-
Tyler Reguly
Blog
HITRUST: the Path to Cyber Resilience
By John Salmi on Wed, 05/22/2024
Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be...
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity...
Guide
Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives
Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive.
Despite being best...
Blog
VERT Threat Alert: May 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/14/2024
Image
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we...
-
Steven Sletten
Blog
ANSI and the International Society of Automation Explained
By Steven Sletten on Wed, 05/08/2024
Image
As technologies advance and the world grows more complicated, collaboration and coordination have become increasingly important. Setting standards, sharing information, and bringing experts together are essential to safely developing technologies for national and global priorities, and the world needs organizations to fulfill...
Blog
The Impact of NIST SP 800-171 on SMBs
By Josh Breaker-Rolfe on Mon, 05/06/2024
Image
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated....
Blog
Vulnerability Scanning vs. Penetration Testing
By Babar Mahmood on Fri, 05/03/2024
Image
In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing...
Blog
Tripwire Patch Priority Index for April 2024
By Lane Thames on Thu, 05/02/2024
Image
Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities.
Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves...
Blog
"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses
By Anastasios Arampatzis on Wed, 04/24/2024
Image
Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act. This new legislation recognizes that...
On-Demand Webinar
Breaking Compliance Into Bite-Sized Portions
Tue, 04/23/2024
Which standards and regulations do you need to comply with? Most organizations have to prove compliance with multiple standards simultaneously to keep their systems secure and avoid audit fines. But it can be difficult to keep up with changing regulations, achieve continuous compliance, or even know where to start.
This on-demand webinar presented by Fortra's Tripwire is...
Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Image
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s...
Blog
AI/ML Digital Everest: Dodging System Failure Summit Fever
By Sandy Dunn on Mon, 04/08/2024
Image
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors.
Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI...
Blog
Security vs. Compliance: What's the Difference?
By Anthony Israel-Davis on Thu, 04/04/2024
Image
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together.
As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis...
Blog
Tripwire Patch Priority Index for March 2024
By Lane Thames on Wed, 04/03/2024
Image
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.
First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited...
Datasheet
What Makes Fortra’s Tripwire Different
Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a...
Blog
Critical insights into Australia’s supply chain risk landscape
By Anirudh Chand on Tue, 03/19/2024
Image
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies.
From July to...
Blog
VERT Threat Alert: March 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 03/12/2024
Image
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE...
Blog
So You Want to Achieve NERC CIP-013-1 Compliance...
By Anastasios Arampatzis on Wed, 03/06/2024
Image
Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the...