VERT Threat Alert: August 2019 Patch Tuesday Analysis

| | VERT
Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th. In-The-Wild & Disclosed CVEs Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they ... Read More

The Creation of Captain Tripwire: A Cyber Security Comic Book

It’s that time of year again where Black Hat and DEF CON are fast approaching and everyone interested in security will descend upon Las Vegas. While Craig Young will be there with his sold out Introduction to IoT Pentesting with Linux, I will be keeping my 2008 promise to myself ... Read More
Wow! HUGE FaceApp Security Controversy, Baby Shark vs Homeless People, & The Trump AOC Pelosi Mess

FaceApp Concerns: Myth or Mess?

| | Security Awareness
There’s a lot of conversation regarding FaceApp right now. I have friends talking about it on Facebook, politicians are tweeting about it, CNN and Forbes have reported on it, and my favorite YouTuber Philip DeFranco covered it. People around the world are torn on the privacy implications of this application, ... Read More

VERT Threat Alert: July 2019 Patch Tuesday Analysis

| | VERT
Today’s VERT Alert addresses Microsoft’s July 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-839 on Wednesday, July 10th. In-The-Wild & Disclosed CVEs CVE-2019-0865 This vulnerability describes a denial of service that occurs when SymCrypt processes specially crafted digital signatures. This vulnerability ... Read More

VERT Threat Alert: June 2019 Patch Tuesday Analysis

| | VERT
Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th. In-The-Wild & Disclosed CVEs CVE-2019-1053 An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker ... Read More

VERT Threat Alert: May 2019 Patch Tuesday Analysis

| | VERT
Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th. In-The-Wild & Disclosed CVEs CVE-2019-0863 Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code ... Read More

VERT Threat Alert: April 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-825 on Wednesday, April 10th. In-The-Wild & Disclosed CVEs CVE-2019-0803 This CVE describes a privilege escalation vulnerability in Win32k that could allow an attacker to execute code in ... Read More

Tripwire Patch Insanity: The Results

| | patch insanity, VERT
Thanks for playing along! By now, you’ve probably seen that the winner of our tournament is Shellshock. I long felt that this was the expected winner of Patch Insanity given the competition and I wasn’t expecting any major upsets, but there were definitely one or two. The big one that ... Read More

Security Requires Immutability: Avoid Dynamic Environments with Change Management

| | Cyber Security
When Shelley published his famous poem in 1816, he was telling us that the only constant in life is change. This was not a new concept, even then. Heraclitus proposed the same concept around 500 BCE with ‘Panta rhei’ (Life is Flux or everything changes). Even though we all know ... Read More
Tripwire Patch Madness: The Challenge

Tripwire Patch Madness: The Challenge

Welcome to Tripwire Patch Madness! Comprised of 26 vulnerabilities divided into two conferences and four divisions, the goal of this tournament is to declare which named vulnerability is king of Patch Madness! The original list of named vulnerabilities was taken from Hanno Böck’s named vulnerabilities repo. Any entries that did ... Read More
Loading...