Resources

Blog

CIS Control 16: Application Software Security

The way in which we interact with applications has changed dramatically over the years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organization's application against it to bypass network security controls and...
Blog

Defending Against Ransom DDoS Attacks

DDoS attacks have become an annoyance most companies assume they may have to deal with at some point. While frustrating, minor website disruptions from small-scale hacktivist campaigns rarely create substantial business impacts. However, a particularly insidious DDoS spinoff has emerged over the past decade – one aimed at blackmail.This evolutionary milestone stems from what's called Ransom DDoS ...
Blog

The Past, Present, and Future of File Integrity Monitoring

Also known as change monitoring, File Integrity Monitoring (FIM) solutions monitor and detect file changes that could indicate a cyberattack. They determine if and when files change, who changed them, and what can be done to restore files if those changes are unauthorized. As such, FIM solutions are useful for detecting malware and achieving compliance with regulations like PCI DSS and are a...
Blog

Cybersecurity at Ports Gets a Boost with New Bipartisan Bill

Cybersecurity's role in geopolitics is growing more significant by the day. In a world of increasingly sophisticated cyber threats, governments worldwide are recognizing the impact digital attacks can have on national security, trade, and infrastructure.This has never been more evident than with the recent introduction of the Protecting Investments in Our Ports Act by U.S. Senators John Cornyn (R...
Blog

Preventing Breaches Using Indicators of Compromise

The story of cybersecurity involves bad actors and security professionals constantly trying to thwart each other, often using newer and more advanced measures in an attempt to outdo each other. In recent years, especially, cybercriminals have evolved to include sophisticated technology and advanced tactics in their attacks. With the increasing popularity of tools and practices like artificial...
Blog

Glimmer Of Good News On The Ransomware Front As Encryption Rates Plummet

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day. The 114-page Microsoft Digital Defense Report (MMDR) looks at...
Blog

CIS Control 17: Incident Response Management

We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeed in responding to the threat.Key TakeawaysOne takeaway...
Blog

The Importance of Layered Cybersecurity Solutions

The threat of cyberattacks is at an all-time high. In fact, research shows that worldwide cybercrime costs are anticipated to reach $10.5 trillion annually by 2025. Cybercriminals threaten all, as 43% of cyberattacks target small enterprises. The rise of these threats underscores the importance of a robust cyber defense strategy, and one key way to do that is through layered cybersecurity...
Blog

Australia Considers Mandatory Reporting of Ransom Payments

New legislation is on the horizon in Australia that is set to change the way businesses deal with ransomware attacks. This law, not unlike the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in the US, aims to improve transparency when it comes to paying ransoms.There's no question that cybercrime is on the rise in the country. In its 2022/23 Annual Cyber Threat Report, the...
Blog

Five Challenges of National Information Assurance and How to Overcome Them

The National Information Assurance (NIA) Policy is a framework for offering organizations a foundation for information security management. It was designed and developed to aid organizations with the necessary steps to ensure information security, from assessing and classifying risk to choosing and implementing controls for mitigation.The NIA policy provides businesses with guidelines to support...
Blog

Analyzing the Latest APWG Phishing Activity Trends Report: Key Findings and Insights

In the second quarter of 2024, 877,536 phishing attacks were reported, a marked decrease from the 963,994 attacks reported in the first quarter of the same year. However, this might not be a reason to celebrate just yet, as this reduction might be due to the fact that email providers have made it increasingly difficult for users to report phishing attempts.Complaints and testing reveal that...
Blog

Advanced Tips for Leveraging the NIST Cybersecurity Framework for Compliance

Depending on the industry, location, and business operations of your organization, you may have any number of cybersecurity regulations to comply with. Keeping track of each law that affects your organization and the various requirements associated with them can be overwhelming, but the consequences of noncompliance are often far worse.While diligent adherence to regulatory requirements is not a...
Blog

CIS Control 18: Penetration Testing

Penetration testing is something that more companies and organizations should be considering as a necessary expense. I say this because, over the years, the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2024,” the average cost of a breach has increased 10% year over year, with the healthcare...
Blog

The Role of the NIST CSF in Cyber Resilience

Resilience is one of the hottest topics of the moment, but for good reason. For most organizations, suffering a cyberattack is a matter of when, not if. Attackers are, lamentably, always one step ahead of defenders and, as such, responding to an attack and maintaining business operations have become arguably more important than protecting an organization in the first place. The NIST Cybersecurity...
Live Event
Fortra's Tripwire is proud to sponsor the National CIO & CISO Summit which is a single day event with 35+ executive level contacts gathering for thought leadership content and networking. Join your peers and Jeff Sander from Tripwire as you learn about building a cyber resilient culture and the future of cybersecurity. ...
Blog

VERT Threat Alert: October 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43573A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected...
Blog

Nearly Half of UK Companies Are Missing Essential Cybersecurity Skills

Cybersecurity skill gaps and shortages are often cited as a major reason that many organizations fail to implement effective security tools and practices. The UK’s Department for Science, Innovation, and Technology (DSIT) conducts an annual survey of the cybersecurity labor market in order to measure trends over time.This year’s research is largely in line with previous years, though there are...
Blog

Are Your Containers Secure? Answer These 5 Questions and Find Out

What Is Container Security?Container security involves protecting containerized environments and the applications they run. As containers package applications and their dependencies, they offer consistency across different environments. However, this also raises security concerns, such as ensuring the integrity of container images, securing the runtime environment, and managing vulnerabilities in...
Blog

Justifying Compliance Tools Before a Breach Occurs

Breaches, be they accidental, careless, or malicious, are an inevitability for most companies. Depending on the industry, the consequences could range from something as minor as a little public embarrassment to hefty fines, lawsuits, expensive remediation actions, and loss of customer confidence (and, with that - business).The question is, how can compliance use this to its advantage and get a...
Blog

Tick Tock.. Operation Cronos Arrests More LockBit Ransomware Gang Suspects

International law enforcement agencies have scored another victory against the LockBit gang, with a series of arrests and the seizure of servers used within the notorious ransomware group's infrastructure. As Europol has detailed in a press release, international authorities have continued to work on "Operation Cronos", and now arrested four people, seized servers, and implemented sanctions...