Blog

Tripwire VERT
Blog
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings , we know is tied to Improper Access Control . From a...
Vulnerability & Risk Management
VERT Research
AI-ML-Digital-Everest-Dodging-System-Failure-Summit-Fever
Blog
Blog

AI/ML Digital Everest: Dodging System Failure Summit Fever

By Sandy Dunn on Mon, 04/08/2024
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks with (sometimes too much ) determination and...
Vulnerability & Risk Management
Cybersecurity
tripwire_vert_patch_priority_index
Blog
Blog

Tripwire Patch Priority Index for March 2024

By Lane Thames on Wed, 04/03/2024
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Up next are patches for Microsoft Edge (Chromium...
Vulnerability & Risk Management
Critical insights into Australia’s supply chain risk landscape
Blog
Blog

Critical insights into Australia’s supply chain risk landscape

By Anirudh Chand on Tue, 03/19/2024
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data breaches were reported to the Australian...
Vulnerability & Risk Management
Cybersecurity
Blog
Blog

VERT Threat Alert: March 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/12/2024
Today’s VERT Alert addresses Microsoft’s March 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1097 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the March Patch Tuesday release. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are gone...
Vulnerability & Risk Management
VERT Research
TripwireBookClub
Blog
Blog

#TripwireBookClub – Black Hat GraphQL

By Tyler Reguly on Mon, 03/04/2024
The most recent book that we’ve read over here is Black Hat GraphQL: Attacking Next Generation APIs written by Dolev Farhi and Nick Aleks . The book is described as being for, “anyone interested in learning how to break and protect GraphQL APIs with the aid of offensive security testing.” As someone who works primarily with REST APIs , I was more interested in the introduction that it offered to...
Vulnerability & Risk Management
Cybersecurity
Patch Priority Index
Blog
Blog

Tripwire Patch Priority Index for February 2024

By Lane Thames on Mon, 03/04/2024
Tripwire's February 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, ConnectWise, and Google. First on the patch priority list are patches for ConnectWise ScreenConnect, Microsoft Exchange Server, Microsoft Windows SmartScreen, and Microsoft Windows Internet Shortcut files. These CVEs (CVE-2024-1709, CVE-2024-21410, CVE-2024-21351, CVE-2024-21412) have been...
Vulnerability & Risk Management
Cybersecurity
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: February 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/13/2024
Today’s VERT Alert addresses Microsoft’s February 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1093 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-21351 This CVE describes a bypass in the Windows SmartScreen Security Feature. At this point, these bypasses have become relatively common and are frequently...
Vulnerability & Risk Management
VERT Research
3 Tips for Enterprise Patch Management
Blog
Blog

3 Tips for Enterprise Patch Management

By Lane Thames on Tue, 02/13/2024
With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components are flying straight from the supply chain to the...
Vulnerability & Risk Management
Patch Priority Index
Blog
Blog

Tripwire Patch Priority Index for January 2024

By Lane Thames on Mon, 02/05/2024
Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. For Apple, note that CVE-2024-02322 impacts Apple iOS...
Vulnerability & Risk Management
Resolving Top Security Misconfigurations: What you need to know
Blog
Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established...
Cybersecurity
Compliance
CIS Controls
NIST
Security Configuration Management
wordpress-plugin-holes
Blog
Blog

Critical flaw found in WordPress plugin used on over 300,000 websites

By Graham Cluley on Mon, 01/15/2024
A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers Ulyses Saicha and Sean Murphy found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the...
Vulnerability & Risk Management
Cybersecurity
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: January 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/09/2024
Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are...
Vulnerability & Risk Management
VERT Research
Patch Priority Index
Blog
Blog

Tripwire Patch Priority Index for December 2023

By Lane Thames on Tue, 01/09/2024
Tripwire's December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024 for Chrome is on the CISA Known Exploited...
Vulnerability & Risk Management
Cybersecurity
how-to-reduce-your-attack-surface
Blog
Blog

How to Reduce Your Attack Surface

By Tripwire Guest Authors on Mon, 01/08/2024
What is an Attack Surface? An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that...
Vulnerability & Risk Management
Cybersecurity
Security Configuration Management
The History of Patch Tuesday: Looking back at the first 20 years
Blog
Blog

The History of Patch Tuesday: Looking back at the first 20 years

By Tyler Reguly on Tue, 12/19/2023
One of the most critical aspects of cybersecurity is ensuring that all software is kept up to date with the latest patches. This is necessary to cover any vulnerabilities that cybercriminals could take advantage of in order to infiltrate an organization and launch an attack. With the volume of updates and the effort needed to install and configure them, it is good to know precisely when patches...
Vulnerability & Risk Management
Cybersecurity
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: December 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/12/2023
Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks Security Notice , which describes how some AMD processors can potentially return speculative data after a...
Vulnerability & Risk Management
VERT Research
Patch Priority Index
Blog
Blog

Tripwire Patch Priority Index for November 2023

By Lane Thames on Mon, 12/04/2023
Tripwire's November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution...
Vulnerability & Risk Management
Cybersecurity
Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
Blog
Blog

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity

By Travis Emerson on Mon, 11/27/2023
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the...
Vulnerability & Risk Management
Cybersecurity
Compliance
NERC CIP
Tripwire VERT Security Update
Blog
Blog

VERT Threat Alert: November 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/14/2023
Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2023-36033 A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly...
Vulnerability & Risk Management
VERT Research