Google’s Project Zero – Targeting Zero-Day Vulnerabilities

Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software.

According to Google security engineer Chris Evans, the group – which has been dubbed “Project Zero” – aims to uncover unpatched security vulnerabilities before they are exploited in targeted internet attacks.

> Read More

No Luck o’ the Irish for IT this St. Patty’s Day

IT admins can’t seem to catch a break this year. First, the never ending stream of Java issues that has kept folks on their toes since January. Now they’ve got another busy month of patches ahead of them, with 7 total patches from Microsoft, 4 of which are critical. However, once again the issues outside of Microsoft will likely eclipse the Patch Tuesday patches this month.

> Read More

Eliminating Java Will Not Solve Your Problem

While many are jumping on the ‘Death to Java’ bandwagon and ranting about turning off Java to eliminate risk, it is important to put the issue in the proper context: the reality of the matter is a Java vulnerability is not the end game for a cyber criminal; it is merely a delivery mechanism in the quest to install a bigger malware foothold.

> Read More

No Love for IT This Valentine’s Day

It’s going to be a rough Valentine’s Day for many IT admins this month. With ongoing issues with Java and 12 bulletins from Microsoft, including 5 critical issues and many restarts, it’s going to be a very disruptive Patch Tuesday.

It’s disturbing to note how many different Microsoft platforms are critically affected this month.

> Read More

Managing Security Risks in a Virtual Environment

Before virtualization even became an official buzzword, IT industry watchers began pointing to its security risks. Now that virtualization is mainstream, few will come out and say virtual environments are inherently less secure—but there remains a tendency to deploy virtual servers and virtual desktops insecurely.

Of course, with that tendency comes the potential for security breaches.

> Read More

Microsoft Kicks off the New Year With Fixes for Current Code Base

So far, it looks like 2013 is off to a fairly average start with 7 bulletins: 2 critical and 5 important. You may recall that January of 2012 also came in with 7 bulletins, though only 1 was critical. After closing out 2012 with more consistency in the number of patches per month, we can only hope that 2013 will continue in that same vein.

> Read More

Ransomware is Back with a Vengeance and Targeting Business

Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries.

The severity of ransom-ware’s impact depends on the specific software used in the attack.

> Read More

7 Patches for December Brings 2012 Patch Tuesday Total to 83

IT has 7 patches to deal with in December; 5 are critical and 2 are important. Fortunately, none are currently under active attack so that will hopefully set IT’s mind at ease as they begin to apply this set of patches.

2012 in Review
With the multitude of third-party application patching needed this year from the likes of Adobe,

> Read More

2013 Prediction Series Starts with Malware

After a quick review of how I did on my 2012 predictions, it’s now time to get serious about what 2013 may bring. As you plan for the new year, you may find this helpful. Then again, nothing is a sure bet in IT security…that’s the one thing I know for certain.


> Read More

Disheartening Disconnect Identified by 2013 State of Endpoint Risk Study

I’m concerned about the results of our fourth annual State of the Endpoint study just completed by the Ponemon Institute. Over the years, IT pros have reported shrinking confidence in the security of their networks. While this year is no different, the number of IT security pros who responded no, they are not more confident or don’t know has edged up yet again.

> Read More

Initial Thoughts on Windows 8 Security

While not an all encompassing review of the security features available in Windows 8, this post takes a quick look at some of the more noteworthy capabilities in this latest iteration from Microsoft.

Windows 8 Base Security Features

Windows Defender
Windows Defender has evolved from a spyware product to a relatively good malware defense product.

> Read More

Light Patch Tuesday From Microsoft this September

Is this September’s light Patch Tuesday a reflection of the maturity of Microsoft’s secure coding initiatives? One can only hope…

Some vendors scrambled with repeated emergency patches last week just days apart and others seemed to just shrug off multiple day zero vulnerabilities. To the delight of IT pros everywhere though, Microsoft has given us the least disruptive Patch Tuesday we’ve seen in a long time.

> Read More

The Fireworks Continue with July’s Patch Tuesday

IT administrators will have to deal with more fireworks this month with Microsoft’s Patch Tuesday. This month there are 9 patches, 3 of which are critical and 6 important. This is more than double last year’s July patches: 4 total, with only 1 critical. This puts Microsoft at 51 bulletins for 2012, about on par with 2011,

> Read More