Blog

Blog

Highlights From the Tripwire Energy & NERC Compliance Working Group

Recently, Tripwire held its Energy and NERC Compliance Working Group virtual event. Tripwire has customers spanning the entire energy industry, including small, medium, and large city municipals, cooperatives, and investor-owned utilities and energy companies. The information shared in these sessions offered valuable insights for both very mature...
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA,...
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA...
Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to...
Blog

Developing an Effective Change Management Program

Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of...
Blog

Getting started with Zero Trust: What you need to consider

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for...
Blog

VERT Threat Alert: August 2022 Patch Tuesday Analysis

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories. Windows 11 Smart App Control blocks files used to...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories. SonicWall fixed critical SQLi in Analytics and GMS...
Blog

VERT Threat Alert: July 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...
Blog

VERT Threat Alert: June 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th. In-The-Wild & Disclosed CVEs None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However,...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories. Another nation-state actor exploits Microsoft Follina to...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories. Vendor Refuses to Remove Backdoor Account That Can...