-
Tyler Reguly
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity...
Blog
VERT Threat Alert: May 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/14/2024
Image
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we...
Blog
Vulnerability Scanning vs. Penetration Testing
By Babar Mahmood on Fri, 05/03/2024
Image
In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing...
Blog
Tripwire Patch Priority Index for April 2024
By Lane Thames on Thu, 05/02/2024
Image
Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities.
Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves...
Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Image
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s...
Blog
AI/ML Digital Everest: Dodging System Failure Summit Fever
By Sandy Dunn on Mon, 04/08/2024
Image
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors.
Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI...
Blog
Tripwire Patch Priority Index for March 2024
By Lane Thames on Wed, 04/03/2024
Image
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.
First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited...
Datasheet
What Makes Fortra’s Tripwire Different
Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a...
Blog
Critical insights into Australia’s supply chain risk landscape
By Anirudh Chand on Tue, 03/19/2024
Image
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies.
From July to...
Blog
VERT Threat Alert: March 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 03/12/2024
Image
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE...
Blog
#TripwireBookClub – Black Hat GraphQL
By Tyler Reguly on Mon, 03/04/2024
Image
The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks. The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.”
As someone who works primarily...
Blog
Tripwire Patch Priority Index for February 2024
By Lane Thames on Mon, 03/04/2024
Image
Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google.
First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE...
Blog
VERT Threat Alert: February 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 02/13/2024
Image
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-21351
This CVE describes a bypass in the Windows SmartScreen Security Feature. At this...
Blog
3 Tips for Enterprise Patch Management
By Lane Thames on Tue, 02/13/2024
Image
With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day...
Blog
Tripwire Patch Priority Index for January 2024
By Lane Thames on Mon, 02/05/2024
Image
Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian.
First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited...
Blog
Resolving Top Security Misconfigurations: What you need to know
By Jeff Moline on Mon, 01/22/2024
Image
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into...
Blog
Critical flaw found in WordPress plugin used on over 300,000 websites
By Graham Cluley on Mon, 01/15/2024
Image
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control.
Security researchers Ulyses Saicha and Sean Murphy found two critical flaws in the POST SMTP Mailer plugin.
The first flaw made it possible for attackers to reset the plugin's authentication API...
Blog
VERT Threat Alert: January 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 01/09/2024
Image
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE...
Blog
Tripwire Patch Priority Index for December 2023
By Lane Thames on Tue, 01/09/2024
Image
Tripwire's December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.
First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please...