By Princess Clark-Wendel, MBA
If you work in a small or mid-sized business or agency, trying to implement a cyber-security program might feel like pushing a boulder uphill, especially if you don't have a large staff or budget.
Implementing a cyber security program does not have to feel like an uphill battle.
Even selling the benefits of cybersecurity to upper-level managers can be difficult. Since
Microsoft Patch Tuesday Update - December 2014
December 2014 Microsoft Patch Tuesday Brings 3 Critical and 4 Important bulletins.
Microsoft delivers 7 Bulletins Covering 24 CVEs - 3 Critical and 4 Important this December 2014 Patch Tuesday. The Exchange patch expected last month has been included this period. Lets look at the details:
- MS14-075 Rated as Important and mitigates vulnerabilities in Microsoft Exchange Server that could allow Elevation of Privilege. This patch addresses 4 CVE related issues and has an Exploitability Index of 2. The related issues were reported privately and have had no reports of attacks in the wild.
- MS14-080 Is a Cumulative Security Update for Internet Explorer and is rated as Critical. This patch addresses 13 CVE related issues and has an Exploitability Index of 1. The related issues were reported privately and have had no reports of attacks in the wild.
November Patch Tuesday - It looks like the "Turkey" came a little early this year — 14 Patches that include 4 Critical, 8 Important, 2 Moderate and we also have a Security Advisory for Flash in IE for desert.
Lets look at the details:
- MS14-064 Mitigates Critical vulnerabilities in Windows OLE Could Allow Remote Code Execution. It addresses 2 CVE related issues that were reported privately however CVE-2014-6352 has been used in limited, targeted attacks in the wild. The Microsoft Exploitability Index (XI) for this issue is 0.
- MS14-065 Is a Cumulative Security Update that mitigates Critical vulnerabilities in Internet Explorer. It addresses 17 CVE related issues - the issues were reported privately and has not been seen in the wild. The Microsoft Exploitability Index (XI) for this issue is 1.
- MS14-066 Mitigates a Critical vulnerability in Schannel that could allow Remote Code Execution. It addresses 1 CVE related issue that was
In The Shadow Of Shell Shock - Microsoft October Patch Tuesday Brings 9 Bulletins
Most of us in IT / Flaw Remediation are still struggling with the varied responses from vendors regarding the Shell Shock issue. This Patch Tuesday from Microsoft we have 9 bulletins — 1 Moderate, 5 Important and 3 Critical. While Octobers patches address 24 CVE issues none are reportedly being used in the wild for IE and only limited attacks have been seen in the wild with MS14-058.
Looking at the details:
- MS14-056 is a Cumulative Security Update for IE, it is rated critical and mitigates 14 CVE related issues.
- MS14-057 mitigates a Critical issue that impacts the .NET Framework and could Allow Remote Code Execution. This patch mitigates 3 CVE related issues.
- MS14-058 mitigates a Critical issue in Kernel-Mode Driver that could Allow Remote Code Execution. This patch mitigates 2 CVE
In the wake of the iCloud celebrity photo hack, expert Keith Palmgren offers advice on how to build more effective passwords and avoid easy data breaches.
For more than 40 years, the IT industry has been fighting the password battle and losing. The recent celebrity iCloud hack is just one of many high-profile examples of our failure. So how can something so seemingly simple, like a password, be so difficult?
The problem with password security is that it is so simple, that it is actually paradoxically hard. In security, the most dangerous thing in the world is what you think you know, because then you don't question your knowledge. If you ask a typical IT security professional if they understand passwords, the vast majority will respond with a confident and emphatic "Yes." But if that were really true, why are