Blog

Tripwire VERT
Blog
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings , we know is tied to Improper Access Control . From a...
Vulnerability & Risk Management
VERT Research
managed-cybersecurity-services-secure-modern-environments
Blog
Blog

Managed Cybersecurity Services Secure Modern Environments

By Troy Thompson on Mon, 03/25/2024
In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored hackers and opportunistic threat actors, our...
Cybersecurity
Managed Security Services
Blog
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: February 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/13/2024
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently...
Vulnerability & Risk Management
VERT Research
Expert Insight for Securing Your Critical Infrastructure
Blog
Blog

Expert Insight for Securing Your Critical Infrastructure

By Ted Rassieur on Mon, 01/15/2024
At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...
Compliance
NERC CIP
Industrial Control Systems
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: January 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/09/2024
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are...
Vulnerability & Risk Management
VERT Research
Tips for Achieving Success With a NERC CIP Audit
Blog
Blog

Tips for Achieving Success With a NERC CIP Audit

By Jim Fisher on Wed, 12/13/2023
Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go smoothly. Moreover, these can also help to achieve positive results. At the...
Cybersecurity
Compliance
NERC CIP
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: December 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/12/2023
Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks Security Notice , which describes how some AMD processors can potentially return speculative data after a...
Vulnerability & Risk Management
VERT Research
Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
Blog
Blog

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity

By Travis Emerson on Mon, 11/27/2023
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the...
Vulnerability & Risk Management
Cybersecurity
Compliance
NERC CIP
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: November 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/14/2023
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2023-36033 A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: October 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 10/10/2023
Today’s VERT Alert addresses Microsoft’s October 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1077 on Wednesday, October 11th. In-The-Wild & Disclosed CVEs CVE-2023-41763 While this vulnerability is labeled as a Skype for Business Elevation of Privilege Vulnerability, the...
Vulnerability & Risk Management
VERT Research
How MSSPs Help with Cybersecurity Compliance
Blog
Blog

How MSSPs Help with Cybersecurity Compliance

By Zack Jessee on Wed, 10/04/2023
While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new guide: How Managed Services Can Help with...
Cybersecurity
Compliance
Managed Security Services
What is NERC? Everything you need to know
Blog
Blog

What is NERC? Everything you need to know

By Michael Betti on Tue, 10/03/2023
Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT...
Compliance
NERC CIP
Industrial Control Systems
Increasing Your Business’ Cyber Maturity with Fortra
Blog
Blog

Increasing Your Business’ Cyber Maturity with Fortra

By Antonio Sanchez on Wed, 09/20/2023
When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of the security portfolio. It’s one thing to advocate for...
Vulnerability & Risk Management
Cybersecurity
Compliance
Managed Security Services
Security Configuration Management
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: September 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/12/2023
Today’s VERT Alert addresses Microsoft’s September 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1073 on Wednesday, September 13th. In-The-Wild & Disclosed CVEs CVE-2023-36761 Microsoft has indicated that a vulnerability impacting Microsoft Word, including the preview pane...
Vulnerability & Risk Management
VERT Research
Working with a Reliable Partner for Cybersecurity Success
Blog
Blog

Working with a Reliable Partner for Cybersecurity Success

By Joe Pettit on Thu, 08/31/2023
Technology companies are often seen as revolving doors of constantly shifting personnel. Whether they are seeking a better work environment or chasing a higher paycheck, these staff changes can hurt an organization’s progress. Worse yet, the customers are often negatively impacted by these changes in the continuity of established relationships. At Fortra, we're proud to have a higher average...
Vulnerability & Risk Management
Cybersecurity
File Integrity & Change Monitoring
Managed Security Services
Security Configuration Management
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: August 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/08/2023
Today’s VERT Alert addresses Microsoft’s August 2023 Security Updates , which includes a recently introduced release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1068 on Wednesday, August 9th. In-The-Wild & Disclosed CVEs CVE-2023-38180 A vulnerability in Kestrel could allow for a denial of service. Kestrel is the cross-platform web server...
Vulnerability & Risk Management
VERT Research
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: July 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/11/2023
Today’s VERT Alert addresses Microsoft’s July 2023 Security Updates , which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1064 on Wednesday, July 12th. In-The-Wild & Disclosed CVEs CVE-2023-32046 A vulnerability in MSHTML could allow an attacker to execute code in the context of the logged in user providing the attacker...
Vulnerability & Risk Management
VERT Research
Tripwire VERT
Blog
Blog

VERT Threat Alert: June 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 06/13/2023
Today’s VERT Alert addresses Microsoft’s June 2023 Security Updates , which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1060 on Wednesday, June 14th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs in the June Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin...
Vulnerability & Risk Management
VERT Research
Tripwire VERT
Blog
Blog

VERT Threat Alert: May 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/09/2023
Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates , which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to...
Vulnerability & Risk Management
VERT Research