Today’s VERT Alert addresses Microsoft’s May 2023 Security Updates, which include a new release notes format. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1055 on Wednesday, May 10th. In-The-Wild & Disclosed CVEs CVE-2023-29336 Up first this month is a vulnerability reported by Avast in Win32k. This vulnerability could allow an authenticated attacker to...

Data breaches and cyberattacks have become worryingly commonplace in today’s digital world, and cybersecurity and cyber resilience are now crucial for every organization, small and large. These two strategies work together to protect data at different stages of a cyberattack. Ideally, organizations should rely on both to achieve maximum cyber protection. Cybersecurity refers to the measures taken...

As a small business owner, you wear many hats. You're the CEO, the accountant, the salesperson, and the HR manager. With so much on your plate, cybersecurity might not be at the top of your priority list. But it should be. Small businesses are a prime target for cybercriminals, and a security breach can be devastating to your company's reputation and financial health. The good news is that there...

This piece was originally published on Fortra’s AlertLogic.com Blog. Thinking about your own network isn’t enough to keep your business safe and profitable. As more buyers, sellers, and partners collaborate ever more closely across the world, supply chain IT risks are rising with no slowdown in sight. According to the Identity Theft Resource Center, supply chain attacks surpassed malware incidents...

Tripwire's April 2023 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe. First on the patch priority list this month are patches for Microsoft Edge. These patches resolve over 15 vulnerabilities such as spoofing, type confusion, and use after free vulnerabilities. Up next are 3 patches for Microsoft Office, Word, and Publisher that resolve 4 remote code...

The Open Systems Interconnection (OSI) model is a conceptual framework developed by the International Standards Organization (ISO). It has been in use for over 40 years, and is cited in every computer network book. It is also a favorite resource for just about every cybersecurity exam. The OSI model is represented in seven layers that help us understand how communications between computer systems...

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. The notorious Mirai botnet, which hijacks control of vulnerable IoT devices, is now exploiting TP-Link Archer AX21 routers to launch distributed denial-of-service (DDoS) attacks. The warning comes from security researchers and the US Government's...

“The cyber economy is the economy” Those words were spoken by the US National Security Advisor way back in 2005, and it is remarkable to see how prescient they were. The economy is not only supported by the cyber world, but that world is entirely data driven. Data has become a primary focus, not just for regulatory fodder, but for business survival. Rethinking cyber risk for business...

Cloud Security Challenges Organizations embracing cloud environments must understand that cloud applications and services have become popular targets for cybercriminals. A few notable and inherent risks with cloud deployments include: API Vulnerabilities Unfortunately, API exploits are on the rise, costing organizations dearly. Whether it’s stolen data or denial-of-service (DoS) attacks, an API...

This piece was originally published on Fortra’s AlertLogic.com Blog. If you’re building an application, you want to ensure it’s reliable, consistent, and rapidly deployable in any cloud environment. That’s what containers are used for — packaging instructions into a digital object for reuse. Without them, you’ll struggle to run some application components from server to server. But when you deploy...

The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add their names so we can see when they ring. And, of...

Think of all the different points within your organization that provide access to information. That could be your website, the mobile version of your application, your Slack instance, and so much more. It’s a list that gets very long, very quickly. All of those endpoints, both physical and digital, make up the attack surface of your organization. Basically, each endpoint is an element that could...

Iranian state-sponsored hacking group Charming Kitten has been named as the group responsible for a new wave of attacks targeting critical infrastructure in the United States and elsewhere. The group (who are also known to security researchers by a wide variety of other names including Mint Sandstorm, Phosphorous, Newscaster, and APT35) has been operating since at least 2011, making a name for...

Most cybersecurity professionals know that cyber breaches increase each year. So it’s no surprise that the cybersecurity insurance business also keeps growing briskly. According to data from Markets and Markets and Polaris Market Research, the cyber insurance market swelled to $11.9 billion worldwide in 2022, up from $10.1 billion the previous year, and is projected to grow to more than $29...

The boon of online business and credit card transactions in the early 90s and 2000s resulted in an increasing trend of online payment fraud. Since then, securing business and online card transactions has been a growing concern for all business and payment card companies. The increasing cases of high-profile data breaches and losses from online fraud emphasized the need for urgent measures and a...

This piece was originally published on Fortra’s AlertLogic.com Blog. A Comprehensive Guide to Understanding WAFs: How it Works, Types, and Security Models Web applications drive digital transformation, remote work, employee productivity, and consumer interactions. The ability to connect to critical applications over the internet gives workforce members a way to work synchronously and...

Many organizations have either been formed in, or have migrated to cloud-based environments due to the efficiency, flexibility, mobility, cost savings, and other benefits. The majority of applications that are used today are incorporated with the cloud. Most of our data and processes exist in the cloud. But simple as it is, just uploading your files to the cloud or using services of the cloud...

Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is something Tripwire Enterprise is often deeply tied into too. Before we talk...

Spring is here! Who’s up for some digital spring cleaning? Digital de-cluttering helps you organize your life and has the bonus of reducing your vulnerability to common threats. But knowing where to begin can be hard; most of us leave a larger digital footprint than we realize. I have created a checklist to help you clear away the clutter and reap the rewards of a clean digital slate. Benefits of...

The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report provides a data-driven analysis of what went well, what could be better...