Resources

12 Essential Tips for Keeping Your Email Safe
Blog

12 Essential Tips for Keeping Your Email Safe

By Katrina Thompson on Thu, 07/06/2023
Hey, did you get that sketchy email? You know, the one from that malicious hacker always trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh... A hypothetical scenario, but one that plays out every day in organizations across the globe. The truth is that it is a very real...
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NERC CIP
NIST
PCI DSS
SOX
Phishing Trends and Tactics: Q1 of 2023
Blog

Phishing Trends and Tactics: Q1 of 2023

By John Wilson on Wed, 07/05/2023
In the world of cybersecurity, there are a few constants, one of the big ones being the fact that news, innovation, and threats move fast and are constantly evolving. It is important for security professionals to stay in the loop about major developments in cybercriminal activity and the cybersecurity industry. Fortra’s PhishLabs offer resources to...
Cybersecurity
PCI DSS 4.0 Requirements 11 and 12
Blog

PCI DSS 4.0 Requirements –Test Security Regularly and Support Information Security with Organizational Policies and Programs

By Editorial Staff on Wed, 07/05/2023
The Payment Card Industry Data Security Standard (PCI DSS) has always been a massive security undertaking for any organization that has worked to fully implement its recommendations. One interesting aspect that seems to be overlooked is the focus on the Requirements, and while minimizing the testing necessities. Not only is testing part of the full...
Compliance
5-things-everyone-needs-to-know-about-grc
Blog

5 Things Everyone Needs to Know About GRC

By Anastasios Arampatzis on Tue, 07/04/2023
Over the following years, the costs associated with cybercrime, projected at $10.5 trillion annually by 2025, will exceed the estimated worldwide cybersecurity spending—$267.3 billion annually by 2026. Leadership needs to change its perspective on managing cyber risks instead of just spending more money to match the losses incurred. Cyber risk...
Cybersecurity
Compliance
Tripwire VERT Patch Priority Index
Blog

Tripwire Patch Priority Index for June 2023

By Lane Thames on Tue, 07/04/2023
Tripwire's June 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Progress MOVEit. First on the patch priority list this month are patches for the Progress MOVEit Transfer application. An exploit targeting the MOVEit vulnerability CVE-2023-34362 has been recently added to the Metasploit Exploit Framework. ...
Vulnerability & Risk Management
Cybersecurity
The Top 10 Highest Paying Jobs in Information Security – Part 1
Blog

The Top 10 Highest Paying Jobs in Cybersecurity – Part 1

By Katrina Thompson on Mon, 07/03/2023
If you’re looking for job security, look no further: The cybersecurity sector can keep you gainfully employed for a very, very long time. There are an ever-growing number of ways in which someone with cybersecurity prowess can contribute, and as digital assets continue to develop and diversify, it’s safe to say they’ll always be kept on their toes. ...
Cybersecurity
5 Essential Measures for a Business Security Plan
Blog

5 Cyber Survival Tips for Businesses

By Bob Covello on Mon, 07/03/2023
The past few years have been among the most challenging for most businesses. Lockdowns, staff reductions, and reduced revenues resulted in the demise of many businesses. For those who remained, the new onuses brought about by supply chain concerns and inflation present even greater reasons for maximum resilience in order to survive. With all the...
Vulnerability & Risk Management
Cybersecurity
On-Demand Webinar

The Do's and Don'ts of File Integrity Monitoring

Fri, 06/30/2023
File integrity monitoring (FIM) is a tried and tested security control that is now part of most major cybersecurity compliance regulations. FIM helps organizations detect system changes in real time that indicate a potential cybersecurity breach. It captures granular change details, like who made the change, when it happened, whether it was authorized, and how...
What-is-the-FFIEC-Cybersecurity-Assessment-Tool
Blog

What is the FFIEC Cybersecurity Assessment Tool?

By Josh Breaker-Rolfe on Thu, 06/29/2023
The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test designed to help institutions identify risks and gauge cybersecurity preparedness. The tool is primarily for financial and non-depository institutions, enabling organizations to make risk-driven security decisions informed by regular cybersecurity assessments and standardized risk...
Cybersecurity
Blog

Infosecurity Europe 2023 – that’s a wrap!

By Nick Hogg on Wed, 06/28/2023
This piece was originally published on Fortra’s blog. Infosecurity Europe has closed its doors for another year. The aftermath of these events can be a strange time; still reeling from the chaos of the show floor and nursing feet unaccustomed to such intense use, it’s often difficult to make sense of everything we’ve learned. But, as the old adage goes, “when in doubt, write it out.” So, I...
Cybersecurity
Is CMMC 2.0 Rollout on the Horizon?
Blog

Is the CMMC 2.0 Rollout on the Horizon?

By Tripwire Guest Authors on Wed, 06/28/2023
The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect...
Compliance
API Security: Navigating the Threat Landscape
Blog

API Security: Navigating the Threat Landscape

By Tripwire Guest Authors on Wed, 06/28/2023
An Application Programming Interface (API) is an essential and ubiquitous software that allows the exchange of information between day-to-day applications and processes, such as Software as a Service (SaaS) applications, Internet of Things (IoT) devices, universal profile login pages, and autonomous vehicles. APIs synchronize and maintain the data...
What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?
Blog

What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?

By Tripwire Guest Authors on Tue, 06/27/2023
It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the...
Cybersecurity
Industrial Control Systems
What is the Gramm-Leach-Bliley Act (GLBA)?
Blog

What is the Gramm-Leach-Bliley Act (GLBA)?

By Josh Breaker-Rolfe on Tue, 06/27/2023
The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It...
Cybersecurity
Compliance
A Sarbanes-Oxley Act (SOX) IT Compliance Primer
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

By Anthony Israel-Davis on Mon, 06/26/2023
At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley...
Compliance
Security Configuration Management
a-guide-to-5-common-twitter-scams
Blog

A Guide to 5 Common Twitter Scams in 2023

By Katrina Thompson on Mon, 06/26/2023
Elon Musk's ascension isn't the first thing to cause waves of scams on Twitter, and it certainly won't be the last. On July 20th of 2022, data belonging to over 5 million Twitter users was put up for sale on the internet underground for $30,000. The FTC reported that we've experienced a recent "gold mine for scammers" and the April bump to a 10,000...
Cybersecurity
black lotus
Blog

BlackLotus bootkit patch may bring "false sense of security", warns NSA

By Graham Cluley on Fri, 06/23/2023
The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000. The news...
Vulnerability & Risk Management
Cybersecurity
What is SCM
Blog

What Is SCM (Security Configuration Management)?

By Jeff Moline on Fri, 06/23/2023
Attackers always seek the easiest path to get into our systems and compromise data. System misconfigurations and insecure default settings are often the criminals' favorite vectors since these errors allow them easy access to critical systems and data. The rise of misconfiguration errors was primarily driven by cloud data storage implementations...