-
Tyler Reguly
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity...
Blog
VERT Threat Alert: May 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/14/2024
Image
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we...
Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Image
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s...
Blog
VERT Threat Alert: March 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 03/12/2024
Image
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE...
Blog
VERT Threat Alert: February 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 02/13/2024
Image
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-21351
This CVE describes a bypass in the Windows SmartScreen Security Feature. At this...
Blog
Resolving Top Security Misconfigurations: What you need to know
By Jeff Moline on Mon, 01/22/2024
Image
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into...
Blog
Expert Insight for Securing Your Critical Infrastructure
By Ted Rassieur on Mon, 01/15/2024
Image
At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an...
Blog
An Introduction to AWS Security
By Gilad David Maayan on Fri, 01/12/2024
Image
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world's biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical for IT and security professionals to understand the basics of...
Blog
VERT Threat Alert: January 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 01/09/2024
Image
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE...
Blog
Cloud Security Optimization: A Process for Continuous Improvement
By Gilad David Maayan on Thu, 12/28/2023
Image
Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage to network capabilities. The cloud optimization...
Blog
Tips for Achieving Success With a NERC CIP Audit
By Jim Fisher on Wed, 12/13/2023
Image
Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go...
Blog
VERT Threat Alert: December 2023 Patch Tuesday Analysis
By Tyler Reguly on Tue, 12/12/2023
Image
Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th.
In-The-Wild & Disclosed CVEs
CVE-2023-20588
AMD has released AMD-SB-7007 – Speculative Leaks Security Notice, which describes how...
Blog
The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI
By Katrina Thompson on Mon, 12/11/2023
Image
The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2.
“A perfect storm”
As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly...
Blog
Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
By Travis Emerson on Mon, 11/27/2023
Image
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to...
Blog
The Six Pillars of Cybersecurity
By Gary Hibberd on Thu, 11/16/2023
Image
Winter is coming
In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS...
Blog
VERT Threat Alert: November 2023 Patch Tuesday Analysis
By Tyler Reguly on Tue, 11/14/2023
Image
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th.
In-The-Wild & Disclosed CVEs
CVE-2023-36033
A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to...
Blog
Cloud Watching Report: Key Takeaways
By Anirudh Chand on Mon, 11/13/2023
Image
The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner, the market for public cloud services is expected to surpass 700 billion USD by the end of 2024. The growth of cloud technologies presents a wealth of new...
Blog
VERT Threat Alert: October 2023 Patch Tuesday Analysis
By Tyler Reguly on Tue, 10/10/2023
Image
Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates, which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th.
In-The-Wild & Disclosed CVEs
CVE-2023-41763
While this vulnerability is...
Blog
What is NERC? Everything you need to know
By Michael Betti on Tue, 10/03/2023
Image
Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical...