HEAT Security Blog

The (Sad) Case for BYOD Management

It wasn’t that long ago we were debating the value (improved productivity; increased employee satisfaction) personal mobile devices could bring to the enterprise, beyond BlackBerry Enterprise Server. Note I say ‘could.’ Just a few short years ago, we were still discussing whether or not organizations should allow employees to rely on mobile devices for work and whether that would come via personally owned devices or a fleet of pre-approved devices owned and managed by the organization.

> Read More

People Weak Link in Security Chain, Says New Report

If you pay any attention to infosec headlines, you’ve likely seen it’s once again that time of year when Verizon releases its Data Breach Investigations Report (DBIR). The 9th annual report was released yesterday and while much of it isn’t surprising, it is entirely disheartening.

A quick review of the findings show cybercrime continues to target what hackers obviously deem the weakest link in the chain,

> Read More

Zero-Days Make April a Critical Patch Tuesday

Microsoft released 13 bulletins for April Patch Tuesday today; 6 of which are rated critical. Thirty vulnerabilities have been addressed in total and the software impacted is widespread. Perhaps most importantly, there are also zero-days in the mix. To avoid compromise, IT should get these updates made quickly.

First on your list of priorities this month should be the security update for Adobe Flash.

> Read More

Emerging Endpoint Security Trends for SMB

How can SMBs protect their networks and digital assets without breaking the bank?

For all the focus on mega-enterprise security—and all the high-profile data breaches at major corporations—enterprises aren’t alone in the endpoint security battle.

Think about it for a minute. When was the last time you got through a day of e-mail without a spam e-mail with a nefarious link or attachment?

> Read More

How to Avoid a King’s Ransom

Taking an item of tremendous value – data belonging to an organization or an individual – and demanding compensation for its return is a highly effective way for criminals to get what they want. This criminal act is achieved through ransomware and, because it is effective and generally not all that complicated for a cybercriminal to carry out,

> Read More

iOS 9.3 to fix serious iMessages encryption flaw

For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously.

Here, for instance, is what Apple’s website says about its approach to privacy when it comes to iMessages:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime,

> Read More

New Mac Malware and Adobe Join March Patch Tuesday

Microsoft released 13 bulletins for March Patch Tuesday today and five of them are critical. In all, we have just 39 unique vulnerabilities and thankfully, there are no zero days for IT to deal with this month. Despite the low number, quick patching remains important however, especially if your users are still on IE.

> Read More

State of Enterprise Security Still Shaky Says New Survey

Today, we’re announcing the results of a survey recently commissioned on the state of enterprise security. Conducted by Ultimate Windows Security, the report provides visibility into the uses, concerns and challenges that IT departments face in respect to endpoint security, patching, cloud applications and mobile management.

We polled nearly 700 IT professionals working at enterprise (1,000+ employees),

> Read More

February Patch Tuesday: And the Hits Keep On Comin’

If you thought February would be a light update month given January Patch Tuesday’s patch load of nine updates including end of support for the Windows 8 OS and all but the current version of IE, you thought wrong. Microsoft released a whopping 13 bulletins addressing 36 unique vulnerabilities in today’s February Patch Tuesday and 6 of them are considered critical.

> Read More