Blog

tripwire_vert_patch_priority_index
Blog
Blog

Tripwire Patch Priority Index for March 2024

By Lane Thames on Wed, 04/03/2024
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium...
Vulnerability & Risk Management
Bake-off: Ensuring Security in the Cyber Kitchen
Blog
Blog

Bake-off: Ensuring Security in the Cyber Kitchen

By Chris Hudson on Wed, 03/27/2024
I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother’s sandwich shop. When I see...
File Integrity & Change Monitoring
Security Configuration Management
AI-Platforms-Name-Cybersecurity-Threats-and-Advice-for-2024
Blog
Blog

AI Platforms Name Cybersecurity Threats and Advice for 2024

By Tripwire Guest Authors on Tue, 03/26/2024
With $109.5 billion of growth expected between now and 2030, the global AI cybersecurity market is booming – and it's not hard to see why. According to a recent survey of security professionals, three-quarters ( 75% ) have observed an increase in cyberattacks. Of these, the research found that an even greater proportion (an overwhelming 85%) blamed AI. What is AI's role in cybersecurity, then? Is...
Cybersecurity
managed-cybersecurity-services-secure-modern-environments
Blog
Blog

Managed Cybersecurity Services Secure Modern Environments

By Troy Thompson on Mon, 03/25/2024
In an era characterized by relentless digital transformation and interconnectedness, cybersecurity has evolved into a complex and dynamic battleground. Businesses, governments, and individuals find themselves locked in a perpetual struggle against a relentless flood of evolving threats. From sophisticated cybercriminal syndicates to state-sponsored hackers and opportunistic threat actors, our...
Cybersecurity
Managed Security Services
The Looming Cyber Threat in Real Estate
Blog
Blog

The Looming Cyber Threat in Real Estate

By Kirsten Doyle on Mon, 03/25/2024
In our interconnected world, the real estate industry has embraced technology to revolutionize its operations, enhance customer experiences, and streamline business processes. Yet, while this technological evolution has brought immense benefits to the property sector, it has also attracted the attention of nefarious actors keen on exploiting vulnerabilities. With high-value transactions occurring...
Cybersecurity
Series of hegagons of various sizes that each contain the image of a human hand and robotic hand clasping each other in various ways
Blog
Blog

AI Transparency: Why Explainable AI Is Essential for Modern Cybersecurity

By Dilki Rathnayake on Thu, 03/21/2024
Modern cybersecurity has reached an exceptional level, particularly with the integration of AI technology . The complexity of cyberattacks and their methodologies has also increased significantly, even surpassing human comprehension . This poses a considerable challenge for cybersecurity professionals who struggle to keep pace with the scale and complexity of AI-generated attacks. The widespread...
Cybersecurity
Critical insights into Australia’s supply chain risk landscape
Blog
Blog

Critical insights into Australia’s supply chain risk landscape

By Anirudh Chand on Tue, 03/19/2024
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data breaches were reported to the Australian...
Vulnerability & Risk Management
Cybersecurity
A hand placing teh final cube to a square made up of wooden blocks that show the image of a cog surrounded by a circle of arrows
Blog
Blog

Achieving Continuous Compliance with Tripwire’s Security Configuration Manager

By Taha Dharsi on Tue, 03/19/2024
Security and compliance are often tightly intertwined. The main difference is that sometimes, security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to deduce the state of a system; the evidence needs to be clear. There are many factors that can cause compliance shifts. Configurations are...
Security Configuration Management
Website-Security-Attack-bw
Blog
Blog

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

By Katrina Thompson on Wed, 03/13/2024
According to the Verizon 2023 Data Breach Investigations Report , Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats in the bunch, common web attacks like credential stuffing and SQL injection attacks continue to wreak havoc on the cybersecurity landscape, just like phishing and emerging AI-based attacks , and...
Cybersecurity
Blog
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone...
Vulnerability & Risk Management
VERT Research
Hand holding wooden cube block arranging processing management on background
Blog
Blog

Reducing Cyber Risks with Security Configuration Management

By John Stanton on Tue, 03/12/2024
Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organization’s control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuration management (SCM) is one way to take control of...
Cybersecurity
Security Configuration Management
Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks
Blog
Blog

Cybersecurity in the Age of AI: Exploring AI-Generated Cyber Attacks

By Dilki Rathnayake on Mon, 03/11/2024
Historically, cyber-attacks were labor-intensive, meticulously planned, and needed extensive manual research. However, with the advent of AI , threat actors have harnessed their capabilities to orchestrate attacks with exceptional efficiency and potency. This technological shift enables them to execute more sophisticated, harder-to-detect attacks at scale. They can also manipulate machine learning...
Cybersecurity
file-integrity-monitoring-vs-integrity-what-you-need-to-know
Blog
Blog

File Integrity Monitoring vs. Integrity: What you need to know

By David Henderson on Mon, 03/11/2024
Using security tools to monitor activities on IP based endpoints and the resulting changes that occur pose one of the most formidable challenges to security and regulatory compliance efforts, thanks to its potential to disrupt established security measures and protocols. Compliance frameworks, such as PCI DSS and NIST 800-53/SI-7, require organizations in every sector to maintain a consistent and...
File Integrity & Change Monitoring
So You Want to Achieve NERC CIP-013-1 Compliance…
Blog
Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

By Anastasios Arampatzis on Wed, 03/06/2024
Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial...
Compliance
Industrial Control Systems
The Financial Sector Is Refocusing on Cybersecurity
Blog
Blog

The Financial Sector Is Refocusing on Cybersecurity

By Stefanie Shank on Wed, 03/06/2024
In 2024, transformation is reshaping industries, and the financial sector stands at a crucial juncture. The Softcat Business Tech Priorities Report , a comprehensive survey encompassing over 4,000 customers across various sectors, sheds light on this transformation. Significantly, cybersecurity has emerged as the paramount concern for financial institutions for the second consecutive year. This...
Cybersecurity
What-Are-Command-and-Control-Attacks
Blog
Blog

What Are Command and Control Attacks?

By Dilki Rathnayake on Tue, 03/05/2024
In today's expanding cyber threat landscape, infiltrating a system goes beyond unauthorized access or malware installation. To achieve their ultimate objectives, cybercriminals need to maintain an undetected presence in the system or network to control or extract data according to their needs. Command and Control attacks, also known as C&C or C2 attacks, create a covert link between the...
The Role of Security Configuration Management (SCM) in Preventing Cyberattacks
Blog
Blog

The Role of Security Configuration Management (SCM) in Preventing Cyberattacks

By Jay Thakkar on Tue, 03/05/2024
In the intricate realm of cybersecurity, the relentless surge of cyber threats demands a constant reassessment of defensive strategies. Amidst this dynamic landscape, a subtle yet indispensable player takes center stage — Security Configuration Management (SCM) . This blog embarks on an insightful journey into the critical role played by SCM in the ongoing battle against cyberattacks, shedding...
Cybersecurity
Security Configuration Management
The Need For Cybersecurity in Agriculture
Blog
Blog

The Need For Cybersecurity in Agriculture

By Tripwire Guest Authors on Tue, 03/05/2024
Agriculture, a fundamental aspect of human civilization, plays an important role in global economic stability, contributing 4% to the global GDP . This sector not only provides food, but also supplies vital raw materials for various industries and drives economic development through job creation and trade facilitation. As we observe a technological revolution impacting every sector, agriculture is...
Cybersecurity
TripwireBookClub
Blog
Blog

#TripwireBookClub – Black Hat GraphQL

By Tyler Reguly on Mon, 03/04/2024
The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks . The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.” As someone who works primarily with REST APIs , I was more interested in the introduction that it offered to...
Vulnerability & Risk Management
Cybersecurity
Patch Priority Index
Blog
Blog

Tripwire Patch Priority Index for February 2024

By Lane Thames on Mon, 03/04/2024
Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been...
Vulnerability & Risk Management
Cybersecurity