Guide
Governance, Risk, and Compliance
Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide
Adjusting to the Reality of Risk Management Framework
The Risk Management Framework (RMF) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security.
Image
Federal entities need to...
Guide
Building a Mature Vulnerability Management Program
A successful vulnerability management program requires more than the right technology. It requires dedicated people and mature processes. When done properly, the result can be a continuously improving risk management system for your organization.
This white paper was written by CISSP-certified Tripwire system engineers with extensive experience in implementation of...
Guide
The Five Stages of Vulnerability Management Maturity
One key element of an effective information security program within your organization is having a good vulnerability management (VM) program, as it can identify critical risks. Most, if not all, regulatory policies require a VM program, and information security frameworks advise implementing VM as one of first things an organization should do when building their information...
Blog
VERT Threat Alert: August 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 08/09/2022
Image
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th.
In-The-Wild & Disclosed CVEs
CVE-2022-34713
According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
By Andrew Swoboda on Mon, 08/08/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories.
Windows 11 Smart App Control...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
By Andrew Swoboda on Mon, 08/01/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories.
SonicWall fixed critical SQLi in...
Blog
4 Stages of Vulnerability Management Program Best Practices
By Tripwire Researcher on Mon, 07/18/2022
Image
An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals. These goals should address the information needs of all stakeholders, tie back to the business goals of the enterprise, and reduce the organization’s risk. Existing vulnerability management...
Blog
VERT Threat Alert: July 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 07/12/2022
Image
Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th.
In-The-Wild & Disclosed CVEs
CVE-2022-22047
Microsoft is reporting this month that a single vulnerability in the Windows...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
By Andrew Swoboda on Mon, 06/27/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.
Over a Dozen Flaws Found in Siemens...
Blog
VERT Threat Alert: June 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 06/14/2022
Image
Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th.
In-The-Wild & Disclosed CVEs
None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022
By Andrew Swoboda on Mon, 06/13/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories.
Another nation-state actor exploits...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022
By Andrew Swoboda on Mon, 06/06/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories.
Vendor Refuses to Remove Backdoor...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 16, 2022
By Andrew Swoboda on Mon, 05/23/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories.
Watch Out! Hackers Begin Exploiting...
Blog
VERT Threat Alert: May 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/10/2022
Image
Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th.
CVE-2022-26925
In-The-Wild & Disclosed CVEs
Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 2, 2022
By Editorial Staff on Mon, 05/09/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 2, 2022. I’ve also included some comments on these stories.
Microsoft Azure Vulnerability Exposes...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 25, 2022
By Editorial Staff on Mon, 05/02/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories.
Homeland Security bug bounty...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 18, 2022
By Editorial Staff on Mon, 04/25/2022
Image
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories.
CISA Alert on ICS, SCADA Devices...