Collaborate Disseminate
For security purposes, do we need to apply OS security patches if we have closed all ports via our firewall except for port 5001 which needs to remain open so our server can communicate with our forex broker’s trading server?
Continue reading Do we need to apply OS security patches if only one port is open? [closed]
Google’s Project Zero is reporting that software vendors are patching their code faster.
tl;dr
- In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago.
- In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period.
- Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies.
…
Panorays has identified the top five most common cyber gaps among third-party organizations over 2021. Analyzing data gathered from cyber posture evaluations of tens of thousands of vendors across various industries, Panorays pinpointed compromised cre… Continue reading The most common cyber gaps threatening supply chain security
My MacBookPro doesn’t get major updates anymore, but the hardware still works well.
I came accross OpenCore Legacy Patcher, which allows to install recent versions of MacOs onto older macs through patches.
How secure is it? Is there a bigg… Continue reading How secure is OpenCore Legacy Patcher?
According to a research by Tenable, at least 40,417,167,937 records were exposed worldwide in 2021, calculated by the analysis of 1,825 breach data incidents publicly disclosed between November 2020 and October 2021. This is a considerable increase on … Continue reading Exposed records exceeded 40 billion in 2021
Remember the Equifax breach? Remember the $700m penalty? In case you’d forgotten, here’s the FTC to refresh your memory! Continue reading FTC threatens “legal action” over unpatched Log4j and other vulns
Have you ever seen the message “An error occurred”? Even worse, the message “This error cannot occur”? Facts matter! Continue reading Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble
Log4j is being exploited by all sorts of attackers, all over the Internet:
At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.
And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks.
And a second vulnerability was found, in the patch for the first vulnerability. This is likely not to be the last…
Action1 released a report based on the feedback from 491 IT professionals worldwide. The study explores how organizations patch and manage their remote and office-based endpoints and provide employees with remote IT support. The report reveals that eve… Continue reading Patching takes 2.5 times longer when endpoints are remote
Ransomware groups are continuing to grow in sophistication, boldness, and volume, with numbers up across the board since Q2 2021, a report by Ivanti, Cyber Security Works and Cyware reveals. This last quarter saw a 4.5% increase in CVEs associated with… Continue reading Vulnerabilities associated with ransomware increased 4.5% in Q3 2021