Blog

all-for-one-and-one-for-all-the-eu-cyber-solidarity-act-strengthens-digital-defense
Blog
Blog

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

By Anastasios Arampatzis on Wed, 04/24/2024
Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act . This new legislation recognizes that collective defense is the cornerstone of cybersecurity – in a world...
Cybersecurity
Compliance
Tripwire VERT
Blog
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings , we know is tied to Improper Access Control . From a...
Vulnerability & Risk Management
VERT Research
Security vs. Compliance: What's the Difference
Blog
Blog

Security vs. Compliance: What's the Difference?

By Anthony Israel-Davis on Thu, 04/04/2024
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often, the peanut butter and...
Cybersecurity
Compliance
Blog
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone...
Vulnerability & Risk Management
VERT Research
So You Want to Achieve NERC CIP-013-1 Compliance…
Blog
Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

By Anastasios Arampatzis on Wed, 03/06/2024
Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial...
Compliance
Industrial Control Systems
What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?
Blog
Blog

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

By Emily Newton on Tue, 03/05/2024
Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly...
Cybersecurity
Industrial Control Systems
Making Sense of Financial Services Cybersecurity Regulations
Blog
Blog

Making Sense of Financial Services Cybersecurity Regulations

By Stefanie Shank on Thu, 02/29/2024
The financial services sector faces unprecedented cybersecurity challenges in today's digital age. With the industry being a prime target for cybercriminals , understanding and adhering to cybersecurity regulations has never been more crucial. This article delves into the labyrinth of cybersecurity regulations affecting financial services, underscoring their significance in safeguarding sensitive...
Cybersecurity
Compliance
Improving OT Security in Industrial Processes
Blog
Blog

Improving OT Security in Industrial Processes

By Lane Thames on Tue, 02/27/2024
Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste...
Cybersecurity
Industrial Control Systems
PCI-DSS-Compliance-Meeting-the-Third-Party-Vendor-Requirements
Blog
Blog

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

By Tripwire Guest Authors on Tue, 02/20/2024
Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few. Though third-party vendors are a necessary cog in the...
Compliance
PCI DSS
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: February 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/13/2024
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently...
Vulnerability & Risk Management
VERT Research
The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration
Blog
Blog

The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration

By Faisal Parkar on Tue, 02/06/2024
Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to understand the security measures individuals and...
Compliance
Security Configuration Management
Managing Financial Crime Risks in Digital Payments
Blog
Blog

Managing Financial Crime Risks in Digital Payments

By Chester Avey on Thu, 02/01/2024
The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion , with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital transformation of payments has brought consumers and...
Cybersecurity
Compliance
PCI DSS
WaterISAC: 15 Security Fundamentals You Need to Know
Blog
Blog

WaterISAC: 15 Security Fundamentals You Need to Know

By Stefanie Shank on Wed, 01/24/2024
2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by Israel, and the criminals used this opportunity to...
Cybersecurity
Industrial Control Systems
Water
Blog
Blog

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

By Graham Cluley on Mon, 01/22/2024
US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS...
Compliance
Industrial Control Systems
Resolving Top Security Misconfigurations: What you need to know
Blog
Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established...
Cybersecurity
Compliance
CIS Controls
NIST
Security Configuration Management
Tips for Ensuring HIPAA Compliance
Blog
Blog

Tips for Ensuring HIPAA Compliance

By Tripwire Guest Authors on Wed, 01/17/2024
Like every other industry, the healthcare sector is barely recognizable when compared to its state 20 years ago. It, too, has been transfigured by technology. While this has brought many impactful benefits, it has also introduced at least one major challenge: keeping sensitive patient information private. At the heart of this privacy challenge stands the venerable Health Insurance Portability and...
Compliance
HIPAA
Why Therapists need Data Protection and Cybersecurity
Blog
Blog

Why Therapists need Data Protection and Cybersecurity

By Gary Hibberd on Tue, 01/16/2024
Cybersecurity in Mental Healthcare - The Overlooked Risk Did you know the New-Age Therapeutic sector is unregulated? If that surprises you, then you’re not alone. I was a little surprised, too. Yes, there are various professional bodies a practitioner can join, and there are courses they can attend, but they aren’t forced to. It should be noted that professional, licensed psychotherapists and...
Cybersecurity
Compliance
HIPAA
Expert Insight for Securing Your Critical Infrastructure
Blog
Blog

Expert Insight for Securing Your Critical Infrastructure

By Ted Rassieur on Mon, 01/15/2024
At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...
Compliance
NERC CIP
Industrial Control Systems
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: January 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/09/2024
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are...
Vulnerability & Risk Management
VERT Research
How Does PCI DSS 4.0 Affect Web Application Firewalls?
Blog
Blog

How Does PCI DSS 4.0 Affect Web Application Firewalls?

By Josh Davies on Mon, 01/08/2024
The payment industry is bracing for the transition to Payment Card Industry Data Security Standard (PCI DSS) 4.0 , heralding significant changes in cybersecurity practices. As we approach the implementation of this revised standard, a critical focal point emerges: the role and new mandate of web application firewalls (WAFs) in ensuring compliance. The shift from a best practice to a prescribed...
Compliance
PCI DSS