In my previous article, we discussed how organizations are shifting how IT resources are deployed and managed. We covered three methods in particular: automated image creation and deployment, immutable image deployment and containers. We’ll now explore how organizations can make the best of these methods in a dynamic environment.Dealing with Change...

Healthcare continues to see staggering growth in breaches to patient health information. In the first half of 2019 alone, 32 million health records were breached, compared to 15 million records in the entire year of 2018. However, this trend of growing cyber breaches in healthcare is likely to persist due to the following characteristics of the...

A malvertising actor known as "eGobbler" used obscure browser bugs to bypass built-in browser protections and expand the scope of its attacks. Confiant observed eGobbler exploiting the first vulnerability back on April 11, 2019. In that particular attack, the threat actor leveraged a Chrome exploit to circumvent the browser's pop-up blocker built into...

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several...

Just a few years ago, most IT environments were made up of deployed servers on which personnel installed applications, oftentimes as many as that one system could handle. They then remained and ran that way for years. In the meantime, the IT team maintained the system and updated the applications as needed. Sometimes there were test versions of those...

For the past few years, VERT has been running an IoT Hack Lab at SecTor, a security conference in Toronto, Ontario, Canada. Interested attendees (including Expo attendees, who can get a free pass using code Tripwire2019) can visit the Hack Lab with their laptop and learn how to hack various IoT devices from routers and baby monitors to more complex...

In July 2019, Capital One made news headlines not for achieving another milestone but because it had been breached. Capital One was using AWS cloud services, as many businesses are doing nowadays. The problem stemmed (in part) because Capital One had a misconfigured open-source Web Application Firewall (WAF) hosted in the cloud with Amazon Web...

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most common and the most expensive...

Today’s VERT Alert addresses Microsoft’s September 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-849 on Wednesday, September 11th. In-The-Wild & Disclosed CVEs CVE-2019-1214 An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver can allow an...

Working as a cybersecurity analyst is incredibly challenging. It’s one of the only roles in IT that requires 24/7/365 availability. The constant stressors of the job can overload security analysts, which ultimately leads to burnout—affecting every factor of the job from performance to talent retention. Recently recognized by the World Health...

TechCrunch reports that a security researcher stumbled across an exposed server on the internet containing databases with a total of more than 419 million records related to Facebook users. According to TechCrunch's reporting, each database record contains a user's unique Facebook account ID (from which it's possible to determine a user name) and...

Tripwire's August 2019 Patch Priority Index (PPI) brings together important security vulnerabilities from Microsoft and Adobe. First on the Patch Priority Index are patches for Microsoft's Browser and Scripting Engine. These patches resolve 12 vulnerabilities including fixes for memory corruption, information disclosure and security feature bypass...

What if your job was to break things repeatedly in order to make them work better? Sounds like the dream of every curious six-year old, but it's actually an emerging software engineering trend based in the transition from devops to devsecops. It's designed to test systematic limitations with the goal of improving security and performance under any...

Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking database or maybe your...

Even though the healthcare industry has been slower to adopt Internet of Things technologies than other industries, the Internet of Medical Things (IoMT) is destined to transform how we keep people safe and healthy, especially as the demand for lowering healthcare costs increases. The Internet of Medical Things refers to the connected system of...

The IoT Threat LandscapeAs technology continues to pervade modern-day society, security and trust have become significant concerns. This is particularly due to the plethora of cyber attacks that target organizations, governments and society. The traditional approach to address such challenges has been to conduct cybersecurity risk assessments that...

Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th. In-The-Wild & Disclosed CVEs Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they been...

Tripwire's July 2019 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Oracle. First on the list for July are patches for Microsoft's Browser and Scripting Engine. These patches resolve 11 vulnerabilities including fixes for Memory Corruption weaknesses. Next on the list are patches for Microsoft Excel and...

Apple announced that it will be expanding the scope of its bug bounty program and increasing its maximum possible reward payout to $1 million. Ivan Krstić, Apple’s head of security engineering, made the announcement during a presentation on iOS and macOS security at Black Hat USA 2019. He revealed that Apple's bug bounty program will begin...