Resources

Blog

VERT Threat Alert: June 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The...
Blog

Understanding Vulnerability Management and Patch Management

Vulnerability management and patch management are often confused. However, it's crucial to recognize that, while complementary, they are distinct processes. Understanding the differences between vulnerability management and patch management is essential for a solid security posture. Let's delve into the concepts to understand better what they are, how they differ, and how they work together. ...
Blog

EU Is Tightening Cybersecurity for Energy Providers

The energy sector is having a tumultuous decade. During the COVID pandemic, the price of oil plummeted. In 2021, a ransomware attack forced one of the US’s most significant oil pipelines to cease operations for five days, causing a state of emergency in seventeen states. Putin’s war in Ukraine has disrupted natural gas supplies across Europe. And now, it seems, it is the electricity providers’...
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker...
Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object...
Blog

Vulnerability Scanning vs. Penetration Testing

In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing takes a more targeted...
Blog

Tripwire Patch Priority Index for April 2024

Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities. Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves spoofing and remote...
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we...
Blog

AI/ML Digital Everest: Dodging System Failure Summit Fever

Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks...
Blog

Tripwire Patch Priority Index for March 2024

Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog....
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Blog

Critical insights into Australia’s supply chain risk landscape

Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data...
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While...
Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the...
Blog

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to...
Blog

#TripwireBookClub – Black Hat GraphQL

The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks. The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.” As someone who works primarily with REST APIs, I was...
Blog

Tripwire Patch Priority Index for February 2024

Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024...
Blog

Improving OT Security in Industrial Processes

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy,...
Blog

VERT Threat Alert: February 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses...
Blog

3 Tips for Enterprise Patch Management

With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components...