Blog

Blog

The Intersection of Artificial Intelligence and Environmental, Social, and Governance Concerns

The release of ChatGPT last November transformed public awareness, perception, and discourse about Artificial Intelligence (AI). Prior to the release, AI has long existed in now familiar technologies, devices, and processes. Perhaps one of the most common uses of AI is the Google search engine. Search engines rely on AI to scan the internet to...
Blog

5 Long-term Benefits of Adopting Zero Trust Architecture

For the past several years we’ve all been sold the benefits of moving to Zero Trust, and it’s worked. We’re sold. But what now?At this point, companies have decided to embark on a long and committed journey – Zero Trust (ZT) isn’t built in a day. Keeping a clear eye on the finish line is necessary to maintain enthusiasm and buy-in as ZT architecture...
Blog

Job scams: How they persuade and how to protect yourself

With so many companies currently reducing their workforce, job scams have become a serious and widespread problem for those who are looking for work. Stories from people who came across these scams on LinkedIn talk about scammers asking for their IDs, possibly to commit identity fraud or theft. Although most of these scams come with glaring warning...
Blog

VERT Reads All About It - Cybersecurity News January 23 2023

The Tripwire Vulnerability Exposure and Research Team (VERT) are constantly looking out for exciting stories and developments in the cybersecurity world. Here’s what news stood out to us, including some comments on these stories. Vulnerabilities discovered in Netcomm and TP-Link Routers Netcomm routers are subject to an authentication bypass and a...
Blog

API Security Fundamentals: Everything You Need To Know

In the world of cybersecurity, the spotlight often shines on protecting applications, networks, and individual accounts. Application programming interfaces (APIs), on the other hand, present their own set of challenges to secure. APIs account for a significant portion of internet traffic and handle massive amounts of information from a wide variety...
Blog

LockBit ransomware - what you need to know

I keep hearing about LockBit ransomware attacks. What's going on? It's no surprise if you have heard about LockBit. It is the world's most active ransomware group - responsible for an estimated 40% of all ransomware infections worldwide. I guess LockBit does the usual bad stuff - encrypt your data, steal your files, dump a ransom note on your PC.....
Blog

5 Reasons Why Your Business Needs Penetration Testing

Penetration testing is a vital part of cybersecurity strategy development, evaluating the strength of an organization’s infrastructure. To prevent attackers from exploiting security flaws in your software or networks, you want to discover them as soon as possible. Penetration testing is becoming increasingly common because it anticipates attacks...
Blog

Data Classification: Your 5 Minute Guide

It’s old news, but data is – and will remain for the foreseeable future – king. It has to be dealt with and handled responsibly, assigned to the right boxes, and stored properly. Why? Because everyone wants it, and there are increased efforts to obtain it by ever-more sophisticated and subtle bad actors. You wouldn’t put a piece of junk mail in a...
Blog

Cybersecurity Crisis Management and Business Continuity

The massive increase in cyberattacks and the rapid evolution of advanced criminal techniques requires every single business in any sector to take protective measures to strengthen its cyber perimeter and minimize risk. To deal with this peril, businesses must incorporate security measures and comply with security standards and regulations to improve...
Blog

The prevalence of RCE exploits and what you should know about RCEs

Recent headlines have indicated that some major companies were affected by Remote Code Execution (RCE) vulnerabilities, just in the month of October. RCE flaws are largely exploited in the wild, and organizations are continually releasing patches to mitigate the problem. RCE is a type of an Arbitrary Code Execution (ACE) attack where the threat...
Blog

3 Learnings from the DoDIIS Conference

The annual Department of Defense Intelligence Information System (DoDIIS) Worldwide Conference took place on December 12 – 15 in San Antonio, Texas. If you are unfamiliar with the DoDIIS, it is presented by the Defense Intelligence Agency (DIA), and it brings together experts from multiple governmental, academic, and industry organizations to...
Blog

Teaching an Old State Analyzer Some New Tricks

Tripwire’s Energy and NERC Compliance Working Group virtual event offered some enlightening information, not only from industry experts but also some candid thoughts from current Tripwire customers. Even the most cogent summary of the keynote, as well as two of the sessions, simply cannot do proper justice to the knowledge that was shared during the...
Blog

AI-generated phishing attacks are becoming more convincing

It's time for you and your colleagues to become more skeptical about what you read. That's a takeaway from a series of experiments undertaken using GPT-3 AI text-generating interfaces to create malicious messages designed to spear-phish, scam, harrass, and spread fake news. Experts at WithSecure have described their investigations into just how...
Blog

The Heightened Importance of Cybersecurity in Mobile App Development

Mobile device use is pervasive, and has eclipsed traditional computing. We often hear how various malicious mobile apps are released into circulation. For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that...
Blog

C-Suite Security: How IT Teams Improve Security Culture

Every person in an organisation has the potential to enhance security. Physical office barriers were removed during the pandemic, exposing companies to countless vulnerabilities as attack avenues have multiplied. However, this does not mean that all was lost. What it signals is the importance of promoting a culture of security across the entire...
Blog

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are...
Blog

VERT Threat Alert: January 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th. In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir...
Blog

Is a Shift Left Approach Hurting Software and Supply Chain Security?

As the cyber threat evolves, adversaries are increasingly targeting non-publicly disclosed vulnerabilities in the software supply chain. Attackers are able to stealthily travel between networks because to a vulnerability in the supply chain. To combat this risk, the cybersecurity community must center its efforts on protecting the software...
Blog

#TripwireBookClub – Hacking APIs

Have you ever picked up a book, thinking that you’ll put everything else aside and dive in, but a month later, the book is still sitting unread on your shelf? That’s what happened to me this year. Back in June, our research team started reading Hacking APIs: Breaking Web Application Programing Interfaces by Corey Ball together and it turns out the...
Blog

Why You Need an Offensive Security Solution

Cybersecurity professionals are always looking to keep up with new and changing threats, as well as developing new tactics and technologies to guard against cyberattacks. Traditional approaches to security are focused on defensive or reactive measures, generally blocking attacks from coming in, or responding to attacks once they happen....