When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it's also important to understand that another hazard is lurking much closer to home - the insider threat.These attacks have devastated entities in all sectors, with severe repercussions. These...

One of the hardest parts of managing an organization’s cybersecurity is patch management.Just as one patch cycle is completed, another set of patches are released. When compounded with the highly regulated energy industry, governed by the NERC CIP Standards, the task becomes even more daunting. Fortunately, Fortra’s Tripwire Enterprise (TE) can ease the process.Some of the specified requirements...

DSPM, CSPM, and CIEM are more than just a mouthful of acronyms. They are some of today’s most sophisticated tools for managing data security in the cloud.While they are all distinct entities and go about protecting data in different ways, the fact that they all seem to do very much the same thing can lead to a lot of confusion. This, in turn, can sell each of these unique solutions short – after...

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point...

Today’s VERT Alert addresses Microsoft’s December 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1136 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-49138The only vulnerability that has been publicly disclosed and exploited this month is CVE-2024-49138, a vulnerability in the Windows Common Log File System...

When I was younger, I played a variety of team sports and enjoyed competing against opponents with my teammates. Winning was always a matter of applying sound tactics and strategy, attacking and defending well and using a blend of skill, talent and luck.Now that I'm older, I watch more than I play, and I'm able to appreciate the many lessons team sports teach, especially at the professional level....

Tripwire's November 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google Chromium.First on the list are patches for Microsoft Edge, Excel, and Word that resolve remote code execution and security feature bypass vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 35 vulnerabilities,...

Vulnerability management (VM) has always been a complex area of concern that requires continuous and active effort to work properly. This can make it challenging for organizations to maintain their VM strategies and solutions over time, as there are many angles to secure and processes to oversee. There are a wide range of potential ways that VM can go wrong, and it is essential for organizations...

In recent years, organizations have learned how crucial penetration testing is for enhancing cyber resilience. However, traditional penetration testing is insufficient in today’s dynamic threat landscape. Recent trends highlight the need for a more continuous and proactive approach to security testing, and continuous penetration testing is set to record huge growth over the next few years, both...

Most modern organizations have complex IT infrastructures made up of various components like Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), public cloud, and sometimes hybrid environments. While these infrastructures bring significant benefits, including improved scalability, flexibility, and cost savings, increasing complexity has made it...

As we continue to embrace remote work, it’s crucial to keep our security practices sharp to protect both company and personal data. With increasing cyber threats, adhering to security best practices helps us safeguard our information and maintain our productivity. Here’s a quick guide to help you stay vigilant and secure while working remotely.Secure Your Home OfficePick a space that is private.Do...

Business email compromise (BEC) is a sophisticated type of phishing that uses social engineering and deception to obtain access to sensitive accounts, networks, and data. In these attacks, bad actors pose as organization executives to request funds transfers from other members of the organization. Playing on the trust that employees place in executives, this scam demands that the attacker gather...

Today’s VERT Alert addresses Microsoft’s November 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1132 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43451A vulnerability that allows for NTLMv2 hash disclosure has been both publicly disclosed and actively exploited. According to Microsoft, only minimal...

Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities,...

Cybersecurity threats to manufacturing and process plants come from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but...

Today’s VERT Alert addresses Microsoft’s October 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1127 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-43573A vulnerability in the Windows MSHTML Platform has seen active exploitation attacks against a spoofing vulnerability. Based on the CWE that Microsoft selected...

Tripwire's September 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for Microsoft Excel, Visio, and Publisher that resolve remote code execution, elevation of privilege, and security feature bypass vulnerabilities.Next are patches that affect components of the core Windows operating system. These patches resolve over 35...

For the past few years, the CRM market has witnessed steady growth and it is projected to reach $89 billion by 2024. Estimates are that this growth will continue into the foreseeable future. Essentially, CRM systems have come to stay and have become the backbone of many organizations.However, the bleak state of cybersecurity cuts across many industries, and CRM systems are equally vulnerable....

Amid the numerous instruments that have augmented our digital communication and commerce experiences over time, email remains a staple for everything, from confirming purchases to life-changing events like the authorization of financial aid.It comes as no surprise that email scams have been a mainstay of cyberattacks since the earliest days of online correspondence. Worse yet, their scope and...

Misconfigurations (when cloud computing assets are set up incorrectly, leaving them vulnerable to unauthorized access, data breaches, and operational disruptions) and inadequate change control top the list of cloud security threats in 2024, rising from third place the year before. It's clear that the transition to cloud computing has amplified the challenges of configuration management, making it...