Blog

Blog

How Foundational Prevention Fills in the Gaps of Threat Detection

Digital threat detection isn't as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems. At the same time,...
Blog

Tripwire Patch Priority Index for February 2018

Tripwire's February 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe and Oracle. BULLETIN CVE Adobe Flash APSB18-03 CVE-2018-4878, CVE-2018-4877 Microsoft Browser CVE-2018-0763, CVE-2018-0839, CVE-2018-0771 Microsoft Scripting Engine CVE-2018-0840, CVE...
Blog

Data Integrity: The Next Big Challenge

Many of us in the cybersecurity world have followed this general mantra: protect the data, protect the data, protect the data. It’s a good mantra to follow, and ultimately that is what we are all trying to do. But there are different ways to protect data. The obvious method is to make sure it doesn’t get ripped off, but as we have noted in previous...
Blog

LA Times homicide website throttles cryptojacking attack

Whoever hacked the LA Times' interactive county murder map probably hoped to make a killing mining cryptocurrency - but swift action from a security researcher has put paid to their plans. Security researcher Troy Mursch, whose blog has focused on cryptomining threats in recent months, raised the alarm on Twitter, after discovering that an Amazon...
Blog

The Role of the CISO in Preventing Data Breaches

In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...
Blog

Tips for Staying Secure When Using Dating Apps

Mobile online dating apps are popular among adults looking to find their ideal partner. According to the Pew Research Center, 15 percent of U.S. adults said they had used matchmaking sites in 2015. Following Valentine’s Day, many dating sites may offer promotions, coupons, and discounts to encourage new users to enroll, meaning new users will be...
Blog

Cybersecurity in 2028: Looking a Decade Ahead

It's mid-February, which means IT security executives' and industry analysts' plans for 2018 are really starting to gather momentum. Every year, this personnel faces the difficult task of deciding what security investments they should make given current developments in the cyber threat landscape. Google Trends and other services can help...
Blog

Top 10 Mobile App Security Best Practices for Developers

App security isn’t a feature or a benefit – it is a bare necessity. One breach could cost your company not just millions of dollars but a lifetime of trust. That is why security should be a priority from the moment you start writing the first line of code. While you were busy developing the most intuitive, innovative and exciting apps, security...
Blog

6 Top Cloud Security Threats in 2018

2018 is set to be a very exciting year for cloud computing. In the fourth financial quarter of 2017, Amazon, SAP, Microsoft, IBM, Salesforce, Oracle, and Google combined had over $22 billion in their revenue from cloud services. Cloud services will only get bigger in 2018. It’s easy to understand why businesses love the cloud. It’s easier and more...
Blog

VERT Threat Alert: February 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-765 on Wednesday, February 14th. In-The-Wild & Disclosed CVEs CVE-2018-0771 This vulnerability describes a Same-Origin Policy (SOP) bypass in Microsoft Edge. The SOP is designed to...
Blog

Security at the Speed of DevOps

DevOps and traditional security seem to be at odds with one other. But it doesn’t have to be that way. You can make security a part of your DevOps process without sacrificing agility or security. First, let's define what DevOps is. Let's then look at how it combines with security to create DevSecOps.DevOps: A Working DefinitionSo, what do we mean by ...
Blog

Security Mindset: Balancing Firmness and Flexibility

Navigating the noise, complexity and uncertainties of the cybersecurity landscape demands clear thinking. But that’s no easy task. The security professional today has to be knowledgeable about the organization’s own environment, business needs and risks, compliance requirements, best practice frameworks, internal policies and procedures, and the...
Blog

Advanced Security in All Sorts of Places

There's a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors. There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a...
Blog

Tripwire Patch Priority Index for January 2018

BULLETINCVEBrowser - EdgeCVE-2018-0803,CVE-2018-0766Scripting EngineCVE-2018-0780,CVE-2018-0800,CVE-2018-0767,CVE-2018-0781,CVE-2018-0769,CVE-2018-0768,CVE-2018-0778,CVE-2018-0777,CVE-2018-0758,CVE-2018-0773,CVE-2018-0770,CVE-2018-0776,CVE-2018-0774,CVE-2018-0775,CVE-2018-0772,CVE-2018-0762Adobe FlashCVE-2018-4871Java cpujan2018CVE-2018-2599,CVE-2018...