Resources | Tripwire

Resources

Blog

Overheard at the SANS Security Awareness Summit 2022

People have become the primary attack vector for cyber attackers around the world. As the Verizon Data Breach Investigations Report 2022 indicates, it is humans rather than technology that now represent the greatest risk to organizations. According to the SANS 2022 Security Awareness Report, the top three security risks that security professionals are concerned about are phishing, business email...
Blog

SecTor 2022: The IoT Hack Lab is Back!

Last year, it was great to be back at SecTor after everything was canceled in 2020. The capacity was reduced, but the Hack Lab was still plenty busy and we loved having everyone come by and visit our table and play with the gear. Even more than that, we were excited to meet up with so many friends that we hadn’t seen since 2019. We’re looking forward to catching up with everyone again this year as...
Blog

Tripwire Patch Priority Index for August 2022

Tripwire's August 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the patch priority list this month are patches for Microsoft Office, Outlook, and Excel that resolve 4 vulnerabilities, including denial of service, remote code execution, and security feature bypass.Up next are patches that affect components of the Windows operating systems. These...
Blog

What Are Privacy-Enhancing Technologies (PETs)? A Comprehensive Guide

Modern enterprises will have to work with customer data in one way or another. The COVID-19 pandemic proved that the only businesses that would survive the future were those willing to embrace technology. While technologies such as the Internet of Things, and artificial intelligence have undeniable benefits, they have also presented complications. Managing your customers' or site visitors’ data is...
Blog

Defense in Depth: 4 Essential Layers of ICS Security

It is always said that security is never a one-size-fits-all solution. This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially those with industrial control systems (ICS). Others...
Blog

SecTor 2022: The Power of the Pico

I’m excited to share that I will be speaking at SecTor this year in the tools track. While the SecTor schedule is not yet finalized, I’m currently listed as speaking at 10:15am on October 6th. The talk, The Power of the Pico: Replacing Expensive Toys with the Raspberry Pi Pico, will cover how to use a Raspberry Pi Pico to perform BadUSB attacks. There are commercial tools out there that will...
Blog

A Traveller’s Guide to Staying Cyber safe

With the massive increase in mobile device sales worldwide, it is easy to imagine that the number of people using the internet while travelling has also increased significantly in recent years. With this growth in online activity comes a greater risk of becoming a victim of cybercrime. There are a number of steps that travellers can take to protect themselves from becoming targets of cybercrime...
Blog

Top Phishing and Social Media Threats: Key Findings from the Quarterly Threat Trends & Intelligence Report

In today’s online landscape, it is crucial for organizations to stay on top of the threats that put their enterprises at risk. Agari and PhishLabs have put together their Quarterly Threat Trends & Intelligence Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks, the tactics used by cybercriminals, and the...
Blog

FBI warns of criminals attacking healthcare payment processors

Millions of dollars have been stolen from healthcare companies after fraudsters gained access to customer accounts and redirected payments. In a newly-published advisory directed at the healthcare payment industry, the FBI warns that cybercriminals are using a cocktail of publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and...
Blog

Strong Authentication Considerations for Digital, Cloud-First Businesses

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets. The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine. In this climate of advanced cyber threats and motivated cyber criminals, organizations need to implement...
Blog

Cybersecurity Threats to the US Water Industry

In an increasingly digital world, cybersecurity is a significant - and relevant - threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands. It’s become unfortunately commonplace to hear tales of drained checking accounts, leaked photos, and private documents being published to the masses...
Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm Developer. The Microsoft update for this vulnerability...
Blog

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

Common Criteria for Information Technology Security Evaluation (CC) is an international agreement that provides a set of standards, testing processes, and documentation standards that is widely recognized as the leading standard for defined software security standards. The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Networking equipment...
Blog

How to Correctly Classify Your Data in 2022

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of items that are easier to address. In this article...
Blog

The ClubCISO report reveals a fundamental shift in security culture

With business and technology becoming increasingly intertwined, organizations are being forced to rethink how they look at digital security. Once overlooked or viewed as a mere afterthought, today it has become a business-critical necessity. As a result, organizations across industry lines are racing to improve their security postures. Chief Information Security Officers (CISOs) are at the core of...
Datasheet

Tripwire LogCenter: System Requirements

Determining the proper configuration and resources required for a new log management system can be tricky. Take advantage of Tripwire LogCenter’s software-based deployment to meet current demands and grow capacity when needed. Tripwire LogCenter can collect data from almost any source using standard formats. For in-depth data collection, use the advanced Log Collector Agent. View the platforms...
Datasheet

Tripwire LogCenter Data Collection Capabilities

Tripwire® LogCenter® supports a variety of data collection methods, including agent-based collection using the Tripwire Axon® agent, and agentless collection via syslog, SNMP, WMI, file collectors and remote connectors for Cisco, Check Point and databases. The Tripwire Axon agent available with Tripwire LogCenter supports the following platforms: CentOS Linux 5.3–5.11+ (32- and 64-bit) CentOS...