Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any known public exploitation. Additionally...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Update Force-Pushed to Protect QNAP NAS Devices against DeadBolt Ransomware QNAP...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 24, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. SonicWall Discloses Cause of Next-Gen Firewall Reboot Loops SonicWall revealed...

Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology , there are three common types of ICS. These are supervisory control and data acquisition (SCADA) systems, which help organizations to control dispersed assets; distributed control systems (DCS)...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 17, 2022. We’ve also included the comments from a few folks here at Tripwire VERT. Root-Level RCE Vulnerability Patched by Cisco Bleeping Computer reported that...

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484 , released by the same researcher, Abdelhamid Naceri. The researcher first tweeted about the bypass on October 22...

Which Flavor of the Purdue Model Should You Follow? If you enter the term "Purdue Model" into your favorite search engine, the resulting images will vary considerably. There's almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find some diagrams place operator Human-Machine...

It seems that the most popular topics in cybersecurity for the last year have been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to protecting specific industries such as oil and...

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th. In-The-Wild & Disclosed CVEs CVE-2021-43890 Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This vulnerability has been actively used in the spread of Emotet...

Word splitting is a function of BASH that I was unfamiliar with, but it is definitely one that impacted my recent research. From the bash(1) man page : IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is <space><tab><newline>. Word Splitting The shell scans the results of parameter...

The past few weeks, I’ve been spending a lot of my free time preparing for the OSCP exam , which means refreshing a lot of skills that I haven’t used in years. A large part of that is rebuilding muscle memory around buffer overflows, so that’s how I spent my four-day weekend. I logged about 70 hours compiling small programs, writing buffer overflows, building simple ROP chains, and honestly having...

Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th. In-The-Wild & Disclosed CVEs CVE-2021-42292 Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features. This vulnerability has seen active exploitation. It...

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via MysterySnail . This vulnerability appears to impact all...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly reviewing the news for interesting stories and developments in the cybersecurity world. Here’s what stood out to us during the week of September 27, 2021. We’ve also included the comments from a few folks here at Tripwire VERT. REvil Ransomware Group Goes Offline Back in July 2021, CyberNews reported that the...

In this episode, Patrick Miller , Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they're collecting from their machines and customers. He also explains why security and privacy needs to be incorporated in these operations by design. https://open.spotify.com/episode/7cMR1D4nastJLUDE4VUXYm?si...

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon successful exploitation. According to Microsoft, a...

Throughout this blog series, I have examined real-world ICS cyber-related incidents as a way of looking back to predict what the next attack may look like. The three categories of attacker that I have considered so far are disgruntled insiders, ransomware groups, and APT. Knowing about past events, their impact, and how they unfolded can be critical for thwarting similar attacks in the future. As...

No discussion on ICS attacks could be complete without talking about what some would call, ‘the elephant in the room.’ Critical infrastructure has always been a target for warfare, and modern ICS are no exception. Several high-profile ICS disruptions have in fact been attributed to malicious hackers working at the behest of a military or intelligence agency. Looking at Examples of APTs The...

OT networks often rely on Windows systems for various ICS applications including HMIs, historians, and data gateways. Beyond that, they also commonly rely on Windows systems to run associated IT-networks . A successful ransomware deployment into either of these networks may prevent engineers from controlling plant operations and lead to an unplanned shutdown. This creates an immediate cost on the...