It seems like only yesterday that we were packing up the Tripwire stand after another fantastic year at Infosec and here I am (literally) counting down the days until the doors open for Infosecurity Europe 2019! The Tripwire team is always excited to get on the show floor and have great conversations with clients and partners, meet new people and of...

With data breaches regularly marking the headlines, it is no surprise that digital threats constitute an increasingly significant concern for the C-Suite and cyber security experts. What is surprising, however, is that these two groups don’t seem to share the same view of information security. They have different opinions when it comes to the digital...

Security researchers have released a tool that enables victims of GetCrypt ransomware to recover their affected files for free. On 23 May, web security and antivirus software provider Emsisoft announced the release of its GetCrypt decrypter. This utility asks victims of the ransomware to supply both an encrypted copy and the original version of a...

Last time, I spoke with technology marketing communicator Stacey Holleran. Our work is similar but different. Plus, she warned me about what I might expect from the tech industry in a few years when I turn 40! For my last interview until fall/autumn, I had the pleasure of speaking with Yaz. She went from the military to a civilian career as a...

As recently as 2017, security and compliance professionals at many of Tripwire’s large enterprise and government customers were talking about migration to the cloud as a possibility to be considered and cautiously explored in the coming years. Within a year, the tone had changed. What used to be “we’re thinking about it” became “the CIO wants to see...

Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th. In-The-Wild & Disclosed CVEs CVE-2019-0863 Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code...

By now, many organizations have turned to DevOps as part of their ongoing digital transformations. This process has not been the same for any two companies. Indeed, organizations have embraced DevOps at their own place, and they’ve invested varying levels of time and budget into their nascent deployments. Such variety has helped shape organizations’...

Few would dispute the idea that an effective cybersecurity profile requires candid assessments of potential vulnerabilities. Here’s a closer look at the challenges facing the federal cybersecurity mission and the efforts of state-level agencies. Federal Though the federal government demonstrates an ongoing commitment to ramping up its...

Tripwire's April 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft's Browser and Scripting Engine. These patches resolve 13 vulnerabilities, including fixes for Memory Corruption, Browser Tampering, and Information...

The current security state of industrial control systems (ICS) is a perplexing one. On the one hand, Kaspersky Lab found in a recent report that a majority of organizations (75 percent) regard ICS security as a major priority. On the other hand, organizations aren’t implementing the proper safeguards to secure their industrial control systems. The...

Last month the world was reminded once again of the danger of supply chain attacks, as it was revealed that hackers had compromised the network of Taiwanese technology giant ASUS to push out a malicious software update to as many as one million laptops. The attack, dubbed "Operation ShadowHammer" by security researchers, saw hackers successfully...

On the aftermath of the Mati wildfires in Greece that killed 100 people, the Greek Fire Department spokesperson made an announcement on June 2018, stating "Any manned and unmanned aircraft systems flights in an area of operations is a serious infringement and creates safety risks for flights. Any breach entails criminal and administrative liability....

The importance of a mature vulnerability management program can’t be overstated. File integrity monitoring (FIM) and security configuration management (SCM) might be the bedrock of a strong cybersecurity program, but they can only go so far. Scanning for vulnerabilities needs to be a foundational part of your program, too. The Center for Internet...

Large organizations have always focused on managing risk, but the technological breakthroughs that have enhanced our world in countless ways have also transformed how leading executives engage in enterprise risk management (ERM). The pervasive and ever-expanding threat of cyber crime means that comprehensive strategies for cyber security are now...

The annual Scalar Security Study, published in February 2019 and conducted by IDC Canada, identified a new normal across the threat landscape: cybersecurity incidents, be it exfiltration, infiltration or denial of service, occur on a regular basis. Focused on small, midsize and large organizations in Canada, the study confirms that intrusions are...

As technology advances and the costs of connecting electronic components to the internet decreases, the lower the cost of having an internet connected smart home is. Sensors placed throughout a house and integrated into home appliances can provide homeowners the advantages of monitoring and managing functions of the home remotely. According to...

Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th. In-The-Wild & Disclosed CVEs CVE-2019-0803 This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in...

Thanks for playing along! By now, you’ve probably seen that the winner of our tournament is Shellshock. I long felt that this was the expected winner of Patch Insanity given the competition and I wasn’t expecting any major upsets, but there were definitely one or two. The big one that came to mind for some of us was GHOST defeating EternalBlue....

Last time, I spoke with Ashanti, a Rust developer who’s always mindful of security. She explained how Rust is a more secure language, and she explained holochain to me. This time, I spoke to Nicola Whiting. As the Chief Strategy Officer of Titania, she works on how AI can be implemented to prevent cyber threats caused by poor cyber hygiene. Kim...