Blog Posts Tagged with "Patching"

682e0e796084e163c5ca053dd8573b0c

Making Patching Work for SCADA and Industrial Control System Security

April 05, 2013 Added by:Eric Byres

Applying patches is a critical part of good security. According to US-CERT, about 95% of all network intrusions could have been avoided by keeping systems up to date with appropriate patches. What I am against is patching as a knee-jerk reaction to security vulnerabilities. You can’t expect your control system to operate reliably if you don’t have a controlled process for patching.

Comments  (0)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security Patching: The Good, the Bad and the Ugly

March 26, 2013 Added by:Eric Byres

Let's examine the good, the bad and the ugly details of patching as a means to secure SCADA and ICS systems. And to begin, let’s suppose patches could be installed without shutting down the process...

Comments  (1)

682e0e796084e163c5ca053dd8573b0c

SCADA and ICS Security: Welcome to the Patching Treadmill

March 15, 2013 Added by:Eric Byres

After Stuxnet, security researchers and hackers on the prowl for new targets to exploit shifted their efforts to critical industrial infrastructure. Unfortunately, the SCADA and Industrial Control Systems applications they are now focusing on are sitting ducks.

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

Don’t Be Caught Playing the Fool (A Lesson in Why Change Control is Important)

January 03, 2013 Added by:Gary McCully

This is a real world story around the dangers of not following proper change control processes when placing new systems in production. In this blog I will discuss how one person’s actions could have resulted in an attacker gaining complete access to the organization’s internal network. I am hoping this example will cause organizations to take their change control processes a little more seriou...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Seven Tips to Improve Patch Management

September 12, 2012 Added by:Dan Dieterle

The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

Latest SAP Security News

August 29, 2012 Added by:Alexander Polyakov

The most interesting thing is that the SAP HostControl is exposed to the Internet by many companies. Speaking numbers, 10% of companies that use SAP worldwide expose the SAP HostControl service to the Internet. I think you can imagine what can be done to those companies if hackers exploited this hole...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Oracle Security Alert Analysis

August 19, 2012 Added by:Alexander Rothacker

So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Unsafe at Any Speed: Enterprises Misunderstand Software Quality

August 13, 2012 Added by:Rafal Los

I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...

Comments  (0)

924ce315203c17e05d9e04b59648a942

Vulnerability Intelligence versus Vulnerability Management

July 30, 2012 Added by:Richard Stiennon

Hardening systems is one of the most important things you can do counter targeted attacks, yet most organizations have yet to operationalize the process. I understand how hard -and expensive- it is. And it is easy for an analyst to wave the flag of “Patch now!” So forgive me for giving hard advice...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

7d55c20d433dd60022642d3ab77b8efb

Critical Vulnerability in SAP Message Server: A Worldwide Scan

July 04, 2012 Added by:Alexander Polyakov

Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Resilient Enterprise: Learning to Fail Part 2

June 25, 2012 Added by:Rafal Los

Failing with the support of a DevOps tribe can lead to a more resilient enterprise and ultimately better enterprise security. In the following few sections we're going to take a look at combining tools, processes and the tribe mentality to solve some otherwise ugly problems - and come out the other side...

Comments  (0)

11146d62a6c31fb9fac8ac8ac991e08d

We Don’t Need Cyber-Vigilante Justice

June 15, 2012 Added by:Andy Willingham

You see what made me so mad? It wasn’t the release of the PII of all those innocent people, it was their reason for doing it. They reported a web site vulnerability and it wasn’t fixed, so they decided to post PII of thousands of people on the internet. Who put them in the role of deciding who wins and who loses?

Comments  (2)

02a6d0efd54c7388e26f125d8df83671

Top Five Fundamentals of Network Security

June 14, 2012 Added by:Megan Berry

There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?

Comments  (1)

E85787adcaf7bca10e799cfd1cfd08f1

Patch as Patch Can: All Software is Flawed

May 30, 2012 Added by:Michelle Drolet

While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Cloud Patch Management: Consistency and Automation

May 23, 2012 Added by:Rafal Los

If you've chosen wisely, you environments across your public and private clouds are consistent. The big question is - how do we keep our environments consistent in the face of security requirements to push patches? The answers rely very heavily on automation and policy...

Comments  (0)

Page « < 1 - 2 - 3 > »
Most Liked