53% of organisations around the world still use Windows Server 2003

Frankly, the statistics in this article are not surprising, but they are concerning from a security perspective.  The burden involved in isolating, securing or otherwise managing legacy systems is tremendous for most organizations, and yet the overall reduction in risk is minimal.  At the end of the day, these machines can no longer be properly patched and will remain seriously vulnerable to compromise.

http://www.scmagazine.com/53-of-organisations-around-the-world-still-use-windows-server-2003/article/509180/

Thousands of Medical Systems Exposed to Web Attacks, Find Researchers

This is incredibly disturbing, especially for the millions of Americans relying on these medical systems for their health and well-being and in many cases, their very lives.

http://www.tripwire.com/state-of-security/latest-security-news/thousands-of-medical-systems-exposed-to-web-attacks-find-researchers/

Manipulating WSUS to Own Enterprises

This concerns me.  Fear associated with the patching process has the potential to be one of the greatest weaknesses in the overall security of organizations.  If a business is afraid to apply patches due to potential vulnerabilities in WSUS, then a significant battle is lost and all of the organization’s end points are at risk.  And from this demonstration at Black Hat, there is a solution in the form of SSL with proper certificate management, but Microsoft has placed that burden on the end user organization.  This issue should be addressed and it should be addressed quickly.

https://threatpost.com/manipulating-wsus-to-own-enterprises/114168

Expired A/V and Windows 8

This article should be largely self-evident, but it is very easy for new PC owners to overlook the value of A/V when that trial version expires.  This is honestly no excuse thanks to the large number of free and low cost A/V solutions.  Microsoft provides a respectable option in Microsoft Security Essentials (http://windows.microsoft.com/en-us/windows/security-essentials-download)

http://www.darkreading.com/attacks-breaches/expired-antivirus-software-no-1-cause-of-unprotected-windows-8-pcs/d/d-id/1317440

NIST Reports Vulnerability in Samsung’s “Find My Mobile” Feature

The ability to find and/or remote wipe stolen or lost smartphones has always been important, but in the age of growing mobile payments via smart devices, this feature is all the more crucial.  A potential flaw in Samsung’s offering is a significant red flag, and potential boon for iPhone proponents.

http://androidcommunity.com/nist-reports-vulnerability-of-samsungs-find-my-mobile-feature-20141028/