-
Tyler Reguly
Blog
Cloud Sprawl: How to Tidy It Up
By Tripwire Guest Authors on Tue, 05/28/2024
Image
Cloud computing offers indisputable benefits, but with the caveat that it can quickly become a disorganized jumble unless adequately managed. It’s common for the average organization to use dozens of cloud instances, solutions, and resources scattered across multiple platforms. Such off-premises services quickly accumulate to...
Blog
HITRUST: the Path to Cyber Resilience
By John Salmi on Wed, 05/22/2024
Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be...
Blog
The UK’s Cybersecurity: Where Is it and Where Is it Going?
By Josh Breaker-Rolfe on Tue, 05/21/2024
Image
In early April this year, the UK's Department for Science, Innovation and Technology (DSIT) released its Cybersecurity Breaches Survey 2024. It provides a comprehensive overview of the UK's cybersecurity landscape, exploring the different cyberattacks and cybercrimes businesses, charities, and private sector educational...
Blog
Making Data Integrity Easy: Simplifying NIST CSF with Tripwire
By Dan Jamison on Mon, 05/20/2024
Image
When you think of the cybersecurity "CIA" triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? While the answer may vary by season for your organization, there is no argument that they are all equally vital sides of that CIA triangle, and each deserves the correct...
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity...
Blog
VERT Threat Alert: May 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/14/2024
Image
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we...
Blog
Insider Threats Maintain a Rising Trend
By Katrina Thompson on Tue, 05/14/2024
Image
“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report...
-
Steven Sletten
Blog
Why Is Cyber Resilience Essential and Who's Responsible for It?
By Zoë Rose on Tue, 05/07/2024
Image
In the first installment of our series on cyber resilience, we discussed what being a resilient organization means. In this installment, we'll explore why organizations need to consider how to become resilient, who's responsible for achieving this, and the processes organizations must have to prioritize actions and effectively...
Blog
The Impact of NIST SP 800-171 on SMBs
By Josh Breaker-Rolfe on Mon, 05/06/2024
Image
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated....
Blog
Vulnerability Scanning vs. Penetration Testing
By Babar Mahmood on Fri, 05/03/2024
Image
In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing...
Blog
Tripwire Patch Priority Index for April 2024
By Lane Thames on Thu, 05/02/2024
Image
Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.
Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities.
Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves...
Blog
SCM and NERC: What You Need to Know
By Michael Betti on Tue, 04/16/2024
Image
Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly.
Staying on top of all of these security configurations can be a daunting...
Blog
Embracing Two-Factor Authentication for Enhanced Account Protection
By Fortra Staff on Wed, 04/10/2024
Image
Let’s start the second quarter of the year with boosting our security posture by adopting two-factor authentication methods on our accounts to make them more secure. Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. The...
Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Image
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s...
Blog
AI/ML Digital Everest: Dodging System Failure Summit Fever
By Sandy Dunn on Mon, 04/08/2024
Image
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors.
Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI...
Blog
Exploring Advanced Tripwire Enterprise Capabilities
By John Salmi on Fri, 04/05/2024
Image
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations...
Blog
Tripwire Patch Priority Index for March 2024
By Lane Thames on Wed, 04/03/2024
Image
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple.
First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited...
Blog
The Cyber Sleuth's Handbook: Digital Forensics and Incident Response (DFIR) Essentials
By Kirsten Doyle on Wed, 03/27/2024
Image
In the intricate landscape of cybersecurity, Digital Forensics and Incident Response (DFIR) stand as the sentinels guarding against the onslaught of digital threats. It involves a multifaceted approach to identifying, mitigating, and recovering from cybersecurity incidents.
In the physical world, the aftermath of a crime scene...