When it comes to cybersecurity governance and management, there is no “one size fits all” approach. Today’s CISOs have a far wider range of responsibilities than their predecessors as heads of IT security. The CISO role is no longer purely technical, focused on hardware and endpoint protection and on operations within the organisational perimeter....

Cybersecurity is such a broad subject that many times, an organization can become stifled when trying to develop a full cybersecurity program. Some organizations that have already put a cybersecurity program in place can also unpleasantly discover gaps in their efforts, making the entire venture seem moot. One way to effectively get started, as well...

Tripwire recently conducted a series of surveys and interviews to understand IT professionals who manage security for their company. The cybersecurity landscape is constantly changing, new challenges are rapidly emerging, and new threats have surfaced, especially throughout the pandemic. We were curious to know some of the struggles that security...

On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”An EO is a written...

Organizations need the right internal personnel like a CISO to keep their systems and data secure. But what kind of skills do these leaders need? And how should they guide their employers in a way that doesn’t overlook the evolving threat landscape? To find out, I decided to speak with Goher Mohammad. Goher is the Group Head of Information Security...

In the last few years, Tripwire has increased its portfolio to include industries that were previously overlooked in the cybersecurity space. Industrial organizations are the newest targets for some of the most malicious instances of cybercrime in recent memory. Fortunately, we have a team of sales engineers who have unique experiences in this area....

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called "Spot the Ball." For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from the image, and the goal was to place a cross or series of...

Emil Sayegh, president and CEO of Ntirety, unpacks the issue of inauthentic identities opening doors to untraceable, fake social accounts and the impact that it has on society. Emil is a cloud visionary and is known as one of the "fathers of OpenStack." https://open.spotify.com/episode/6I4Voxz3682NpA0geZpbLQ?si=2630c8fda2f74f32 Spotify: https:/...

I was recently asked to host a round table discussion on ‘Governance, Risk and Compliance' (GRC), and I have to admit I was more than a little excited. Why? Because the other people around the table were leading lights in the world of Cybersecurity, Risk and Resilience, and I was looking forward to exploring how a GRC framework can work across...

These days, it’s not a matter if your password will be breached but when. Major websites experience massive data breaches at an alarming rate. Have I Been Pwned currently has records from 543 sites comprising 11.4 billion accounts. This includes well-known names like Wattpad, MySpace, and Facebook. This is an 84% increase in the number of sites and...

Gary Hibberd, professor of communicating cyber for Cyberfort and former head of business continuity and information security at various companies, teaches the importance of building resilience in your organization not just with technology but also with people and processes.https://open.spotify.com/episode/3jR9SJrjzjRqRZZYfqoXy2Spotify: https://open...

In Part 1 of this series, we introduced the concept that the most vulnerable people on the internet are our senior population. According to the FBI, elder fraud impacts millions of American seniors every year. Figures from the United Kingdom show similar levels of criminal activity targeting seniors. Most of the elder fraud schemes are financially...

Previously, we reviewed The Ghidra Book: The Definitive Guide because several of us were working with Ghidra, and it was a topic that made sense. Similarly, we spend a lot of time thinking and talking about Internet of Things (IoT) Security. Whether it is Craig Young winning the first-ever SOHOpelessly Broken contest at DEF CON or the team running...

Windows 11 was released on October 5, 2021. It has several new installation requirements including, most notably, Secure Boot and a Trusted Platform Module. These features can provide a more secure computing environment, but if you need to virtualize a Windows 11 environment, you will need virtualization software that supports this. Although I...

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via...

Tripwire's September 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Adobe, Linux, and Confluence.First on the patch priority list this month are patches for the Linux kernel (CVE-2021-3490) and Confluence Server and Data Center (CVE-2021-26084). Exploits for these vulnerabilities have been recently added to...

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series of data breaches.CIS Control 07 provides the minimum requirements and table...

In today’s world with cyber attacks hitting the headlines daily, cybersecurity is at the forefront of many business owners’ minds, but implementing the right solutions and knowing what to do to reduce your risk is a big challenge for decision makers in these organizations. The task is even harder for small- to medium-sized businesses (SMB) that tend...

"Say ‘Ta,’" said Mamma Bear. "Ta," said Baby Bear. He then dropped the mug of blackcurrant juice by accident. "What have you done?" exclaimed Daddy Bear. "The carpet is RUINED!!" Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face...

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file,...