Resources

Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to...
Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for...
Product Video

How Tripwire Helped Walgreens Take a Proactive Approach to Security

Walgreens, founded in 1901, is one of the largest pharmacy companies in the U.S., handling online and in-store sales as well as processing the prescription needs of millions of customers. It needed a security solution that would give them an integrated, all-up view into its IT ecosystem. Its Tripwire ExpertOps solution has given the company a much more proactive view and approach to its security...
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Guide

Multi-Cloud Security Best Practice Guide

When you opt to use multiple cloud providers, you’re implementing a multi-cloud strategy. This practice is increasingly common, and can refer to mixing SaaS (software as a service) and PaaS (platform as a service) offerings as well as public cloud environments that fall under the IaaS (infrastructure as a service) category. The most common public cloud environments today are Amazon Web Services ...
Guide

Sustaining SOX Compliance Through Automation Using COBIT Framework

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results. This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...
Guide

Six Security Controls to Prevent Your Cloud from Getting Hacked

There’s a common misconception that cloud providers handle cybersecurity for you. The truth is, cloud providers use a “shared responsibility model”. They protect underlying Cloud infrastructure, but leave protection of Cloud-deployed assets and data up to you. To help meet this need, the Center for Internet Security (CIS) has created the CIS Amazon Web Services Foundations benchmark policy. This...
Guide

Survey: Securing Public Cloud Infrastructure

Do you have a centralized view of your organization’s security posture and policy compliance across all cloud accounts? A Tripwire and Dimensional Research survey conducted in 2021 found that only 21 percent of security professionals could answer “yes.” The survey included more than 300 cybersecurity professionals who are directly responsible for the security of public cloud infrastructure within...
Guide

Securing AWS Cloud Management Configurations

Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide

Implementing Cloud Security Best Practices

Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Guide

Solid Foundations for Cloud Security: Houses Built on Sand or Rock

Moving mission critical applications to the cloud provides a whole host of benefits but it also means trusting cloud providers with key aspects of security and compliance. This paper provides tools you can use to evaluate the security and compliance offerings of cloud computing partners. It also describes how Tripwire’s solutions can be used to build and deploy a rock-solid security foundation...
Guide

Executing an Efficient Cloud Security Strategy

How do organizations execute an efficient cloud security strategy and find the right cloud security tools? Tripwire asked a range of cloud security experts to share their thoughts on some of the key challenges regarding secure cloud storage and cloud computing security.
Guide

18 Expert Tips for Effective and Secure Cloud Migration

Organizations are increasingly migrating to the cloud to process their IT resources. Gartner predicts that cloud data centers will process 92 percent of workloads by 20201, while Cisco forecasts cloud workloads to increase 3.2x in that span of time2. Under the Shared Responsibility Model, migrating organizations need to ensure security in the cloud by taking adequate measures to protect their...
Guide

Cloud Control Buyer's Guide

Introduction The world of IT is moving to the cloud for flexibility, on-demand computing resources, and speed just to name a few benefits. Market data varies but estimates of cloud usage show that in the range of 20–25% of overall compute workloads are operating in public cloud environments today, with that expected to grow to 50% over the next 5–10 years. However, most organizations haven’t...