Blog

Blog

VERT Threat Alert: March 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-933 on Wednesday, March 10th. In-The-Wild & Disclosed CVEs CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 These CVEs are part of the bundle of Exchange vulnerabilities that...
Blog

PCI DSS 4.0 Is Coming – Are You Ready?

Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of...
Blog

VERT at the Movies: Cybergeddon

While I was teaching, one of my students asked if I had seen Cybergeddon, a film distributed by Yahoo! in 2012. I had not, so I decided it would be fun for VERT to watch the film and review it, since my hobby is writing film reviews for RotundReviews. Cybergeddon is not talked about as much as it should be given some of the background around it. It...
Blog

VERT Threat Alert: February 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-928 on Wednesday, February 10th. In-The-Wild & Disclosed CVEs CVE-2021-1732 A vulnerability in Win32k that allows for privilege escalation has been exploited in the wild. The...
Blog

VERT Threat Alert: January 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-922 on Wednesday, January 13th. In-The-Wild & Disclosed CVEs CVE-2021-1647 A vulnerability in the Microsoft Malware Protection Engine (MMPE) is currently seeing active exploitation. Since...
Blog

Steps for PCI DSS Gap Analysis

Complying with Standards drawn by the Payment Card Industry Security Standards Council can be complicated and time-consuming. But, with a PCI DSS Gap Analysis, the process becomes a lot easier, streamlined, and less exhaustive. PCI Gap Analysis is the first step towards the Compliance process. The assessment provides details on your current security...
Blog

VERT Alert: SolarWinds Supply Chain Attack

Vulnerability Description The United States Cybersecurity & Infrastructure Security Agency (CISA) has advised that an advanced persistent threat (APT) actor was able to insert sophisticated malware into officially signed and released updates to the SolarWinds network management software. The attacks have been ongoing since at least March 2020 and...
Blog

VERT Threat Alert: December 2020 Patch Tuesday Analysis

Today’s VERT Threat Alert addresses Microsoft’s December 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-918 on Wednesday, December 9th. In-The-Wild & Disclosed CVEs There are no In-The-Wild or Disclosed CVEs patched this month. CVE Breakdown by Tag While historical Microsoft...
Blog

VERT Threat Alert: November 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-915 on Wednesday, November 11th. Note: Microsoft has changed their advisory format and no longer provides basic vulnerability descriptions. In-The-Wild & Disclosed CVEs CVE-2020-17087 ...
Blog

VERT Threat Alert: October 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th. In-The-Wild & Disclosed CVEs (October 2020 Patch Tuesday Analysis) CVE-2020-16938 This CVE describes an information disclosure in the Windows kernel that...
Blog

VERT Threat Alert: September 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in this month’s security guidance. CVE Breakdown by Tag While...
Blog

VERT Threat Alert: August 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed...
Blog

VERT Threat Alert: July 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th. In-The-Wild & Disclosed CVEs CVE-2020-1463 A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a malicious...
Blog

A Checklist for Preparing for Your Organization's Next PCI Audit

Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI...
Blog

VERT Threat Alert: June 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft. CVE Breakdown by...
Blog

The Perimeter Really Is Gone - CIS Controls and COVID-19 with Tony Sager

Tony Sager, Senior Vice President and Chief Evangelist at CIS (Center for Internet Security) joins us to discuss the best approaches to the changing security landscape in the wake of COVID-19. Tony is a lifelong defender, with more than 44 years of experience. He spent most of his career at the NSA and now leads the development of the CIS Controls,...
Blog

VERT Threat Alert: May 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s May 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-884 on Wednesday, May 13th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft. CVE Breakdown by Tag ...
Blog

VERT Threat Alert: April 2020 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th. In-The-Wild & Disclosed CVEs CVE-2020-0935 A vulnerability in the OneDrive for Windows desktop application could allow an attacker to overwrite a targeted file...
Blog

Cybersecurity in Education (K-12) with the CIS Controls

Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you to click on readily...
Blog

Verizon’s 2019 Payment Security Report – Not Just for PCI

If you are responsible for cybersecurity or data protection in your organization, stop what you are doing and read this report. Actually, first, go patch your servers and applications and then read this report. Much like Verizon’s Data Breach Investigations Report (DBIR), the Payment Security Report (PSR) is a must-read for security professionals. While it focuses on the PCI DSS standard and...