Blog

Blog

VERT Threat Alert: April 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th. In-The-Wild & Disclosed CVEs CVE-2022-24521 While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 4, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 4, 2022. I’ve also included some comments on these stories. Borat RAT, a new RAT that performs ransomware and DDoS...
Blog

What Is the Role of Incident Response in ICS Security?

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 28, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories. Muhstik Botnet Targeting Redis Servers Using Recently...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 21, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 21, 2022. I’ve also included some comments on these stories. Misconfigured Firebase Databases Exposing Data In...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of March 14, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories. Most Orgs Would Take Security Bugs Over Ethical Hacking...
Blog

VERT Threat Alert: March 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th. In-The-Wild & Disclosed CVEs CVE-2022-21990 CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 28, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 28, 2022. I’ve also included some comments on these stories. High-Severity Flaws Discovered in Schneider, GE...
Blog

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 21, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 21, 2022. I’ve also included some comments on these stories. 18 High-Severity Vulnerabilities Patched by Intel ...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 14, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 14, 2022. I’ve also included some comments on these stories. Microsoft Using New Security Rule to Prevent Windows...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 7, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 7, 2022. I've also included some comments on these stories. Mac Trojan Comes with Expanded Ability to Drop...
Blog

VERT Threat Alert: February 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 31, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Update Force-Pushed to Protect...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 24, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 24, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. SonicWall Discloses Cause of...
Blog

ICS Security: What It Is and Why It's a Challenge for Organizations

Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS. These are supervisory control and data acquisition (SCADA) systems, which help organizations to control dispersed...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of January 17, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Root-Level RCE Vulnerability...
Blog

VERT Threat Alert: January 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484, released by the same researcher, Abdelhamid Naceri. The...
Blog

What Is FIM (File Integrity Monitoring)?

Change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur during an organization’s regular patching cycle, while others cause concern by popping up unexpectedly.Organizations commonly respond to this dynamism by...
Blog

Revisiting the Relevance of the Industrial DMZ (iDMZ)

Which Flavor of the Purdue Model Should You Follow? If you enter the term "Purdue Model" into your favorite search engine, the resulting images will vary considerably. There's almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even...