Blog

Blog

Let's Dance: Securing Access with PIM and PAM to Prevent Breaches

I know when to log outKnow when to log inGet things done In the spirit of David Bowie, let's explore how to navigate the labyrinth of privileged access management without getting "Under Pressure."No one wants to mistype a common command, copy their proprietary data to a public location, or delete their operating system. Having multiple accounts—one for regular activities and specific privileged...
Blog

The Power of Tripwire Enterprise SCM Policies

There are many good business, security, and compliance reasons for leveraging the extensive rule and policy engines of Fortra’s Tripwire Enterprise (TE) to implement Security Configuration Management (SCM) capabilities, which have been documented very well in other blogs. In contrast, this article deals more with “how can we fully leverage this capability” technically instead of “why” we use them...
Blog

Tripwire Patch Priority Index for August 2024

Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that resolve 12 vulnerabilities, including information disclosure, remote code execution, and memory corruption vulnerabilities.Up next are patches for Microsoft Outlook, PowerPoint, Visio, Excel, Project,...
Blog

The Invisible Shield: Exploring the Silent Guardians of IoT Security

Effectively acting as an invisible shield, the inner workings of IoT security are often taken for granted. However, we can focus and shine a light on the protocols and practices that provide the foundation of IoT security to help others see how these efficiently operate behind the scenes to protect complex networks of interconnected devices.We will consider everything from everyday smart home...
Blog

Global Cyber Insurance Premiums Decline Despite Ransomware Surge

Cyber insurance has a strange past: AIG first took cyber insurance to market in 1997 despite a total lack of actuarial data to inform premiums or policies. Essentially, the industry ran on guesswork. Even today, the cyber insurance market is remarkably unpredictable compared to long-established insurance policies such as those for housing or health.Typically, when cybercrime – or, more...
Blog

Tips to Help Leaders Improve Cyber Hygiene

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing businesses sector-wide, the importance of cyber hygiene cannot be overstated.Cyber threats are evolving and growing in sophistication with...
Blog

Securing Infrastructure as Code: Best Practices for State Management

IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure...
Blog

10 Authentication Trends in 2024 and Beyond

What Is Authentication?Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems.There are several methods of authentication, including knowledge-based factors (something you know, like a password), possession-based factors (something you have...
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Blog

Find Your Best Fit: Solving the Cybersecurity Framework Puzzle

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.Tyler examines the CIS...
Blog

Reliable Baseline Management with Fortra's Tripwire Enterprise

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below...
Blog

Tripwire Patch Priority Index for July 2024

Tripwire's July 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Office and Outlook that resolve remote code execution and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 65 vulnerabilities, including elevation of privilege,...
Blog

Re-Extortion: How Ransomware Gangs Re-Victimize Victims

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics.Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers...
Blog

The Dual Impact of AI on Power Grids: Efficiency and Vulnerability

Artificial intelligence (AI) has emerged as a promising solution to modernize power grids. The technology, alongside other upgrades like Internet of Things (IoT) connectivity, could make energy infrastructure more reliable and sustainable. However, AI power grids also pose significant cybersecurity risks.Attacks against critical infrastructure are becoming more common. As energy authorities ramp...
Blog

Securing Diverse Environments: Security Configuration Management

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it's crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or outsourced solutions, each environment presents unique security challenges that require...
Blog

MitM Attacks: Understanding the Risks and Prevention Strategies

As our interactions with the digital world grow, connections will be established within seconds, leading to more online attacks. One type of attack we may be exposed to is known as a Man-in-the-Middle (MitM) — a technique cyber attackers use to take over our online communications.The best way to stay safe online is with a better understanding of the problems caused by these digital attacks and...
Blog

5 Stages of Vulnerability Management Program Best Practices

Vulnerability management is a foundational cornerstone for reducing your organization’s cyber risk, but what are vulnerabilities and why is it important to create a strong vulnerability management program? The National Institute of Science and Technology (NIST) defines a vulnerability as, “Weakness in an information system, system security procedures, internal controls, or implementation that...
Blog

What are the Current Trends in Cloud Technology?

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.But what are the trends currently defining the cloud computing market? According to Donnie...
Blog

Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...
Blog

VERT Threat Alert: July 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-38112A vulnerability in the Windows MSHTML Platform could allow spoofing to occur. Successful exploitation of this vulnerability requires that the attacker convince...