Resources

Blog

The Four Stages to a Successful Vulnerability Management Program

Have you ever been around someone who is just better at something than you are? Like when you were in grade school and there was this person who was effortless at doing things correctly, like getting high grades? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they...
Blog

Top Tips for Moving from Compliance to Cybersecurity Excellence

Compliance should be an essential part of business operations, regardless of industry. Taking preventative measures to manage compliance and mitigate risk can feel like a hassle upfront, but it can save your organisation huge costs in the long run. Compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. However,...
Blog

What Makes Telecommunication Companies Such a Fertile Ground for Attack?

Telecommunication is the first, and most robust network ever invented. This may seem like a brazen and bold statement, but when examined closely, it is not the stuff of fantasy. Prior to the invention and development of the internet, what other way could a person pick up a device, and “dial” a few numbers and end up seamlessly connected to someone...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 11, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 11, 2022. I’ve also included some comments on these stories. Microsoft's Autopatch feature improves the patch...
Blog

Regulatory Compliance – Holding Security Back or Forcing us to Reassess old biases?

A recent survey conducted by IBM and Censuswide of the UK market explored some of the drivers for modernisation and revealed some interesting challenges that organisations currently face as more and more businesses expand their digital boundaries. The most interesting finding was the that one of the drivers for modernisation (according to 28% of participants in the survey) was “Changing industry...
Blog

US Government warns of new malware attacks on ICS/SCADA systems

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure. In a joint cybersecurity advisory issued by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA...
Blog

Thank you for everything Mike. We'll miss you.

Within VERT, we are rapidly approaching the release of our 1000th ASPL package. For those unfamiliar with the term “ASPL Package”, we are fast approaching the 1000th time that we delivered vulnerability content to customers. There’s an entire blog post planned around that in a few weeks as it is quite the milestone and accomplishment for the team,...
Blog

Tripwire & FoxGuard: Patching for compliance and security

There’s a saying in the cybersecurity community which states that just because you are compliant doesn’t mean that you are secure. Over the years, many images have been used to illustrate the point. One memorable image is that of a nude bicyclist wearing a helmet. By all standards, that is the epitome of “compliant, but not secure”. Many...
Blog

VERT Threat Alert: April 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th. In-The-Wild & Disclosed CVEs CVE-2022-24521 While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 4, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 4, 2022. I’ve also included some comments on these stories. Borat RAT, a new RAT that performs ransomware and DDoS...
Blog

Why Privacy Matters in Cybersecurity

In this episode, Jarell Oshodi, Deputy Chief Privacy Officer for the Centers for Disease Control and Prevention, discusses the role of privacy in the cybersecurity field. As an attorney, she brings a unique perspective to the conversation on how we can work better with our privacy officers. https://open.spotify.com/episode/6I9ixrw6IDnWdnHKiNU3e7...
Blog

Ultimate Guide to CPRA for US Businesses

To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws. Moreover, users have become increasingly aware and educated about their rights online, especially...
Blog

Companies are more prepared to pay ransoms than ever before

A new report, which surveyed 1200 IT security professionals in 17 countries around the world, has shone a light on a dramatic rise in the number of organisations willing to pay ransoms to extortionists. The ninth annual Cyberthreat Defense Report (CDR), produced by CyberEdge Group, shows that not only has there been a substantial increase in the...
Blog

Tripwire Patch Priority Index for March 2022

Tripwire's March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework. First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any...
Blog

What Is the Role of Incident Response in ICS Security?

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories. Muhstik Botnet Targeting Redis Servers Using Recently...