Blog

Blog

Google Releases Security Update for Chrome 49

Google has patched three security issues in Chrome 49, the most recent version of its popular web browser. On Tuesday, the United States Computer Emergency Readiness Team (US-CERT) released a bulletin announcing the tech giant's latest round of patches."Google has released Chrome version 49.0.2623.87 to address multiple vulnerabilities for Windows,...
Blog

VERT Threat Alert: March 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-660 on Wednesday, March 9th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy ...
Blog

Fully Patched, But Still Vulnerable

Tripwire isn't a patch management company, so why we conducted an extensive survey on patch fatigue is a worthwhile question to ask. The fact is, we spend a lot of time talking about and working with patches, even though we never actually deploy one for a customer. We spend so much time on patching because we're a vulnerability management vendor....
Blog

U.S. DoD Announces ‘Hack the Pentagon’ Bug Bounty Program

The US Department of Defense (DoD) announced last week the first ever cyber bug bounty program in the history of the federal government, inviting vetted hackers to test the security of the department’s network, website and applications. Dubbed “Hack the Pentagon,” the agency said its pilot bug bounty program is modeled after similar competitions...
Blog

5 Innocent Mistakes That Cause an IT Security Breach

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical. Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses...
Blog

5 Tips to Improve Your Defenses Against Social Engineering

Social engineering is perhaps the most dangerous vector of attack available to hackers. Social engineering could be a phone call made by an attacker to extract data; an email phishing attack that is composed to look like a legitimate request to gain sensitive information; or a physical intrusion into the building by someone claiming false credentials....
Blog

Is Relying on Anti-virus Making You Insecure?

The world of technology is never in stasis, but as frantic as the field is, information security moves even faster. Those of us who work to stay aware of the latest trends in cyber security sometimes lose sight of the sobering reality that most people don't have the time or drive to do this--especially if it's not paying the bills. The combination...
Blog

The Hot Topic of Cyber Security & Healthcare

This week, I am torn between attending RSA 2016 in San Francisco or HIMSS (Healthcare Information Management Systems Society), a very large healthcare conference in Las Vegas that annually attracts over 44,000 healthcare & IT professionals. Well, there's good news. I am going to both. Why? Cyber security is a major focus at HIMSS. In fact, there is...
Blog

Delaying PCI 3.1: Time to Dance the Compliance and Security Waltz

The recent announcement from the Payment Card Industry Security Standards Council (PCI SSC) that it will be moving the PCI 3.1 deadline to June 2018 – giving an extra 24 months – caught my attention and reminded me of the ongoing dance between compliance and security. From a compliance and operational standpoint, the new deadline gives organizations...
Blog

UX in the Security World

The cyber security industry is growing faster than ever as companies increase their level of monitoring and analysis to protect themselves from breaches and data loss. The imperative for security professionals to be fast and accurate in recognizing and remediating security threats makes the user experience in security products absolutely critical. ...
Blog

BSidesSF 2016 Preview: Sweet Security

Securing the Internet of Things (IoT) has become increasingly difficult. Devices are often shipped with out-of-date operating systems and unmaintained code, which is littered with vulnerabilities. To add to the frustration, traditional security tools cannot be installed on many of these devices. For many users, especially home and SMBs, there are...
Blog

Tripwire at RSA Conference 2016: Cyberwar @ the Endpoint

Celebrating its 25th anniversary this year, the RSA Conference creates invaluable opportunities for attendees to connect with top security leaders, discover innovative technologies and deliberate the industry’s most pressing issues. With over 30,000 attendees, this annual event continues to help drive the information security agenda worldwide, and...
Blog

Contra-Cracking: How to Steer Kids Away from Malicious Hacking

In today's interconnected world, computer crime knows no age requirements. People of all ages are capable of committing malicious acts online. That includes teenagers. For example, in October 2015, a teenager allegedly breached the email account of CIA Director John Brennan. UK authorities now believe that they have arrested that same individual,...
Blog

VERT Threat Alert: February 2016 Patch Tuesday Analysis

Today’s VERT Alert addresses 13 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-656 on Wednesday, February 10th. Ease of Use (published exploits) to Risk Table Automated Exploit ...
Blog

EMET 5.5 - Update Released for Microsoft's Best Kept Secret

It's one of Microsoft's best kept secrets. First released in 2009, the Enhanced Mitigation Experience Toolkit from Microsoft (EMET for short) has been helping companies reduce the risk of being exploited via unknown vulnerabilities in Windows and Windows applications. By detecting and preventing the buffer overflows and memory corruption...
Blog

4 Factors Behind the Rise of Exploit Kits as a Service

It has been a busy couple of months for the web's most notorious exploit kits (EKs). Back in September, researchers detected a ransomware attack that leveraged outdated content management systems (CMS) in order to redirect user traffic to malicious domains infected with the Neutrino exploit kit and Teslacrypt ransomware. Another ransomware attack...
Blog

Vulnerability Management Program Best Practices – Part 3

This is the conclusion to a three-part series of building a successful vulnerability management program. The first installment focused on Stage One, the vulnerability scanning progress. Without a foundation of people and process, the remaining stages are prone to failure. The second installment focused on Stage Two and Three, using a vulnerability...
Blog

Ukrainian Attack: Another Wake Up Call?

Critical infrastructure is under attack with disastrous implications that could alter our environment, such as disrupting service or even threatening public safety. The Ukraine attack resulting in six hours of loss of power for more than 80,000 customers is a recent reminder. According to an October 2015 report in CyberWarNews, “every bit of U.S....