Patching Haste Makes Waste

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy.

Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to solve –

> Read More

Patch Management with Microsoft System Center

Compliance and patch management is important, even for Linux and UNIX computers. Starting with System Center 2012 SP1, you can deploy and update software on Linux and UNIX servers using Configuration Manager, but how do Configuration Manager features translate into compliance and patch management? This session explores several solutions to patching Linux/UNIX servers, taking a deep look at the capabilities that are built into System Center,

> Read More

Isn’t It Time Oracle Gave Us Monthly Security Updates for Java?

In some ways, it could be argued that Java is an incredible success.

I’m serious. Stop laughing at the back.

You see, according to Oracle, Java’s developer, the product is used on over 3 billion different devices worldwide. That *is* impressive.

But, for those of us concerned with securing systems and keeping computer data safe,

> Read More

Nothing Pretty About Fireworks Delivered From Microsoft This Patch Tuesday

IT admins may have taken the Fourth off to enjoy some fireworks, but they’ll be very busy this week patching their systems. It’s not a pretty Patch Tuesday this month with 7 bulletins, 6 of which are critical. That brings our total of critical bulletins for the year to 22, which is fairly high, considering Microsoft released only 34 critical bulletins for the entire calendar year of 2012.

> Read More

Much Ado About Java

So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java security.

> Read More

Growing Threat From Vendors’ Friendly Fire

After we learned that Flame exploited Microsoft’s Auto Update infrastructure, I pointed out that if attackers were able to compromise Microsoft, a leader in patch management, it couldn’t be long before bad guys exploited the update infrastructures of other vendors who are far behind Microsoft – like Adobe…  And that’s exactly what happened a couple weeks ago.

> Read More

DNSChanger Trojan: Not All Doom and Gloom

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do.

This insidious little Trojan – variously known as TDSS, Alureon,

> Read More

Is BackDoor.Flashback.39 Trojan Going to be Apple’s Conficker?

With 274 of the 600,000 infected Mac’s now being reported as being in Cupertino – Apple’s hometown – maybe they will feel a little of the pain their users are now feeling and get serious about being more candid and perhaps more revelaing in their patch release notifications.

Calculating the number of infected Macs this go-around is made easier and also more accurate because the malware actually sends a copy of each infected Mac’s UUID to the malware’s C&C controller.

> Read More

Life After an Attack

Hackers never sleep–as Citigroup can certainly attest to, having their consumer information twice hacked in a span of only three months. While we are counting sheep, the bad guys are of course looking for a way in, lurking and waiting for a vulnerable minute to strike. And all too often, this happens to organizations that have fallen victim before…a little like rubbing salt in an open wound.

> Read More

April Showers Bring May Flowers, and Patch Tuesday is No Exception

Last month it poured when Microsoft released 17 security bulletins that addressed a total of 64 vulnerabilities. For today’s Patch Tuesday, we have a light load; however, both patches address remote code execution and one is critical.  So both require immediate attention. The critical patch MS11-035 Vulnerability in WINS addresses an issue with all supported versions of Windows server – 2003,

> Read More

Playing the Security Game? Think Before Simply Clicking ‘Renew’

If your organization is anything like the companies we’ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension.

> Read More

2011 Has Potential to be a Really Bad Year

If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to deal with exploits for newly discovered vulnerabilities running at all time highs,

> Read More