Blog | Tripwire

Blog

Blog

Top Phishing and Social Media Threats: Key Findings from the Quarterly Threat Trends & Intelligence Report

In today’s online landscape, it is crucial for organizations to stay on top of the threats that put their enterprises at risk. Agari and PhishLabs have put together their Quarterly Threat Trends & Intelligence Report detailing their analysis of phishing and social media attacks this quarter. The report presents statistics regarding the volume of attacks, the tactics used by cybercriminals, and the...
Blog

FBI warns of criminals attacking healthcare payment processors

Millions of dollars have been stolen from healthcare companies after fraudsters gained access to customer accounts and redirected payments. In a newly-published advisory directed at the healthcare payment industry, the FBI warns that cybercriminals are using a cocktail of publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and...
Blog

Strong Authentication Considerations for Digital, Cloud-First Businesses

Authentication as a baseline security control is essential for organizations to know who and what is accessing corporate resources and assets. The Cybersecurity and Infrastructure Security Agency (CISA) states that authentication is the process of verifying that a user’s identity is genuine. In this climate of advanced cyber threats and motivated cyber criminals, organizations need to implement...
Blog

Cybersecurity Threats to the US Water Industry

In an increasingly digital world, cybersecurity is a significant - and relevant - threat to individuals and companies alike. Cybercriminals are constantly devising new ways to steal information for personal gain through exploitation or ransom demands. It’s become unfortunately commonplace to hear tales of drained checking accounts, leaked photos, and private documents being published to the masses...
Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm Developer. The Microsoft update for this vulnerability...
Blog

Common Criteria Certification: What Is It, and What Does It Mean for Tripwire Enterprise?

Common Criteria for Information Technology Security Evaluation (CC) is an international agreement that provides a set of standards, testing processes, and documentation standards that is widely recognized as the leading standard for defined software security standards. The Canadian Centre for Cyber Security performs evaluations on common IT products and releases a report called “Common Criteria...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5th, 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Networking equipment...
Blog

How to Correctly Classify Your Data in 2022

Data classification can feel like an overwhelming task, especially for organizations without a strong practice in place. As with any security approach, data classification is both crucial and tempting to avoid. Regardless of whether the value is recognized, there’s a chance that it gets pushed further and further down the priority list in favor of items that are easier to address. In this article...
Blog

The ClubCISO report reveals a fundamental shift in security culture

With business and technology becoming increasingly intertwined, organizations are being forced to rethink how they look at digital security. Once overlooked or viewed as a mere afterthought, today it has become a business-critical necessity. As a result, organizations across industry lines are racing to improve their security postures. Chief Information Security Officers (CISOs) are at the core of...
Blog

Warning issued about Vice Society ransomware gang after attacks on schools

A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC. The Vice Society ransomware group has been breaking into schools and colleges, exfiltrating sensitive data, and demanding ransom payments. The threat? If the extortionists aren't paid, you may not be able to unlock your encrypted...
Blog

How Penetration Testing can help prevent Ransomware Attacks

It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the most publicized example. Since then, dozens of ransomware strains have been utilized in a variety of cyberattacks. According to a PhishLabs report, by Fortra, ransomware attacks are growing more than 100% year-over-year...
Blog

Working Abroad as a Cybersecurity Professional: What You Need to Know

The world is becoming a smaller place. The prospect of working in another country becomes increasingly realistic and even promising as businesses migrate toward the cloud and collaborate more closely with international partners. Amid this shift, cybersecurity professionals may wonder if they can work abroad. Cybersecurity is a worldwide concern, creating plenty of global opportunities for security...
Blog

CISO Interview Series: The thinking of a CISO at the front end of the cyber threat landscape.

What are the most important areas for a CISO to focus on? When speaking to Aman Sood, it becomes clear that the job of a CISO encompasses every aspect of a business. Aman is the Head of Cyber Security with Jimdo, a website building platform that helps small businesses start, grow, and ultimately thrive online. Aman is also the Cyber Security Group Chairman for ISITC Europe CIC, a non-profit...
Blog

Dispelling 5 Myths and Misconceptions Surrounding File Integrity Monitoring (FIM)

File integrity monitoring (FIM) started back in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM; this rebranded tool worked with the 12 security controls identified in Visa’s Cardholder Information Security Program (CISP). CISP became PCI DSS 1.0, and things continued to evolve after that. Which brings us to the present day...
Blog

WhatsApp Scams in 2022: What to Look out for

WhatsApp is ranked as the most popular mobile messenger app in the world. In fact, there are two billion active users on the app. This is an incredibly large audience. Unfortunately, it is also a huge number of potential victims for criminals to target. Cybercriminals are increasingly using WhatsApp as the medium for their attacks, and while people have become generally more wary of email phishing...
Blog

What Is the ISA/IEC 62443 Framework?

Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites The WordPress team...
Blog

10 Things Your Workforce Can Do To Support Your Company’s Security Health

The biggest cyber security threat that businesses have to tackle is much closer than you’d think. Verizon’s 2022 Data Breach Investigations report – found human error to be a key driver in 82% of breaches, which is why it is crucial for businesses to address cyber security awareness in the workplace and ensure that employees are equipped with the right guidance and resources to help minimise the...
Blog

FBI issues warning after crypto-crooks steal $1.3 billion in just three months

Amid a wave of hacks that have cost investors billions of dollars worth of cryptocurrency, the FBI is calling on decentralised finance (DeFi) platforms to improve their security. In a warning posted on its website, the FBI said that cybercriminals are increasingly targeting DeFi platforms to steal cryptocurrency, often exploiting vulnerabilities in smart contracts to part investors from their...
Blog

Defense and Development: Key points from The Complete Guide to Application Security for PCI-DSS

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025. With digital commerce emerging as the largest segment in the projected $8.49 trillion global digital payments market in 2022, it’s not surprising that businesses are...