Patch Management in the Post-SolarWinds Era

The SolarWinds breach, in which hackers inserted malware into software updates sent to thousands of customers and created a backdoor to their IT systems, suggests organizations need to seriously rethink patch management. Until recently, installing pat… Continue reading Patch Management in the Post-SolarWinds Era

Old Vulnerabilities Open the Door for WannaCry Ransomware

More than three years since it was discovered, WannaCry is still a threat for some organizations, research has found How often does your organization conduct a security assessment? Once a year? Once a month? It’s great that your organization is lookin… Continue reading Old Vulnerabilities Open the Door for WannaCry Ransomware

Popular Apps on Google Play Store Remain Unpatched

Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update. Continue reading Popular Apps on Google Play Store Remain Unpatched

Application News – Application Security Weekly #59

    In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protec… Continue reading Application News – Application Security Weekly #59

Package Management in Windows Using Chocolatey

In today’s Ask the Admin, Russell Smith looks at the Chocolatey package manager for Windows, what it does, and how it can simplify software deployment on servers and end-user devices.

The post Package Management in Windows Using Chocolatey appeared first on Petri.

Continue reading Package Management in Windows Using Chocolatey

Do You Have the Most Up-to-Date Software for Your Business?

Good quality software is likely the backbone of your business, helping to ensure that nothing slips through the cracks and that everything—from the hours spent on client communications to the money entering and exiting your business account&#8212… Continue reading Do You Have the Most Up-to-Date Software for Your Business?

Lawmaker to HHS: Label software in medical devices

The Trump administration should convene a national effort in partnership with the private sector to ensure that the owners and operators of medical devices, hospital IT networks and electronic health records systems can find out what software and other components are in the products they buy, says the chairman of the powerful House Energy and Commerce Committee. In a letter Thursday to acting Health and Human Services Secretary Eric Hargen, committee Chairman Greg Walden, R-Ore., notes a congressionally chartered task force on health care cybersecurity earlier this year recommended such transparency requirements. The congressional report said there should be a “Bill of Materials” (BOM) for medical products because hospital IT managers and network administrators “must first understand what they have on their systems, before they can determine whether these technologies are impacted by a given threat or vulnerability.” “We write today to request that [HHS] convene a sector-wide effort to develop a plan of action for creating, deploying and leveraging BOMs […]

The post Lawmaker to HHS: Label software in medical devices appeared first on Cyberscoop.

Continue reading Lawmaker to HHS: Label software in medical devices

Android security better, but still dependent on manufacturers, carriers

The variegated state of the Android ecosystem has always been a problem for users seeking to ensure their smartphone is patched up to date against the latest publicly disclosed cybersecurity flaws — and new figures show it’s still a huge issue, despite some progress. Updates produced by Android have to be customized by the handset manufacturer. Samsung alone offers 13 models of Android phone, each one sold by up to 200 different telecom carriers, all of whom customize their operating system to different degrees — meaning they might have to tweak the updates as well, before finally distributing them to phone users. The users, of course, then have to install them. Figures released by Google’s Android last week suggest that more users are getting regular updates than ever before — but still show only half of the 1.4 billion Android devices in circulation got an update of any kind during 2016. Updates are crucial […]

The post Android security better, but still dependent on manufacturers, carriers appeared first on Cyberscoop.

Continue reading Android security better, but still dependent on manufacturers, carriers