Tripwire's July 2021 Patch Priority Index (PPI) brings together important vulnerabilities from VMware, Adobe, Oracle, and Microsoft.First on the patch priority list this month are patches for Microsoft Print Spooler (CVE-2021-34527, CVE-2021-1675) and vSphere Client (CVE-2021-21985). Exploits for these vulnerabilities have been recently added to the...

More and more companies understand the benefits of cloud computing, which is making their migration to the cloud more rapid. Per IDG’s 2020 Cloud Computing Study, 81% of organizations said that they’ve migrated either one application or a portion of their infrastructure to the cloud. The reasons why a company would shift its services towards the...

Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational...

SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable incident investigation, and speed up your incident response time, while also giving you a unified,...

On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”An EO is a written...

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called "Spot the Ball." For those of you not familiar with this, it consisted of a photograph of a recent football (soccer) match with the ball removed from the image, and the goal was to place a cross or series of...

In my previous post, I disclosed that SonicWall had quietly released vulnerability fixes over the course of several days before vulnerability advisories were published for CVE-2020-5135.Rather than properly fixing CVE-2020-5135, SonicWall’s fix introduced a new vulnerability in the same code. SonicWall was aware of the new vulnerability but deferred...

Today’s VERT Alert addresses Microsoft’s July 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-954 on Wednesday, July 14th.In-The-Wild & Disclosed CVEsCVE-2021-34527The vulnerability dubbed PrintNightmare was patched prior to the Tuesday patch drop, but it is still worth including here....

Tripwire's June 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Cacti, Docker, Adobe, and Microsoft.First on the patch priority list this month are patches for Microsoft SharePoint (CVE-2021-31181), Cacti (CVE-2020-14295), and Docker (CVE-2019-5736). Exploits for these vulnerabilities have been recently added to the...

Organizations have multiple reasons for embracing a multi-cloud strategy. First, it enables them to avoid “vendor lock-in” where they need to rely on a single vendor for all their cloud-based needs. Second, it empowers them to take advantage of the perks offered by several cloud service providers at once. Lastly, such a strategy helps to protect them...

Back in September 2020, I configured a SonicWall network security appliance to act as a VPN gateway between physical devices in my home lab and cloud resources on my Azure account. As I usually do with new devices on my network, I did some cursory security analysis of the product and it didn’t take long before I had identified what looked like a...

Everything evolves. Simply stated, the gradual development of something from a simple to a more complex form is what evolution is all about. When something ceases to evolve, yet still exists, it becomes classified as a living fossil. One example is the Ginkgo Biloba tree. It took millions of years for this evolution to cease. This all happened...

Six people alleged to be part of the notorious CLOP ransomware gang have been detained and charged by Ukrainian police, following nearly two dozen raids across the country. According to a statement released by the Ukraine's cyber police, the hacking group is thought to have inflicted $500 million worth of damage on universities and organisations it...

If you are new to the security world, it is fair to ask yourself, “Isn’t access to data and systems always conditional? Isn’t it always granted to someone who has access to the credentials (ID and password)?” True enough, but in totality, the approach to managing access encompasses a broader spectrum of privacy policies. These policies include a mix...

On January 20, President Joseph Biden issued Executive Order (E.O.) 13990 to help protect U.S. bulk power organizations. This Order enacted a 90-day suspension of E.O. 13920 which was set by the previous administration. The new executive order empowered the Secretary of Energy (“Secretary”) to publish new criteria around pre-qualifying vendors of...

Cloud-native applications that are based on new types of infrastructure such as containers and serverless platforms are being rapidly adopted by organizations worldwide. While cloud-native applications deliver compelling benefits such as elastic scalability, unmatched resilience and rapid development velocity, they also raise challenges.Cloud-native...

Today’s VERT Alert addresses Microsoft’s June 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-947 on Wednesday, June 9th.In-The-Wild & Disclosed CVEsCVE-2021-31955This is one of two vulnerabilities fixed in today’s patch drop which were reported by Kaspersky Lab after detecting...

Like technology itself, cybersecurity is ever-evolving and encompassing more areas of our lives, including transportation. Popular science fiction movies have led us to expect flying taxis and private space travel as the future of transportation. If that is going to become an eventual reality, the first steps towards that future are “smart cars” and...

The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society. The roads and railways that we travel on; the Internet and the mobile networks that connect us; the water that we drink; the healthcare, financial services and security...

Anthony Israel-Davis joins the show to discuss what you can do with the DBIR as a practitioner and his perspective on the proposed Cybersecurity Safety Review Board. https://open.spotify.com/episode/02DRlioMrZc98rU7wlwvid?si=YY-9l1KLTbmZz82VZvTadA Spotify: https://open.spotify.com/show/5UDKiGLlzxhiGnd6FtvEnm Stitcher: https://www.stitcher.com...