All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories. Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms Korenix JetPort...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 16, 2022. I’ve also included some comments on these stories. Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability The U.S. Cybersecurity and...

Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild & Disclosed CVEs Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam . This month’s security guidance links to both the...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 2, 2022. I’ve also included some comments on these stories. Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers Microsoft on Thursday...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories. Homeland Security bug bounty program uncovers 122 holes in its systems The first bug bounty program by...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories. CISA Alert on ICS, SCADA Devices Highlights Growing Enterprise IoT Security Risks On April 13, the...

Have you ever been around someone who is just better at something than you are? Like when you were in grade school and there was this person who was effortless at doing things correctly, like getting high grades? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they were a consistently high performer at every stage...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 11, 2022. I’ve also included some comments on these stories. Microsoft's Autopatch feature improves the patch management process Microsoft announced a feature called...

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th. In-The-Wild & Disclosed CVEs CVE-2022-24521 While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this vulnerability in the wild. The vulnerability can lead...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 4, 2022. I’ve also included some comments on these stories. Borat RAT, a new RAT that performs ransomware and DDoS attacks Cyble researchers discovered a new remote...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories. Muhstik Botnet Targeting Redis Servers Using Recently Disclosed Vulnerability Muhstik, a botnet infamous...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 21, 2022. I’ve also included some comments on these stories. Misconfigured Firebase Databases Exposing Data In Mobile Apps It’s a gold mine of exploit opportunity in...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories. Most Orgs Would Take Security Bugs Over Ethical Hacking Help It turns out most organizations would rather...

Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th. In-The-Wild & Disclosed CVEs CVE-2022-21990 CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control the Remote Desktop...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 28, 2022. I’ve also included some comments on these stories. High-Severity Flaws Discovered in Schneider, GE Digital SCADA Software In mid-February, the U.S...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 21, 2022. I’ve also included some comments on these stories. 18 High-Severity Vulnerabilities Patched by Intel According to SecurityWeek , Intel released 22...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 14, 2022. I’ve also included some comments on these stories. Microsoft Using New Security Rule to Prevent Windows Credential Theft On February 13, Bleeping...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 7, 2022. I've also included some comments on these stories. Mac Trojan Comes with Expanded Ability to Drop Secondary Payloads As reported by Dark Reading...

The number of missing security patches in an OT system is typically very large—measured in the thousands, at least. It would be difficult and expensive for an asset owner to evaluate each missing security patch / cyber asset pair. This may be one reason we see a patch everything approach , but this is also difficult and expensive. In fact, assessments show this is rarely done even where required...

Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any known public exploitation. Additionally...