Resources

Blog

VERT Threat Alert: January 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While...
Blog

Tripwire Patch Priority Index for December 2023

Tripwire's December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024...
Blog

How to Reduce Your Attack Surface

What is an Attack Surface? An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain...
Blog

How Does PCI DSS 4.0 Affect Web Application Firewalls?

The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance....
Blog

Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam

Anyone can get scammed. If you think you're somehow immune to being scammed, then, in my opinion, you're a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it's only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou. Bill Lou is the CEO and co...
Blog

CI/CD Security: Advanced Best Practices to Secure Your Pipelines

Continuous Integration and Continuous Delivery (CI/CD) security has become crucial to modern software development practices. As the speed of software development increases with DevOps and Agile methodologies, there is a growing need to ensure the integrity of software across the entire development pipeline. CI/CD security encompasses the practices,...
Blog

Is Cybercrime Only Going to Get Worse?

At the turn of the millennium, few people were worried about cybercrime. The Good Friday Agreement had just come into effect, the US expelled a Russian diplomat for spying, and the threat of the Y2K bug loomed. ILOVEYOU, the computer worm that catapulted cybercrime into the public consciousness, was still five months away. Today, things couldn't be...
Blog

What Is the Future and Technology of Zero Trust?

What Is the Future and Technology of Zero Trust? In the dynamic realm of cybersecurity, the future of Zero Trust unfolds with promises and challenges. In the second part of the Zero Trust series, we explore the insights from industry experts, contemplate the intersection of trust and security, and chart a course for the evolving landscape of...
Blog

Getting the Board on Board: Explaining Cybersecurity ROI

Despite increasing data breaches, ransomware attacks, and assorted cyber threats, convincing the Board of Directors to invest in robust cybersecurity isn't always easy for many businesses. The challenge originates mainly from the need to demonstrate a quantifiable Return On Investment (ROI) from any cybersecurity initiative. Many Boards...
Blog

Cloud Security Optimization: A Process for Continuous Improvement

Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage to network capabilities. The cloud optimization process involves...
Blog

2023 Business Impact Report: Small Businesses and Cyberattacks

We live in a highly digitized world, and small businesses and solopreneurs have become prime targets for cybercriminals. The 2023 Business Impact Report, conducted by the Identity Theft Resource Center (ITRC), sheds light on a concerning trend: a sharp rise in cyberattacks on these smaller entities. This annual report reveals that 73% of small...
Blog

What Role Does Cybersecurity Awareness Play in Education?

Cybersecurity is an essential consideration for any organization that deals in the digital sphere on any level, and the education sector is no exception. In recent years, the global pandemic and technological advances have led to a massive shift toward online learning, which has posed a number of challenges to educators and administrators. ...
Blog

Tips, Tricks and Updates for Tripwire’s State Analyzer

At the recent Tripwire Energy and NERC Compliance Working Group, we held a session to demonstrate some tips and tricks to make the latest Tripwire State Analyzer (TSA) work better for your organization. The newest State Analyzer version is 1.5.2, which offers features that align it with most of the latest systems and practices. It also includes...
Blog

AI's Emerging Role in the Fight Against Intellectual Property Theft

In an era where knowledge and creativity are the cornerstones of progress, intellectual property (IP) is not just a legal asset but the very lifeblood that sustains business innovation, competitiveness, and growth. However, as we march deeper into the digital age, the specter of intellectual property theft looms larger than ever, posing a formidable...
Blog

The History of Patch Tuesday: Looking back at the first 20 years

One of the most critical aspects of cybersecurity is ensuring that all software is kept up to date with the latest patches. This is necessary to cover any vulnerabilities that cybercriminals could take advantage of in order to infiltrate an organization and launch an attack. With the volume of updates and the effort needed to install and configure...
Blog

Guide to Creating a Robust Website Security Incident Response Plan

Earlier this year, the SEC proposed a new set of rules on cybersecurity governance, which would require public companies to make appropriate disclosures of cyber risks and management procedures. Although the amendments target the financial sector, it is one more evidence of the fact that cybersecurity is no longer a backburner component of business...
Blog

#TripwireBookClub – The Rust Programming Language

Most of the team that I work with on a daily basis is heavily invested in Python. As such, it was difficult to find people interested in reading The Rust Programming Language, 2nd Edition. In the end, two members of the team tackled the book, and it took them longer to complete the read than I would have expected. While I picked up the book, I just...
Blog

Google Forms Used in Call-Back Phishing Scam

What's happened? Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns. Call-back phishing? Traditional phishing emails might contain a malicious link or attachment, and lure recipients into clicking on them via social engineering techniques. Call-back phishing dupes unsuspecting victims into telephoning a...
Blog

Operational Resilience: What It Is and Why It's Important

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift....