Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in Windows Graphic Component that can allow for code execution leading to SYSTEM...

A brute force attack is an attempt to reveal passwords and login credentials in order to gain access to network resources. These attacks are mainly done with the purpose of gaining unauthorized, and undetected access to compromise systems. Threat actors usually prefer this attack method since it is simple to carry out, and can cause significant damage. Once a person’s credentials are revealed, the...

Today’s energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift in the energy industry. The Industrial Internet of Things (IIoT) is expected to transform the energy grid and support...

We create massive amounts of data daily, from the exercise stats compiled by our wearable devices to smart meters used at our homes to reduce expense consumption to maintenance statistics of critical systems in industrial settings. If data creation continues at its present rate, more than a yottabyte (a million trillion megabytes) will likely be generated annually by 2030. Even though big data is...

Tripwire's January 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Visio and Microsoft Office that resolve 6 vulnerabilities, including remote code execution and information disclosure vulnerabilities. Next are patches for Adobe Reader and Acrobat that 15 vulnerabilities...

February 7th is the 20th Safer Internet Day, a day to focus on addressing ways to reduce the risks created by our now very online world. Painting the internet as an inherently dangerous place full of predators and … would be using too broad a brush. The internet is an amazing technology - an information sharing resource unrivaled in depth, breadth, and reach. Despite all the good, useful, and fun...

A truism about the free tools online is that if you aren’t paying for the service, then you are the product. Take your grocery store's “club” card program. You sign up and give them your name and phone number, and every time you shop, you swipe your card and get discounts on certain items. If you shop at the same store all the time, it makes total sense to take advantage of these discounts to save...

The Tripwire Vulnerability Exposure and Research Team (VERT) keeps its finger on the cybersecurity pulse. Check out some of the stories that stood out for us recently: Compromised Linux Endpoints can be isolated with Microsoft Defender Microsoft Defender for Endpoint can now isolate compromised Linux environments. This can potentially mitigate the amount of data attackers could obtain from...

Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control systems like Remote Terminal...

It’s another new year and hence another occasion to predict how the cybersecurity landscape will evolve in 2023. Once again, it will be challenging, as most every year is, and could wind up being an unusually difficult 12 months because of multiple headwinds. One is that it has become clear that a huge increase in remote working is here to stay, if only because so many companies have adopted a...

2022 saw privacy truly take hold in the U.S., while Europe buttressed its position as the global leader and other regions worked to get up-to-speed with new or amended laws. U.S. Privacy in 2022 Laws passed in 2021 and 2022 meant many U.S. companies spent the past year preparing for new privacy requirements that came into effect on January 1st in California and Virginia, with more to come out of...

UK banking group TSB is calling on social networks and dating apps to better protect their users from fake profiles, following an alarming spike in romance fraud. Examining data from December 2020 - January 2022, TSB determined that romance fraud almost doubled compared to pre-pandemic levels, with a record increase in losses of 91% - averaging £6,100 per incident. The bank's findings uncovered...

Extortion, and especially “sextortion” emails, are becoming more frequent, and they can be extremely alarming when received. Such emails work by using threats to extort money, evoking intense fear. This type of correspondence comes in many guises and features various elements, but essentially, they work in the same way. These activities can refer to real-life experience such as cheating on a...

The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by the Government Accountability Office (GAO)...

The cybersecurity landscape has become something of a battle royale: companies and cyber criminals are continually trying to outsmart one another in an effort to be the last one standing. Thankfully, many businesses are seeking a proactive approach, aiming to avoid the proverbial egg on their face when it comes to cybersecurity breaches. Learning from other organizations’ costly misfortunes, many...

The political and economic uncertainty throughout the world today is growing. The danger of malicious hacking is increasing as more and more parts of daily life simultaneously transition to the digital realm. An attack on another country or region by a state or an individual could have catastrophic results. Possible targets include utilities like power plants and communications networks...

What Is Network Security? Network security is a broad field, encompassing various processes, policies, rules, standards, frameworks, software, and hardware solutions. Its primary goal is to protect a network and its data from various threats, including intrusions and breaches. A network security program typically utilizes a combination of access controls, application security tools, virus and...

It’s a rare treat when you get the opportunity to speak with someone who has worked as an ethical hacker, has also worked in top secret military settings, and then transferred to the private sector, rising to the highest cybersecurity level in the corporate chain. We had the opportunity to speak with Brian Haugli, CEO of SideChannel. Brian is also the author of a book about the NIST Cybersecurity...

For most people, January 28th is the 28th day of the year. For me, January 28th is more commonly known as “the day before my wife’s birthday.” For those who pay attention to history, they may know it as the day of Charlemagne’s death, Edward VI’s ascension to the throne, the founding of Northwestern University, the birth of the US Coast Guard, the adoption of the current Canadian Flag, the first...

A 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison. Sebastien Raoult, a French national, was arrested at Rabat international airport in Morocco on May 31 2022, while trying to take a flight to Brussels. Law enforcement in Morocco detained former...