Resources

Blog

The Changing State of Cybersecurity: 5 Data-Backed Predictions

Cybersecurity is never static, and that’s especially true today. After widespread and frequent disruptions in the past few years, the cyber defense landscape is shifting. Favored attack vectors are changing, new threats are emerging, and organizations are rethinking their cybersecurity focus. Staying safe in the next few years requires an...
Blog

How to Take Care of Yourself When Things Go Wrong: Self-Care Tips When Dealing with a Cyber Attack

One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again. When responding to a...
Blog

Prioritizing Cybersecurity Throughout All Web Development Sprints

No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making cybersecurity a priority throughout every development sprint cycle is necessary to combat the tide of digital attacks threatening the modern web. But how can you...
Blog

The Winter Olympics and Cybercrime: Caution Is Urged

Hosting the Olympics is always a source of national pride for any nation chosen to do so. Whether in winter or summer, the prestige of the world’s eyes being on an event that transcends political differences and has sport at the fore is a prize many countries and regions aspire to achieve. This all sounds fantastic and at one level is exactly what...
Blog

Government agencies warn of sophisticated, high-impact ransomware

A surge in "sophisticated, high impact" ransomware attacks has prompted the United States's Cybersecurity and Infrastructure Security Agency (CISA), the UK's National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 7, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 7, 2022. I've also included some comments on these stories. Mac Trojan Comes with Expanded Ability to Drop...
Blog

Upgrade From Whitelist Profiler to Tripwire State Analyzer

If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is...
Blog

OT Vulnerability Management: A Risk-Based Approach

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact,...
Blog

VERT Threat Alert: February 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 31, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Update Force-Pushed to Protect...
Blog

Your Cell Phone and Your Identity: Keeping Your PII Safe

Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in...
Blog

Privacy in 2021: A Year Worth Reviewing

With two new U.S. State privacy laws, new Standard Contractual Clauses out of the EU, more GDPR-style laws passed around the globe, and record data protection fines, 2021 provided plenty of fodder for an end-of-year review. U.S. Domestic: A Summary Despite a growing consensus on the need for comprehensive privacy in the United States, lawmakers...
Blog

BlackCat ransomware - what you need to know

What is this BlackCat thing I've heard about? BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. What makes BlackCat different from other ransomware-as-a-service providers? Like other...
Blog

Tripwire Patch Priority Index for January 2022

Tripwire's January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability (CVE-2021-44228). This...