Blog

Navigating PCI DSS 4.0: Your Guide to Compliance Success

The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....
Blog

SEXi / APT Inc Ransomware - What You Need To Know

SEXi? Seriously? What are you talking about this time?Don't worry, I'm not trying to conjure images in your mind of Rod Stewart in his iconic leopard print trousers. Instead, I want to warn you about a cybercrime group that has gained notoriety for attacking VMware ESXi servers since February 2024.Excuse me for not knowing, but what is VMWare EXSi?EXSi is a hypervisor - allowing businesses who...
Blog

The Dual Impact of AI on Power Grids: Efficiency and Vulnerability

Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity risks.Attacks against critical infrastructure are becoming more common. As energy authorities ramp...
Blog

The Importance of Ethics in Cybersecurity

Cybersecurity has become an integral part of our daily lives, impacting everyone around the world. However, the question arises: are rules and regulations alone sufficient to make cyberspace secure? Ethics, which are the principles that guide our decisions and help us discern right from wrong, play a crucial role in this context. They aim to create positive impacts and promote the betterment of...
Blog

Securing Diverse Environments: Security Configuration Management

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it's crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or outsourced solutions, each environment presents unique security challenges that require...
Blog

MitM Attacks: Understanding the Risks and Prevention Strategies

As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use to take over our online communications.The best way to stay safe online is with a better understanding of the problems caused by these digital attacks and...
Blog

5 Stages of Vulnerability Management Program Best Practices

Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology (NIST) defines a vulnerability as, “Weakness in an information system, system security procedures, internal controls, or implementation that...
Blog

What are the Current Trends in Cloud Technology?

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.But what are the trends currently defining the cloud computing market? According to Donnie...
Blog

HardBit Ransomware - What You Need To Know

What's happened?A new strain of the HardBit ransomware has emerged in the wild. It contains a protection mechanism in an attempt to prevent analysis from security researchers.HardBit? I think I've heard of that before.Quite possibly. HardBit first emerged in late 2022, and quickly made a name for itself as it attempted to extort ransom payments from corporations whose data it had encrypted.That...
Blog

Looking for a Job in Cyber? Tips and Advice From the Pros

A career in cybersecurity can be rewarding, challenging, and, frankly, lucrative. But it's not the easiest industry to break into: the skills required for a cybersecurity role are both niche and specific, the bar for entry is relatively high, and there are very few entry-level jobs available. But don't be disheartened. The cybersecurity industry is crying out for fresh talent. With hard work, a...
Blog

The Role Regulators Will Play in Guiding AI Adoption to Minimize Security Risks

With Artificial Intelligence (AI) becoming more pervasive within different industries, its transformational power arrives with considerable security threats. AI is moving faster than policy, whereas the lightning-quick deployment of AI technologies has outpaced the creation of broad regulatory frameworks, raising questions about data privacy, ethical implications, and cybersecurity. This gap is...