Microsoft has partnered up with the U.S. National Institute of Standards and Technology (NIST) to create a guide designed to make enterprise patch management simpler. Microsoft originally worked with partners from the Center for Internet Security (CIS), the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA), as well as customers.
New research from Forescout found that healthcare organizations are increasingly at risk from legacy platforms, device complexity, and the use of frequently exploited protocols. Forescout analyzed 75 healthcare deployments running over 1.5 million devices across 10,000 VLANs (virtual local area networks).
Vulnerability management and patch management are not products. They are processes, and the products are tools used to enable the process. You cannot buy a hammer, nails and wood and expect them to just become a house, but you can go through the process of building the house or hire someone to do it for you as a service.
A few weeks ago, I woke up one morning to discover that Android had 34 software updates waiting for me. This was followed by my laptop wanting to reboot after installing the latest patches from Microsoft; my tablet needing a reboot after its latest firmware update; and my server screaming for me to put “yum” into action to install the latest patches available from Red Hat – all before 10:00 am in the morning!
Details of a Virtual Box 0-day privilege escalation bug were disclosed on GitHub earlier this week. This was the work of independent Russian security researcher Sergey Zelenyuk, who revealed the vulnerability without any vendor coordination as a form of protest against the current state of security research and bug bounty programs.
With each passing year, our world becomes more and more digital. Our social interactions and personal data as well as many of our jobs are based primarily on the internet. Although this shift has come with great benefits, it’s also opened us up to a heightened threat of cyber terrorism. 2017 saw some of the most devastating high-profile attacks in history, opening the eyes of business of all sizes to the importance of stronger security.
Vulnerabilities don’t often get the same amount of notice as phishing attacks or advanced persistent threats, but when a critical vulnerability is exploited, organizations can suffer major damage. The WannaCry ransomware attack targeted organizations around the world by exploiting an existing vulnerability. More than 230,000 unpatched systems were infected, even though the patch had been available for nearly two months before the launch of WannaCry.
64% plan to hire for vulnerability response over the next 12 months, yet more talent alone won’t solve the problem.
