Resources

Guide

File Integrity Monitoring (FIM) Toolkit

File integrity monitoring (FIM) is used to detect and correct unauthorized system changes that may be indicators of compromise. As the inventors of FIM, Fortra’s Tripwire has a multi-decade track record of helping organizations that want to reduce cyber risk and achieve system integrity to avoid security breaches and audit fines. This toolkit is a collection of helpful resources such as articles,...

Guide

PCI DSS Resource Toolkit

PCI DSS Resources for Seamless Compliance The Payment Card Industry Data Security Standard (PCI DSS) is one of the most widely applied regulatory compliance standards, meaning thousands of organizations can benefit from streamlining their compliance programs to avoid audit fines and protect cardholder data. Fortra’s Tripwire is an authority on how to achieve continuous, automated compliance and...

Blog

How Large is Your Target? Advice for the Smallest Businesses

By Bob Covello on Tue, 05/30/2023

Most cybersecurity professionals will often try to cybersplain the importance of protection to their friends. In most social circles, many of the businesses that people work in are small businesses. Perhaps you are the owner of a small delicatessen, a dry cleaner, or you run a yoga studio, or some similar individually owned operation. Many of these...

Blog

PCI DSS 4.0: How to Delight the Auditors

By Katrina Thompson on Tue, 05/30/2023

While we all know the actual point of PCI is vastly more far-reaching, we can’t deny that the juggernaut of PCI DSS 4.0 compliance is getting past the auditors. However, there is a right way to do it that doesn’t just check the box – it creates the underlying business operations that enable you to pass an audit any day, at any time, with just the...

Blog

A Brief Introduction to the World of IP Addresses

By Tripwire Guest Authors on Mon, 05/29/2023

How many internet-connected devices do you own? If you took a quick inventory around your house, you may be surprised at exactly how many there are. Have you ever wondered how they all communicate, not only with each other, but with the internet as well? This is, in part the result of technology known as IP addressing. What is an IP address? An IP ...

Blog

The Royal & BlackCat Ransomware: What you Need to Know

By Tripwire Guest Authors on Mon, 05/29/2023

The US healthcare sector continues to be aggressively targeted by ransomware operators. Royal and BlackCat are two of the more recent – and highly sophisticated – ransomware threats. These two new flavors of ransomware pose serious potential impacts on the healthcare sector, but there are appropriate mitigation and defense strategies that organizations...

Blog

Rogue IT security worker failed to cover his tracks

By Graham Cluley on Fri, 05/26/2023

Bad enough for your company to be held to ransom after a cyber attack. Worse still to then have one of your own employees exploit the attack in an attempt to steal the ransom for themselves. That's the situation gene and cell therapy firm Oxford BioMedica found itself in. On 27 February 2018, the Oxford-based firm discovered that it had suffered a...

Blog

Cybersecurity Asset Inventory in Your Home

By Bob Covello on Thu, 05/25/2023

Back in 2015, we published an article about the third party risks that are introduced into a home network. Now, eight years later, it is a good time to revisit the landscape of the home network. If we think about the technology in most homes in 2015, it was fairly sparse, consisting only of a router with an internet connection. The speed of most home...

Blog

Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

By Tripwire Guest Authors on Wed, 05/24/2023

Polymorphic and metamorphic malware constantly changes itself in order to avoid detection and persistently remain on the system. This adaptive behavior is the main distinctive attribute of these types of malware, which is also why they are harder to detect; it is also why they pose a great threat to systems. On the surface, the functionality of this...

Blog

Security Awareness Training (SAT) is finally having its day. Here’s why.

By Theo Zafirakos on Wed, 05/24/2023

Cybersecurity awareness is on the rise as more organizations adopt security awareness training programs. Why the hype? In several recent reports, we break down our findings around why SAT is on the rise—and why companies need it now more than ever. Employees are discovering cyberattacks the hard way Recent study by Fortra's Terranova Security in...

Blog

#TripwireBookClub – How to Hack Like a Legend

By Tyler Reguly on Tue, 05/23/2023

This one took a bit longer to read than most of the books we review, but that’s entirely on me… everyone else finished it a while ago. This time around, we’re looking at How to Hack Like a Legend: Breaking Windows by Sparc Flow. The No Starch Press page says that the book is “packed with interesting tricks, ingenious tips, and links to useful resources...

Blog

A Bright Future for Forensic Analysis

By Chris Hudson on Tue, 05/23/2023

I’m going to jump on board the Artificial Intelligence/Machine Learning (AI/ML) bandwagon in this blog and talk about why I’m excited about some of the prospects for this being applied to the compliance and file integrity monitoring data that Tripwire has been specialising in for many years. An Analyst’s Ally A problem faced by many security teams is...

Blog

VERT Reads All About It – Cybersecurity News May 22, 2023

By Andrew Swoboda on Mon, 05/22/2023

The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: Multiple Vulnerabilities in Netgear Routers Netgear RAX30 routers are subject to multiple vulnerabilities. These vulnerabilities could be chained together to achieve an authentication...

Blog

How ChatGPT is Changing Our World

By Tripwire Guest Authors on Mon, 05/22/2023

The Artificial intelligence (AI) based language model, ChatGPT, has gained a lot of attention recently, and rightfully so. It is arguably the most widely popular technical innovation since the introduction of the now ubiquitous smart speakers in our homes that enable us to call out a question and receive an instant answer. But what is it, and why is it...

Blog

Do you Work in a SOC Noise Factory?

By Anthony Israel-Davis on Mon, 05/22/2023

Gabrielle is a security engineer. She deploys tools to scan for threats and vulnerabilities, read logs, and manage the security risks for her company, but is all that data really helping? Sometimes, it seems like she works in a noise factory instead of a SOC. The cacophony of all the log and event data and vulnerability scans are pouring into the SIEM,...

Blog

Take action now to avoid BianLian ransomware attacks, US Government warns organisations

By Graham Cluley on Fri, 05/19/2023

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data...

Blog

Risk Tolerance: Understanding the Risks to your Organization

By Rita Nygren on Thu, 05/18/2023

‘A ship in port is safe, but that's not what ships are built for,’ said Dr. Grace Hopper, Rear Admiral of the US Navy and a computer pioneer. As soon as the ship leaves the harbor, or even the dock, there are risks. Depending on conditions and purposes, the ship's crew might decide they are negligible, that they can be recovered from, or that the...

Blog

Common Social Media Scams and How to Avoid Them

By Tripwire Guest Authors on Wed, 05/17/2023

While there are an estimated 30,000 daily cyber attacks on business websites, there are roughly ten times as many attacks against social media accounts every single day, equating to roughly 1.4 billion accounts every month. Social media attacks and scams have become pervasive problems, with threat actors finding innovative new ways to deceive users...

Blog

Security Journeys: From Change Management to Compliance

By Chris Hudson on Wed, 05/17/2023

Zero Trust seems to no longer command the volume of articles that once set it up as a trend that promised a bright new future for security. This is in part because security is a journey. Rushed implementations and low returns often result in burnout with new technology, and generally the real work happens in the quiet stages when analysts and...

Blog

How to comply with PCI DSS 4.0 while juggling day-to-day tasks

By Editorial Staff on Tue, 05/16/2023

In our webinar, Insights for Navigating PCI DSS 4.0 Milestones, we discuss some of the challenges organizations face as they try to comprehend the new requirements of PCI DSS 4.0. One of the questions we commonly hear is, “How do we prepare for PCI 4.0 deadlines while still maintaining day-to-day operations?” The discussion involved David Bruce, our...

File Integrity Monitoring (FIM) Toolkit

PCI DSS Resource Toolkit

How Large is Your Target? Advice for the Smallest Businesses

PCI DSS 4.0: How to Delight the Auditors

A Brief Introduction to the World of IP Addresses

The Royal & BlackCat Ransomware: What you Need to Know

Rogue IT security worker failed to cover his tracks

Cybersecurity Asset Inventory in Your Home

Understanding how Polymorphic and Metamorphic malware evades detection to infect systems

Security Awareness Training (SAT) is finally having its day. Here’s why.

#TripwireBookClub – How to Hack Like a Legend

A Bright Future for Forensic Analysis

VERT Reads All About It – Cybersecurity News May 22, 2023

How ChatGPT is Changing Our World

Do you Work in a SOC Noise Factory?

Take action now to avoid BianLian ransomware attacks, US Government warns organisations

Risk Tolerance: Understanding the Risks to your Organization

Common Social Media Scams and How to Avoid Them

Security Journeys: From Change Management to Compliance

How to comply with PCI DSS 4.0 while juggling day-to-day tasks

Contact Information

Privacy Policy

Cookie Policy

Impressum