Resources | Tripwire

Resources

Blog

Warning issued about Vice Society ransomware gang after attacks on schools

A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. The Vice Society ransomware group has been breaking into schools and colleges, exfiltrating sensitive data, and demanding ransom payments. The threat? If the extortionists aren't paid, you may not be able to unlock your encrypted...
Blog

How Penetration Testing can help prevent Ransomware Attacks

It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks. According to a PhishLabs report, by Fortra, ransomware attacks are growing more than 100% year-over-year...
Blog

Working Abroad as a Cybersecurity Professional: What You Need to Know

The world is becoming a smaller place. The prospect of working in another country becomes increasingly realistic and even promising as businesses migrate toward the cloud and collaborate more closely with international partners. Amid this shift, cybersecurity professionals may wonder if they can work abroad. Cybersecurity is a worldwide concern, creating plenty of global opportunities for security...
Blog

CISO Interview Series: The thinking of a CISO at the front end of the cyber threat landscape.

What are the most important areas for a CISO to focus on? When speaking to Aman Sood, it becomes clear that the job of a CISO encompasses every aspect of a business. Aman is the Head of Cyber Security with Jimdo, a website building platform that helps small businesses start, grow, and ultimately thrive online. Aman is also the Cyber Security Group Chairman for ISITC Europe CIC, a non-profit...
Blog

Dispelling 5 Myths and Misconceptions Surrounding File Integrity Monitoring (FIM)

File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder Information Security Program (CISP). CISP became PCI DSS 1.0, and things continued to evolve after that. Which brings us to the present day...
Blog

WhatsApp Scams in 2022: What to Look out for

WhatsApp is ranked as the most popular mobile messenger app in the world. In fact, there are two billion active users on the app. This is an incredibly large audience. Unfortunately, it is also a huge number of potential victims for criminals to target. Cybercriminals are increasingly using WhatsApp as the medium for their attacks, and while people have become generally more wary of email phishing...
Blog

What Is the ISA/IEC 62443 Framework?

Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites The WordPress team...
Blog

10 Things Your Workforce Can Do To Support Your Company’s Security Health

The biggest cyber security threat that businesses have to tackle is much closer than you’d think. Verizon’s 2022 Data Breach Investigations report – found human error to be a key driver in 82% of breaches, which is why it is crucial for businesses to address cyber security awareness in the workplace and ensure that employees are equipped with the right guidance and resources to help minimise the...
Blog

FBI issues warning after crypto-crooks steal $1.3 billion in just three months

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part investors from their...
Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in 2022, it’s not surprising that businesses are...
Blog

Everything You Need to Know About CI/CD and Security

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the key concepts. CI/CD adds continuous automation and monitoring throughout the whole application lifetime, from the integration...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this week released patches to address an important...
Blog

Key Points from the IBM Cost of a Data Breach Report 2022

The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis such as: Extended Detection and Response (XDR).Risk Quantification techniques...
Blog

How to Prevent High Risk Authentication Coercion Vulnerabilities

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. In an Active Directory environment, this is commonly done through the use of an NTLM hash. When a user wants to access a network resource, such as a file share, their password is hashed and sent over a cryptographically secure channel to the...
Blog

LastPass attackers steal source code, no evidence users' passwords compromised

LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don't panic just yet - that doesn't mean that all of your passwords are now in the hands of internet criminals. Although the breach is clearly not good news, the company says that...
Blog

Why Does Medical Imaging Equipment Need Better Cybersecurity?

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to...
Blog

Top tips for securing board-level buy-in for cybersecurity awareness campaigns

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. Today we...
Blog

Privacy in Q2 2022: US, Canada, and the UK

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking like never before. In the EU, the GDPR’s fourth...
Blog

5 Things We Learned from The Definitive Guide to Data Loss Prevention (DLP)

In the context of hybrid work, the threat of data loss is rampant. Cybersecurity systems that were once designed to operate within the confines of a network perimeter have become obsolete, with employees using various devices, networks, and applications to get their work done. As such, it’s easier than ever for companies to be vulnerable to the loss of sensitive data. So, what’s the solution...