Resources | Tripwire

Resources

Live Event
From December 12 – 15, 2022, senior decision makers, technical experts, and innovators from across the Department of Defense, Intelligence Community, industry, academia, and FVEY partners will come together to collaborate and share unique insights. The theme of this year’s conference – Transcending Strategic Competitors through Innovation, Adaptation, and Collaboration – underscores the urgent...
Blog

Healthcare sector warned of Venus ransomware attacks

Healthcare organisations in the United States are being warned to be on their guard once again, this time against a family of ransomware known as Venus. An advisory from the United States Department of Health and Human Services (HHS) has warned that the cybercriminals behind the Venus ransomware have targeted at least one healthcare entity in the United States, and are known to be targeting...
Blog

Building a Cybersecurity Training Program: What you need to know

Every security framework recommends that an organization has a cybersecurity training program for all employees, but few give much guidance about what the program should contain. What do you train them on? What actually works? Other than checking a box on the compliance forms, are these programs useful? Why Have a Cybersecurity Training Program? Don't discount “checking the box” on your compliance...
Blog

Fangxiao: A Phishing Threat Actor

Do you know what “fangxiao” means in simplified Chinese? Before you Google it, let me tell you that it stands for “imitate” and this is exactly what Fangxiao phishing campaign actors try to do – imitate and exploit the reputation of international, trusted brands by promising financial or physical incentives to trick victims into further spreading the campaign through WhatsApp. Researchers at Cyjax...
Blog

Curbing Rampant CEO Fraud in 2022

If it seems like you’re constantly hearing about cybercrime these days, there’s a reason for that. Globally, reports of cyberattack instances increased by a staggering 125% in 2021, a trend that shows no sign of slowing. As businesses and consumers turn their attention to cybercrime and protective measures, enterprising cybercriminals continue to fine-tune their approach to exploiting...
Live Webinar
Why is there a gap between compliance and effective cybersecurity? Every organization wants to be secure in the long term, but compliance mandates mean they often stay focused on the short-term requirements. It’s crucial to go beyond simple checkbox compliance. Organizations must create a partnership between compliance and security if they want to protect their systems and data. This live webinar...
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA, PCI DSS). These regulations impact literally...
Blog

Laptop flaws could help malware survive a hard disk wipe

PC manufacturer Lenovo has been forced to push out a security update to more than two dozen of its laptop models, following the discovery of high severity vulnerabilities that could be exploited by malicious hackers. Security researchers at ESET discovered flaws in 25 of its laptop models - including IdeaPads, Slims, and ThinkBooks - that could be used to disable the UEFI Secure Boot process. That...
Blog

Artificial Intelligence, a new chapter for Cybersecurity?

Artificial Intelligence (AI) is a trending topic for many industries now. A variety of organizations currently employ AI mechanisms to support their operational functions. Automated tasks, natural language processing, deep learning, and problem-solving; such AI characteristics have made business tasks much easier. The factor of security in AI is largely overlooked, and with the increasing number...
Blog

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics to understand where the CPGs apply, and how they...
Blog

WEF Report Details Best Practices for Zero Trust Deployment

Cybersecurity, like broader technological disciplines, is an ever-changing landscape that industry professionals must adapt to. The zero-trust model of cybersecurity has grown recently as organizations update their security practices to keep pace with, and stay ahead of evolving threats. Zero Trust Network Access (ZTNA) increased by 230% from 2019 to 2020, and more than 80% of C-suite leaders cite...
Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web. Mark of the Web is what is used to present security warnings when opening files and...
Blog

Developing an Effective Change Management Program

Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a sysadmin moving full-speed ahead to satisfy the...
Blog

Getting started with Zero Trust: What you need to consider

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency...
Blog

Why DevSecOps must be embraced in healthcare organizations

As the healthcare industry becomes more digitally inclined, there’s a need for systems to be put in place to avoid breaches in the security of data records. Most healthcare organizations are already embracing the DevOps (Development and Operations) model, but unfortunately, security seems to be neglected, resulting in data breaches and numerous cyber attacks on software and mobile applications...
Blog

Privacy Updates in Q3 2022: Major Developments Across the Globe

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the international community saw marked progress as well...
Blog

Verified users beware! Scammers are exploiting Twitter turmoil caused by Elon Musk's takeover

As everyone has surely heard by now, Elon Musk has bought Twitter. The controversial tech maverick's takeover of the site has caused some consternation for the site's users, employees, and advertisers - and has also proven a golden opportunity for scammers. Numerous verified Twitter users have reported receiving phishing emails from fraudsters, purporting to be a legitimate message from the...
Blog

5 Myths About Online Privacy

Every year has been an unfortunate year for online privacy for the past few years. Data breaches and social engineering attacks are at an all-time high, and the concept of online data privacy is challenged to its core, with millions of users being affected every month. IBM’s Cost of a Data Breach Report highlighted that the average data breach cost increased 2.6%, from USD 4.24 million in 2021 to...
Blog

Integrity Monitoring Use Cases: Security

Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd states that compliance with laws or regulations is only the starting point for...
Blog

Brace yourself – ISO27001 changes are coming

If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations are still certified to ISO27001:2013, meaning that...