Today’s VERT Aler t addresses Microsoft’s November 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web . Mark of the Web is what is used to present security warnings when opening files and...

Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a sysadmin moving full-speed ahead to satisfy the...

Every year has been an unfortunate year for online privacy for the past few years. Data breaches and social engineering attacks are at an all-time high, and the concept of online data privacy is challenged to its core, with millions of users being affected every month. IBM’s Cost of a Data Breach Report highlighted that the average data breach cost increased 2.6%, from USD 4.24 million in 2021 to...

The supply chain is a complex environment that goes deep inside a business and involves the majority of its infrastructure, operations, personnel, and outer relations: vendors, partners, and customers. To protect that matrix is extremely difficult, as there are numerous sensitive nodes, lines, and processes that a security team has to take care of: software and hardware resources, cloud , hybrid...

One of the most important parts of a solid security program involves testing to see where your weaknesses lie. Continual improvement cannot be achieved without continual review. However, many people confuse the importance of vulnerability scanning with penetration testing. As a means of protecting an enterprise, one can never take precedence over, or replace the other. Both are equally important...

Today’s VERT Alert addresses Microsoft’s October 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1025 on Wednesday, October 12th. In-The-Wild & Disclosed CVEs CVE-2022-41033 A vulnerability in the Windows COM+ Event System service could allow malicious individuals to obtain SYSTEM level access on all supported versions of Windows. The...

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm Developer. The Microsoft update for this vulnerability...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5 th , 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Networking...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29 th , 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites The WordPress team...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this week released patches to address an important...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15 th , 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems A now-removed rogue package...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8 st , 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for years Did Slack send you a password reset link...

Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability . There has been a lot of Twitter discussion around this Dogwalk as...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1 st , 2022. I’ve also included some comments on these stories. Windows 11 Smart App Control blocks files used to push malware Smart App Control, a Windows 11...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories. SonicWall fixed critical SQLi in Analytics and GMS products Security company SonicWall addressed a...

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals. These goals should address the information needs of all stakeholders, tie back to the business goals of the enterprise, and reduce the organization’s risk. Existing vulnerability management technologies can detect risk, but they require a foundation of people and...

Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates . VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) is the only one that has seen active...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network Management System Cybersecurity researchers have...

Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th. In-The-Wild & Disclosed CVEs None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However, Microsoft did update last month’s security...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories. Another nation-state actor exploits Microsoft Follina to attack European and US entities A nation-state...