Resources

Blog

The Great Cybersecurity Resignation

In 2022, the buzz phrase of the year has to be “The Great Resignation”. What is it? It’s a term coined to describe the current rise in people leaving their employer to find work elsewhere. But people have always moved on, right? Of course they have. Staff retention rates have always been a target for most HR functions. But something is different in...
Blog

VERT Threat Alert: July 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Blog

File Integrity Monitoring (FIM): Your Friendly Network Detective Control

Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout. After accessing a network, the attacker maintains ongoing access by essentially stirring through the compromised environment and obtaining increased privileges (known as “escalation of privileges”) using various tools and...
Blog

Defending Aircraft Networks Against Cybersecurity Breaches

The aviation industry is both vast and complex. More than 45,000 flights and 2.9 million passengers travel through U.S. airspace every day, requiring high-tech tools and extensive communications networks. All of that data and complexity makes the sector a prime target for cybercriminals. Worryingly, only 49% of non-governmental organizations have...
Blog

Using DevSecOps for Efficient IT Security

DevSecOps is the key to achieving effective IT security in software development. By taking a proactive approach to security and building it into the process from the start, DevSecOps ensures improved application security. It also allows organizations to rapidly develop application security with fewer bottlenecks and setbacks. Some critical aspects...
Blog

Lockdown Mode: Apple to protect users from targeted spyware attacks

Apple has previewed a new feature which aims to harden high-risk users from the serious threat of being spied upon by enemy states and intelligence agencies. "Lockdown Mode" is scheduled to arrive later this year with the release of Apple iOS 16 and macOS Ventura. It's an optional feature for users who believe their computers and smartphones face a...
Blog

PCI 4.0: The wider meanings of the new Standard

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...
Blog

The True Cost of a Security Breach

There have been many articles about the cost of a security breach. With the emergence of privacy regulations that assign penalties based on a business’ profit, or those that calculate a value for each compromised record, it is possible to calculate the cost of a breach based on those metrics. However, it would seem that these hard numbers are not...
Blog

The Need of Privacy Certifications for Lawyers

The widespread adaptability and integration of tools and the professionals who can effectively use them to comply with the law will significantly impact the careers of both lawyers and other legal personnel. One of the fastest-growing areas in the legal profession in the United States is Privacy Law. Privacy certifications endorse attorneys as...
Blog

Black Basta ransomware - what you need to know

What is Black Basta? Black Basta is a relatively new family of ransomware, first discovered in April 2022. Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations - first exfiltrating data from targeted companies, and then encrypting files on the firm's computer systems....
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog

Penetration Testing in 2022: Key Trends and Challenges

Just when you thought that we couldn’t be any more integrated with (and dependent on) technology, the Covid pandemic swooped in to prove otherwise. The rise in the use of applications and devices to perform even basic functions pushed companies and end-users to keep pace. Of course, one group of people always seem to be ready: cybercriminals. Cyber...
Blog

The Role of IAM in Maintaining Cloud Security

Cloud computing is an effective solution for large and small companies across every industry. There has been rapid adoption due in large part to its accessibility, flexibility, and reliability. The cloud environment brings a significant amount of benefits, but at the same time, it can expose businesses to various alarming cybersecurity risks. A...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...
Blog

How to Protect Your Remote Workforce from a Cyberattack

Earlier this year, an industry report stated that 79% of businesses remain concerned about the security risks of an increasingly remote workforce. Cyberattacks are on the rise since the COVID-19 pandemic, in part because many organizations fail to put in place adequate cybersecurity measures and procedures. In addition, there is a worldwide...
Blog

COVID Text Scam Warning from National Health Service (NHS)

The UK's National Health Service (NHS) has warned the public about a spate of fake messages, sent out as SMS text messages, fraudulently telling recipients that they have been exposed to the Omicron variant of COVID-19. In a tweet, the NHS said that it had seen reports of text messages that claimed to come from the NHS, telling recipients that they...