Blog

Blog

What Is ISO/IEC 27017?

More than a third of organizations suffered a serious cloud security incident in 2021. According to a survey of 300 cloud professionals covered by BetaNews, 36% of those respondents said that their organizations had suffered a severe cloud security data leak or breach in the past 12 months. Looking forward, eight in 10 survey participants said they...
Blog

Bridging the IT/OT gap with Tripwire’s Industrial Solutions

Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...
Blog

NERC CIP Audits: Top 8 Dos and Don'ts

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, I was advising entities across North America on different tactics, techniques, and insight from best practices I have seen. I wanted to share a...
Blog

Apple protected App Store users from $1.5 billion fraud last year

Apple says that it protected many millions of users from being defrauded to the tune of nearly $1.5 billion dollars in the last year, by policing its official App Store. According to a newly published report by Apple, over 1.6 million risky and untrustworthy apps and app updates were stopped in their tracks due to the company's fraud prevention...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories. Vendor Refuses to Remove Backdoor Account That Can...
Blog

High Seas and High Stakes Communications: Securing the Maritime Industry

Recall the last time that you stood on the shore, enjoying the briny breeze that gently caressed your skin, and the sounds and smells of the sea. You may have noticed in the distance a large sailing vessel. Have you ever considered all the moving parts that contribute to these “floating cities”? Beyond the logistics of setting out to sea, a ship...
Blog

Top CVE Trends — And What You Can Do About Them

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs. What Is a CVE? The acronym “CVE” stands for Common Vulnerabilities and...
Blog

How to Apply the Risk Management Framework (RMF)

The Risk Management Framework (RMF) is most commonly associated with the NIST SP 800-37 guide for "Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach," which has been available for FISMA compliance since 2004. It was updated in December 2018 to revision 2. This was the result of a Joint Task Force...
Blog

Building a More Secure Cloud: 5 Strategies for 2022

Cloud adoption continues to soar. More than two-thirds of small to mid-sized businesses intend to increase their use of cloud technologies over the next few years. While the cloud comes with many security benefits, it also carries unique concerns. As the cloud becomes increasingly central to business operations, cloud security should be a priority....
Blog

ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety

The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system. Health professionals should not take this issue lightly, as...
Blog

Protecting Against Bad Chemistry (with Cybersecurity)

Do you recall one of the first really fun chemistry experiment you performed as a child? If your school followed the usual curriculum, then you probably made a model volcano and then added some baking soda to the opening, followed by the addition of vinegar. A variation of this experiment was to add the ingredients to a plastic bottle, then...
Blog

Tripwire Patch Priority Index for May 2022

Tripwire's May 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are 2 remote code execution vulnerabilities for Excel and a security feature bypass vulnerability for Office. Up next are patches that affect components of the Windows operating systems. These patches...
Blog

Ransomware demands acts of kindness to get your files back

The great thing about working in the world of cybersecurity is that there's always something new. You may think you've seen it all, and then something comes along that completely surprises you. And that's certainly true of the GoodWill ransomware, which security firm CloudSEK described this week. In fact, the GoodWill ransomware stands out so much...
Blog

A Problem Like API Security: How Attackers Hack Authentication

There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist...
Blog

How Can OEMs Reduce Their Risk of Cyberattacks?

Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities. While much of the focus has remained on manufacturers and how they can bolster their...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories. Watch Out! Hackers Begin Exploiting Recent Zyxel...
Blog

Regulatory Compliance in the Cloud: What you Need to Know 

Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services. For hosted infrastructure, “catching up” presents an interesting set of challenges since cloud managed...
Blog

#TripwireBookClub – Go H*ck Yourself

After a busy start to the year, we were finally able to settle down and take a look at a new book. This time around, we’re looking at Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense by Bryson Payne. The No Starch Press page describes the book as “an eye-opening, hands-on introduction to the world of hacking, from an award...
Blog

Phishing gang that stole over 400,000 Euros busted in Spain

Spanish police say that they have dismantled a phishing gang operating across the country, following the arrest of 13 people and the announcement that they are investigating a further seven suspects. According to police, the phishing ring defrauded some 146 victims, stealing at least 443,600 Euros from online bank accounts. Victims were tricked...