Resources

Blog

Building a More Secure Cloud: 5 Strategies for 2022

Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes with many security benefits, it also carries unique concerns. As the cloud becomes increasingly central to business operations, cloud security should be a priority....
Blog

ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as...
Blog

Protecting Against Bad Chemistry (with Cybersecurity)

Do you recall one of the first really fun chemistry experiment you performed as a child? If your school followed the usual curriculum, then you probably made a model volcano and then added some baking soda to the opening, followed by the addition of vinegar. A variation of this experiment was to add the ingredients to a plastic bottle, then...
Blog

Tripwire Patch Priority Index for May 2022

Tripwire's May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and a security feature bypass vulnerability for Office. Up next are patches that affect components of the Windows operating systems. These patches...
Blog

Ransomware demands acts of kindness to get your files back

The great thing about working in the world of cybersecurity is that there's always something new. You may think you've seen it all, and then something comes along that completely surprises you. And that's certainly true of the GoodWill ransomware, which security firm CloudSEK described this week. In fact, the GoodWill ransomware stands out so much...
Blog

A Problem Like API Security: How Attackers Hack Authentication

There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist...
Blog

How Can OEMs Reduce Their Risk of Cyberattacks?

Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities. While much of the focus has remained on manufacturers and how they can bolster their...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories. Watch Out! Hackers Begin Exploiting Recent Zyxel...
Blog

Regulatory Compliance in the Cloud: What you Need to Know 

Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services. For hosted infrastructure, “catching up” presents an interesting set of challenges since cloud managed...
Blog

#TripwireBookClub – Go H*ck Yourself

After a busy start to the year, we were finally able to settle down and take a look at a new book. This time around, we’re looking at Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense by Bryson Payne. The No Starch Press page describes the book as “an eye-opening, hands-on introduction to the world of hacking, from an award...
Case Study

Tripwire Helps Girl Scouts 'Be Prepared' to Meet Growing Security Needs

The Girl Scouts of the USA was founded in 1912 to empower girls and teach values by encouraging participation in a wide variety of new activities. The instantly recognizable motto of “Be Prepared” extends across every aspect of the organization, including its change and compliance management strategies. We don’t approach compliance as an isolated event or as a necessity at the time of an audit...
Blog

Phishing gang that stole over 400,000 Euros busted in Spain

Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects. According to police, the phishing ring defrauded some 146 victims, stealing at least 443,600 Euros from online bank accounts. Victims were tricked...
Blog

Malicious hackers are finding it too easy to achieve their initial access

It should be hard for malicious hackers to break into systems, but all too often it isn't. That's a takeaway from a joint cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and FBI, and their counterparts in Canada, New Zealand, the Netherlands, and United Kingdom. The advisory, which is titled ...
Blog

Your social media account hasn’t been hacked, it’s been cloned!

A recent Facebook post from a family member made me realize that I needed to write about an overused term. A term, that when used, causes chaos and concern. I don’t blame the family member for using it, I’ve seen it used hundreds of times over the past few years and I’ve seen IT and cybersecurity professionals respond without correcting, even, on...
Blog

Adding visibility to the invisible: securing your automated systems

Have you ever dined in a restaurant with a police officer? When choosing a table, or seating location, law enforcement professionals will often choose the seat that positions them with their back to the wall. This plays out quite humorously when a group of law enforcement professionals dine together, all racing toward that coveted “protected”...
Blog

2022 Q1 Privacy Update — A new year sparks new initiatives

The first months of 2022 began slowly for privacy, but by the end of the first quarter we had our marching orders for the rest of the year. In the U.S., we saw an explosion of state privacy bills being put forward (again), the Senate utilized a seldom used maneuver to push President Biden’s Federal Trade Commission nominee through to confirmation,...
Blog

VERT Threat Alert: May 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild & Disclosed CVEs Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This...