Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero Day

Microsoft January Patch Tuesday 2023: 98 Security Vulnerabilities and a Zero Day

On January 10th, 2023 Microsoft released their January Patch Tuesday fixes and revealed 98 vulnerability fixes, including one Zero Day vulnerability known to be exploited in the wild.  The vulnerabilities affect popular ...

Critical Microsoft Code-Execution Vulnerability

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, ...

Responsible Disclosure for Cryptocurrency Security

Stewart Baker discusses why the industry-norm responsible disclosure for software vulnerabilities fails for cryptocurrency software. Why can’t the cryptocurrency industry solve the problem the way the software and hardware industries do, by ...
patching cyberattacks JumpCloud patching

The Importance of Timely Patching

Yet another new critical vulnerability was uncovered with the discovery that Microsoft Office could be exploited through a malicious Word document and used to run remote code execution. Meanwhile, many old vulnerabilities ...
Security Boulevard
zero-day zero-trust app hardware zero-trust prepare

Google: Poor Software Fixes Cause Half of all Zero-Days

Researchers from Google’s Project Zero examined 18 zero-day vulnerabilities exploited by hackers this year before a patch was available; they found that half those vulnerabilities could have been avoided if software vendors ...
Security Boulevard
zero trust Network Security multi-cloud zero-trustQualys multi-cloud Wi-Fi 6 access point zero-trust cloud security remote data protection

Qualys Adds Risk Assessment to Cloud Security Platform

Qualys, Inc. today updated its vulnerability management, detection and response (VMDR) cloud service to include a risk assessment capability, called TruRisk, that enables cybersecurity teams to better prioritize their remediation efforts. As ...
Security Boulevard
Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition

Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition

Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is ...

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 18, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us ...

Java Cryptography Implementation Mistake Allows Digital-Signature Forgeries

Interesting implementation mistake: The vulnerability, which Oracle patched on Tuesday, affects the company’s implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that ...

Tripwire & FoxGuard: Patching for compliance and security

There’s a saying in the cybersecurity community which states that just because you are compliant doesn’t mean that you are secure. Over the years, many images have been used to illustrate the point. One ...