MonthSeptember 2019

Microsoft Announces Ability to Force TLS Version Compliance

Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.

Baltimore Reportedly Had No Data Backup Process for Many Systems

City lost key data in a ransomware attack earlier this year that's already cost more than $18.2 million in recovery and related expenses.

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

Microsoft Patch Alert: Botched IE zero-day patch leaves cognoscenti fuming

So you think Windows 10 patching is getting better? Not if this month’s Keystone Kops reenactment is an indicator.

In a fervent frenzy, well-meaning but ill-informed bloggers, international news outlets, even little TV stations, enjoyed a hearty round of “The Windows sky is falling!” right after the local weather. It wasn’t. It isn’t – no matter what you may have read or heard.

The fickle finger of zero-day fate

Microsoft has a special way of telling folks how important its patches might be. Every individual security hole, listed by its CVE number, has an “Exploitability Assessment” consisting of:

To read this article in full, please click here

218M Words with Friends Players Compromised in Data Breach

The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.

‘Harvesting Attacks’ & the Quantum Revolution

Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.

8 Microsegmentation Pitfalls to Avoid

Don't fall victim to these common mistakes on the path to developing better security boundaries and limiting the blast radius of security incidents.

Best Practices

The Etiquette of Respecting Privacy in the Age of IoT

Is it rude to ask someone to shut off their Alexa? Ask the family who's written the book on etiquette for nearly 100 years -- the descendants of Emily Post herself.

Cloud Vulnerability Could Let One Server Compromise Thousands

A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.