With all the technology we have today, installing software updates has become a near-daily, full-time activity. Patch management for large-scale enterprise IT systems can be one of the most stressful parts of an IT professional’s job. In today’s large and evolving IT networks where many new services are going online every day and software components are flying straight from the supply chain to the...

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to understand the security measures individuals and...

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security...

Tripwire's January 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Apple, Google, and Atlassian. First on the patch priority list are patches for Apple, Google Chromium V8, and Atlassian Confluence Data Center and Server. These CVEs have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog. For Apple, note that CVE-2024-02322 impacts Apple iOS...

The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server offerings. Some of the largest companies in the world use IBM i running on the IBM Power server as their strategic platform for manufacturing planning, retail, distribution...

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established...

To most people, the process of logging into a Microsoft Windows machine is a simple process of entering a username and a password. However, for a cybersecurity professional, the process is a carefully orchestrated mechanism. Unfortunately, throughout the history of the various Windows operating system versions, criminals have also sought ways to disrupt this process in order to breach a network...

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers Ulyses Saicha and Sean Murphy found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view sensitive logs (including password reset emails) on the...

Back in 1992, when I was more concerned about my acne breakouts and being selected for the Junior cricket team, a freshman at Purdue University was studying the impact of the 1988 Morris Worm event and how it brought about unwarranted changes on Unix systems as it propagated across the network, resulting in the first Denial of Service (DoS) attack. He quickly realised that it was hard to know when...

Today’s VERT Alert addresses Microsoft’s January 2024 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1088 as soon as coverage is completed. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in the January Patch Tuesday drop. CVE Breakdown by Tag While historical Microsoft Security Bulletin groupings are...

Tripwire's December 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google. First on the patch priority are patches for Google Chrome and Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and information disclosure vulnerabilities. Please note that CVE-2023-7024 for Chrome is on the CISA Known Exploited...

What is an Attack Surface? An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that...

One of the most critical aspects of cybersecurity is ensuring that all software is kept up to date with the latest patches. This is necessary to cover any vulnerabilities that cybercriminals could take advantage of in order to infiltrate an organization and launch an attack. With the volume of updates and the effort needed to install and configure them, it is good to know precisely when patches...

Today’s VERT Alert addresses Microsoft’s December 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1086 on Wednesday, December 13th. In-The-Wild & Disclosed CVEs CVE-2023-20588 AMD has released AMD-SB-7007 – Speculative Leaks Security Notice , which describes how some AMD processors can potentially return speculative data after a...

Tripwire's November 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the patch priority are patches for Microsoft Edge (Chromium-based) that resolve elevation of privilege, remote code execution, and spoofing vulnerabilities. Next on the patch priority list this month are patches for Microsoft Office and Excel that resolve 3 remote code execution...

Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the...

Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has been a prime target for threat actors to gain unauthorized access to sensitive data and devices. In 2017, we introduced 5 general...

What Is Secure Access Control? Secure access control, part of the broader field of user management , is a key concept in the realm of information security, particularly in the business environment. It refers to the process of selectively restricting and allowing access to a place or resource. In the context of information technology, it is a vital element of data protection, dictating who or what...

Today’s VERT Alert addresses Microsoft’s November 2023 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1082 on Wednesday, November 15th. In-The-Wild & Disclosed CVEs CVE-2023-36033 A vulnerability in the Microsoft Desktop Window Manager (DWM) could allow an attacker to gain SYSTEM level privileges. This vulnerability has been publicly...

What's the deal with CherryBlos? CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos. Wait. I've heard of hackers stealing photos before, but what do you mean by malware stealing cryptocurrency via my photos? How does it do that? Well, imagine you have sensitive information - such as details related to...