Blog
VERT Threat Alert: September 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 09/13/2022
Image
Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th.
In-The-Wild & Disclosed CVEs
CVE-2022-23960
The first disclosed vulnerability this month is Spectre-BHB that is discussed in great...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022
By Andrew Swoboda on Mon, 09/12/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories.
Critical RCE Vulnerability...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022
By Andrew Swoboda on Mon, 09/05/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories.
WordPress 6.0.2 Patches...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022
By Andrew Swoboda on Mon, 08/29/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine.
VMware fixed a privilege escalation issue in...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022
By Andrew Swoboda on Mon, 08/22/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories.
Newly Uncovered PyPI Package...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022
By Andrew Swoboda on Tue, 08/16/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories.
Slack leaked hashed passwords...
On-Demand Webinar
How to Balance NERC CIPv6 vs. CIPv5 Compliance (and Why it Matters)
Mon, 08/15/2022
The extension of the NERC CIPv5 deadline to July 2016 means that registered entities have gained a small window of time for their compliance projects, but they now face a combined compliance deadline for CIPv5 and CIPv6 in July.
Join Nick Santora, CEO of Curricula, and Tim Erlin, Director of IT Risk & Security Strategist at Tripwire, for a discussion on the potential impact of...
Guide
Why Integrity Should Be Your Organizing Cybersecurity Principle
While integrity has been a common word in the cybersecurity lexicon for years, its meaning and use have been relatively limited. It may be time to reconsider its central role in security. The reality of always-connected networks, fluid data transfers across cloud and hybrid environments, and broadly deployed endpoints presents an opportunity to take a fresh look at integrity as...
Guide
Threat Prevention is Foundational
How proper foundational controls help block today’s advanced threats
Guide
Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1
The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism.
...
Guide
5 File Integrity Monitoring (FIM) Myths and Misconceptions
File integrity monitoring (FIM) is the cybersecurity process that monitors and detects changes in your environment to alert you to threats and helps you remediate them. While monitoring environments for change sounds simple enough, there are plenty of misconceptions about how exactly FIM fits into a successful cybersecurity program. It’s essential to address those common myths...
Guide
File Integrity Monitoring (FIM) Software Buyer's Guide
There’s a lot more to file integrity monitoring than simply detecting change. Although FIM is a common policy requirement, there are many FIM capabilities and processes you can elect to implement or not. These can vary from a simple “checkbox” compliance tool to the option to build effective security and operational controls. These decisions directly affect the value your...
Guide
The Value of True File Integrity Monitoring
File Integrity Monitoring (FIM) is a technology that monitors for changes in files that may indicate a cyberattack. In many organizations, however, FIM mostly means noise: too many changes, no context around these changes, and little insight into whether a detected change actually poses a risk.
What does file integrity monitoring do? FIM, and often referred to as “change audit...
Guide
Integrity: The True Measure of Enterprise Security
Federal cybersecurity integrity is often defined as the incorruptibility of data (as part of the CIA triad), and file integrity monitoring (FIM), a control which has become a compliance requirement in standards such as FISMA and PCI DSS. Read the full white paper to learn more.
Guide
File integrity Monitoring (FIM) for Comprehensive Integrity Management
Shifting language can be difficult, but it’s more appropriate to talk about Integrity Management in regards to today’s technology landscape. Integrity Management provides an umbrella approach to managing risk in an environment. There are four basic steps to ensuring integrity:
Secure deployment
System baseline
Change monitoring
Change remediation
This white paper will...
Datasheet
The Tripwire NERC CIP Solution Suite
The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to...
Datasheet
Leveraging the Power of File Integrity Monitoring
With pressure on IT departments to remain lean and efficient, comply to policies and regulations, and also provide reliable 24/7 service, it is imperative that companies large and small adopt solutions and processes to ensure a known and trusted state at all times. With the reliance on technology to conduct business, interact with customers, and meet auditing requirements, ...