Blog

Blog

VERT Threat Alert: January 2022 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th. In-The-Wild & Disclosed CVEs CVE-2022-21919 This vulnerability was a bypass to CVE-2021-34484, released by the same researcher, Abdelhamid Naceri. The...
Blog

VERT Threat Alert: December 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s December 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-978 on Wednesday, December 15th. In-The-Wild & Disclosed CVEs CVE-2021-43890 Up first this month is a vulnerability in the Windows AppX Installer that could allow spoofing. This...
Blog

CIS Control 14: Security Awareness and Skill Training

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access...
Blog

CIS Control 13: Network Monitoring and Defense

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that...
Blog

CIS Control 12: Network Infrastructure Management

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are...
Blog

VERT Research Tips: Understanding Word Splitting

Word splitting is a function of BASH that I was unfamiliar with, but it is definitely one that impacted my recent research. From the bash(1) man page: IFS The Internal Field Separator that is used for word splitting after expansion and to split lines into words with the read builtin command. The default value is <space><tab>&lt...
Blog

VERT Research Tips: Byting into Python

The past few weeks, I’ve been spending a lot of my free time preparing for the OSCP exam, which means refreshing a lot of skills that I haven’t used in years. A large part of that is rebuilding muscle memory around buffer overflows, so that’s how I spent my four-day weekend. I logged about 70 hours compiling small programs, writing buffer overflows,...
Blog

How Achieving Compliance with PCI DSS Can Help Meet GDPR Mandates

Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy...
Blog

VERT Threat Alert: November 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s November 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-972 on Wednesday, November 10th. In-The-Wild & Disclosed CVEs CVE-2021-42292 Up first this month, we have a 0-day in Microsoft Excel that allows an attacker to bypass security features....
Blog

CIS Control 11: Data Recovery

Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data. Key...
Blog

CIS Control 10: Malware Defenses

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is...
Blog

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A...
Blog

CIS Control 08: Audit Log Management

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of...
Blog

VERT Threat Alert: October 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s October 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-968 on Wednesday, October 13th. In-The-Wild & Disclosed CVEs CVE-2021-40449 Up first this month, we have an elevation of privilege in Win32k that has been exploited in-the-wild via...
Blog

CIS Control 07: Continuous Vulnerability Management

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control...
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the week of September 27, 2021

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly reviewing the news for interesting stories and developments in the cybersecurity world. Here’s what stood out to us during the week of September 27, 2021. We’ve also included the comments from a few folks here at Tripwire VERT. REvil Ransomware Group Goes...
Blog

CIS Control 06: Access Control Management

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse,...
Blog

CIS Control 05: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to...
Blog

CIS Control 04: Secure Configuration of Enterprise Assets and Software

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any...
Blog

VERT Threat Alert: September 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon...