Tripwire’s State of Security

What is the Medusa ransomware? Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers. Initial access brokers? Initial access brokers (IABs) specialise in gaining unauthorised access to the networks of organisations, and then sell that access to other cybercriminals – such as ransomware gangs like Medusa. So the ransomware attackers may not be the ones who initially hacked you? Correct. IABs may…

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out. Understanding the Cyber Space Threat While NASA has cybersecurity requirements for its spacecraft in operation, these requirements do not extend to the spacecraft acquisition and development lifecycle. Essentially, NASA contractors are not currently…

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation’s Critical Infrastructure Protection (NERC CIP) standards. Cyber threats keep growing in sophistication and frequency and the sector’s critical assets—such as power grids, pipelines, and renewable energy networks—face unprecedented risk. The implications of a cyberattack on these systems extend far beyond…

Remote work isn’t just a temporary trend anymore; it has become a permanent fixture. What began as a quick response during the pandemic has evolved into the new normal for businesses worldwide. In America, 20% of people now work from home. While this has its advantages (flexibility for workers and cost savings for businesses), it’s not without its complications, having cracked open a host of issues around cybersecurity and regulatory compliance. To address these challenges, businesses can’t afford to be lax. That means fixing security and compliance for remote work is not as simple as adding…

Fortra’s Tripwire has always been widely known as a File Integrity Monitoring (FIM) solution, and a very good one at that. The good news is that it still is – only when you look closely, it’s a lot more. And it always has been. Besides its traditionally known role as an integrity and security configuration management tool, Tripwire’s powerful capabilities make it a comprehensive cybersecurity solution. Did you know that with Tripwire, you could: Detect advanced persistent threats (APTs) Identify ransomware Discover zero-day attacks Implement zero trust policies Far more than facilitating…

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access on a need-to-know basis) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization. Privileged accounts, such as administrators, should be protected with multi-factor authentication. Enforcing and maintaining access control policies…

Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21333 The first of three Hyper-V vulnerabilities this month is a heap-based buffer overflow that leads to privilege escalation to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected. CVE-2025-21334 The second of three Hyper-V vulnerabilities this month is a use-after-free vulnerability that leads to privilege escalation to SYSTEM…

Enterprise networks frequently experience changes in endpoint devices, software, and files, which can introduce risk to the organization. To mitigate this, companies can implement foundational security controls like file integrity monitoring (FIM), which tracks changes to essential files and helps restore them if unauthorized. Additionally, organizations may use these controls to monitor for vulnerabilities introduced by new devices. However, FIM alone is not enough. Companies need a vulnerability management program to ensure comprehensive risk assessment, threat minimization, and compliance…

Organizations of all types must consider and prioritize cybersecurity in order to protect against a wide range of attacks and prevent potentially catastrophic consequences. With the evolution of the threat landscape and most businesses relying more and more on technological pillars for everyday operations, cyberattacks can have impacts that extend far beyond monetary losses. However, the financial cost alone is staggering, highlighting the pressing need for improved cybersecurity across the board. A recent publication from international insurance intermediary group Howden analyzes the results…

Tripwire’s December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the list is a notice about Windows Common Log File System Driver (CLFS). CVE-2024-49138 impacts Windows CLFS, which Microsoft released a patch for in December 2024. This vulnerability has been detected as actively exploited and has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. This vulnerability will be patched with the main Windows OS cumulative update for December. Administrators should consider the elevated risk to their organizations and…