When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07 provides the minimum requirements, table stakes...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly reviewing the news for interesting stories and developments in the cybersecurity world. Here’s what stood out to us during the week of September 27, 2021. We’ve also included the comments from a few folks here at Tripwire VERT. REvil Ransomware Group Goes Offline Back in July 2021, CyberNews reported that the...

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and...

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to establishing a secure environment and this includes...

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with policies your...

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon successful exploitation. According to Microsoft, a...

For many years, there was a wide misunderstanding that encrypting some data is equivalent to protecting that data. If it’s encrypted, so the thinking goes, nobody else could access it, and it is therefore safe. While it is critical to encrypt data at rest as well as in transit, the job of protecting data goes much deeper. Encryption can mitigate risk from certain attack scenarios such as...

Today, I will be going over CIS Control 2 from version 8 of the top 18 CIS Controls – Inventory and Control of Software Assets . Version 7 of CIS Controls had 10 requirements, but in version 8, it's simplified down to seven safeguards. I will go over those safeguards and offer my thoughts on what I’ve found. Key Takeaways for Control 2 Reusability . The tools that were mentioned in CIS Control 1...

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles such as threat analysts...

Today’s VERT Alert addresses Microsoft’s August 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-959 on Wednesday, August 11th. In-The-Wild & Disclosed CVEs CVE-2021-36948 This privilege escalation vulnerability that affects the Windows Update Medic Service (WaasMedic) has been actively exploited. Medic Service is a feature of modern...

Today’s VERT Alert addresses Microsoft’s July 2021 Security Upd ates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-954 on Wednesday, July 14th. In-The-Wild & Disclosed CVEs CVE-2021-34527 The vulnerability dubbed PrintNightmare was patched prior to the Tuesday patch drop, but it is still worth including here. This vulnerability also generated a bit of...

Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls, simplified some working, removed duplicate...

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th. In-The-Wild & Disclosed CVEs CVE-2021-31955 This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting exploitation by threat actor PuzzleMaker. This Windows...

Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a defined comparison for Information Security. To support this argument, there is a defined contrast between information security and Generally...

Today’s VERT Alert addresses Microsoft’s May 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-943 on Wednesday, May 12th. In-The-Wild & Disclosed CVEs CVE-2021-31204 Up first in the list this month, we have a vulnerability that impacts .NET and Visual Studio and could allow a successful attacker to elevate their permissions. We see...

Today’s VERT Alert addresses Microsoft’s April 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-939 on Wednesday, April 14th. In-The-Wild & Disclosed CVEs CVE-2021-28310 Borin Larin of Kaspersky Lab discovered this vulnerability being actively used for exploitation and suspects that it is tied to the BITTER APT group. Larin and co...

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security community learned that an advanced persistent threat (APT...

Today’s VERT Alert addresses Microsoft’s March 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-933 on Wednesday, March 10th. In-The-Wild & Disclosed CVEs CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 These CVEs are part of the bundle of Exchange vulnerabilities that were patched last week, more specifically, these are...

While I was teaching, one of my students asked if I had seen Cybergeddon , a film distributed by Yahoo! in 2012. I had not, so I decided it would be fun for VERT to watch the film and review it, since my hobby is writing film reviews for RotundReviews . Cybergeddon is not talked about as much as it should be given some of the background around it. It should be noted that while we’ll reference it...

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The Cybersecurity and Infrastructure Security Agency (CISA)...