Human nature has shown that people re-use passwords, at least for non-work accounts that aren’t requiring quarterly changes. How can it affect your current security that you've reused an old password or passphrase from 2012? Surprisingly, quite a lot. Hashed passwords and the plain text equivalent from a breached site can be paired with your then...

It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives requires time-consuming, diligent and often a multi-team effort. Now imagine amplifying that...

It was 1977, and soon-to-be-fans were greeted with a masterful score and scrolling text. Darth Vader and Princess Leia share the screen in those opening moments, and the Star Wars universe was created. Nearly 30 years later, a new film would introduce us to the events immediately preceding the “scene that launched a franchise,” but how did things...

The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks. A Step Up for Federal Procurement According to NPR, the executive order that’s being drafted will include several initiatives designed to strengthen the security of the United States’...

Most large-scale entities need to prove compliance with multiple regulatory standards. In their efforts to meet their compliance mandates, organizations could suffer a major drain on their time and resources. This possibility holds true regardless of whether they’re finance companies, retailers, manufacturers or hospitality firms. Organizations...

Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data. Most companies already have a basic data privacy policy they constructed alongside lawyers and tech experts to avoid facing serious fines and penalties....

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process. You didn’t know about that last one? Wait, are you telling me you don’t know about the...

Now that the ongoing worldwide trend toward “going digital” has been accelerated by COVID-19, taking extra precautions to protect your organization’s data, communications and information assets is more important than ever. Of course, there are many traditional and emerging ways to protect and secure your business: Employing cybersecurity...

Getting teams to improve security can be hard work, but it’s an important job that organisations must take seriously to protect an increasingly risky world. For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic. Define it The...

Lane Thames, PhD and principal security researcher at Tripwire explains the challenges you might not have considered in IT/OT convergence. https://open.spotify.com/episode/2w3lsuN3V1ZOiLVGqxw58v?si=5lVBp46tTiK7tfzmCnpeuA Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher: https://www.stitcher.com/podcast/the-tripwire...

In December 2020, the world discovered that the SolarWinds' Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize...

What is REvil? REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab. The REvil group is also known sometimes by other names such as Sodin and Sodinokibi. There’s been plenty of ransomware before. What makes REvil so special? ...

The last time you were in a library, or a bookstore, you probably noticed how quiet it was. This doesn’t mean that people weren’t excited, or downright celebrating, they were engaged in a different method of celebration; the kind that takes place between the covers of a good book. April 23rd marks the celebration of World Book and Copyright Day....

Imagine an arc. Not just any arc. A rainbow. When we think of a rainbow, it conjures impressions of color, inspiration and even supernatural characteristics. Does your cybersecurity program long for a magical pot of gold at the end of a rainbow? With all the moving parts of cybersecurity, sometimes it seems like we are merely chasing rainbows. ...

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message effectively. Additionally, it enables me to find positions that I...

Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to...

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed...

As we know, Tripwire Enterprise (TE) is the de-facto go-to solution for File Integrity Monitoring (FIM). In normal operations, we deploy a TE agent to a system we want to monitor. TE then uses that agent to baseline the system against the appropriate rules, creating a known good state for that system. Moving forward, that system is monitored for...

Tripwire recently hired Naoufal Mzali as its first local regional sales manager specifically for the Africa and Levant region. I therefore decided to sit down with Naoufal and have a chat about cybersecurity and Tripwire’s mission for the region. Here’s what he had to say. Joe Pettit: Is the Levant and Africa a new territory for Tripwire? Or do you...

As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone....