Resources

Blog

VERT Threat Alert: June 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1060 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs in the June Patch Tuesday drop. CVE Breakdown...
Blog

Tripwire Patch Priority Index for May 2023

Tripwire's May 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve elevation and security feature bypass vulnerabilities. Up next are 3 patches for Microsoft Office, Word, Excel, and Access that resolve remote code...
Blog

How to Avoid Cybercrime While Traveling Internationally

Traveling abroad, whether for business or leisure, brings plenty of tangible benefits to individuals and organizations. Coupled with the convenience of innovative technology at our fingertips, business professionals can achieve a lot if they spend much of their time on foreign shores. However, despite this digital evolution, traveling abroad can...
Blog

The Future of Driverless Cars: Technology, Security and AI

Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is...
Blog

The Issue of Insider Threats: What you Need to Know

Not all Risks Become Threats Insider threats are an updated version of the wolf in sheep's clothing - the people we rely on to safeguard systems and data can sometimes be the ones who pose the greatest risk. From malicious actors to negligent employees, insider threats come in many forms and can have devastating consequences for organizations of...
Guide

PCI DSS Resource Toolkit

PCI DSS Resources for Seamless Compliance The Payment Card Industry Data Security Standard (PCI DSS) is one of the most widely applied regulatory compliance standards, meaning thousands of organizations can benefit from streamlining their compliance programs to avoid audit fines and protect cardholder data. Fortra’s Tripwire is an authority on how to achieve continuous, automated compliance and...
Blog

Security Journeys: From Change Management to Compliance

Zero Trust seems to no longer command the volume of articles that once set it up as a trend that promised a bright new future for security. This is in part because security is a journey. Rushed implementations and low returns often result in burnout with new technology, and generally the real work happens in the quiet stages when analysts and...
Guide

Insider Insights for the PCI DSS 4.0 Transition

Is your organization ready for the new PCI DSS 4.0 Standard? If you’re already compliant with the most recent version of the Payment Card Industry Data Security Standard (PCI DSS), you’ve probably already begun transitioning to version 4.0 ahead of the upcoming deadline. To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from...
Blog

VERT Threat Alert: May 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This...
Blog

Supply Chain Compromise: The Risks You Need to Know

This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center...
Blog

Tripwire Patch Priority Index for April 2023

Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches for Microsoft...
Blog

What is a WAF? (Web Application Firewall)

This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the internet gives workforce...
Blog

Root Cause Analysis for Deployment Failures

Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is something Tripwire...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...
On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI 4.0 using a simple...
Blog

Tripwire’s Vulnerability Exposure Research Team (VERT): What you need to know

Each month, at the State of Security, we publish a range of content provided by VERT. Whether it’s a round-up of all the latest cybersecurity news, our Patch Priority Index that helps guide administrators on what they should be patching , a book review, general musings from the team, or most notability our Patch Tuesday round-up. VERT is helping...
Blog

CISA Publishes Advisory on Improving Network Monitoring and Hardening

CISA released in late February a cybersecurity advisory on the key findings from a recent Cybersecurity and Infrastructure Security Agency (CISA) red team assessment to provide organizations recommendations for improving their cyber posture. According to the Agency, the necessary actions to harden their environments include monitoring network...
Blog

VERT Threat Alert: April 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a...
Blog

30 Ransomware Prevention Tips

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious...
Blog

Tripwire Patch Priority Index for March 2023

Tripwire's March 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Google and Microsoft. First on the patch priority list this month is a patch for Microsoft Office Outlook that resolves a critical elevation of privilege vulnerability (CVE-2023-23397) that should be patched as soon as possible. This vulnerability has...