Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches for Microsoft...

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us...

Cloud Security Challenges Organizations embracing cloud environments must understand that cloud applications and services have become popular targets for cybercriminals. A few notable and inherent risks with cloud deployments include: API Vulnerabilities Unfortunately, API exploits are on the rise, costing organizations dearly. Whether it’s...

This piece was originally published on Fortra’s AlertLogic.com Blog. If you’re building an application, you want to ensure it’s reliable, consistent, and rapidly deployable in any cloud environment. That’s what containers are used for — packaging instructions into a digital object for reuse. Without them, you’ll struggle to run some application...

The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add...

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been...

This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the internet gives workforce...

Many organizations have either been formed in, or have migrated to cloud-based environments due to the efficiency, flexibility, mobility, cost savings, and other benefits. The majority of applications that are used today are incorporated with the cloud. Most of our data and processes exist in the cloud. But simple as it is, just uploading your files...

The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report provides a data...

Electrical grid security has been getting a lot of attention recently. It started fairly quietly, and then when it was a featured story on a news program, it rose to the top of the collective consciousness. However, the news stories that followed were focused entirely on the physical vulnerabilities of the US power grids. Few, if any stories covered...

The EPA isn't mincing words when it comes to protecting public drinking water. Earlier this month they released a memorandum putting specifics into the general advice to maintain cybersecurity at public water systems (PWSs). Per the report, “[The] EPA clarifies with this memorandum that states must evaluate the cybersecurity of operational technology...

It was just a short time ago that Fortra came into being, as the new face of HelpSystems. Fortra is a company that combines a group of cybersecurity products and services into one portfolio. As with all acquisitions, many customers wondered what benefits this would bring to the Tripwire product line. We took the opportunity to speak with Fortra’s...

What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users and devices. Microsegmentation is often seen as a more...

The demand for cybersecurity in the energy sector is often understated. There is a misconception that very little IT is involved, and much of it does not impact operations. But 97% of surveyed ICS security professionals in the energy, oil, and gas sector believe cybersecurity is a growing concern. No industry has been untouched by digital...

Accountants are being warned to be on their guard from malicious hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. US Tax Day, which falls on Tuesday April 18 this year, is the day on which income tax returns for individuals are due to be submitted to the government. Inevitably it's a...

Each month, at the State of Security, we publish a range of content provided by VERT. Whether it’s a round-up of all the latest cybersecurity news, our Patch Priority Index that helps guide administrators on what they should be patching , a book review, general musings from the team, or most notability our Patch Tuesday round-up. VERT is helping...

Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a...

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious...

Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This vulnerability has...

As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart energy devices can be useful for consumers to have more control over...