What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-01 02:00:00 | Why you might not be done with your January Microsoft security patches (lien direct) | The January patching window for your firm has probably come and gone. But has it? While January included a huge release of patches, several releases in other months have provided more than one headache for the patch management community. These are the patches and updates you need to evaluate if you haven't already done so.BitLocker Security Feature Bypass Vulnerability In January, additional information came out about CVE-2022-41099, the BitLocker Security Feature Bypass Vulnerability. If you've already deployed the November or later security updates to your network and have done nothing else, you aren't done with the evaluation of this update.To read this article in full, please click here | Patching | ★★★ | |
|
2023-01-18 02:00:00 | Why it\'s time to review your on-premises Microsoft Exchange patch status (lien direct) | We start the patching year of 2023 looking at one of the largest releases of vulnerability fixes in Microsoft history. The January 10 Patch Tuesday update patched one actively exploited zero-day vulnerability and 98 security flaws. The update arrives at a time when short- and long-term technology and budget decisions need to be made.This is particularly true for organizations using on-premises Microsoft Exchange Servers. Start off 2023 by reviewing the most basic communication tool you have in your business: your mail server. Is it as protected as it could be from the threats that lie ahead of us in the coming months? The attackers know the answer to that question.To read this article in full, please click here | Tool Vulnerability Patching | ★★ | |
|
2022-12-19 14:51:00 | BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity (lien direct) | Effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps is still largely dependent on people doing the right thing. From following best practices for updating and patching systems and software to knowing and understanding the everyday risks posed by phishing emails, malicious websites, or other attack vectors, everyone - not just the dedicated IT/security professionals - has some level of responsibility for cybersecurity.The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that:To read this article in full, please click here | Patching | ★★ | |
|
2022-12-08 02:00:00 | Microsoft\'s rough 2022 security year in review (lien direct) | We soon close out the security year of 2022. Only time will tell what 2023 will bring, but for IT and security admins of Microsoft networks, 2022 has been the year of blended attacks, on-premises Exchange Server flaws, and vulnerabilities needing more than patching to mitigate. Here's a month-by-month look at the past year.January: A bad start for on-premises Microsoft Exchange Server vulnerabilities It seems fitting that 2022 began with the release of the Microsoft Exchange Server remote code execution vulnerability (CVE-2022-21846). It raises the question for anyone still with an on-premises Exchange Server: Do you have the expertise to keep it safe especially if you are targeted? Exchange 2019 is the only version under mainstream support at this time. If you are still running Exchange Server 2013, it reaches end of support on April 11, 2023. Your window of opportunity to make an easy transition is closing. Migrate to Exchange online or on-premises Exchange 2019 or consider a different email platform completely.To read this article in full, please click here | Vulnerability Patching | ★★★★★ | |
|
2022-11-23 02:00:00 | How to reset a Kerberos password and get ahead of coming updates (lien direct) | Do you recall when you last reset your Kerberos password? Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. If you've followed my advice, you are already one step ahead of the side effects caused by the November updates that introduced Kerberos changes.While many of you may be waiting to install the “fixed” versions of the updates that deal with the introduced authentication issues, or you may wish to install the out-of-band updates that will fix the side effects, there are more steps to do this patching month and in the months ahead.To read this article in full, please click here | Patching | ★★★★ | |
|
2022-11-09 02:00:00 | Why it\'s time to review your Microsoft patch management options (lien direct) | You have several options to manage patching on Microsoft networks: let machines independently update or use a third-party patching tool, Windows Software Update Services (WSUS), or another Microsoft management product. If you are still using WSUS as your key patching tool, you may want to review your options. Microsoft is developing additional patching tools that will allow you to better manage systems and control administrative access.Is WSUS on the way out? Microsoft has long kept the status quo for WSUS, its on-premises patching product. It still supports WSUS, but Microsoft does not appear to be making new investments in the platform. Case in point, if your WSUS server fails on syncing, disable the Windows category of “Windows Insider Dev Channel.” Selecting this category creates an error message during synchronization. Microsoft is aware of the issue but has not given any estimated time for a fix. WSUS has not been updated in years. If you are considering using WSUS as your go-to patching platform, budget for a subscription to WSUS Automated Maintenance, which includes scripts and routines to optimize WSUS.To read this article in full, please click here | Patching | ||
|
2022-08-24 02:00:00 | Why patching quality, vendor info on vulnerabilities are declining (lien direct) | Those who apply security patches are finding that it's becoming harder to time updates and determine the impact of patching on their organizations. Dustin Childs of the ZDI Zero Day Initiative and Trend Micro brought this problem to light at the recent Black Hat security conference: Patch quality has not increased and in fact is getting worse. We are dealing with repatching bugs that weren't fixed right or variant bugs that could have been patched the first time.Childs also pointed out that vendors are not providing good information about the Common Vulnerability Scoring System (CVSS) risk to easily analyze whether to patch. The vendor might give a high CVSS risk score to a bug that wouldn't be easily exploited. I am having to dig more into details of a bug to better understand the risk of not applying an update immediately. Vendors are adding obscurity to bug information and making it harder to understand the risk.To read this article in full, please click here | Vulnerability Patching | ||
|
2020-04-27 03:00:00 | Android security: Patching improves, but fragmentation challenges remain (lien direct) | Android device makers have improved their patching processes over the past two years according to a new analysis, decreasing the time gap between when security updates become public and their integration into firmware. This is good news for the Android ecosystem, which has historically been considered worse than Apple's iOS when it comes to patch hygiene. However, version fragmentation remains high in the Android world, with significant differences among device manufacturers and even across the same vendor's product lines. This leads to many devices running versions that are no longer supported.[ Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] Berlin-based Security Research Labs (SRLabs) has published the results of its binary analysis of around 10.000 unique firmware builds running on many Android device models from different manufacturers. Most of the data was collected with SnoopSnitch, an application developed by the company to analyze mobile radio data for abnormalities that could indicate user tracking and fake base stations. It can also check if the Android firmware running on a device has the critical vulnerability patches that correspond to its reported security patch level. | Vulnerability Patching Guideline | ||
|
2019-10-03 03:00:00 | 8 ways your patch management policy is broken (lien direct) | Not appropriately patching your software and devices has been a top reason why organizations are compromised for three decades. In some years, a single unpatched application like Sun Java was responsible for 90% of all cybersecurity incidents. Unpatched software clearly needs to be mitigated effectively. [ Patching and security training programs will thwart attacks more effectively than anything else. Here's how to do them better.. | Sign up for CSO newsletters. ] | Patching | ★★ | |
|
2019-04-29 03:00:00 | How to evaluate SOC-as-a-service providers (lien direct) | If you don't currently have your own security operations center (SOC), you are probably thinking of ways you can obtain one without building it from scratch. The on-premises version can be pricey, more so once you factor in the staffing costs to man it 24/7. In the past few years, managed security service providers (MSSPs) have come up with cloud-based SOCs that they use to monitor your networks and computing infrastructure and provide a wide range of services such as patching and malware remediation. Let's look at how this SOC-as-a-service (SOCaaS) industry has grown up, what they offer and how to pick the right supplier for your particular needs. | Malware Patching | ||
|
2018-10-31 14:54:00 | BrandPost: The Patching Paradox (lien direct) | A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year.In this session Bob Bragdon, Senior Vice President and Publisher of CSO, and Cliff Huntington, head of global sales for governance, risk, and compliance at ServiceNow, explore how high-performing security teams prevent breaches and what other teams can do to emulate their success.One particular area deserves a close look: unpatched enterprise software. The survey revealed that a majority of cyber-attack victims say their breaches could have been prevented by installing patches – and the survey also found that organizations can reduce their breach risk by 20% by scanning. | Patching |
1
We have: 11 articles.
We have: 11 articles.
To see everything:
Our RSS (filtrered)
