Category Archives: Patch Management

Bad patching practices are a breeding ground for zero-day exploits, Google warns

Posted on by

Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability. The clients expect that software update to keep attackers from stealing sensitive information. But new data from Google’s elite hacking team, Project Zero, suggests that assumption is misplaced. One in four “zero-day,” or previously unknown, software exploits that the Google team tracked in 2020 might have been avoided “if a more thorough investigation and patching effort were explored,” Project Zero researcher Maddie Stone said Wednesday. In some cases, the attackers only changed a line or two of code to turn their old exploit into a new one. Many of the zero-day exploits were for popular internet browsers like Chrome, Firefox or Safari, exposing an array of users around the world. Project Zero’s sample size is modest, covering just 24 exploits in all. But the data points to a need for greater […]

The post Bad patching practices are a breeding ground for zero-day exploits, Google warns appeared first on CyberScoop.

Continue reading Bad patching practices are a breeding ground for zero-day exploits, Google warns

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

Posted on by

As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart. Continue reading Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

What Security Data Do I Really Need to Collect and Analyze?

Posted on by

The post What Security Data Do I Really Need to Collect and Analyze? appeared first on Security Weekly. Continue reading What Security Data Do I Really Need to Collect and Analyze?

Critical Industrial Flaws Pose Patching Headache For Manufacturers

Posted on by

When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates. Continue reading Critical Industrial Flaws Pose Patching Headache For Manufacturers

CISA orders agencies to quickly patch critical Netlogon bug

Posted on by

For several days, security experts have urged organizations to fix a critical vulnerability in a Microsoft protocol that hackers could use to steal sensitive data. Now, U.S. government agencies don’t have a choice but to act. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency on late Friday evening ordered federal civilian agencies to apply a patch for the vulnerability by the end of the day Monday. The “emergency directive” — only the fourth ever issued by the agency — reflects the “unacceptable risk” the vulnerability poses to federal agencies because the affected software is used throughout the government, officials said. The bug is the latest in a bevy of critical flaws to emerge in popular software this year. In response, CISA has increasingly used its emergency-directive authority to try to keep foreign spies or criminals from burrowing into federal networks. In July, CISA gave agencies 24 hours to address another […]

The post CISA orders agencies to quickly patch critical Netlogon bug appeared first on CyberScoop.

Continue reading CISA orders agencies to quickly patch critical Netlogon bug

The History of Common Vulnerabilities and Exposures (CVE)

Posted on by

During the late 1990s, security professionals were using information assurance tools in concert with vulnerability scanners to detect and remove vulnerabilities from the systems for which they are responsible. There’s just one problem – each security v… Continue reading The History of Common Vulnerabilities and Exposures (CVE)

After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

Posted on by

Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency. That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users and updated passwords within a domain. The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.” Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound […]

The post After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later appeared first on CyberScoop.

Continue reading After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Posted on by

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical. Continue reading Vulnerability Disclosure: Ethical Hackers Seek Best Practices