VERT Threat Alert: May 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1002 on Wednesday, May 11th. CVE-2022-26925 In-The-Wild & Disclosed CVEs Based on Microsoft’s limited documentation, this appears to be a resurgence and/or improved version of PetitPotam. This month’s ... Read More
A Tripwire Milestone: ASPL – 1000 is here
When I joined nCircle as a security researcher in 2006, ASPL 117 had just been released. I missed the ASPL-100 release celebration, which included custom sweatshirts, but there was still one unclaimed shirt in the office and I brought it home, my first piece of company swag. That shirt still ... Read More
May The Fourth Be with You: Jedi Mind Tricks and Scams
Over the past few years, I’ve used Star Wars Day as a way to talk about two of my favourite things – Star Wars and cybersecurity. I wrote about scammers in 2020 and IoT in 2021, and I really thought I’d write about IoT again this year. After all, there’s ... Read More
OSINT: The privacy risks of sharing too much information
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed ... Read More
CIS Control 17: Incident Response Management
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither ... Read More
Thank you for everything Mike. We’ll miss you.
Within VERT, we are rapidly approaching the release of our 1000th ASPL package. For those unfamiliar with the term “ASPL Package”, we are fast approaching the 1000th time that we delivered vulnerability content to customers. There’s an entire blog post planned around that in a few weeks as it is ... Read More
VERT Threat Alert: April 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s April 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-996 on Wednesday, April 13th. In-The-Wild & Disclosed CVEs CVE-2022-24521 While not previously publicly disclosed, Microsoft is reporting that they have seen active exploitation of this vulnerability in ... Read More
Out of Band (OOB) Data Exfiltration via DNS
Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which ... Read More
VERT Threat Alert: March 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s March 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-989 on Wednesday, March 9th. In-The-Wild & Disclosed CVEs CVE-2022-21990 CVE-2022-21990 describes a code execution vulnerability within Remote Desktop Client. The vulnerability requires that a malicious actor control ... Read More
VERT Threat Alert: February 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s February 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-985 on Wednesday, February 9th. In-The-Wild & Disclosed CVEs CVE-2022-21989 This month, only a single vulnerability, CVE-2022-21989 has been publicly disclosed and Microsoft is not reporting any known ... Read More
