Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized?  The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a...

Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could...

The third quarter saw some major developments across the privacy space. In the U.S., we saw a federal bill for comprehensive privacy achieve more than ever before, children’s privacy proved to remain a top concern, and the Federal Trade Commission formally began its heavily criticized “Magnuson-Moss rulemaking” process. Not to be outdone, the...

Every year has been an unfortunate year for online privacy for the past few years. Data breaches and social engineering attacks are at an all-time high, and the concept of online data privacy is challenged to its core, with millions of users being affected every month. IBM’s Cost of a Data Breach Report highlighted that the average data breach cost...

  Compliance is an essential aspect of every organization, and in business terms, it entails ensuring that organizations of all sizes, and their personnel, comply with national and international regulations, such as GDPR, HIPAA, and SOX. When guaranteeing compliance, many firms frequently overlook security. Gary Hibberd states that compliance with...

The supply chain is a complex environment that goes deep inside a business and involves the majority of its infrastructure, operations, personnel, and outer relations: vendors, partners, and customers. To protect that matrix is extremely difficult, as there are numerous sensitive nodes, lines, and processes that a security team has to take care of:...

If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive...

Law firms owe their clients several types of duties, such as the duty of care, duty to provide competent representation, as well as other ethical responsibilities. Their duties even extend to former clients and must be upheld long after they no longer have a formal attorney-client relationship. More specifically, lawyers have a duty to not disclose any...

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1...

What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In...

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM level...

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm Developer....

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS Devices —...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could Impact...

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless Cryptominer...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for years ...

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online...

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a lot...