All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 25, 2022. I’ve also included some comments on these stories. Homeland Security bug bounty program uncovers 122 holes...

Tripwire's April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe.First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any...

In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories. CISA Alert on ICS, SCADA Devices Highlights Growing...

For most organizations, Security Operations Center (SOC) teams have long since been their first line of defense. These SOC systems efficiently ensure robust cybersecurity and are designed to detect, analyze, respond to, and prevent any cybersecurity incident that the organization might come across. Integrating a SOC within an organization aims to...

Have you ever been around someone who is just better at something than you are? Like when you were in grade school and there was this person who was effortless at doing things correctly, like getting high grades? They had great study habits, they arrived on time, they were prepared and confident in the materials that they studied in class, and they...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 11, 2022. I’ve also included some comments on these stories. Microsoft's Autopatch feature improves the patch...

Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th. In-The-Wild & Disclosed CVEs CVE-2022-24521 While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 4, 2022. I’ve also included some comments on these stories. Borat RAT, a new RAT that performs ransomware and DDoS...

Tripwire's March 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, and Spring Framework.First on the patch priority list this month is a remote code execution vulnerability in the Spring Framework (CVE-2022-22965). This vulnerability has been added to the Metasploit Exploit Framework and any...

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories. Muhstik Botnet Targeting Redis Servers Using Recently...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 21, 2022. I’ve also included some comments on these stories. Misconfigured Firebase Databases Exposing Data In...

Cloud computing has emerged as the go-to organizational workload choice because of its innate scalability and flexibility. However, cloud computing still comes with some security risks. Examining cloud security is an important part of adopting this new technology. Presently, cloud-native security is experiencing changes and innovations that help...

What is this AvosLocker thing I’ve heard about? AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. In March 2022, the...

What is EDoS? Economic Denial of Sustainability (EDoS) is a cybersecurity threat targeting cloud environments. EDoS attacks exploit the elasticity of clouds, particularly auto-scaling capabilities, to inflate the billing of a cloud user until the account reaches bankruptcy or large-scale service withdrawal. EDoS attacks exploit the cloud’s...

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories. Most Orgs Would Take Security Bugs Over Ethical Hacking...

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols.This complicates asset discovery and makes it difficult to establish a consistent cybersecurity governance approach. Combating asset...

How often have you heard someone say "Cybersecurity is complicated!"? If you're a practitioner in the cybersecurity industry you'll have heard these words often, probably along with "…and it's really boring too!" Complex, not complicated Let's start with the first statement. In truth, cybersecurity is a complex topic, but that doesn't mean it...

What is this Ragnar Locker thing I’ve heard about? Ragnar Locker is a family of ransomware, which first came to prominence in early 2020 when it became notorious for hitting large organisations, attempting to extort large amounts of cryptocurrency from its victims. So just your bunch of cybercriminals then? Yes, although on their underground...