All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 14, 2022. I’ve also included some comments on these stories. Microsoft Using New Security Rule to Prevent Windows Credential Theft On February 13, Bleeping...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 7, 2022. I've also included some comments on these stories. Mac Trojan Comes with Expanded Ability to Drop Secondary Payloads As reported by Dark Reading...

Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any known public exploitation. Additionally...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Update Force-Pushed to Protect QNAP NAS Devices against DeadBolt Ransomware QNAP...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 24, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. SonicWall Discloses Cause of Next-Gen Firewall Reboot Loops SonicWall revealed...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Root-Level RCE Vulnerability Patched by Cisco Bleeping Computer reported that...

Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of technology ecosystems and emerging threat vectors...

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484 , released by the same researcher, Abdelhamid Naceri. The researcher first tweeted about the bypass on October 22...

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th. In-The-Wild & Disclosed CVEs CVE-2021-43890 Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This vulnerability has been actively used in the spread of Emotet...

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access to the enterprise network or expose sensitive...

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that their systems and networks are never perfectly...

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped from manufacturers with “default”...

Word splitting is a function of BASH that I was unfamiliar with, but it is definitely one that impacted my recent research. From the bash(1) man page : IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is <space><tab><newline>. Word Splitting The shell scans the results of parameter...

The past few weeks, I’ve been spending a lot of my free time preparing for the OSCP exam , which means refreshing a lot of skills that I haven’t used in years. A large part of that is rebuilding muscle memory around buffer overflows, so that’s how I spent my four-day weekend. I logged about 70 hours compiling small programs, writing buffer overflows, building simple ROP chains, and honestly having...

Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th. In-The-Wild & Disclosed CVEs CVE-2021-42292 Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It...

Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data. Key Takeaways for Control 11 Prioritize your data and come...

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as critical as it ever was and lays out the...

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point...

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a successful attack. CIS Control 8 emphasizes...

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via MysterySnail . This vulnerability appears to impact all...