Adhering to the ever-tightening letter of the law is the cost of doing business these days, and for many companies caught in the crosshairs, that cost is getting too high.New research by Bridewell Consulting revealed that 44% of all financial services institutions in the UK listed compliance as the top cybersecurity challenge their organizations currently face. And it may be no surprise as many...

Today’s Patch Tuesday Alert addresses Microsoft’s May 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1156 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-32706A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has...

Today’s Patch Tuesday Alert addresses Microsoft’s April 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1151 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-29824A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has...

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene. Mandatory requirements include:Notice on Technology Risk Management (FSM N21)Notice on Cyber Hygiene (FSM N22)Notice on Management of...

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...

Critical infrastructure organizations bear an enormous responsibility. The assets, systems, and networks they manage are crucial to the functioning of a healthy society. They provide water, energy, transportation, healthcare, telecommunications, and more—should they fail, they would bring entire countries to their knees.The vast importance of Critical National Infrastructure (CNI) makes it a prime...

Technology is evolving at a startling pace, perhaps faster than ever before. Businesses are scrambling to reap the rewards of these technologies, especially AI. But do they recognize the cybersecurity risks associated with these changes? The World Economic Forum’s latest Global Risks Report suggests not. Digital Era, Digital ThreatsWe are truly living in the digital age. This brings many benefits....

Today’s VERT Alert addresses Microsoft’s March 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1147 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-26633According to Microsoft, improper neutralization in Microsoft Management Console could allow an unauthorized attacker to bypass a security feature locally. For...

What is it?The Tripwire Enterprise Critical Change Audit rules provide customers with the ability to monitor for critical events that could have a significant impact on a system. Monitoring for critical events can help administrators identify malicious and/or unexpected changes within their environment.Changes To CCAAdditional rules were added to the Critical Change Audit rule set. These rules...

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...

What is it?The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.Changes to CAAdditional rules were added to the Change Audit rule set. These rules provide customers the ability to...

Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be...

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets.When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating...

The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves.In...

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out. Understanding the Cyber Space ThreatWhile NASA has...

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards.Cyber threats keep growing in sophistication and...

Fortra’s Tripwire has always been widely known as a File Integrity Monitoring (FIM) solution, and a very good one at that. The good news is that it still is - only when you look closely, it’s a lot more. And it always has been.Besides its traditionally known role as an integrity and security configuration management tool, Tripwire’s powerful capabilities make it a comprehensive cybersecurity...

Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-21333The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this...

In a team environment, it’s all about playing nice with others. The same could be said of your technology team (or stack), and its various components. The problem of disparate, complex systems – each coming from disparate, complex places – all being thrown together in an enterprise has been one the industry has been mulling over for some time.Any change to an individual service could have...