Resources

Blog

AI-generated phishing attacks are becoming more convincing

It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how...
Blog

The Heightened Importance of Cybersecurity in Mobile App Development

Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that...
Product Video

Tripwire Enterprise: Superior Security, Continuous Compliance

As a proven integrity management solution, Tripwire Enterprise can be used in many ways to keep your organization secure. This short video highlights six ways Fortra's Tripwire Enterprise can help you uplevel your security and compliance program. ...
Blog

C-Suite Security: How IT Teams Improve Security Culture

Every person in an organisation has the potential to enhance security. Physical office barriers were removed during the pandemic, exposing companies to countless vulnerabilities as attack avenues have multiplied. However, this does not mean that all was lost. What it signals is the importance of promoting a culture of security across the entire...
Blog

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are...
Blog

VERT Threat Alert: January 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th. In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir...
Blog

Is a Shift Left Approach Hurting Software and Supply Chain Security?

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software...
Blog

#TripwireBookClub – Hacking APIs

Have you ever picked up a book, thinking that you’ll put everything else aside and dive in, but a month later, the book is still sitting unread on your shelf? That’s what happened to me this year. Back in June, our research team started reading Hacking APIs: Breaking Web Application Programing Interfaces by Corey Ball together and it turns out the...
Blog

Why You Need an Offensive Security Solution

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen....
Blog

Tripwire Patch Priority Index for December 2022

Tripwire's December 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge, which resolve over 25 issues including use-after-free, type confusion, insufficient data validation, insufficient policy enforcement, and other vulnerabilities. ...
Blog

Tripwire Enterprise 9.0: What you need to know

Tripwire recently announced the release of Tripwire Enterprise (TE), version 9.0, Axon Agent 3.27, and TE Agent 9.0.0. While the full list of features may be viewed on our web site, as a product manager, I wanted to take some time to introduce some of the changes in this new release. What’s new in Tripwire Enterprise 9.0? The first significant...
Blog

Cybersecurity Interview Series: Faisal Parkar of Tripwire

We often interview seasoned veterans of security to hear their insights about cybersecurity. However, even new members of Fortra’s Tripwire team have a lot to offer about the state of security. We recently had the opportunity to speak with Faisal Parkar, who works in the Tripwire Sales Engineer department. While he may be newer to Tripwire and...
Blog

CISOs and their Boards of Directors: Viewing Cyber Risk Differently

CISOs – the senior level executives responsible for developing and implementing cybersecurity programs for corporations and other organizations – are not happy campers these days. And it’s not just because they are chronically understaffed and under constant pressure. As it turns out, Chief Information Security Officers (CISOs) often don’t see eye...
Blog

What are sandboxes? How to create your own sandbox

In the language of technology, a sandbox is a safe testing environment that is isolated from the rest of your network or system. Developers use sandboxes to test their code before deployment. In cybersecurity, suspicious and potentially unsafe programs, software, and attachments are executed in sandboxes to detect malware and to avoid any harm...
Blog

The Future of Connected, Autonomous, Shared, and Electric (CASE) Vehicles is Upon Us.

The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements. To achieve brand edge...
Blog

Are passwords really as safe as we think?

Passwords are the most basic and common authentication method used to secure access to systems. But the process of using and maintaining secure passwords for numerous platforms can be quite tedious. According to Verizon`s 2020 Data Breach Investigation Report, weak, and re-used passwords resulted in 81% of data breaches. Apart from that, there are...
Blog

2022 in Cybersecurity – That’s a Trap

Are you sitting comfortably? Then let us begin… No, this isn’t the start of some Christmas fairy tale… it’s how I begin reading most reports which cover the last 12 months in Cybersecurity, and there are quite a few to look at. But for me, the one I value most is the ENSIA Threat landscape (ETL) report, which is now in its tenth year. Every year,...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of December 19, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of December 19th, 2022. I’ve also included some comments on these stories. NIST Recommends upgrading from SHA-1 The SHA-1...
Blog

Don't click too quick! FBI warns of malicious search engine ads

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine...