Blog

Blog

Making Data Integrity Easy: Simplifying NIST CSF with Tripwire

When you think of the cybersecurity "CIA" triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? While the answer may vary by season for your organization, there is no argument that they are all equally vital sides of that CIA triangle, and each deserves the correct level of care and attention...
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker...
Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object...
Blog

Hey, You. Get Off of My Cloud

The Rolling Stones wanted to protect their space; we, as security practitioners, need to protect ours. Data 'castles' in the cloud are out there, and they're constantly under siege. By drawing inspiration from a band that embodied personal freedom, we can draw some – okay, very stretched - parallels to modern cloud security. Nonetheless, they work....
Blog

Why Is Cyber Resilience Essential and Who's Responsible for It?

In the first installment of our series on cyber resilience, we discussed what being a resilient organization means. In this installment, we'll explore why organizations need to consider how to become resilient, who's responsible for achieving this, and the processes organizations must have to prioritize actions and effectively spend their budgets. ...
Blog

Ensuring Privacy in the Age of AI: Exploring Solutions for Data Security and Anonymity in AI

With the widespread use of AI technology, numerous AI models gather and process vast amounts of data, much of which comprises personal information utilized to offer personalized experiences. However, this abundance of data poses inherent risks, particularly in terms of privacy and security. As AI systems become more sophisticated, the potential for...
Blog

Vulnerability Scanning vs. Penetration Testing

In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing takes a more targeted...
Blog

Tripwire Patch Priority Index for April 2024

Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities. Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves spoofing and remote...
Blog

Cybersecurity: The Battle of Wits

With cybersecurity, the digital battlegrounds stretch across the vast expanse of the internet. On the one side, we have increasingly sophisticated and cunning adversaries. On the other, skilled cybersecurity practitioners who are desperate to protect their companies’ assets at all costs. One fundamental truth rings clear: it’s an ongoing and...
Blog

Defending Against Supply Chain Spoofing in Critical Manufacturing

Supply chain attacks are a serious and growing threat to businesses across all industries. However, these attacks pose an even greater risk for manufacturers in critical infrastructure sectors. One pernicious form of supply chain attack is spoofing, where attackers impersonate legitimate suppliers to sneak malicious code or components into products...
Blog

Machines vs Minds: The Power of Human Ingenuity Against Cyber Threats

Most people remember the iconic movie Terminator, in which the cyborg T-800 was dispatched back in time from the year 2029 with the mission to eliminate Sarah Connor. She was destined to give birth to the future leader of the human resistance against machines, thus threatening their dominance. If Sarah were killed, humanity's fate would be sealed,...
Blog

10 Database Security Best Practices You Should Know

Statista shows a near doubling of data compromises between last year (3,205) and the year before (1,802). Cybercriminals go where the data goes, and there is more need than ever for effective database security measures. These tactics differ from network security practices, which rely heavily on software solutions and even employee best practices....
Blog

"All for One and One for All": The EU Cyber Solidarity Act Strengthens Digital Defenses

Alexandre Dumas's timeless novel "The Three Musketeers" immortalized the ideal of unyielding solidarity, the enduring motto "All for one and one for all." In the face of ever-evolving threats in the digital realm, the European Union echoes this spirit with its landmark Cyber Solidarity Act. This new legislation recognizes that collective defense is...
Blog

Exploring Cybersecurity Risks in Telemedicine: A New Healthcare Paradigm

The experience of seeing a doctor has transformed dramatically, thanks in part to the emergence of telemedicine. This digital evolution promises convenience and accessibility but brings with it a host of cybersecurity risks that were unimaginable up until a few years ago. The unique cybersecurity challenges facing telemedicine today underscore the...
Blog

NSA Debuts Top 10 Cloud Security Mitigation Strategies

As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors. In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US...
Blog

Supply Chain Cybersecurity – The Importance of Everyone

I’m always surprised – and a little disappointed – at how far we have to go before supply chain cybersecurity gets the respect and attention it deserves.I sat down this week with a new client who wanted some help addressing several internal issues surrounding their IT systems. When I asked them about their relationship with the supplier – essentially...
Blog

SCM and NERC: What You Need to Know

Security configurations are an often ignored but essential factor in any organization’s security posture: any tool, program, or solution can be vulnerable to cyberattacks or other security incidents if the settings are not configured correctly. Staying on top of all of these security configurations can be a daunting responsibility for security or...
Blog

ITRC's 2023 Data Breach Report Is a Mixed Bag

In the first quarter of every year, organizations around the world release reports summing up data breach trends from the previous twelve months. And every year, these reports say broadly the same thing: data breach numbers have gone up again. This year is no different. Or is it? Compromises Up, Victims Down However, the Identity Theft Resource...
Blog

DragonForce Ransomware - What You Need To Know

What's going on? A relatively new strain of ransomware called DragonForce has making the headlines after a series of high-profile attacks. Like many other ransomware groups, DragonForce attempts to extort money from its victims in two ways - locking companies out of their computers and data through encryption, and exfiltrating data from compromised systems with the threat of releasing it to...