Blog

PLEASE_READ_ME Ransomware Campaign Targeting MySQL Servers
Blog

Misconfigured Docker API Ports Targeted by Kinsing Malware

By David Bisson on Mon, 04/06/2020
Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware. According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container. The command used for creating the Ubuntu container included a shell script "d.sh." By means of...
The MITRE ATT&CK Framework: Execution
Blog

The MITRE ATT&CK Framework: Execution

By Tripwire Researcher on Tue, 03/31/2020
Of all the tactics that an adversary will take on in their campaign, none will be more widely abused than Execution (https://attack.mitre.org/wiki/Execution). When taking into consideration off-the-shelf malware, traditional ransomware, or state-of-the-art advanced persistent threat actors, all of them have execution in common. There’s a great quote...
Blog

Are You Ready for the Remote Work’s Toll on Corporate Security?

By David Henderson on Mon, 03/30/2020
Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security. Using a VPN for New Stay-at-Home Workers Millions of employees are now working from the confines of their own homes in an effort to keep businesses running smoothly. In most situations, employees are...
Third-party data breach exposes GE employees' personal information
Blog

Third-party data breach exposes GE employees' personal information

By Graham Cluley on Thu, 03/26/2020
Past and present employees of General Electric (GE) are learning that their sensitive information has been exposed by a data breach at a third-party service provider. Fortune 500 company GE says it was recently informed of a security breach at one of its partners, Canon Business Process Services. According to GE, between approximately February 3 -...
The MITRE ATT&CK Framework: Initial Access
Blog

The MITRE ATT&CK Framework: Initial Access

By Tripwire Researcher on Mon, 03/23/2020
Although ATT&CK is not laid out in any linear order, Initial Access will be the point at which an attacker gains a foothold in your environment. This tactic is a nice transition point from PRE-ATT&CK to ATT&CK for Enterprise. What is different about the techniques within Initial Access is that they are more high-level than some of the other techniques...
MITRE Releases an Update to The Common Weakness Enumeration (CWE)
Blog

MITRE Releases an Update to The Common Weakness Enumeration (CWE)

By Anthony Israel-Davis on Wed, 03/11/2020
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and their mitigations, MITRE is also known for another resource: the Common Weakness Enumeration (CWE). The...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: March 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/10/2020
Today’s VERT Alert addresses Microsoft’s March 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-874 on Wednesday, March 11th. In-The-Wild & Disclosed CVEs Microsoft has not identified any of the vulnerabilities released this month as having been identified in-the-wild or publicly...
Four Important Steps to Secure the United States 2020 Election
Blog

Four Important Steps to Secure the United States 2020 Election

By Guest Authors on Mon, 03/09/2020
It’s an unfortunate reality that cyber attacks on the U.S. 2020 election are likely to happen. However, while this is a potent threat to democracy, an even greater threat is to not take the necessary actions to prevent these attacks until it is too late. There are many different types of cyberattacks that the U.S. 2020 election could face. ...
The War of Passwords: Compliance vs NIST
Blog

The War of Passwords: Compliance vs NIST

By Rita Nygren on Thu, 03/05/2020
The most recent National Institute of Standards and Technology (NIST) guidelines have been updated for passwords in section 800-63B. The document no longer recommends combinations of capital letters, lower case letters, numbers and special characters. Yet most companies and systems still mandate these complexity requirements for passwords. What...
What is ISO/IEC 27701?
Blog

What is ISO/IEC 27701?

By Zoë Rose on Wed, 03/04/2020
If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to business-level security related certifications are ISO...
How to Communicate Risk: Profiles, Dashboards and Responsibilities
Blog

How to Communicate Risk: Profiles, Dashboards and Responsibilities

By Guest Authors on Tue, 03/03/2020
The risk of a data breach with significant financial consequences and damage to brand equity is the fear of most large publicly traded companies. But many smaller businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded and well...
Why Privacy Matters in Cybersecurity
Blog

How the MITRE ATT&CK Framework Can Improve Your Defenses

By Editorial Staff on Tue, 03/03/2020
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...
What Is PIPEDA? And How Does It Protect You and Your Privacy?
Blog

What Is PIPEDA? And How Does It Protect You and Your Privacy?

By Zoë Rose on Mon, 03/02/2020
You have likely heard of the General Data Protection Regulation (GDPR), and you probably refer to this standard whenever the topic of privacy and data processing arises. But what about outside of the EU? The Office of the Privacy Commissioner of Canada (Commissariat à la protection de la vie privée du Canada) has a twitter account that shares...
NetOps vs DevOps vs DevSecOps - What's the Difference?
Blog

NetOps vs DevOps vs DevSecOps - What's the Difference?

By Zoë Rose on Sun, 02/23/2020
One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I...
MOSE: Using Configuration Management for Offensive and Defensive Security
Blog

MOSE: Using Configuration Management for Offensive and Defensive Security

By Guest Authors on Thu, 02/13/2020
Post-exploitation can be one of the most time-consuming but worthwhile tasks that an offensive security professional engages in. Fundamentally, it is where you are able to demonstrate what an adversary may do if they compromise a business. A big component of this is trying to get as far as you can without alerting the defenders to what you’re doing....
Why Privacy Matters in Cybersecurity
Blog

Cybersecurity Awareness with Graham Cluley

By Editorial Staff on Tue, 02/11/2020
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...
Cyber Resilience – Everything You (Really) Need to Know
Blog

Cyber Resilience – Everything You (Really) Need to Know

By Zoë Rose on Mon, 02/10/2020
What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an...
10 Tenets for Cyber Resilience in a Digital World
Blog

10 Tenets for Cyber Resilience in a Digital World

By Anastasios Arampatzis on Sun, 02/09/2020
Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by criminal and hostile state actors. The hard truth is that it is difficult to...
Helping Healthcare Organizations Mature their Cybersecurity Practices
Blog

Helping Healthcare Organizations Mature their Cybersecurity Practices

By Editorial Staff on Mon, 02/03/2020
Cyberattacks in the healthcare industry show no signs of abating. In 2018, digital criminals breached 15 million healthcare records. Alarmingly, in the first half of 2019 alone, 32 million healthcare records were compromised as a result of multiple security incidents. Among those was the American Medical Collection Agency (AMCA) breach, an event which...
How to Best Secure the Industrial Network for EMEA Organizations
Blog

Why Asset Visibility Is Essential to the Security of Your Industrial Environment

By Hien La on Sun, 02/02/2020
Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS...