Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2022

Need Help Implementing Security? Tripwire Advisor Program's Got You Covered

As a former systems and network administrator, I understand the demands that are placed on today’s IT professionals. It’s true that skills gap continues to hamper IT and security personnel, for example. In early 2020, Tripwire revealed the results of a survey in which 83% of security professionals noted that they felt more overworked going into that year than they did at the start of 2019.

Tripwire Change Analyzer Quick Start Video

Tripwire Change Analyzer automates the verification and promotion of “known good” and business as usual changes that are the result of software updates, upgrades, and patches, saving IT organizations time, reducing human error, and increasing efficiency. Tripwire Change Analyzer also works in concert with Tripwire Enterprise to deliver alert notifications and granular details needed for rapid response when unexpected, unauthorized, or high-risk changes are detected. Check out this quick start tutorial video on how to get started with using Tripwire Change Analyzer.

Manufacturing was the top industry targeted by ransomware last year

Global supply chains are bearing the brunt of ransomware attacks, according to a new report that finds manufacturing was the most targeted industry during 2021. Knocking financial services and insurance off the top of the heap after a long reign, the manufacturing industry was found by IBM to be the most attacked sector – accounting for 23% of reports of ransomware.

Inclusive Awareness is the Key to Effective Cybersecurity: An Interview with Jenny Radcliffe

In the early years of cybersecurity, it was often said that people are the weakest link. This did nothing to encourage support, as it was insulting and demeaning. The new and better way to inspire people towards a cybersecurity mindset is to engage with and treat them as a valuable part of an organization’s overall cybersecurity initiative.

The New CIS Community Defense Model (CDM) Brings Security Within the Grasp of All Small Organizations

Part of operating an effective security program is the ability to never rest upon any previous success. When guarding against an adversary, yesterday’s success is quickly eclipsed by the dynamic shift in the attacker’s tactics. Just as a doctor “rules out” a particular diagnosis, an effective attacker first searches for well-known vulnerabilities using catalogs of offensive exploits. These are part of the attacker’s playbook.

The Changing State of Cybersecurity: 5 Data-Backed Predictions

Cybersecurity is never static, and that’s especially true today. After widespread and frequent disruptions in the past few years, the cyber defense landscape is shifting. Favored attack vectors are changing, new threats are emerging, and organizations are rethinking their cybersecurity focus. Staying safe in the next few years requires an understanding of these developments. With that in mind, here are five data-backed predictions for how the state of cybersecurity will change.

Email Security Trends Coming in 2022

Organizations are under constant threat of cybercrime. While there are many available attack vectors, email is the most obvious path towards a full network compromise. The notion that email security should be prioritized is emphasized during this time where more and more businesses are still working in a remote or hybrid dynamic environment.

U.S. government warns that sensitive data is being stolen from defence contractors

The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) have joined forces to publish a joint warning that Russian hackers have targeted defence contractors to steal sensitive data.

Prioritizing Cybersecurity Throughout All Web Development Sprints

No one doubts the importance of cybersecurity in web development — and yet, often in the development cycle, we neglect to prioritize it across each sprint and into the final product. Making cybersecurity a priority throughout every development sprint cycle is necessary to combat the tide of digital attacks threatening the modern web. But how can you ensure your focus on cybersecurity throughout development?

How to Take Care of Yourself When Things Go Wrong: Self-Care Tips When Dealing with a Cyber Attack

One very predictable part of cybersecurity is that the work is unpredictable. here are routines that help to create a predictable rhythm, but you don’t necessarily know when the next attack will come, how intense it will be when it does, or when you will get to go back to a predictable and hopefully manageable rhythm again.

The Winter Olympics and Cybercrime: Caution Is Urged

Hosting the Olympics is always a source of national pride for any nation chosen to do so. Whether in winter or summer, the prestige of the world’s eyes being on an event that transcends political differences and has sport at the fore is a prize many countries and regions aspire to achieve. This all sounds fantastic and at one level is exactly what is happening at the 2022 Winter Olympics.

Government agencies warn of sophisticated, high-impact ransomware

A surge in “sophisticated, high impact” ransomware attacks has prompted the United States’s Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), and the Australian Cyber Security Center to issue a joint advisory about the techniques being used by cybercriminals to attack businesses and organisations.

OT Vulnerability Management: A Risk-Based Approach

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach, but this is also difficult and expensive. In fact, assessments show this is rarely done even where required by policy.

Upgrade From Whitelist Profiler to Tripwire State Analyzer

If you’re a Tripwire® Whitelist Profiler customer, then you know that the software does an excellent job of executing its core functionalities. These include comparing the running state of a machine to the approved and expected configurations in your environment to stay in compliance with audit and internal policies. Although Whitelist Profiler is proficient in this regard, that doesn’t mean it can’t be improved in other capacities such as ease of use.

Understanding the Cybersecurity Risks Confronting Consumer Packaged Goods (CPG) Organisations

When was the last time you purchased a product that was in a container? If you are a typical consumer, you probably have done so in the last few days. There is an entire industry that focuses on these containers. Consumer Packaged Goods (CPG) is an industry term for merchandise that is used and replaced on a frequent basis.

Safer Internet Day 2022: 4 tips to help support the youth in our lives

We all want a safer Internet, but we often put a lot of trust and hope in technology to deliver on that promise. The Internet is really made up of people, though. And people can make the biggest impact in creating a safer Internet. While everyone is impacted by Internet safety, children and youth are disproportionately at risk. The concept of a Safer Internet Day was born out of the desire to create a safer experience for young people.

Your Cell Phone and Your Identity: Keeping Your PII Safe

Have you considered how often your phone number has been shared? Most of us give out our cell phone numbers all the time – to friends, acquaintances, colleagues, and even big, monolithic, impersonal companies. We may even print them on business cards or list them on public forums. A cell phone is no longer just a way to contact someone to engage in conversation.

User Created Content with Tripwire Configuration Manager

Tripwire Configuration Manager allows for user created configuration and compliance management content via a new Policy Management capability. Custom user content can be used alongside existing cloud service provider and third-party SaaS policies, providing multiple new use cases for data gathering and expanding policy compliance support into new services. This blog will describe some of the features and use cases for the Policy Management capability.

Cybersecurity in Competitive Online Gaming (Cheating, Mitigation, and Vulnerabilities)

As the competitive online gaming and eSports industries gain legitimacy by becoming more popular and attracting mainstream attention, the question of competitive integrity lingers in the back of my mind. Can the game’s developers, community, and users maintain and uphold competitive integrity? Or will they fold under the pressure of greed and complacency?

Making Progress Securing Our Nation's Water Supply

Water and wastewater treatment may not be at the top of most people’s list of discussion topics, but the more you think about it, the more clear it becomes that this particular subsegment of the utilities market is a vital part of our critical infrastructure. We rely on the ability to turn on the tap and get clean, safe water every day. And we’ve seen what havoc losing that ability can wreak from the crisis in Flint, MI.