Collaborate Disseminate
It was 1977, and soon-to-be-fans were greeted with a masterful score and scrolling text. Darth Vader and Princess Leia share the screen in those opening moments, and the Star Wars universe was created. Nearly 30 years later, a new film would introduce … Continue reading The Death Star’s Demise: Can You Trust Your IoT Vendors?
Today’s VERT Alert addresses the Microsoft April 2017 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-720 on Wednesday, April 12th. With the elimination of Security Bulletins, the VERT Alert will be changing. This shortened version will act as a placeholder until the launch of the improved VERT […]… Read More
The post VERT Threat Alert: April 2017 Patch Tuesday Analysis appeared first on The State of Security.
Continue reading VERT Threat Alert: April 2017 Patch Tuesday Analysis
After a couple of false starts from Microsoft, we finally have the death of security bulletins a few months later than expected. Unfortunately, this information change has made the VERT Alert format for Patch Tuesday content impossible to maintain in the same way. Moving forward, Tripwire VERT is investigating a new format that will allow […]… Read More
The post Patch Tuesday Will Never Be The Same Again appeared first on The State of Security.
Today’s VERT Alert addresses 18 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins and expects to ship ASPL-716 on Wednesday, March 15th. Ease of Use (published exploits) to Risk Table Automated Exploit Easy Moderate Difficult Extremely Difficult MS17-006 MS17-007 MS17-008 MS17-013 MS17-014 MS17-017 MS17-018 MS17-012 No Known Exploit MS17-019 MS17-021 […]… Read More
The post VERT Threat Alert: March 2017 Patch Tuesday Analysis appeared first on The State of Security.
Continue reading VERT Threat Alert: March 2017 Patch Tuesday Analysis
Have you ever had one of those moments where, in the movie of your life, the actor playing you will voice over with the words, “I should have immediately known I’d come to regret this decision”? Seeing the RSA Call for Speakers suggest originality in the presentation style (via mention of a rock opera) sent […]… Read More
The post Security Bulletins on Trial appeared first on The State of Security.
At RSA 2015, I facilitated my first Peer-2-Peer session, “Vulnerability and Risk Scoring: What Ratings Really Mean” in front of full audience. I went into the event not really certain what a Peer-2-Peer was and what I would take away, but I knew I was very interested in discussing vulnerability scoring and metrics with a […]… Read More
The post P2P Session: Metrics for Managing and Understanding Patch Fatigue appeared first on The State of Security.
Continue reading P2P Session: Metrics for Managing and Understanding Patch Fatigue
Last week, while browsing various news feeds and websites, I took a scroll through Facebook and saw this video posted from our local morning show, Breakfast Television. They were talking about a Lifehacker post that referenced a github repository belonging to Viljami Kousmanen. The doom and gloom statements of the video are pretty clear evidence […]… Read More
The post Autofill FUD appeared first on The State of Security.
Last week, while browsing various news feeds and websites, I took a scroll through Facebook and saw this video posted from our local morning show, Breakfast Television. They were talking about a Lifehacker post that referenced a github repository belonging to Viljami Kousmanen. The doom and gloom statements of the video are pretty clear evidence […]… Read More
The post Autofill FUD appeared first on The State of Security.
As we approach February 14th, the lyrics of a great Everly Brother’s song, “Bye Bye Love,” are playing in my mind. It’s not the reason you think. My wife and I are completely happy, and it’s not because RSA has been scheduled over Valentine’s Day. It’s because February 14th will be the first time that […]… Read More
The post Security Bulletins Begone! appeared first on The State of Security.
Vulnerability Description A vulnerability in the Cisco WebEx Browser extension for Chrome, Firefox, and Internet Explorer could be used to execute code on a victim system. It is trivial to exploit the vulnerability and sample exploit code has been released publicly. The vulnerability leverages command execution in the launch_meeting message via a message event, which […]… Read More
The post VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution appeared first on The State of Security.
Continue reading VERT Threat Alert: Cisco WebEx Browser Extension Remote Code Execution