Patch Management – Page 2 – WindowsTechs.com

State-linked hackers hit American, European organizations with Pulse Secure exploits

Posted on April 20, 2021 by Sean Lyngaas

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits→

3 Vulnerabilities to Plug to Secure Your Customers’ Remote Workforce

Posted on April 7, 2021 by Matt Solomon

The migration to a remote workforce hit fast forward in the past year as businesses around the world asked employeesRead More
The post 3 Vulnerabilities to Plug to Secure Your Customers’ Remote Workforce appeared first on Kaseya.
The post 3 Vulnerabil… Continue reading 3 Vulnerabilities to Plug to Secure Your Customers’ Remote Workforce→

Patch Management in the Post-SolarWinds Era

Posted on March 18, 2021 by Nathan Eddy

The SolarWinds breach, in which hackers inserted malware into software updates sent to thousands of customers and created a backdoor to their IT systems, suggests organizations need to seriously rethink patch management. Until recently, installing pat… Continue reading Patch Management in the Post-SolarWinds Era→

CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers

Posted on March 3, 2021 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity division on Wednesday ordered federal civilian agencies to address flaws in a popular email software program at the center of a suspected Chinese spying campaign. The “emergency directive” from DHS’s Cybersecurity and Infrastructure Security Agency requires agencies to either apply security fixes for the vulnerabilities in the Microsoft Exchange Server software, or, if a compromise is found, to disconnect the program until it can be securely reconfigured. The CISA order comes a day after Microsoft revealed that China-based hackers were using the previously unknown software bugs to steal data from select targets. The hacking group, called Hafnium, has previously tried to breach U.S.-based infectious disease researchers, defense contractors and educational institutions, Microsoft said. The suspected Chinese hackers used one of the vulnerabilities to “steal the full contents of several user mailboxes,” according to Volexity, a cybersecurity firm that investigated the breaches. Exchange Server is used in […]

The post CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers appeared first on CyberScoop.

Continue reading CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers→

How to Defend Linux from Attacks

Posted on February 25, 2021 by Matt Alderman

Although Linux is still a fraction of the market share of Microsoft Windows and Mac OS X, its growth continues to accelerate. Linux will continue to grow at compounded annual growth rate (CAGR) of 19.2% through 2027. Some of the primary factors for … Continue reading How to Defend Linux from Attacks→

Third-Party Patching: Everything You Need to Know

Posted on February 18, 2021 by John Emmitt

Timely deployment of patches is critical for maintaining the security of your IT systems. Through efficient patch management, you canRead More
The post Third-Party Patching: Everything You Need to Know appeared first on Kaseya.
The post Third-Party Pa… Continue reading Third-Party Patching: Everything You Need to Know→

Reading the Application Security Tea Leaves – How to Interpret the Analyst Reports

Posted on February 16, 2021 by Matt Alderman

There are a number of industry analyst reports on application security. Each analyst firm and report takes its own slice of the market to analyze and report on vendors within that market. For example, the Forrester Wave focuses on Static Application… Continue reading Reading the Application Security Tea Leaves – How to Interpret the Analyst Reports→

Why Every Company Needs a Software Update Schedule

Posted on February 12, 2021 by Sue Poremba

Software without the most recent patch is like an unlocked door for threat actors. They know the openings are there and can just walk in. But patching and a software update schedule can make sure that door stays locked. Applying patches isn’t difficult. Click a few buttons, reboot and you are good to go. Even […]

The post Why Every Company Needs a Software Update Schedule appeared first on Security Intelligence.

Continue reading Why Every Company Needs a Software Update Schedule→

Bad patching practices are a breeding ground for zero-day exploits, Google warns

Posted on February 3, 2021 by Sean Lyngaas

Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability. The clients expect that software update to keep attackers from stealing sensitive information. But new data from Google’s elite hacking team, Project Zero, suggests that assumption is misplaced. One in four “zero-day,” or previously unknown, software exploits that the Google team tracked in 2020 might have been avoided “if a more thorough investigation and patching effort were explored,” Project Zero researcher Maddie Stone said Wednesday. In some cases, the attackers only changed a line or two of code to turn their old exploit into a new one. Many of the zero-day exploits were for popular internet browsers like Chrome, Firefox or Safari, exposing an array of users around the world. Project Zero’s sample size is modest, covering just 24 exploits in all. But the data points to a need for greater […]

The post Bad patching practices are a breeding ground for zero-day exploits, Google warns appeared first on CyberScoop.

Continue reading Bad patching practices are a breeding ground for zero-day exploits, Google warns→

Selecting the Right Brain for Your Sensors

Posted on January 12, 2021 by Matt Alderman

The post Selecting the Right Brain for Your Sensors appeared first on Security Weekly. Continue reading Selecting the Right Brain for Your Sensors→