Blog | Tripwire

Blog

Blog

Everything You Need to Know About CI/CD and Security

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the key concepts. CI/CD adds continuous automation and monitoring throughout the whole application lifetime, from the integration...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this week released patches to address an important...
Blog

Key Points from the IBM Cost of a Data Breach Report 2022

The volume and impact of data breaches have accelerated largely in 2022, which has contributed to many adverse effects for businesses. Tc highlights several updated factors that have generated great costs across 17 countries and regions, and 17 industries. The report has included new related areas of analysis such as: Extended Detection and Response (XDR).Risk Quantification techniques...
Blog

How to Prevent High Risk Authentication Coercion Vulnerabilities

Most of us already know the basic principle of authentication, which, in its simplest form, helps us to identify and verify a user, process, or account. In an Active Directory environment, this is commonly done through the use of an NTLM hash. When a user wants to access a network resource, such as a file share, their password is hashed and sent over a cryptographically secure channel to the...
Blog

LastPass attackers steal source code, no evidence users' passwords compromised

LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don't panic just yet - that doesn't mean that all of your passwords are now in the hands of internet criminals. Although the breach is clearly not good news, the company says that...
Blog

Why Does Medical Imaging Equipment Need Better Cybersecurity?

Medical imaging cybersecurity needs to evolve to meet today’s security threats. Cyberthreats specifically targeting health care institutions have increased over recent years. More data is also at risk since patients have begun widely using telemedicine services. In addition to the risk of information theft, there is a very serious risk to patients, including the potential for physical harm due to...
Blog

Top tips for securing board-level buy-in for cybersecurity awareness campaigns

With Cyber Security Awareness month fast approaching, information security professionals and data protection managers will be looking at how to secure board-level buy-in for company-wide cybersecurity awareness campaigns. Often, this is the biggest hurdle for any cyber awareness campaign as senior leadership weighs the costs and benefits of investing in the security of their business. Today we...
Blog

Privacy in Q2 2022: US, Canada, and the UK

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking like never before. In the EU, the GDPR’s fourth...
Blog

5 Things We Learned from The Definitive Guide to Data Loss Prevention (DLP)

In the context of hybrid work, the threat of data loss is rampant. Cybersecurity systems that were once designed to operate within the confines of a network perimeter have become obsolete, with employees using various devices, networks, and applications to get their work done. As such, it’s easier than ever for companies to be vulnerable to the loss of sensitive data. So, what’s the solution...
Blog

Black Hat USA 2022: Key Highlights

Arriving at the keynote hall for Black Hat 2022, I was immediately struck by the size of the crowd - after the seemingly endless pandemic hiatus, the cyber industry had come out in force. The mood was one of enthusiasm, and the entire place reverberated with the vibrancy of reunion. It was a great event for the industry - and for HelpSystems - and a few things stuck out. 25 Years of Black Hat This...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15th, 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems A now-removed rogue package...
Blog

Email and cybersecurity: Fraudsters are knocking

Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for "about a month before it becomes a problem". Can you imagine that now? A month without email? Emails are a necessary evil According to Earthweb, approximately 333.2 billion emails are...
Blog

The State of Security: SIEM in 2022

The world of enterprise cybersecurity is exceedingly dynamic. In a landscape that is ever-changing, security professionals need to combat a class of evolving threat actors by deploying increasingly sophisticated tools and techniques. Today with enterprises operating in an environment that is more challenging than ever, Security Information and Event Management (SIEM) platforms play an...
Blog

What is Configuration Drift?

In a previous post my colleague spoke about how ensuring devices on your network is a great way to minimize the attack surface of your infrastructure. Organizations like the Center for Internet Security (CIS) provide guidelines on how to best configure operating systems to minimize the attack surface. The CIS calls these “benchmarks.” Many security policies state that all deployed systems should...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8st, 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for years Did Slack send you a password reset link last...
Blog

Interpreting the Key Points of The 2022 IBM i Marketplace Survey Results

This year marks the eighth edition of the popular IBM i Marketplace Survey Results. Each year, Fortra collects data about how companies utilize the IBM i platform and the IT enterprises it helps. Year after year, the survey has started to demonstrate long-term directions that provide useful information about the future of this entrusted technology. Despite constant challenges, nearly 500 IBM i...
Blog

A 5 Step Checklist for Complying with PCI DSS 4.0

In March 2022, the Payment Card Industry Data Security Standard (PCI DSS) was updated with a number of new and modified requirements. Since their last update in 2018, there has been a rapid increase in the use of cloud technologies, contactless payments have become the norm, and the COVID-19 pandemic spurred a massive growth in e-commerce and online payments. At the same time, cybercriminals have...
Blog

5 tips for spotting and avoiding Pig butchering scams

A new type of scam, called “pig butchering” is gaining momentum. Pig butchering is a unique scam which uses a romance scam script, but with an investment spin on it, where victims are groomed to invest large sums of money, often on fake crypto apps. Behind the scenes of these scams are scam centers run by cryptocurrency scammers, who coerce human trafficking victims into executing the online scam...
Blog

Ransomware attack blamed for closure of all 7-Eleven stores in Denmark

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday. The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack. Initially, 7-Eleven's Danish division did not say that ransomware was responsible for its problems, simply describing the incident as a "hacker attack": "We suspect that we have been...
Blog

Supply Chain Cybersecurity – the importance of everyone

This week, I spoke with a new client who told me all about how they are looking forward to addressing a number of internal issues surrounding their IT systems. They explained that over the last 12 months, they repeatedly had issues of delays in service and outages, which had affected their business. Discussing this further, I explored their relationship with the supplier and asked what due...