Tripwire Patch Priority Index for January 2022

Tripwire’s January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft. First on the patch priority list this month are patches for Apache ...

Tripwire Patch Priority Index for December 2021

Tripwire’s December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, ...
Log4j Vulnerability, Apple AirTags Used by Thieves, The FBI's Encrypted Messaging App Document

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to ...
Log4Shell Vulnerability: What Security Operations Teams Need to Know Now and How SOAR Can Help You Detect and Respond

Log4Shell Vulnerability: What Security Operations Teams Need to Know Now and How SOAR Can Help You Detect and Respond

For security professionals, 2021 will conclude with them racing to respond to one of the most grave internet vulnerabilities in... The post Log4Shell Vulnerability: What Security Operations Teams Need to Know Now ...
Log4Shell: Apache Log4j Remote Code Execution

Log4Shell: Apache Log4j Remote Code Execution

Unauthenticated RCE in critical Java logging utility Log4jOn 9 December 2021, Apache disclosed that the Log4j 2 utility contains a critical vulnerability that allows unauthenticated remote code execution (RCE), a serious issue that ...

How RASP Protects Apache Servers from zero-day Path Traversal Attacks (CVE-2021-41773)

In late September of 2021, a path traversal and file disclosure vulnerability was disclosed and reported as CVE-2021-41773 in Apache HTTP Server version 2.4.29. Both Windows and Linux servers are affected. This ...
Detecting GnuTLS CVE-2020-13777 using Zeek

Detecting GnuTLS CVE-2020-13777 using Zeek

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...
Identifying Let’s Encrypt Revoked Certificates

Identifying Let’s Encrypt Revoked Certificates

Let’s Encrypt is a free, automated, open certificate authority (CA) run for the public’s benefit as a service from the Internet Security Research Group (ISRG). It provides free digital certificates to enable ...
What We Can Learn from the Capital One Hack

What We Can Learn from the Capital One Hack

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps ...

Cyber Security Roundup for November 2018

One of the largest data breaches in history was announced by Marriott Hotels at the end of November. A hack was said to have compromised up to a mind-blowing "half a Billion" ...