Resources

Common Phishing Attacks and How to Protect Against Them
Blog

Common Phishing Attacks and How to Protect Against Them

By Kirsten Doyle on Wed, 09/11/2024
Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can take many forms and has evolved to become more sophisticated, making it imperative for individuals and...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Tripwire VERT Security Update
Blog

VERT Threat Alert: September 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/10/2024
Today’s VERT Alert addresses Microsoft’s September 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1123 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-38217Windows uses the Mark of the Web (MoTW) to identify files downloaded from the Internet. This is done by setting the NTFS Zone.Identifier alternate Data...
Vulnerability & Risk Management
VERT Research
Navigating Change: Three Levels to Filter Out the Noise in Tech Environments
Blog

Navigating Change: Three Levels to Filter Out the Noise in Tech Environments

By Kirsten Doyle on Tue, 09/03/2024
Change is relentless. Technology evolves at breakneck speed, and security practitioners face a constant barrage of updates, system tweaks, and new tools. This relentless stream of modifications can create a clutter of information, making it challenging to pinpoint what is truly important.Effectively filtering through this noise through effective change management is critical for maintaining...
Cybersecurity
File Integrity & Change Monitoring
tripwire_vert_patch_priority_index
Blog

Tripwire Patch Priority Index for August 2024

By Lane Thames on Mon, 09/02/2024
Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project,...
Vulnerability & Risk Management
Cybersecurity
Guardians of the Files: Tracing the Evolution of File Integrity Monitoring
Blog

Guardians of the Files: Tracing the Evolution of File Integrity Monitoring

By Kelsey Arhart on Mon, 09/02/2024
File Integrity Monitoring (FIM) is a cybersecurity process that involves continuously monitoring files and systems to identify any unauthorized changes. FIM solutions maintain file integrity by comparing a file or system's current state to a known, trusted baseline and flagging any discrepancies. It is key for identifying security breaches, preventing data tampering, and maintaining compliance...
Cybersecurity
File Integrity & Change Monitoring
Global Cyber Insurance Premiums Decline Despite Ransomware Surge
Blog

Global Cyber Insurance Premiums Decline Despite Ransomware Surge

By Josh Breaker-Rolfe on Mon, 08/26/2024
Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is remarkably unpredictable compared to long-established insurance policies such as those for housing or health.Typically, when cybercrime – or, more...
Vulnerability & Risk Management
Cybersecurity
Tripwire VERT Security Update
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/13/2024
Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Vulnerability & Risk Management
VERT Research
Fortra Datasheet
Datasheet

Tripwire Enterprise and IBM i

Many of the world's largest companies rely on IBM i operating on IBM Power Servers as their strategic platform for business-critical activities such as retail, distribution, logistics, banking, manufacturing planning, healthcare, insurance, hospitality management, government administration, and legal case management. Given the widespread use of the IBM i operating system, advanced cybersecurity...
File Integrity & Change Monitoring
Security Configuration Management
tripwire_vert_patch_priority_index
Blog

Tripwire Patch Priority Index for July 2024

By Lane Thames on Tue, 08/06/2024
Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...
Vulnerability & Risk Management
Cybersecurity
Fortra Webinar
On-Demand Webinar

FIM Isn’t Just for Files Anymore

Mon, 08/05/2024
File integrity monitoring was invented by Tripwire’s founder over 25 years ago and has evolved over time to become one of the most important security controls — so critical, in fact, that it’s required by major compliance standards like the Payment Card Industry Data Security Standard (PCI DSS). But what a lot of cybersecurity professionals aren’t familiar with is how FIM has expanded to include a...
File Integrity & Change Monitoring
Re-Extortion: How Ransomware Gangs Re-Victimize Victims
Blog

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

By Kirsten Doyle on Tue, 07/30/2024
Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...
Vulnerability & Risk Management
Cybersecurity
MitM Attacks: Understanding the Risks and Prevention Strategies
Blog

MitM Attacks: Understanding the Risks and Prevention Strategies

By Tripwire Guest Authors on Mon, 07/22/2024
As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use to take over our online communications.The best way to stay safe online is with a better understanding of the problems caused by these digital attacks and...
Vulnerability & Risk Management
Cybersecurity
5 Phased Approach to Vulnerability Management: Best Practices
Blog

5 Stages of Vulnerability Management Program Best Practices

By Matthew Jerzewski on Mon, 07/22/2024
Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology (NIST) defines a vulnerability as, “Weakness in an information system, system security procedures, internal controls, or implementation that...
Vulnerability & Risk Management
Tripwire VERT Security Update
Blog

VERT Threat Alert: July 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/09/2024
Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-38112A vulnerability in the Windows MSHTML Platform could allow spoofing to occur. Successful exploitation of this vulnerability requires that the attacker convince...
Vulnerability & Risk Management
VERT Research
Patch Priority Index
Blog

Tripwire Patch Priority Index for June 2024

By Lane Thames on Tue, 07/02/2024
Tripwire's June 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap buffer overflow, and out of bounds write vulnerabilitiesNext on the patch priority list this month are patches for Microsoft Office and Outlook that resolve 4 remote code execution...
Vulnerability & Risk Management
Superior Integrity Monitoring: Getting Beyond Checkbox FIM
Blog

Superior Integrity Monitoring: Getting Beyond Checkbox FIM

By Fortra Staff on Tue, 07/02/2024
Contrary to what one might expect, creating a File Integrity Monitoring (FIM) system is pretty easy. Practically anyone with a modicum of Python, Perl, or development skills can write an app or script to gather a file's checksum, compare it to a list or baseline, and tell you whether or not said file has changed.But creating a good FIM solution is hard. Many inadequate checkbox File Integrity...
Cybersecurity
File Integrity & Change Monitoring
Tripwire VERT Patch Priority Index
Blog

Tripwire Patch Priority Index for May 2024

By Lane Thames on Wed, 06/19/2024
Tripwire's May 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list this month is a patch for Microsoft Windows Error Reporting (CVE-2024-26169). This CVE is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.Next on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve use after free, heap...
Vulnerability & Risk Management
Cybersecurity
integrity
Blog

Integrity and FIM: It’s More than Just Data Security

By Jeff Moline on Tue, 06/18/2024
Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program. ...
Cybersecurity
File Integrity & Change Monitoring
Good-Vulnerability-Management-Policy
Blog

4 Things a Good Vulnerability Management Policy Should Include

By Matthew Jerzewski on Wed, 06/12/2024
The Verizon 2024 Data Breach Investigations Report noted a 180% increase in exploited vulnerabilities over the previous year’s figures. The importance of keeping an up-to-date vulnerability management policy for remediating and controlling security vulnerabilities cannot be understated. 1. Overview: Summary of Vulnerability Management Policy Taking the time to give a short summary of the policy...
Vulnerability & Risk Management