Resources

On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI...

Blog

VERT Threat Alert: April 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/11/2023

Image Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild....

Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements...

Blog

Don’t fail an audit over a neglected annual policy review

By Tripwire Guest Authors on Mon, 03/20/2023

Image When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve...

Blog

VERT Threat Alert: March 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/14/2023

Image Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows...

Blog

ISO27001 Updates: Change is afoot

By Tripwire Guest Authors on Mon, 03/13/2023

Image If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards...

Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

By Bob Covello on Wed, 02/15/2023

Image When it comes to acronyms, Technology and Cybersecurity often rival various branches of government. Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS. Government, however, rarely disappoints in its inventiveness, whether it is the...

Blog

VERT Threat Alert: February 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/14/2023

Image Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in...

Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023

Image The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not...

Blog

VERT Threat Alert: January 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/10/2023

Image Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th. In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv...

Blog

Tripwire & Towerline: Easing the burden of the NERC CIP audit process

By Tripwire Guest Authors on Tue, 12/20/2022

Image When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the...

Blog

VERT Threat Alert: December 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/13/2022

Image Today’s VERT Alert addresses Microsoft’s December 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1034 on Wednesday, December 14th. In-The-Wild & Disclosed CVEs CVE-2022-44698 This vulnerability allows a malicious individual to bypass SmartScreen, which does a...

Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022

Image In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations...

Blog

Information security compliance: why it’s more important than ever

By Tripwire Guest Authors on Wed, 11/16/2022

Image Being in a more connected environment benefits all of us, from those using social media to stay in touch with far-away relatives, to businesses enjoying the rewards of remote working. But, while connectivity is great and offers many positives, it also creates vulnerabilities. Companies that handle sensitive data may find...

Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022

Image In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry...

Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/08/2022

Image Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the...

Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022

Image Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by...

Blog

Integrity Monitoring Use Cases: Security

By David Bruce on Thu, 11/03/2022

Image Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd...

Blog

Brace yourself – ISO27001 changes are coming

By Tripwire Guest Authors on Wed, 11/02/2022

Image If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even...

Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022

Image The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014...

Insights for Navigating PCI-DSS 4.0 Milestones

VERT Threat Alert: April 2023 Patch Tuesday Analysis

PCI DSS 4.0 Compliance

Don’t fail an audit over a neglected annual policy review

VERT Threat Alert: March 2023 Patch Tuesday Analysis

ISO27001 Updates: Change is afoot

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

VERT Threat Alert: February 2023 Patch Tuesday Analysis

The State of the US National Cybersecurity Strategy for the Electric Grid

VERT Threat Alert: January 2023 Patch Tuesday Analysis

Tripwire & Towerline: Easing the burden of the NERC CIP audit process

VERT Threat Alert: December 2022 Patch Tuesday Analysis

Security Configuration Management Use Cases: Policy Monitoring for Security

Information security compliance: why it’s more important than ever

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Getting started with Zero Trust: What you need to consider

Integrity Monitoring Use Cases: Security

Brace yourself – ISO27001 changes are coming

What the industry wants to improve on NIST Cybersecurity Framework 2.0

Contact Information

Privacy Policy

Cookie Policy

Impressum