This is a disturbing trend and something all organizations should take into consideration from a security procedures perspective.
Month: June 2015
User Monitoring Not Keeping Up With Risk Managers’ Needs
The output of this study is intriguing and certainly reinforces the trend in application control, stateful application control, and file integrity monitoring solutions. Understanding application usage and behavior as well as privilege management are key to detecting and defending against malicious attack.
The 5 Most Common Attack Patterns of 2014
These are very important statistics to take into account when planning defensive strategies to mitigate risks to your organization. Budgets are certainly finite, so applying funds to defend high risk situations is a prudent approach.
US Navy pays millions to cling to Windows XP
I must admit that I am absolutely infuriated at the US Navy for putting itself in a situation to have to rely on Windows XP for critical systems. Everyone, and I do mean everyone, had plenty of warning to upgrade and migrate. This speaks directly to the bureaucracy and narrow mindedness associated with so many of our government’s programs and processes. This is why systems are so vulnerable and susceptible to compromise.
Everyone should take heed. This is an example of what not to do. This is how systems get compromised and infrastructure breaks down. Proper life cycle management can prevent this type of issue from happening to any organization.
https://nakedsecurity.sophos.com/2015/06/24/us-navy-pays-millions-to-cling-to-windows-xp
Krebs – Emergency Patch for Adobe Flash Zero-Day
Please patch accordingly. As Krebs is reporting, this vulnerability is being actively attacked in the wild.
http://krebsonsecurity.com/2015/06/emergency-patch-for-adobe-flash-zero-day/
Windows Server 2003: The “Window” Is Closing For You and 1.76 Million Others
This is a strong summary of the pitfalls associated with continuing to run Windows Server 2003 after the July deadline. Upgrading is an absolute necessity from a security and/or compliance perspective.
Krebs – “Free” Proxies Aren’t Necessarily Free
This is a painful truth that frankly applies to many free services provided via the Internet. That said, there are still good guys online providing free services. Simply be diligent in your investigations and check before you click.
http://krebsonsecurity.com/2015/06/free-proxies-arent-necessarily-free/
Sophos Weekly Recap
Samsung announces fix for major Galaxy keyboard security flaw
It is great to see that Samsung has responded to this threat and pressed forward a patch in relatively quick order.
http://www.tripwire.com/state-of-security/security-data-protection/samsung-fix-swiftkey-keyboard/
Apple OS X and iOS in the vulnerability spotlight – meet “CORED,” also known as “XARA”
The size and scale of this particular vulnerability is not yet completely clear. I would imagine a keychain patch is forthcoming.
Virtual Sweater Vest 