Blog | Tripwire

Blog

Blog

3 Tips for Enterprise Patch Management

We have recently concluded the first quarter of 2023, and there have already been over 250 patches for the many components and flavours of Microsoft’s operating systems, as well as a handful of patches for Adobe, Apple, and Android. If you are a computer professional, you have also had to patch various other enterprise-class hardware and software assets in your environment. With all of the...
Blog

Professional Services in the World of Cybersecurity

Cybersecurity is a critical concern for businesses of all sizes and industries. With the increasing sophistication of cyber threats, it's more important than ever to have a robust security strategy in place. However, many organizations lack the expertise or resources to manage their cybersecurity needs effectively. This is where professional services come in. What are Professional Services...
Blog

VERT Threat Alert: May 2023 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates , which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to...
Blog

How To Combine Cyber Resilience and Cybersecurity for Maximum Cyber Protection

Data breaches and cyberattacks have become worryingly commonplace in today’s digital world, and cybersecurity and cyber resilience are now crucial for every organization, small and large. These two strategies work together to protect data at different stages of a cyberattack. Ideally, organizations should rely on both to achieve maximum cyber protection. Cybersecurity refers to the measures taken...
Blog

Cybersecurity for Small Businesses: How to Protect Your Company on a Budget

As a small business owner, you wear many hats. You're the CEO, the accountant, the salesperson, and the HR manager. With so much on your plate, cybersecurity might not be at the top of your priority list. But it should be. Small businesses are a prime target for cybercriminals, and a security breach can be devastating to your company's reputation and financial health. The good news is that there...
Blog

Supply Chain Compromise: The Risks You Need to Know

This piece was originally published on Fortra’s AlertLogic.com Blog . Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center, supply chain attacks surpassed malware...
Blog

Tripwire Patch Priority Index for April 2023

Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches for Microsoft Office, Word, and Publisher that resolve 4 remote code...
Blog

An overview of the OSI model and its security threats

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand how communications between computer systems...
Blog

Patch now! The Mirai IoT botnet is exploiting TP-Link routers

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks. The warning comes from security researchers and the US Government's...
Blog

Cybersecurity – Change is coming and that’s a good thing

“The cyber economy is the economy” Those words were spoken by the US National Security Advisor way back in 2005, and it is remarkable to see how prescient they were. The economy is not only supported by the cyber world, but that world is entirely data driven. Data has become a primary focus, not just for regulatory fodder, but for business survival. Rethinking cyber risk for business...
Blog

Cybersecurity in the Cloud: The Challenging Hurdles It Has To Overcome

Cloud Security Challenges Organizations embracing cloud environments must understand that cloud applications and services have become popular targets for cybercriminals. A few notable and inherent risks with cloud deployments include: API Vulnerabilities Unfortunately, API exploits are on the rise , costing organizations dearly. Whether it’s stolen data or denial-of-service (DoS) attacks, an API...
Blog

3 Tips to Strengthen AWS Container Security

This piece was originally published on Fortra’s AlertLogic.com Blog . If you’re building an application, you want to ensure it’s reliable, consistent, and rapidly deployable in any cloud environment. That’s what containers are used for — packaging instructions into a digital object for reuse. Without them, you’ll struggle to run some application components from server to server. But when you...
Blog

Allowlisting and Blocklisting: What you need to know

The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add their names so we can see when they ring. And, of...
Blog

4 Lessons from Fortra’s Attack Surface Management Guide

Think of all the different points within your organization that provide access to information. That could be your website, the mobile version of your application, your Slack instance, and so much more. It’s a list that gets very long, very quickly. All of those endpoints, both physical and digital, make up the attack surface of your organization. Basically, each endpoint is an element that could...
Blog

Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been operating since at least 2011, making a name for...
Blog

Despite Soaring Prices, Cybersecurity Insurance Keeps Growing Briskly

Most cybersecurity professionals know that cyber breaches increase each year . So it’s no surprise that the cybersecurity insurance business also keeps growing briskly. According to data from Markets and Markets and Polaris Market Research , the cyber insurance market swelled to $11.9 billion worldwide in 2022, up from $10.1 billion the previous year, and is projected to grow to more than $29...
Blog

Explaining the PCI DSS Evolution & Transition Phase

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a...
Blog

What is a WAF? (Web Application Firewall)

This piece was originally published on Fortra’s AlertLogic.com Blog . A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation , remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the internet gives workforce members a way to work synchronously and...
Blog

Cloud security 101: Understanding and defending your cloud infrastructure

Many organizations have either been formed in, or have migrated to cloud-based environments due to the efficiency, flexibility, mobility, cost savings, and other benefits. The majority of applications that are used today are incorporated with the cloud. Most of our data and processes exist in the cloud. But simple as it is, just uploading your files to the cloud or using services of the cloud...
Blog

Root Cause Analysis for Deployment Failures

Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is something Tripwire Enterprise is often deeply tied into too. Before we talk...