-
Tyler Reguly
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity...
Blog
VERT Threat Alert: May 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 05/14/2024
Image
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we...
-
Steven Sletten
Blog
VERT Threat Alert: April 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 04/09/2024
Image
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-26234
This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s...
Blog
VERT Threat Alert: March 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 03/12/2024
Image
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release.
CVE...
Blog
PCI DSS Compliance - Meeting the Third-Party Vendor Requirements
By Tripwire Guest Authors on Tue, 02/20/2024
Image
Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway,...
Blog
VERT Threat Alert: February 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 02/13/2024
Image
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-21351
This CVE describes a bypass in the Windows SmartScreen Security Feature. At this...
Blog
Managing Financial Crime Risks in Digital Payments
By Chester Avey on Thu, 02/01/2024
Image
The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years.
There is no denying the convenience benefits...
Blog
Resolving Top Security Misconfigurations: What you need to know
By Jeff Moline on Mon, 01/22/2024
Image
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into...
Blog
Tips for Ensuring HIPAA Compliance
By Tripwire Guest Authors on Wed, 01/17/2024
Image
Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private.
At the heart of this...
Blog
Why Therapists need Data Protection and Cybersecurity
By Gary Hibberd on Tue, 01/16/2024
Image
Cybersecurity in Mental Healthcare - The Overlooked Risk
Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to.
...
Blog
An Introduction to AWS Security
By Gilad David Maayan on Fri, 01/12/2024
Image
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world's biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical for IT and security professionals to understand the basics of...
Blog
VERT Threat Alert: January 2024 Patch Tuesday Analysis
By Tyler Reguly on Tue, 01/09/2024
Image
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop.
CVE...
Blog
How Does PCI DSS 4.0 Affect Web Application Firewalls?
By Josh Davies on Mon, 01/08/2024
Image
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0, heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in...
Blog
Cloud Security Optimization: A Process for Continuous Improvement
By Gilad David Maayan on Thu, 12/28/2023
Image
Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage to network capabilities. The cloud optimization...
Blog
VERT Threat Alert: December 2023 Patch Tuesday Analysis
By Tyler Reguly on Tue, 12/12/2023
Image
Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th.
In-The-Wild & Disclosed CVEs
CVE-2023-20588
AMD has released AMD-SB-7007 – Speculative Leaks Security Notice, which describes how...
Blog
The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI
By Katrina Thompson on Mon, 12/11/2023
Image
The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2.
“A perfect storm”
As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly...
Blog
The Six Pillars of Cybersecurity
By Gary Hibberd on Thu, 11/16/2023
Image
Winter is coming
In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS...
Blog
VERT Threat Alert: November 2023 Patch Tuesday Analysis
By Tyler Reguly on Tue, 11/14/2023
Image
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th.
In-The-Wild & Disclosed CVEs
CVE-2023-36033
A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to...